angr 9.2.131__py3-none-manylinux2014_aarch64.whl → 9.2.133__py3-none-manylinux2014_aarch64.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of angr might be problematic. Click here for more details.
- angr/__init__.py +128 -128
- angr/analyses/__init__.py +38 -38
- angr/analyses/analysis.py +6 -2
- angr/analyses/backward_slice.py +3 -4
- angr/analyses/binary_optimizer.py +5 -12
- angr/analyses/bindiff.py +3 -6
- angr/analyses/calling_convention.py +3 -4
- angr/analyses/cfg/__init__.py +3 -3
- angr/analyses/cfg/cfg_base.py +1 -1
- angr/analyses/cfg/cfg_emulated.py +5 -5
- angr/analyses/cfg/cfg_fast.py +19 -17
- angr/analyses/cfg/indirect_jump_resolvers/__init__.py +5 -5
- angr/analyses/cfg/indirect_jump_resolvers/amd64_elf_got.py +1 -1
- angr/analyses/cfg/indirect_jump_resolvers/jumptable.py +148 -101
- angr/analyses/cfg/indirect_jump_resolvers/x86_elf_pic_plt.py +1 -1
- angr/analyses/data_dep/__init__.py +4 -4
- angr/analyses/datagraph_meta.py +1 -1
- angr/analyses/ddg.py +16 -17
- angr/analyses/decompiler/__init__.py +12 -12
- angr/analyses/decompiler/ail_simplifier.py +24 -12
- angr/analyses/decompiler/block_similarity.py +2 -4
- angr/analyses/decompiler/block_simplifier.py +10 -21
- angr/analyses/decompiler/callsite_maker.py +1 -1
- angr/analyses/decompiler/ccall_rewriters/rewriter_base.py +1 -1
- angr/analyses/decompiler/clinic.py +122 -41
- angr/analyses/decompiler/condition_processor.py +57 -39
- angr/analyses/decompiler/counters/__init__.py +3 -3
- angr/analyses/decompiler/decompilation_cache.py +7 -7
- angr/analyses/decompiler/dephication/__init__.py +1 -1
- angr/analyses/decompiler/dephication/graph_rewriting.py +1 -1
- angr/analyses/decompiler/dephication/graph_vvar_mapping.py +11 -3
- angr/analyses/decompiler/dephication/rewriting_engine.py +169 -45
- angr/analyses/decompiler/dephication/seqnode_dephication.py +5 -4
- angr/analyses/decompiler/expression_narrower.py +1 -1
- angr/analyses/decompiler/graph_region.py +8 -8
- angr/analyses/decompiler/optimization_passes/__init__.py +20 -20
- angr/analyses/decompiler/optimization_passes/const_derefs.py +1 -0
- angr/analyses/decompiler/optimization_passes/deadblock_remover.py +1 -2
- angr/analyses/decompiler/optimization_passes/div_simplifier.py +41 -16
- angr/analyses/decompiler/optimization_passes/duplication_reverter/duplication_reverter.py +8 -7
- angr/analyses/decompiler/optimization_passes/duplication_reverter/utils.py +1 -3
- angr/analyses/decompiler/optimization_passes/engine_base.py +262 -84
- angr/analyses/decompiler/optimization_passes/inlined_string_transformation_simplifier.py +175 -39
- angr/analyses/decompiler/optimization_passes/ite_region_converter.py +2 -5
- angr/analyses/decompiler/optimization_passes/lowered_switch_simplifier.py +5 -5
- angr/analyses/decompiler/optimization_passes/mod_simplifier.py +12 -3
- angr/analyses/decompiler/optimization_passes/optimization_pass.py +42 -19
- angr/analyses/decompiler/optimization_passes/stack_canary_simplifier.py +9 -5
- angr/analyses/decompiler/peephole_optimizations/__init__.py +1 -1
- angr/analyses/decompiler/peephole_optimizations/base.py +6 -6
- angr/analyses/decompiler/peephole_optimizations/remove_noop_conversions.py +2 -0
- angr/analyses/decompiler/peephole_optimizations/rewrite_bit_extractions.py +1 -1
- angr/analyses/decompiler/presets/__init__.py +1 -1
- angr/analyses/decompiler/region_simplifiers/expr_folding.py +3 -3
- angr/analyses/decompiler/region_simplifiers/switch_cluster_simplifier.py +8 -12
- angr/analyses/decompiler/ssailification/rewriting.py +1 -2
- angr/analyses/decompiler/ssailification/rewriting_engine.py +139 -56
- angr/analyses/decompiler/ssailification/ssailification.py +2 -1
- angr/analyses/decompiler/ssailification/traversal.py +4 -6
- angr/analyses/decompiler/ssailification/traversal_engine.py +125 -42
- angr/analyses/decompiler/structured_codegen/__init__.py +5 -5
- angr/analyses/decompiler/structured_codegen/base.py +3 -3
- angr/analyses/decompiler/structured_codegen/c.py +39 -40
- angr/analyses/decompiler/structuring/__init__.py +3 -3
- angr/analyses/decompiler/structuring/phoenix.py +45 -29
- angr/analyses/decompiler/structuring/structurer_base.py +2 -2
- angr/analyses/decompiler/structuring/structurer_nodes.py +23 -14
- angr/analyses/deobfuscator/__init__.py +3 -3
- angr/analyses/deobfuscator/irsb_reg_collector.py +29 -60
- angr/analyses/deobfuscator/string_obf_finder.py +2 -2
- angr/analyses/deobfuscator/string_obf_opt_passes.py +1 -1
- angr/analyses/disassembly.py +4 -4
- angr/analyses/forward_analysis/__init__.py +1 -1
- angr/analyses/forward_analysis/visitors/graph.py +6 -6
- angr/analyses/init_finder.py +47 -22
- angr/analyses/loop_analysis.py +1 -1
- angr/analyses/loopfinder.py +1 -1
- angr/analyses/propagator/engine_base.py +21 -14
- angr/analyses/propagator/engine_vex.py +149 -179
- angr/analyses/propagator/outdated_definition_walker.py +12 -6
- angr/analyses/propagator/propagator.py +10 -28
- angr/analyses/propagator/top_checker_mixin.py +211 -5
- angr/analyses/propagator/vex_vars.py +4 -4
- angr/analyses/reaching_definitions/__init__.py +9 -9
- angr/analyses/reaching_definitions/call_trace.py +2 -2
- angr/analyses/reaching_definitions/dep_graph.py +1 -1
- angr/analyses/reaching_definitions/engine_ail.py +304 -329
- angr/analyses/reaching_definitions/engine_vex.py +243 -229
- angr/analyses/reaching_definitions/function_handler.py +3 -3
- angr/analyses/reaching_definitions/function_handler_library/__init__.py +1 -1
- angr/analyses/reaching_definitions/rd_state.py +47 -42
- angr/analyses/reassembler.py +26 -31
- angr/analyses/s_liveness.py +8 -0
- angr/analyses/s_propagator.py +18 -3
- angr/analyses/s_reaching_definitions/s_rda_view.py +2 -5
- angr/analyses/s_reaching_definitions/s_reaching_definitions.py +9 -5
- angr/analyses/stack_pointer_tracker.py +4 -4
- angr/analyses/typehoon/simple_solver.py +14 -14
- angr/analyses/typehoon/translator.py +10 -2
- angr/analyses/typehoon/typeconsts.py +11 -3
- angr/analyses/typehoon/typevars.py +26 -26
- angr/analyses/unpacker/__init__.py +1 -1
- angr/analyses/variable_recovery/engine_ail.py +299 -259
- angr/analyses/variable_recovery/engine_base.py +138 -121
- angr/analyses/variable_recovery/engine_vex.py +175 -185
- angr/analyses/variable_recovery/irsb_scanner.py +49 -38
- angr/analyses/variable_recovery/variable_recovery.py +28 -5
- angr/analyses/variable_recovery/variable_recovery_base.py +33 -34
- angr/analyses/variable_recovery/variable_recovery_fast.py +4 -8
- angr/analyses/veritesting.py +2 -2
- angr/analyses/vfg.py +5 -5
- angr/analyses/xrefs.py +46 -19
- angr/angrdb/serializers/__init__.py +1 -1
- angr/annocfg.py +20 -15
- angr/blade.py +2 -2
- angr/block.py +20 -25
- angr/calling_conventions.py +12 -14
- angr/code_location.py +6 -10
- angr/codenode.py +3 -3
- angr/engines/__init__.py +12 -14
- angr/engines/engine.py +24 -61
- angr/engines/light/__init__.py +13 -5
- angr/engines/light/data.py +1 -1
- angr/engines/light/engine.py +1003 -1185
- angr/engines/pcode/__init__.py +1 -1
- angr/engines/pcode/behavior.py +1 -1
- angr/engines/pcode/cc.py +2 -0
- angr/engines/pcode/lifter.py +13 -15
- angr/engines/soot/expressions/__init__.py +12 -12
- angr/engines/soot/statements/__init__.py +6 -6
- angr/engines/soot/values/__init__.py +6 -6
- angr/engines/soot/values/arrayref.py +2 -2
- angr/engines/soot/values/constants.py +1 -1
- angr/engines/soot/values/instancefieldref.py +1 -1
- angr/engines/soot/values/paramref.py +1 -1
- angr/engines/soot/values/staticfieldref.py +1 -1
- angr/engines/successors.py +15 -14
- angr/engines/vex/__init__.py +5 -5
- angr/engines/vex/claripy/ccall.py +2 -2
- angr/engines/vex/claripy/datalayer.py +1 -1
- angr/engines/vex/claripy/irop.py +19 -19
- angr/engines/vex/heavy/__init__.py +2 -2
- angr/engines/vex/heavy/actions.py +1 -3
- angr/engines/vex/heavy/heavy.py +4 -6
- angr/engines/vex/lifter.py +2 -4
- angr/engines/vex/light/light.py +0 -2
- angr/engines/vex/light/slicing.py +5 -5
- angr/exploration_techniques/__init__.py +19 -142
- angr/exploration_techniques/base.py +126 -0
- angr/exploration_techniques/bucketizer.py +1 -1
- angr/exploration_techniques/dfs.py +3 -1
- angr/exploration_techniques/director.py +2 -3
- angr/exploration_techniques/driller_core.py +1 -1
- angr/exploration_techniques/explorer.py +4 -2
- angr/exploration_techniques/lengthlimiter.py +2 -1
- angr/exploration_techniques/local_loop_seer.py +2 -1
- angr/exploration_techniques/loop_seer.py +5 -5
- angr/exploration_techniques/manual_mergepoint.py +2 -1
- angr/exploration_techniques/memory_watcher.py +3 -1
- angr/exploration_techniques/oppologist.py +4 -5
- angr/exploration_techniques/slicecutor.py +4 -2
- angr/exploration_techniques/spiller.py +1 -1
- angr/exploration_techniques/stochastic.py +2 -1
- angr/exploration_techniques/stub_stasher.py +2 -1
- angr/exploration_techniques/suggestions.py +3 -1
- angr/exploration_techniques/symbion.py +3 -1
- angr/exploration_techniques/tech_builder.py +2 -1
- angr/exploration_techniques/threading.py +2 -11
- angr/exploration_techniques/timeout.py +4 -2
- angr/exploration_techniques/tracer.py +4 -3
- angr/exploration_techniques/unique.py +3 -2
- angr/exploration_techniques/veritesting.py +1 -1
- angr/factory.py +36 -6
- angr/keyed_region.py +4 -4
- angr/knowledge_base.py +1 -1
- angr/knowledge_plugins/__init__.py +11 -11
- angr/knowledge_plugins/cfg/__init__.py +5 -5
- angr/knowledge_plugins/cfg/cfg_manager.py +2 -2
- angr/knowledge_plugins/cfg/cfg_model.py +8 -8
- angr/knowledge_plugins/cfg/cfg_node.py +19 -19
- angr/knowledge_plugins/cfg/indirect_jump.py +6 -6
- angr/knowledge_plugins/cfg/memory_data.py +5 -7
- angr/knowledge_plugins/functions/function.py +48 -52
- angr/knowledge_plugins/functions/function_parser.py +4 -4
- angr/knowledge_plugins/key_definitions/__init__.py +3 -3
- angr/knowledge_plugins/key_definitions/atoms.py +8 -8
- angr/knowledge_plugins/key_definitions/definition.py +1 -1
- angr/knowledge_plugins/key_definitions/live_definitions.py +30 -27
- angr/knowledge_plugins/labels.py +1 -1
- angr/knowledge_plugins/propagations/__init__.py +1 -1
- angr/knowledge_plugins/propagations/prop_value.py +2 -2
- angr/knowledge_plugins/propagations/propagation_model.py +7 -8
- angr/knowledge_plugins/propagations/states.py +44 -39
- angr/knowledge_plugins/variables/variable_access.py +2 -2
- angr/knowledge_plugins/variables/variable_manager.py +24 -10
- angr/knowledge_plugins/xrefs/xref.py +5 -8
- angr/misc/__init__.py +4 -4
- angr/misc/hookset.py +4 -5
- angr/misc/loggers.py +2 -2
- angr/misc/telemetry.py +1 -1
- angr/procedures/__init__.py +1 -1
- angr/procedures/cgc/fdwait.py +2 -2
- angr/procedures/definitions/__init__.py +2 -2
- angr/procedures/definitions/linux_kernel.py +0 -1
- angr/procedures/definitions/parse_syscalls_from_local_system.py +1 -1
- angr/procedures/definitions/parse_win32json.py +0 -1
- angr/procedures/ntdll/exceptions.py +1 -1
- angr/procedures/stubs/format_parser.py +3 -3
- angr/procedures/win32/dynamic_loading.py +1 -1
- angr/protos/__init__.py +3 -3
- angr/sim_manager.py +3 -5
- angr/sim_state.py +40 -42
- angr/sim_state_options.py +3 -3
- angr/sim_type.py +15 -14
- angr/sim_variable.py +42 -45
- angr/simos/__init__.py +4 -4
- angr/simos/cgc.py +1 -1
- angr/simos/simos.py +1 -1
- angr/simos/userland.py +1 -1
- angr/slicer.py +4 -7
- angr/state_plugins/__init__.py +34 -34
- angr/state_plugins/callstack.py +5 -12
- angr/state_plugins/heap/__init__.py +2 -2
- angr/state_plugins/heap/heap_brk.py +2 -4
- angr/state_plugins/heap/heap_ptmalloc.py +1 -1
- angr/state_plugins/jni_references.py +3 -2
- angr/state_plugins/scratch.py +1 -1
- angr/state_plugins/sim_action.py +1 -4
- angr/state_plugins/sim_event.py +1 -1
- angr/state_plugins/solver.py +7 -9
- angr/state_plugins/uc_manager.py +1 -1
- angr/state_plugins/view.py +2 -2
- angr/storage/__init__.py +1 -1
- angr/storage/file.py +10 -10
- angr/storage/memory_mixins/__init__.py +46 -46
- angr/storage/memory_mixins/default_filler_mixin.py +1 -3
- angr/storage/memory_mixins/javavm_memory_mixin.py +2 -2
- angr/storage/memory_mixins/name_resolution_mixin.py +2 -2
- angr/storage/memory_mixins/paged_memory/paged_memory_mixin.py +1 -3
- angr/storage/memory_mixins/paged_memory/pages/__init__.py +6 -6
- angr/storage/memory_mixins/paged_memory/pages/list_page.py +1 -1
- angr/storage/memory_mixins/paged_memory/pages/multi_values.py +1 -1
- angr/storage/memory_mixins/paged_memory/pages/mv_list_page.py +1 -1
- angr/storage/memory_mixins/paged_memory/pages/ultra_page.py +2 -4
- angr/storage/memory_mixins/regioned_memory/__init__.py +3 -3
- angr/storage/memory_mixins/regioned_memory/region_data.py +5 -5
- angr/storage/memory_mixins/regioned_memory/region_meta_mixin.py +7 -9
- angr/storage/memory_mixins/regioned_memory/regioned_memory_mixin.py +4 -4
- angr/storage/memory_object.py +4 -4
- angr/utils/__init__.py +3 -3
- angr/utils/bits.py +12 -0
- angr/utils/dynamic_dictlist.py +1 -1
- angr/utils/graph.py +1 -1
- angr/utils/orderedset.py +4 -1
- angr/utils/segment_list.py +2 -2
- angr/utils/ssa/__init__.py +33 -8
- {angr-9.2.131.dist-info → angr-9.2.133.dist-info}/METADATA +6 -6
- {angr-9.2.131.dist-info → angr-9.2.133.dist-info}/RECORD +262 -263
- angr/analyses/propagator/engine_ail.py +0 -1562
- angr/storage/memory_mixins/__init__.pyi +0 -48
- {angr-9.2.131.dist-info → angr-9.2.133.dist-info}/LICENSE +0 -0
- {angr-9.2.131.dist-info → angr-9.2.133.dist-info}/WHEEL +0 -0
- {angr-9.2.131.dist-info → angr-9.2.133.dist-info}/entry_points.txt +0 -0
- {angr-9.2.131.dist-info → angr-9.2.133.dist-info}/top_level.txt +0 -0
|
@@ -5,7 +5,7 @@ import os
|
|
|
5
5
|
import logging
|
|
6
6
|
import inspect
|
|
7
7
|
from collections import defaultdict
|
|
8
|
-
from typing import
|
|
8
|
+
from typing import TYPE_CHECKING
|
|
9
9
|
|
|
10
10
|
import itanium_demangler
|
|
11
11
|
|
|
@@ -569,7 +569,7 @@ class SimSyscallLibrary(SimLibrary):
|
|
|
569
569
|
mapping = self.syscall_number_mapping[abi]
|
|
570
570
|
if number in mapping:
|
|
571
571
|
return mapping[number], arch, abi
|
|
572
|
-
return "sys_
|
|
572
|
+
return f"sys_{number}", arch, None
|
|
573
573
|
|
|
574
574
|
def _apply_numerical_metadata(self, proc, number, arch, abi):
|
|
575
575
|
proc.syscall_number = number
|
|
@@ -1,6 +1,5 @@
|
|
|
1
1
|
from __future__ import annotations
|
|
2
2
|
import logging
|
|
3
|
-
from typing import Dict
|
|
4
3
|
|
|
5
4
|
from angr.sim_type import SimTypeFunction, SimTypePointer, SimTypeLong, SimStruct, SimTypeInt, SimTypeChar, SimTypeBottom, SimTypeFd, SimTypeLongLong
|
|
6
5
|
from angr.procedures import SIM_PROCEDURES as P
|
|
@@ -26,7 +26,7 @@ def parse_unistd_include_header(header_path):
|
|
|
26
26
|
def dump_mapping(abi, mapping):
|
|
27
27
|
print(f'\nlib.add_number_mapping_from_dict("{abi}", {{')
|
|
28
28
|
for num in sorted(mapping):
|
|
29
|
-
print('
|
|
29
|
+
print(f' {num}: "{mapping[num]}",')
|
|
30
30
|
print('})')
|
|
31
31
|
|
|
32
32
|
def main():
|
|
@@ -44,7 +44,7 @@ class KiUserExceptionDispatcher(angr.SimProcedure):
|
|
|
44
44
|
elif disposition == 3:
|
|
45
45
|
raise angr.errors.SimUnsupportedError("Exception disposition ExceptionCollidedUnwind is unsupported")
|
|
46
46
|
else:
|
|
47
|
-
raise angr.errors.SimError("Bad exception disposition
|
|
47
|
+
raise angr.errors.SimError(f"Bad exception disposition {disposition}")
|
|
48
48
|
|
|
49
49
|
# todo: check cur_ptr against stack bounds
|
|
50
50
|
cur_ptr = self.cur_ptr
|
|
@@ -323,11 +323,11 @@ class FormatSpecifier:
|
|
|
323
323
|
"""
|
|
324
324
|
|
|
325
325
|
__slots__ = (
|
|
326
|
-
"string",
|
|
327
|
-
"size",
|
|
328
|
-
"signed",
|
|
329
326
|
"length_spec",
|
|
330
327
|
"pad_chr",
|
|
328
|
+
"signed",
|
|
329
|
+
"size",
|
|
330
|
+
"string",
|
|
331
331
|
)
|
|
332
332
|
|
|
333
333
|
def __init__(self, string, length_spec, pad_chr, size, signed):
|
|
@@ -59,7 +59,7 @@ class GetProcAddress(angr.SimProcedure):
|
|
|
59
59
|
if claripy.is_true(name_addr < 0x10000):
|
|
60
60
|
# this matches the bogus name specified in the loader...
|
|
61
61
|
ordinal = self.state.solver.eval(name_addr)
|
|
62
|
-
name = "ordinal
|
|
62
|
+
name = f"ordinal.{ordinal}.{obj.provides}"
|
|
63
63
|
else:
|
|
64
64
|
name = self.state.mem[name_addr].string.concrete.decode("utf-8")
|
|
65
65
|
|
angr/protos/__init__.py
CHANGED
angr/sim_manager.py
CHANGED
|
@@ -10,6 +10,7 @@ from types import TracebackType
|
|
|
10
10
|
import claripy
|
|
11
11
|
import mulpyplexer
|
|
12
12
|
|
|
13
|
+
from .exploration_techniques import ExplorationTechnique, Veritesting, Threading, Explorer, Suggestions
|
|
13
14
|
from .misc.hookset import HookSet
|
|
14
15
|
from .misc.ux import once
|
|
15
16
|
from .misc.picklable_lock import PicklableLock
|
|
@@ -154,10 +155,10 @@ class SimulationManager:
|
|
|
154
155
|
self.use_technique(t)
|
|
155
156
|
|
|
156
157
|
def __repr__(self):
|
|
157
|
-
stashes_repr = ", ".join(("
|
|
158
|
+
stashes_repr = ", ".join((f"{len(v)} {k}") for k, v in self._stashes.items() if len(v) != 0)
|
|
158
159
|
if not stashes_repr:
|
|
159
160
|
stashes_repr = "all stashes empty"
|
|
160
|
-
errored_repr = " (
|
|
161
|
+
errored_repr = f" ({len(self.errored)} errored)" if self.errored else ""
|
|
161
162
|
return f"<SimulationManager with {stashes_repr}{errored_repr}>"
|
|
162
163
|
|
|
163
164
|
def __getattr__(self, item):
|
|
@@ -968,6 +969,3 @@ class ErrorRecord:
|
|
|
968
969
|
|
|
969
970
|
def __eq__(self, other):
|
|
970
971
|
return self is other or self.state is other
|
|
971
|
-
|
|
972
|
-
|
|
973
|
-
from .exploration_techniques import ExplorationTechnique, Veritesting, Threading, Explorer, Suggestions
|
angr/sim_state.py
CHANGED
|
@@ -5,12 +5,14 @@ import functools
|
|
|
5
5
|
import itertools
|
|
6
6
|
import logging
|
|
7
7
|
import weakref
|
|
8
|
-
from typing import TypeVar, TYPE_CHECKING
|
|
8
|
+
from typing import Any, TypeVar, TYPE_CHECKING, Generic
|
|
9
|
+
from collections.abc import Callable
|
|
9
10
|
|
|
10
11
|
import archinfo
|
|
11
|
-
import claripy
|
|
12
12
|
from archinfo import Arch
|
|
13
13
|
from archinfo.arch_soot import SootAddressDescriptor
|
|
14
|
+
import claripy
|
|
15
|
+
from cle import Clemory
|
|
14
16
|
|
|
15
17
|
from . import sim_options as o
|
|
16
18
|
from .errors import SimMergeError, SimValueError, SimStateError, SimSolverModeError
|
|
@@ -27,6 +29,8 @@ if TYPE_CHECKING:
|
|
|
27
29
|
from .state_plugins.inspect import SimInspector
|
|
28
30
|
from .state_plugins.jni_references import SimStateJNIReferences
|
|
29
31
|
from .state_plugins.scratch import SimStateScratch
|
|
32
|
+
from angr.project import Project
|
|
33
|
+
from angr.simos.javavm import SimJavaVM
|
|
30
34
|
|
|
31
35
|
|
|
32
36
|
l = logging.getLogger(name=__name__)
|
|
@@ -48,9 +52,12 @@ merge_counter = itertools.count()
|
|
|
48
52
|
|
|
49
53
|
_complained_se = False
|
|
50
54
|
|
|
55
|
+
IPTypeConc = TypeVar("IPTypeConc")
|
|
56
|
+
IPTypeSym = TypeVar("IPTypeSym")
|
|
57
|
+
|
|
51
58
|
|
|
52
59
|
# pylint: disable=not-callable
|
|
53
|
-
class SimState(PluginHub):
|
|
60
|
+
class SimState(Generic[IPTypeConc, IPTypeSym], PluginHub[SimStatePlugin]):
|
|
54
61
|
"""
|
|
55
62
|
The SimState represents the state of a program, including its memory, registers, and so forth.
|
|
56
63
|
|
|
@@ -88,23 +95,23 @@ class SimState(PluginHub):
|
|
|
88
95
|
|
|
89
96
|
def __init__(
|
|
90
97
|
self,
|
|
91
|
-
project=None,
|
|
92
|
-
arch=None,
|
|
93
|
-
plugins=None,
|
|
94
|
-
mode=None,
|
|
95
|
-
options=None,
|
|
96
|
-
add_options=None,
|
|
97
|
-
remove_options=None,
|
|
98
|
-
special_memory_filler=None,
|
|
99
|
-
os_name=None,
|
|
100
|
-
plugin_preset="default",
|
|
101
|
-
cle_memory_backer=None,
|
|
102
|
-
dict_memory_backer=None,
|
|
103
|
-
permissions_map=None,
|
|
104
|
-
default_permissions=3,
|
|
105
|
-
stack_perms=None,
|
|
106
|
-
stack_end=None,
|
|
107
|
-
stack_size=None,
|
|
98
|
+
project: Project | None = None,
|
|
99
|
+
arch: Arch | None = None,
|
|
100
|
+
plugins: dict[str, SimStatePlugin] | None = None,
|
|
101
|
+
mode: str | None = None,
|
|
102
|
+
options: set[str] | list[str] | SimStateOptions | None = None,
|
|
103
|
+
add_options: set[str] | None = None,
|
|
104
|
+
remove_options: set[str] | None = None,
|
|
105
|
+
special_memory_filler: Callable[[str, int, int, SimState], Any] | None = None,
|
|
106
|
+
os_name: str | None = None,
|
|
107
|
+
plugin_preset: str = "default",
|
|
108
|
+
cle_memory_backer: Clemory | None = None,
|
|
109
|
+
dict_memory_backer: dict[int, bytes] | None = None,
|
|
110
|
+
permissions_map: dict[tuple[int, int], int] | None = None,
|
|
111
|
+
default_permissions: int = 3,
|
|
112
|
+
stack_perms: int | None = None,
|
|
113
|
+
stack_end: int | None = None,
|
|
114
|
+
stack_size: int | None = None,
|
|
108
115
|
regioned_memory_cls=None,
|
|
109
116
|
**kwargs,
|
|
110
117
|
):
|
|
@@ -118,7 +125,9 @@ class SimState(PluginHub):
|
|
|
118
125
|
self._is_java_jni_project = self.project and self.project.is_java_jni_project
|
|
119
126
|
|
|
120
127
|
# Arch
|
|
121
|
-
if self._is_java_jni_project:
|
|
128
|
+
if self._is_java_jni_project and project is not None:
|
|
129
|
+
if TYPE_CHECKING:
|
|
130
|
+
assert isinstance(project.simos, SimJavaVM)
|
|
122
131
|
self._arch = {"soot": project.arch, "vex": project.simos.native_simos.arch}
|
|
123
132
|
# This flag indicates whether the current ip is a native address or
|
|
124
133
|
# a soot address descriptor.
|
|
@@ -177,6 +186,7 @@ class SimState(PluginHub):
|
|
|
177
186
|
# we have no choice but to use the 'default' plugin preset.
|
|
178
187
|
if self.plugin_preset is None:
|
|
179
188
|
self.use_plugin_preset("default")
|
|
189
|
+
assert self.plugin_preset is not None
|
|
180
190
|
|
|
181
191
|
# Determine memory backend
|
|
182
192
|
if self._is_java_project and not self._is_java_jni_project:
|
|
@@ -186,16 +196,14 @@ class SimState(PluginHub):
|
|
|
186
196
|
elif o.ABSTRACT_MEMORY in self.options:
|
|
187
197
|
# We use SimAbstractMemory in static mode.
|
|
188
198
|
# Convert memory_backer into 'global' region.
|
|
189
|
-
if cle_memory_backer is not None
|
|
190
|
-
|
|
191
|
-
if dict_memory_backer is not None:
|
|
192
|
-
dict_memory_backer = {"global": dict_memory_backer}
|
|
199
|
+
cle_memory_backer_map = {"global": cle_memory_backer} if cle_memory_backer is not None else None
|
|
200
|
+
dict_memory_backer_map = {"global": dict_memory_backer} if dict_memory_backer is not None else None
|
|
193
201
|
|
|
194
202
|
# TODO: support permissions backer in SimAbstractMemory
|
|
195
203
|
sim_memory_cls = self.plugin_preset.request_plugin("abs_memory")
|
|
196
204
|
sim_memory = sim_memory_cls(
|
|
197
|
-
cle_memory_backer=
|
|
198
|
-
dict_memory_backer=
|
|
205
|
+
cle_memory_backer=cle_memory_backer_map,
|
|
206
|
+
dict_memory_backer=dict_memory_backer_map,
|
|
199
207
|
memory_id="mem",
|
|
200
208
|
regioned_memory_cls=regioned_memory_cls,
|
|
201
209
|
)
|
|
@@ -234,6 +242,7 @@ class SimState(PluginHub):
|
|
|
234
242
|
# Same as for 'memory' plugin.
|
|
235
243
|
if self.plugin_preset is None:
|
|
236
244
|
self.use_plugin_preset("default")
|
|
245
|
+
assert self.plugin_preset is not None
|
|
237
246
|
|
|
238
247
|
# Get register endness
|
|
239
248
|
if self._is_java_jni_project:
|
|
@@ -322,17 +331,6 @@ class SimState(PluginHub):
|
|
|
322
331
|
# TODO: This shouldn't be access directly.
|
|
323
332
|
return self._active_plugins
|
|
324
333
|
|
|
325
|
-
@property
|
|
326
|
-
def se(self):
|
|
327
|
-
"""
|
|
328
|
-
Deprecated alias for `solver`
|
|
329
|
-
"""
|
|
330
|
-
global _complained_se
|
|
331
|
-
if not _complained_se:
|
|
332
|
-
_complained_se = True
|
|
333
|
-
l.critical("The name state.se is deprecated; please use state.solver.")
|
|
334
|
-
return self.get_plugin("solver")
|
|
335
|
-
|
|
336
334
|
@property
|
|
337
335
|
def ip(self):
|
|
338
336
|
"""
|
|
@@ -348,7 +346,7 @@ class SimState(PluginHub):
|
|
|
348
346
|
self.regs.ip = val
|
|
349
347
|
|
|
350
348
|
@property
|
|
351
|
-
def _ip(self):
|
|
349
|
+
def _ip(self) -> IPTypeSym:
|
|
352
350
|
"""
|
|
353
351
|
Get the instruction pointer expression without triggering SimInspect breakpoints or generating SimActions.
|
|
354
352
|
|
|
@@ -360,7 +358,7 @@ class SimState(PluginHub):
|
|
|
360
358
|
raise TypeError(str(e)) from e
|
|
361
359
|
|
|
362
360
|
@_ip.setter
|
|
363
|
-
def _ip(self, val):
|
|
361
|
+
def _ip(self, val: IPTypeSym | IPTypeConc):
|
|
364
362
|
"""
|
|
365
363
|
Set the instruction pointer without triggering SimInspect breakpoints or generating SimActions.
|
|
366
364
|
|
|
@@ -373,7 +371,7 @@ class SimState(PluginHub):
|
|
|
373
371
|
raise TypeError(str(e)) from e
|
|
374
372
|
|
|
375
373
|
@property
|
|
376
|
-
def addr(self):
|
|
374
|
+
def addr(self) -> IPTypeConc:
|
|
377
375
|
"""
|
|
378
376
|
Get the concrete address of the instruction pointer, without triggering SimInspect breakpoints or generating
|
|
379
377
|
SimActions. An integer is returned, or an exception is raised if the instruction pointer is symbolic.
|
|
@@ -600,7 +598,7 @@ class SimState(PluginHub):
|
|
|
600
598
|
|
|
601
599
|
if merge_conditions is None:
|
|
602
600
|
# TODO: maybe make the length of this smaller? Maybe: math.ceil(math.log(len(others)+1, 2))
|
|
603
|
-
merge_flag = claripy.BVS("state_merge_
|
|
601
|
+
merge_flag = claripy.BVS(f"state_merge_{next(merge_counter)}", 16)
|
|
604
602
|
merge_values = range(len(others) + 1)
|
|
605
603
|
merge_conditions = [merge_flag == b for b in merge_values]
|
|
606
604
|
else:
|
angr/sim_state_options.py
CHANGED
|
@@ -11,11 +11,11 @@ class StateOption:
|
|
|
11
11
|
"""
|
|
12
12
|
|
|
13
13
|
__slots__ = (
|
|
14
|
-
"
|
|
15
|
-
"types",
|
|
14
|
+
"_one_type",
|
|
16
15
|
"default",
|
|
17
16
|
"description",
|
|
18
|
-
"
|
|
17
|
+
"name",
|
|
18
|
+
"types",
|
|
19
19
|
)
|
|
20
20
|
|
|
21
21
|
def __init__(self, name, types, default=_NO_DEFAULT_VALUE, description=None):
|
angr/sim_type.py
CHANGED
|
@@ -428,7 +428,7 @@ class SimTypeInt(SimTypeReg):
|
|
|
428
428
|
name = "unsigned " + name
|
|
429
429
|
|
|
430
430
|
try:
|
|
431
|
-
return name
|
|
431
|
+
return f"{name} ({self.size} bits)"
|
|
432
432
|
except ValueError:
|
|
433
433
|
return name
|
|
434
434
|
|
|
@@ -516,7 +516,7 @@ class SimTypeFixedSizeInt(SimTypeInt):
|
|
|
516
516
|
name = "u" + name
|
|
517
517
|
|
|
518
518
|
try:
|
|
519
|
-
return name
|
|
519
|
+
return f"{name} ({self.size} bits)"
|
|
520
520
|
except ValueError:
|
|
521
521
|
return name
|
|
522
522
|
|
|
@@ -535,6 +535,11 @@ class SimTypeInt256(SimTypeFixedSizeInt):
|
|
|
535
535
|
_fixed_size = 256
|
|
536
536
|
|
|
537
537
|
|
|
538
|
+
class SimTypeInt512(SimTypeFixedSizeInt):
|
|
539
|
+
_base_name = "int512_t"
|
|
540
|
+
_fixed_size = 512
|
|
541
|
+
|
|
542
|
+
|
|
538
543
|
class SimTypeChar(SimTypeReg):
|
|
539
544
|
"""
|
|
540
545
|
SimTypeChar is a type that specifies a character;
|
|
@@ -773,12 +778,8 @@ class SimTypePointer(SimTypeReg):
|
|
|
773
778
|
return out
|
|
774
779
|
|
|
775
780
|
def _init_str(self):
|
|
776
|
-
|
|
777
|
-
|
|
778
|
-
self.pts_to._init_str(),
|
|
779
|
-
(f', label="{self.label}"') if self.label is not None else "",
|
|
780
|
-
self.offset,
|
|
781
|
-
)
|
|
781
|
+
label_str = f', label="{self.label}"' if self.label is not None else ""
|
|
782
|
+
return f"{self.__class__.__name__}({self.pts_to._init_str()}{label_str}, offset={self.offset})"
|
|
782
783
|
|
|
783
784
|
def copy(self):
|
|
784
785
|
return SimTypePointer(self.pts_to, label=self.label, offset=self.offset)
|
|
@@ -1277,7 +1278,7 @@ class SimTypeLength(SimTypeLong):
|
|
|
1277
1278
|
return self._arch.bits
|
|
1278
1279
|
|
|
1279
1280
|
def _init_str(self):
|
|
1280
|
-
return "
|
|
1281
|
+
return f"{self.__class__.__name__}(size={self.size})"
|
|
1281
1282
|
|
|
1282
1283
|
def copy(self):
|
|
1283
1284
|
return SimTypeLength(signed=self.signed, addr=self.addr, length=self.length, label=self.label)
|
|
@@ -1317,7 +1318,7 @@ class SimTypeFloat(SimTypeReg):
|
|
|
1317
1318
|
return "float"
|
|
1318
1319
|
|
|
1319
1320
|
def _init_str(self):
|
|
1320
|
-
return "
|
|
1321
|
+
return f"{self.__class__.__name__}(size={self.size})"
|
|
1321
1322
|
|
|
1322
1323
|
def copy(self):
|
|
1323
1324
|
return SimTypeFloat(self.size)
|
|
@@ -1505,7 +1506,7 @@ class SimStruct(NamedTypeMixin, SimType):
|
|
|
1505
1506
|
raise TypeError(f"Can't store struct of type {type(value)}")
|
|
1506
1507
|
|
|
1507
1508
|
if len(value) != len(self.fields):
|
|
1508
|
-
raise ValueError("Passed bad values for
|
|
1509
|
+
raise ValueError(f"Passed bad values for {self}; expected {len(self.offsets)}, got {len(value)}")
|
|
1509
1510
|
|
|
1510
1511
|
for field, offset in self.offsets.items():
|
|
1511
1512
|
ty = self.fields[field]
|
|
@@ -1788,7 +1789,7 @@ class SimCppClass(SimStruct):
|
|
|
1788
1789
|
raise TypeError(f"Can't store struct of type {type(value)}")
|
|
1789
1790
|
|
|
1790
1791
|
if len(value) != len(self.fields):
|
|
1791
|
-
raise ValueError("Passed bad values for
|
|
1792
|
+
raise ValueError(f"Passed bad values for {self}; expected {len(self.offsets)}, got {len(value)}")
|
|
1792
1793
|
|
|
1793
1794
|
for field, offset in self.offsets.items():
|
|
1794
1795
|
ty = self.fields[field]
|
|
@@ -3502,7 +3503,7 @@ def parse_cpp_file(cpp_decl, with_param_names: bool = False):
|
|
|
3502
3503
|
idx = s.find(",", last_pos)
|
|
3503
3504
|
if idx == -1:
|
|
3504
3505
|
break
|
|
3505
|
-
arg_name = "a
|
|
3506
|
+
arg_name = f"a{i}"
|
|
3506
3507
|
i += 1
|
|
3507
3508
|
s = s[:idx] + " " + arg_name + s[idx:]
|
|
3508
3509
|
last_pos = idx + len(arg_name) + 1 + 1
|
|
@@ -3511,7 +3512,7 @@ def parse_cpp_file(cpp_decl, with_param_names: bool = False):
|
|
|
3511
3512
|
idx = s.find(")", last_pos)
|
|
3512
3513
|
# TODO: consider the case where there are one or multiple spaces between ( and )
|
|
3513
3514
|
if idx != -1 and s[idx - 1] != "(":
|
|
3514
|
-
arg_name = "a
|
|
3515
|
+
arg_name = f"a{i}"
|
|
3515
3516
|
s = s[:idx] + " " + arg_name + s[idx:]
|
|
3516
3517
|
|
|
3517
3518
|
# CppHeaderParser does not like missing function body
|
angr/sim_variable.py
CHANGED
|
@@ -13,16 +13,18 @@ if TYPE_CHECKING:
|
|
|
13
13
|
|
|
14
14
|
class SimVariable(Serializable):
|
|
15
15
|
__slots__ = [
|
|
16
|
+
"candidate_names",
|
|
17
|
+
"category",
|
|
16
18
|
"ident",
|
|
17
19
|
"name",
|
|
18
20
|
"region",
|
|
19
|
-
"category",
|
|
20
21
|
"renamed",
|
|
21
|
-
"candidate_names",
|
|
22
22
|
"size",
|
|
23
23
|
]
|
|
24
24
|
|
|
25
|
-
def __init__(
|
|
25
|
+
def __init__(
|
|
26
|
+
self, size: int, ident: str | None = None, name: str | None = None, region: int | None = None, category=None
|
|
27
|
+
):
|
|
26
28
|
"""
|
|
27
29
|
:param ident: A unique identifier provided by user or the program. Usually a string.
|
|
28
30
|
:param str name: Name of this variable.
|
|
@@ -85,9 +87,9 @@ class SimVariable(Serializable):
|
|
|
85
87
|
|
|
86
88
|
|
|
87
89
|
class SimConstantVariable(SimVariable):
|
|
88
|
-
__slots__ = ["
|
|
90
|
+
__slots__ = ["_hash", "value"]
|
|
89
91
|
|
|
90
|
-
def __init__(self, ident=None, value=None, region=None
|
|
92
|
+
def __init__(self, size: int, ident=None, value=None, region=None):
|
|
91
93
|
super().__init__(ident=ident, region=region, size=size)
|
|
92
94
|
self.value = value
|
|
93
95
|
self._hash = None
|
|
@@ -120,23 +122,23 @@ class SimConstantVariable(SimVariable):
|
|
|
120
122
|
|
|
121
123
|
|
|
122
124
|
class SimTemporaryVariable(SimVariable):
|
|
123
|
-
__slots__ = ["
|
|
125
|
+
__slots__ = ["_hash", "tmp_id"]
|
|
124
126
|
|
|
125
|
-
def __init__(self, tmp_id, size
|
|
127
|
+
def __init__(self, tmp_id: int, size: int):
|
|
126
128
|
SimVariable.__init__(self, size=size)
|
|
127
129
|
|
|
128
130
|
self.tmp_id = tmp_id
|
|
129
131
|
self._hash = None
|
|
130
132
|
|
|
131
133
|
def __repr__(self):
|
|
132
|
-
return "<tmp
|
|
134
|
+
return f"<tmp {self.tmp_id}>"
|
|
133
135
|
|
|
134
136
|
def loc_repr(self, arch):
|
|
135
137
|
return f"tmp #{self.tmp_id}"
|
|
136
138
|
|
|
137
139
|
def __hash__(self):
|
|
138
140
|
if self._hash is None:
|
|
139
|
-
self._hash = hash("tmp_
|
|
141
|
+
self._hash = hash(f"tmp_{self.tmp_id}")
|
|
140
142
|
return self._hash
|
|
141
143
|
|
|
142
144
|
def __eq__(self, other):
|
|
@@ -162,18 +164,18 @@ class SimTemporaryVariable(SimVariable):
|
|
|
162
164
|
|
|
163
165
|
@classmethod
|
|
164
166
|
def parse_from_cmessage(cls, cmsg, **kwargs):
|
|
165
|
-
obj = cls(cmsg.tmp_id)
|
|
167
|
+
obj = cls(cmsg.tmp_id, cmsg.base.size)
|
|
166
168
|
obj._from_base(cmsg)
|
|
167
169
|
return obj
|
|
168
170
|
|
|
169
171
|
|
|
170
172
|
class SimRegisterVariable(SimVariable):
|
|
171
|
-
__slots__ = ["
|
|
173
|
+
__slots__ = ["_hash", "reg"]
|
|
172
174
|
|
|
173
|
-
def __init__(self, reg_offset, size, ident=None, name=None, region=None, category=None):
|
|
175
|
+
def __init__(self, reg_offset: int, size: int, ident=None, name=None, region=None, category=None):
|
|
174
176
|
SimVariable.__init__(self, ident=ident, name=name, region=region, category=category, size=size)
|
|
175
177
|
|
|
176
|
-
self.reg
|
|
178
|
+
self.reg = reg_offset
|
|
177
179
|
self._hash: int | None = None
|
|
178
180
|
|
|
179
181
|
@property
|
|
@@ -234,9 +236,9 @@ class SimRegisterVariable(SimVariable):
|
|
|
234
236
|
|
|
235
237
|
|
|
236
238
|
class SimMemoryVariable(SimVariable):
|
|
237
|
-
__slots__ = ["
|
|
239
|
+
__slots__ = ["_hash", "addr"]
|
|
238
240
|
|
|
239
|
-
def __init__(self, addr, size, ident=None, name=None, region=None, category=None):
|
|
241
|
+
def __init__(self, addr, size: int, ident=None, name=None, region=None, category=None):
|
|
240
242
|
SimVariable.__init__(self, ident=ident, name=name, region=region, category=category, size=size)
|
|
241
243
|
|
|
242
244
|
self.addr = addr
|
|
@@ -249,12 +251,10 @@ class SimMemoryVariable(SimVariable):
|
|
|
249
251
|
self._hash = None
|
|
250
252
|
|
|
251
253
|
def __repr__(self):
|
|
252
|
-
size = "%d" % self.size if type(self.size) is int else f"{self.size}"
|
|
253
|
-
|
|
254
254
|
if type(self.addr) is int:
|
|
255
|
-
s = f"<{self.name}: {self.region}-Mem {self.addr:#x} {size}>"
|
|
255
|
+
s = f"<{self.name}: {self.region}-Mem {self.addr:#x} {self.size}>"
|
|
256
256
|
else:
|
|
257
|
-
s = f"<{self.name}: {self.region}-Mem {self.addr} {size}>"
|
|
257
|
+
s = f"<{self.name}: {self.region}-Mem {self.addr} {self.size}>"
|
|
258
258
|
|
|
259
259
|
return s
|
|
260
260
|
|
|
@@ -309,11 +309,13 @@ class SimMemoryVariable(SimVariable):
|
|
|
309
309
|
class SimStackVariable(SimMemoryVariable):
|
|
310
310
|
__slots__ = (
|
|
311
311
|
"base",
|
|
312
|
-
"offset",
|
|
313
312
|
"base_addr",
|
|
313
|
+
"offset",
|
|
314
314
|
)
|
|
315
315
|
|
|
316
|
-
def __init__(
|
|
316
|
+
def __init__(
|
|
317
|
+
self, offset: int, size: int, base="sp", base_addr=None, ident=None, name=None, region=None, category=None
|
|
318
|
+
):
|
|
317
319
|
if isinstance(offset, int) and offset > 0x1000000:
|
|
318
320
|
# I don't think any positive stack offset will be greater than that...
|
|
319
321
|
# convert it to a negative number
|
|
@@ -329,8 +331,6 @@ class SimStackVariable(SimMemoryVariable):
|
|
|
329
331
|
self.base_addr = base_addr
|
|
330
332
|
|
|
331
333
|
def __repr__(self):
|
|
332
|
-
size = "%d" % self.size if type(self.size) is int else f"{self.size}"
|
|
333
|
-
|
|
334
334
|
prefix = f"{self.name}(stack)" if self.name is not None else "Stack"
|
|
335
335
|
ident = f"[{self.ident}]" if self.ident else ""
|
|
336
336
|
region_str = hex(self.region) if isinstance(self.region, int) else self.region
|
|
@@ -343,9 +343,9 @@ class SimStackVariable(SimMemoryVariable):
|
|
|
343
343
|
else:
|
|
344
344
|
offset = ""
|
|
345
345
|
|
|
346
|
-
s = f"<{region_str}{ident}|{prefix} {self.base}{offset}, {size} B>"
|
|
346
|
+
s = f"<{region_str}{ident}|{prefix} {self.base}{offset}, {self.size} B>"
|
|
347
347
|
else:
|
|
348
|
-
s = f"<{region_str}{ident}|{prefix} {self.base}{self.addr}, {size} B>"
|
|
348
|
+
s = f"<{region_str}{ident}|{prefix} {self.base}{self.addr}, {self.size} B>"
|
|
349
349
|
|
|
350
350
|
return s
|
|
351
351
|
|
|
@@ -422,16 +422,15 @@ class SimVariableSet(collections.abc.MutableSet):
|
|
|
422
422
|
# For the sake of performance, we have another set that stores memory addresses of memory_variables
|
|
423
423
|
self.memory_variable_addresses = set()
|
|
424
424
|
|
|
425
|
-
def add(self,
|
|
426
|
-
if type(
|
|
427
|
-
if not self.contains_register_variable(
|
|
428
|
-
self.add_register_variable(
|
|
429
|
-
elif type(
|
|
430
|
-
if not self.contains_memory_variable(
|
|
431
|
-
self.add_memory_variable(
|
|
425
|
+
def add(self, value):
|
|
426
|
+
if type(value) is SimRegisterVariable:
|
|
427
|
+
if not self.contains_register_variable(value):
|
|
428
|
+
self.add_register_variable(value)
|
|
429
|
+
elif type(value) is SimMemoryVariable:
|
|
430
|
+
if not self.contains_memory_variable(value):
|
|
431
|
+
self.add_memory_variable(value)
|
|
432
432
|
else:
|
|
433
|
-
|
|
434
|
-
raise Exception("WTF")
|
|
433
|
+
assert False, "Unknown type"
|
|
435
434
|
|
|
436
435
|
def add_register_variable(self, reg_var):
|
|
437
436
|
self.register_variables.add(reg_var)
|
|
@@ -443,16 +442,15 @@ class SimVariableSet(collections.abc.MutableSet):
|
|
|
443
442
|
for i in range(mem_var.size):
|
|
444
443
|
self.memory_variable_addresses.add(base_address + i)
|
|
445
444
|
|
|
446
|
-
def discard(self,
|
|
447
|
-
if type(
|
|
448
|
-
if self.contains_register_variable(
|
|
449
|
-
self.discard_register_variable(
|
|
450
|
-
elif isinstance(
|
|
451
|
-
if self.contains_memory_variable(
|
|
452
|
-
self.discard_memory_variable(
|
|
445
|
+
def discard(self, value):
|
|
446
|
+
if type(value) is SimRegisterVariable:
|
|
447
|
+
if self.contains_register_variable(value):
|
|
448
|
+
self.discard_register_variable(value)
|
|
449
|
+
elif isinstance(value, SimMemoryVariable):
|
|
450
|
+
if self.contains_memory_variable(value):
|
|
451
|
+
self.discard_memory_variable(value)
|
|
453
452
|
else:
|
|
454
|
-
|
|
455
|
-
raise Exception("")
|
|
453
|
+
assert False, "Unknown type"
|
|
456
454
|
|
|
457
455
|
def discard_register_variable(self, reg_var):
|
|
458
456
|
self.register_variables.remove(reg_var)
|
|
@@ -528,5 +526,4 @@ class SimVariableSet(collections.abc.MutableSet):
|
|
|
528
526
|
# TODO: Make it better!
|
|
529
527
|
return self.contains_memory_variable(item)
|
|
530
528
|
|
|
531
|
-
|
|
532
|
-
raise Exception("WTF is this variable?")
|
|
529
|
+
assert False, "WTF is this variable?"
|
angr/simos/__init__.py
CHANGED
|
@@ -34,12 +34,12 @@ register_simos("snimmuc_nxp", SimSnimmucNxp)
|
|
|
34
34
|
|
|
35
35
|
|
|
36
36
|
__all__ = (
|
|
37
|
-
"SimOS",
|
|
38
|
-
"SimUserland",
|
|
39
|
-
"SimLinux",
|
|
40
37
|
"SimCGC",
|
|
41
|
-
"SimWindows",
|
|
42
38
|
"SimJavaVM",
|
|
39
|
+
"SimLinux",
|
|
40
|
+
"SimOS",
|
|
43
41
|
"SimSnimmucNxp",
|
|
42
|
+
"SimUserland",
|
|
43
|
+
"SimWindows",
|
|
44
44
|
"os_mapping",
|
|
45
45
|
)
|
angr/simos/cgc.py
CHANGED
|
@@ -50,7 +50,7 @@ class SimCGC(SimUserland):
|
|
|
50
50
|
|
|
51
51
|
# Set up the flag page
|
|
52
52
|
if flag_page is None:
|
|
53
|
-
flag_page = [s.solver.BVS("cgc-flag-byte
|
|
53
|
+
flag_page = [s.solver.BVS(f"cgc-flag-byte-{i}", 8, key=("flag", i), eternal=True) for i in range(0x1000)]
|
|
54
54
|
elif type(flag_page) is bytes:
|
|
55
55
|
flag_page = [claripy.BVV(c, 8) for c in flag_page]
|
|
56
56
|
elif type(flag_page) is list:
|
angr/simos/simos.py
CHANGED
|
@@ -214,7 +214,7 @@ class SimOS:
|
|
|
214
214
|
empty_bools = [((val >> (x * 2)) & 3) == 3 for x in range(8)]
|
|
215
215
|
tag_chars = [claripy.BVV(0 if x else 1, 8) for x in empty_bools]
|
|
216
216
|
for i, tag in enumerate(tag_chars):
|
|
217
|
-
setattr(state.regs, "fpu_t
|
|
217
|
+
setattr(state.regs, f"fpu_t{i}", tag)
|
|
218
218
|
elif reg in ("fiseg", "fioff", "foseg", "fooff", "fop"):
|
|
219
219
|
pass
|
|
220
220
|
elif reg == "mxcsr":
|
angr/simos/userland.py
CHANGED
|
@@ -149,7 +149,7 @@ class SimUserland(SimOS):
|
|
|
149
149
|
raise AngrUnsupportedSyscallError(f"{self.name} does not have a library of syscalls implemented")
|
|
150
150
|
proc = P["stubs"]["syscall"]()
|
|
151
151
|
elif not allow_unsupported and not self.syscall_library.has_implementation(number, self.arch, abilist):
|
|
152
|
-
raise AngrUnsupportedSyscallError("No implementation for syscall
|
|
152
|
+
raise AngrUnsupportedSyscallError(f"No implementation for syscall {number}")
|
|
153
153
|
else:
|
|
154
154
|
proc = self.syscall_library.get(number, self.arch, abilist)
|
|
155
155
|
|