angr 9.2.132__py3-none-manylinux2014_aarch64.whl → 9.2.134__py3-none-manylinux2014_aarch64.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of angr might be problematic. Click here for more details.
- angr/__init__.py +128 -128
- angr/analyses/__init__.py +38 -38
- angr/analyses/backward_slice.py +3 -4
- angr/analyses/binary_optimizer.py +5 -12
- angr/analyses/bindiff.py +3 -6
- angr/analyses/calling_convention.py +3 -4
- angr/analyses/cfg/__init__.py +3 -3
- angr/analyses/cfg/cfg_base.py +1 -1
- angr/analyses/cfg/cfg_fast.py +17 -15
- angr/analyses/cfg/indirect_jump_resolvers/__init__.py +5 -5
- angr/analyses/cfg/indirect_jump_resolvers/amd64_elf_got.py +1 -1
- angr/analyses/cfg/indirect_jump_resolvers/jumptable.py +15 -13
- angr/analyses/data_dep/__init__.py +4 -4
- angr/analyses/datagraph_meta.py +1 -1
- angr/analyses/ddg.py +2 -6
- angr/analyses/decompiler/__init__.py +12 -12
- angr/analyses/decompiler/ail_simplifier.py +21 -10
- angr/analyses/decompiler/block_similarity.py +2 -4
- angr/analyses/decompiler/callsite_maker.py +1 -1
- angr/analyses/decompiler/ccall_rewriters/rewriter_base.py +1 -1
- angr/analyses/decompiler/clinic.py +14 -7
- angr/analyses/decompiler/condition_processor.py +45 -29
- angr/analyses/decompiler/counters/__init__.py +3 -3
- angr/analyses/decompiler/decompilation_cache.py +7 -7
- angr/analyses/decompiler/dephication/__init__.py +1 -1
- angr/analyses/decompiler/dephication/graph_vvar_mapping.py +11 -3
- angr/analyses/decompiler/expression_narrower.py +1 -1
- angr/analyses/decompiler/graph_region.py +8 -8
- angr/analyses/decompiler/optimization_passes/__init__.py +20 -20
- angr/analyses/decompiler/optimization_passes/deadblock_remover.py +1 -2
- angr/analyses/decompiler/optimization_passes/duplication_reverter/duplication_reverter.py +8 -7
- angr/analyses/decompiler/optimization_passes/duplication_reverter/utils.py +1 -3
- angr/analyses/decompiler/optimization_passes/engine_base.py +1 -1
- angr/analyses/decompiler/optimization_passes/inlined_string_transformation_simplifier.py +2 -4
- angr/analyses/decompiler/optimization_passes/ite_region_converter.py +2 -5
- angr/analyses/decompiler/optimization_passes/lowered_switch_simplifier.py +5 -5
- angr/analyses/decompiler/optimization_passes/mod_simplifier.py +9 -3
- angr/analyses/decompiler/optimization_passes/optimization_pass.py +3 -0
- angr/analyses/decompiler/optimization_passes/stack_canary_simplifier.py +9 -5
- angr/analyses/decompiler/peephole_optimizations/__init__.py +1 -1
- angr/analyses/decompiler/peephole_optimizations/base.py +6 -6
- angr/analyses/decompiler/peephole_optimizations/rewrite_bit_extractions.py +1 -1
- angr/analyses/decompiler/presets/__init__.py +1 -1
- angr/analyses/decompiler/region_simplifiers/expr_folding.py +3 -3
- angr/analyses/decompiler/region_simplifiers/switch_cluster_simplifier.py +8 -12
- angr/analyses/decompiler/ssailification/rewriting_engine.py +1 -1
- angr/analyses/decompiler/structured_codegen/__init__.py +5 -5
- angr/analyses/decompiler/structured_codegen/base.py +3 -3
- angr/analyses/decompiler/structured_codegen/c.py +49 -42
- angr/analyses/decompiler/structuring/__init__.py +3 -3
- angr/analyses/decompiler/structuring/phoenix.py +19 -20
- angr/analyses/decompiler/structuring/structurer_base.py +2 -2
- angr/analyses/decompiler/structuring/structurer_nodes.py +14 -14
- angr/analyses/deobfuscator/__init__.py +3 -3
- angr/analyses/deobfuscator/string_obf_opt_passes.py +1 -1
- angr/analyses/disassembly.py +4 -4
- angr/analyses/forward_analysis/__init__.py +1 -1
- angr/analyses/forward_analysis/visitors/graph.py +6 -6
- angr/analyses/loop_analysis.py +1 -1
- angr/analyses/loopfinder.py +1 -1
- angr/analyses/propagator/outdated_definition_walker.py +12 -6
- angr/analyses/propagator/vex_vars.py +3 -3
- angr/analyses/reaching_definitions/__init__.py +9 -9
- angr/analyses/reaching_definitions/call_trace.py +2 -2
- angr/analyses/reaching_definitions/function_handler_library/__init__.py +1 -1
- angr/analyses/reaching_definitions/rd_state.py +10 -10
- angr/analyses/reassembler.py +26 -31
- angr/analyses/s_liveness.py +8 -0
- angr/analyses/s_reaching_definitions/s_rda_view.py +2 -5
- angr/analyses/stack_pointer_tracker.py +4 -4
- angr/analyses/typehoon/simple_solver.py +7 -9
- angr/analyses/typehoon/translator.py +2 -2
- angr/analyses/typehoon/typeconsts.py +1 -1
- angr/analyses/typehoon/typevars.py +17 -19
- angr/analyses/unpacker/__init__.py +1 -1
- angr/analyses/variable_recovery/engine_base.py +3 -4
- angr/analyses/variable_recovery/variable_recovery_base.py +1 -1
- angr/analyses/variable_recovery/variable_recovery_fast.py +2 -6
- angr/analyses/veritesting.py +2 -2
- angr/analyses/vfg.py +5 -5
- angr/angrdb/serializers/__init__.py +1 -1
- angr/annocfg.py +1 -1
- angr/blade.py +2 -2
- angr/block.py +16 -16
- angr/calling_conventions.py +11 -13
- angr/code_location.py +6 -10
- angr/codenode.py +3 -3
- angr/engines/__init__.py +12 -14
- angr/engines/engine.py +1 -54
- angr/engines/light/__init__.py +4 -4
- angr/engines/light/data.py +1 -1
- angr/engines/pcode/__init__.py +1 -1
- angr/engines/pcode/behavior.py +1 -1
- angr/engines/pcode/lifter.py +13 -15
- angr/engines/soot/expressions/__init__.py +12 -12
- angr/engines/soot/statements/__init__.py +6 -6
- angr/engines/soot/values/__init__.py +6 -6
- angr/engines/soot/values/arrayref.py +2 -2
- angr/engines/soot/values/constants.py +1 -1
- angr/engines/soot/values/instancefieldref.py +1 -1
- angr/engines/soot/values/paramref.py +1 -1
- angr/engines/soot/values/staticfieldref.py +1 -1
- angr/engines/successors.py +2 -5
- angr/engines/vex/__init__.py +5 -5
- angr/engines/vex/claripy/ccall.py +2 -2
- angr/engines/vex/claripy/irop.py +18 -18
- angr/engines/vex/heavy/__init__.py +2 -2
- angr/engines/vex/heavy/actions.py +1 -3
- angr/engines/vex/heavy/heavy.py +4 -6
- angr/engines/vex/lifter.py +2 -4
- angr/engines/vex/light/light.py +0 -2
- angr/engines/vex/light/slicing.py +3 -3
- angr/exploration_techniques/__init__.py +18 -18
- angr/exploration_techniques/threading.py +0 -6
- angr/factory.py +36 -6
- angr/keyed_region.py +4 -4
- angr/knowledge_base.py +1 -1
- angr/knowledge_plugins/__init__.py +11 -11
- angr/knowledge_plugins/cfg/__init__.py +5 -5
- angr/knowledge_plugins/cfg/cfg_manager.py +2 -2
- angr/knowledge_plugins/cfg/cfg_model.py +8 -8
- angr/knowledge_plugins/cfg/cfg_node.py +19 -19
- angr/knowledge_plugins/cfg/indirect_jump.py +6 -6
- angr/knowledge_plugins/cfg/memory_data.py +5 -7
- angr/knowledge_plugins/functions/function.py +48 -52
- angr/knowledge_plugins/functions/function_parser.py +4 -4
- angr/knowledge_plugins/key_definitions/__init__.py +3 -3
- angr/knowledge_plugins/key_definitions/atoms.py +6 -6
- angr/knowledge_plugins/key_definitions/definition.py +1 -1
- angr/knowledge_plugins/key_definitions/live_definitions.py +14 -14
- angr/knowledge_plugins/labels.py +1 -1
- angr/knowledge_plugins/propagations/__init__.py +1 -1
- angr/knowledge_plugins/propagations/prop_value.py +2 -2
- angr/knowledge_plugins/propagations/propagation_model.py +7 -8
- angr/knowledge_plugins/propagations/states.py +31 -31
- angr/knowledge_plugins/variables/variable_access.py +2 -2
- angr/knowledge_plugins/variables/variable_manager.py +1 -1
- angr/knowledge_plugins/xrefs/xref.py +5 -8
- angr/misc/__init__.py +4 -4
- angr/misc/hookset.py +4 -5
- angr/misc/loggers.py +2 -2
- angr/misc/telemetry.py +1 -1
- angr/procedures/__init__.py +1 -1
- angr/procedures/cgc/fdwait.py +2 -2
- angr/procedures/definitions/__init__.py +2 -2
- angr/procedures/definitions/linux_kernel.py +0 -1
- angr/procedures/definitions/parse_syscalls_from_local_system.py +1 -1
- angr/procedures/definitions/parse_win32json.py +0 -1
- angr/procedures/ntdll/exceptions.py +1 -1
- angr/procedures/stubs/format_parser.py +3 -3
- angr/procedures/win32/dynamic_loading.py +1 -1
- angr/protos/__init__.py +3 -3
- angr/sim_manager.py +2 -2
- angr/sim_state.py +1 -1
- angr/sim_state_options.py +3 -3
- angr/sim_type.py +10 -14
- angr/sim_variable.py +13 -17
- angr/simos/__init__.py +4 -4
- angr/simos/cgc.py +1 -1
- angr/simos/simos.py +1 -1
- angr/simos/userland.py +1 -1
- angr/slicer.py +4 -7
- angr/state_plugins/__init__.py +34 -34
- angr/state_plugins/callstack.py +5 -12
- angr/state_plugins/heap/__init__.py +2 -2
- angr/state_plugins/heap/heap_brk.py +2 -4
- angr/state_plugins/heap/heap_ptmalloc.py +1 -1
- angr/state_plugins/jni_references.py +3 -2
- angr/state_plugins/scratch.py +1 -1
- angr/state_plugins/sim_action.py +1 -4
- angr/state_plugins/sim_event.py +1 -1
- angr/state_plugins/solver.py +7 -9
- angr/state_plugins/uc_manager.py +1 -1
- angr/state_plugins/view.py +2 -2
- angr/storage/__init__.py +1 -1
- angr/storage/file.py +10 -10
- angr/storage/memory_mixins/__init__.py +46 -46
- angr/storage/memory_mixins/default_filler_mixin.py +1 -3
- angr/storage/memory_mixins/javavm_memory_mixin.py +2 -2
- angr/storage/memory_mixins/name_resolution_mixin.py +3 -3
- angr/storage/memory_mixins/paged_memory/paged_memory_mixin.py +1 -3
- angr/storage/memory_mixins/paged_memory/pages/__init__.py +6 -6
- angr/storage/memory_mixins/paged_memory/pages/list_page.py +1 -1
- angr/storage/memory_mixins/paged_memory/pages/multi_values.py +1 -1
- angr/storage/memory_mixins/paged_memory/pages/mv_list_page.py +1 -1
- angr/storage/memory_mixins/paged_memory/pages/ultra_page.py +2 -4
- angr/storage/memory_mixins/regioned_memory/__init__.py +3 -3
- angr/storage/memory_mixins/regioned_memory/region_data.py +5 -5
- angr/storage/memory_mixins/regioned_memory/region_meta_mixin.py +7 -9
- angr/storage/memory_mixins/regioned_memory/regioned_memory_mixin.py +4 -4
- angr/storage/memory_object.py +4 -4
- angr/utils/__init__.py +3 -3
- angr/utils/dynamic_dictlist.py +1 -1
- angr/utils/graph.py +1 -1
- angr/utils/segment_list.py +2 -2
- angr/utils/ssa/__init__.py +12 -5
- {angr-9.2.132.dist-info → angr-9.2.134.dist-info}/METADATA +6 -6
- {angr-9.2.132.dist-info → angr-9.2.134.dist-info}/RECORD +202 -202
- {angr-9.2.132.dist-info → angr-9.2.134.dist-info}/LICENSE +0 -0
- {angr-9.2.132.dist-info → angr-9.2.134.dist-info}/WHEEL +0 -0
- {angr-9.2.132.dist-info → angr-9.2.134.dist-info}/entry_points.txt +0 -0
- {angr-9.2.132.dist-info → angr-9.2.134.dist-info}/top_level.txt +0 -0
|
@@ -39,51 +39,51 @@ class Function(Serializable):
|
|
|
39
39
|
"""
|
|
40
40
|
|
|
41
41
|
__slots__ = (
|
|
42
|
-
"
|
|
43
|
-
"
|
|
44
|
-
"
|
|
45
|
-
"
|
|
46
|
-
"
|
|
42
|
+
"_addr_to_block_node",
|
|
43
|
+
"_argument_registers",
|
|
44
|
+
"_argument_stack_variables",
|
|
45
|
+
"_block_cache",
|
|
46
|
+
"_block_sizes",
|
|
47
|
+
"_call_sites",
|
|
47
48
|
"_callout_sites",
|
|
49
|
+
"_cyclomatic_complexity",
|
|
48
50
|
"_endpoints",
|
|
49
|
-
"_call_sites",
|
|
50
|
-
"_retout_sites",
|
|
51
|
-
"addr",
|
|
52
51
|
"_function_manager",
|
|
53
|
-
"
|
|
52
|
+
"_jumpout_sites",
|
|
53
|
+
"_local_block_addrs",
|
|
54
|
+
"_local_blocks",
|
|
55
|
+
"_local_transition_graph",
|
|
56
|
+
"_name",
|
|
54
57
|
"_project",
|
|
55
|
-
"
|
|
58
|
+
"_ret_sites",
|
|
59
|
+
"_retout_sites",
|
|
60
|
+
"_returning",
|
|
61
|
+
"addr",
|
|
56
62
|
"addr",
|
|
57
|
-
"is_simprocedure",
|
|
58
|
-
"_name",
|
|
59
|
-
"previous_names",
|
|
60
|
-
"is_default_name",
|
|
61
|
-
"from_signature",
|
|
62
63
|
"binary_name",
|
|
63
|
-
"_argument_registers",
|
|
64
|
-
"_argument_stack_variables",
|
|
65
64
|
"bp_on_stack",
|
|
66
|
-
"retaddr_on_stack",
|
|
67
|
-
"sp_delta",
|
|
68
65
|
"calling_convention",
|
|
69
|
-
"
|
|
70
|
-
"
|
|
71
|
-
"
|
|
66
|
+
"from_signature",
|
|
67
|
+
"info",
|
|
68
|
+
"is_alignment",
|
|
69
|
+
"is_default_name",
|
|
70
|
+
"is_plt",
|
|
71
|
+
"is_prototype_guessed",
|
|
72
|
+
"is_simprocedure",
|
|
73
|
+
"is_syscall",
|
|
74
|
+
"normalized",
|
|
72
75
|
"prepared_registers",
|
|
73
76
|
"prepared_stack_variables",
|
|
77
|
+
"previous_names",
|
|
78
|
+
"prototype",
|
|
79
|
+
"prototype_libname",
|
|
80
|
+
"ran_cca",
|
|
74
81
|
"registers_read_afterwards",
|
|
82
|
+
"retaddr_on_stack",
|
|
83
|
+
"sp_delta",
|
|
75
84
|
"startpoint",
|
|
76
|
-
"_addr_to_block_node",
|
|
77
|
-
"_block_sizes",
|
|
78
|
-
"_block_cache",
|
|
79
|
-
"_local_blocks",
|
|
80
|
-
"_local_block_addrs",
|
|
81
|
-
"info",
|
|
82
85
|
"tags",
|
|
83
|
-
"
|
|
84
|
-
"is_prototype_guessed",
|
|
85
|
-
"ran_cca",
|
|
86
|
-
"_cyclomatic_complexity",
|
|
86
|
+
"transition_graph",
|
|
87
87
|
)
|
|
88
88
|
|
|
89
89
|
def __init__(
|
|
@@ -586,17 +586,18 @@ class Function(Serializable):
|
|
|
586
586
|
return False
|
|
587
587
|
|
|
588
588
|
def __str__(self):
|
|
589
|
-
|
|
590
|
-
|
|
591
|
-
|
|
592
|
-
|
|
593
|
-
|
|
594
|
-
|
|
595
|
-
|
|
596
|
-
|
|
597
|
-
|
|
598
|
-
|
|
599
|
-
|
|
589
|
+
return (
|
|
590
|
+
f"Function {self.name} [{self.addr:#x}]\n"
|
|
591
|
+
f" Syscall: {self.is_syscall}\n"
|
|
592
|
+
f" SP difference: {self.sp_delta}\n"
|
|
593
|
+
f" Has return: {self.has_return}\n"
|
|
594
|
+
f" Returning: {'Unknown' if self.returning is None else self.returning}\n"
|
|
595
|
+
f" Alignment: {self.alignment}\n"
|
|
596
|
+
f" Arguments: reg: {self._argument_registers}, stack: {self._argument_stack_variables}\n"
|
|
597
|
+
f" Blocks: [{', '.join(f'{i:#x}' for i in self.block_addrs)}]\n"
|
|
598
|
+
f" Cyclomatic Complexity: {self.cyclomatic_complexity}\n"
|
|
599
|
+
f" Calling convention: {self.calling_convention}"
|
|
600
|
+
)
|
|
600
601
|
|
|
601
602
|
def __repr__(self):
|
|
602
603
|
if self.is_syscall:
|
|
@@ -1093,10 +1094,8 @@ class Function(Serializable):
|
|
|
1093
1094
|
g.add_node(block)
|
|
1094
1095
|
for src, dst, data in self.transition_graph.edges(data=True):
|
|
1095
1096
|
if "type" in data and (
|
|
1096
|
-
data["type"] in ("transition", "exception")
|
|
1097
|
-
and ("outside" not in data or data["outside"] is False)
|
|
1098
|
-
or data["type"] == "fake_return"
|
|
1099
|
-
and ("outside" not in data or data["outside"] is False)
|
|
1097
|
+
(data["type"] in ("transition", "exception") and ("outside" not in data or data["outside"] is False))
|
|
1098
|
+
or (data["type"] == "fake_return" and ("outside" not in data or data["outside"] is False))
|
|
1100
1099
|
):
|
|
1101
1100
|
g.add_edge(src, dst, **data)
|
|
1102
1101
|
|
|
@@ -1268,11 +1267,8 @@ class Function(Serializable):
|
|
|
1268
1267
|
if b.addr <= addr < b.addr + b.size:
|
|
1269
1268
|
# found it
|
|
1270
1269
|
for i, instr_addr in enumerate(b.instruction_addrs):
|
|
1271
|
-
if (
|
|
1272
|
-
i
|
|
1273
|
-
and instr_addr <= addr < b.instruction_addrs[i + 1]
|
|
1274
|
-
or i == len(b.instruction_addrs) - 1
|
|
1275
|
-
and instr_addr <= addr
|
|
1270
|
+
if (i < len(b.instruction_addrs) - 1 and instr_addr <= addr < b.instruction_addrs[i + 1]) or (
|
|
1271
|
+
i == len(b.instruction_addrs) - 1 and instr_addr <= addr
|
|
1276
1272
|
):
|
|
1277
1273
|
return instr_addr
|
|
1278
1274
|
# Not covered by any instruction... why?
|
|
@@ -153,10 +153,10 @@ class FunctionParser:
|
|
|
153
153
|
dst = None
|
|
154
154
|
dst_addr = edge_cmsg.dst_ea
|
|
155
155
|
if (
|
|
156
|
-
dst_addr not in blocks
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
):
|
|
156
|
+
dst_addr not in blocks and edge_type == "call"
|
|
157
|
+
) or ( # call has to go to either a HookNode or a function
|
|
158
|
+
all_func_addrs is not None and dst_addr in all_func_addrs
|
|
159
|
+
): # jumps to another function
|
|
160
160
|
if function_manager is not None:
|
|
161
161
|
# get a function
|
|
162
162
|
dst = FunctionParser._get_func(dst_addr, function_manager)
|
|
@@ -7,11 +7,11 @@ from .definition import Definition
|
|
|
7
7
|
from . import atoms
|
|
8
8
|
|
|
9
9
|
__all__ = (
|
|
10
|
-
"
|
|
10
|
+
"Definition",
|
|
11
|
+
"DerefSize",
|
|
11
12
|
"KeyDefinitionManager",
|
|
12
13
|
"LiveDefinitions",
|
|
13
|
-
"
|
|
14
|
+
"ReachingDefinitionsModel",
|
|
14
15
|
"Uses",
|
|
15
16
|
"atoms",
|
|
16
|
-
"Definition",
|
|
17
17
|
)
|
|
@@ -197,7 +197,7 @@ class Tmp(Atom):
|
|
|
197
197
|
self.tmp_idx = tmp_idx
|
|
198
198
|
|
|
199
199
|
def __repr__(self):
|
|
200
|
-
return "<Tmp
|
|
200
|
+
return f"<Tmp {self.tmp_idx}>"
|
|
201
201
|
|
|
202
202
|
def _identity(self):
|
|
203
203
|
return hash(("tmp", self.tmp_idx))
|
|
@@ -216,8 +216,8 @@ class Register(Atom):
|
|
|
216
216
|
"""
|
|
217
217
|
|
|
218
218
|
__slots__ = (
|
|
219
|
-
"reg_offset",
|
|
220
219
|
"arch",
|
|
220
|
+
"reg_offset",
|
|
221
221
|
)
|
|
222
222
|
|
|
223
223
|
def __init__(self, reg_offset: RegisterOffset | int, size: int, arch: Arch | None = None):
|
|
@@ -227,7 +227,7 @@ class Register(Atom):
|
|
|
227
227
|
self.arch = arch
|
|
228
228
|
|
|
229
229
|
def __repr__(self):
|
|
230
|
-
return "<Reg
|
|
230
|
+
return f"<Reg {self.name}<{self.size}>>"
|
|
231
231
|
|
|
232
232
|
def _identity(self):
|
|
233
233
|
return (self.reg_offset, self.size)
|
|
@@ -245,9 +245,9 @@ class VirtualVariable(Atom):
|
|
|
245
245
|
"""
|
|
246
246
|
|
|
247
247
|
__slots__ = (
|
|
248
|
-
"varid",
|
|
249
248
|
"category",
|
|
250
249
|
"oident",
|
|
250
|
+
"varid",
|
|
251
251
|
)
|
|
252
252
|
|
|
253
253
|
def __init__(
|
|
@@ -260,7 +260,7 @@ class VirtualVariable(Atom):
|
|
|
260
260
|
self.oident = oident
|
|
261
261
|
|
|
262
262
|
def __repr__(self):
|
|
263
|
-
return "<VVar
|
|
263
|
+
return f"<VVar {self.varid}<{self.size}>>"
|
|
264
264
|
|
|
265
265
|
def _identity(self):
|
|
266
266
|
return self.varid, self.size
|
|
@@ -323,7 +323,7 @@ class MemoryLocation(Atom):
|
|
|
323
323
|
def __repr__(self):
|
|
324
324
|
address_format = hex(self.addr) if type(self.addr) is int else self.addr
|
|
325
325
|
stack_format = " (stack)" if self.is_on_stack else ""
|
|
326
|
-
size = "
|
|
326
|
+
size = f"{self.size}" if isinstance(self.size, int) else self.size
|
|
327
327
|
|
|
328
328
|
return f"<Mem {address_format}<{size}>{stack_format}>"
|
|
329
329
|
|
|
@@ -151,11 +151,11 @@ class Definition(Generic[A]):
|
|
|
151
151
|
"""
|
|
152
152
|
|
|
153
153
|
__slots__ = (
|
|
154
|
+
"_hash",
|
|
154
155
|
"atom",
|
|
155
156
|
"codeloc",
|
|
156
157
|
"dummy",
|
|
157
158
|
"tags",
|
|
158
|
-
"_hash",
|
|
159
159
|
)
|
|
160
160
|
|
|
161
161
|
def __init__(self, atom: A, codeloc: CodeLocation, dummy: bool = False, tags: set[Tag] | None = None):
|
|
@@ -52,7 +52,7 @@ class DefinitionAnnotation(Annotation):
|
|
|
52
52
|
An annotation that attaches a `Definition` to an AST.
|
|
53
53
|
"""
|
|
54
54
|
|
|
55
|
-
__slots__ = ("
|
|
55
|
+
__slots__ = ("_hash", "definition")
|
|
56
56
|
|
|
57
57
|
def __init__(self, definition):
|
|
58
58
|
super().__init__()
|
|
@@ -91,24 +91,24 @@ class LiveDefinitions:
|
|
|
91
91
|
_tops = {}
|
|
92
92
|
|
|
93
93
|
__slots__ = (
|
|
94
|
-
"
|
|
94
|
+
"__weakref__",
|
|
95
|
+
"_canonical_size",
|
|
95
96
|
"arch",
|
|
96
|
-
"track_tmps",
|
|
97
|
-
"registers",
|
|
98
|
-
"stack",
|
|
99
97
|
"heap",
|
|
98
|
+
"heap_uses",
|
|
100
99
|
"memory",
|
|
101
|
-
"
|
|
102
|
-
"others",
|
|
100
|
+
"memory_uses",
|
|
103
101
|
"other_uses",
|
|
102
|
+
"others",
|
|
103
|
+
"project",
|
|
104
104
|
"register_uses",
|
|
105
|
+
"registers",
|
|
106
|
+
"stack",
|
|
105
107
|
"stack_uses",
|
|
106
|
-
"heap_uses",
|
|
107
|
-
"memory_uses",
|
|
108
|
-
"uses_by_codeloc",
|
|
109
108
|
"tmp_uses",
|
|
110
|
-
"
|
|
111
|
-
"
|
|
109
|
+
"tmps",
|
|
110
|
+
"track_tmps",
|
|
111
|
+
"uses_by_codeloc",
|
|
112
112
|
)
|
|
113
113
|
|
|
114
114
|
def __init__(
|
|
@@ -230,7 +230,7 @@ class LiveDefinitions:
|
|
|
230
230
|
def __repr__(self):
|
|
231
231
|
ctnt = "LiveDefs"
|
|
232
232
|
if self.tmps:
|
|
233
|
-
ctnt += ",
|
|
233
|
+
ctnt += f", {len(self.tmps)} tmpdefs"
|
|
234
234
|
return f"<{ctnt}>"
|
|
235
235
|
|
|
236
236
|
def copy(self, discard_tmpdefs=False) -> LiveDefinitions:
|
|
@@ -445,7 +445,7 @@ class LiveDefinitions:
|
|
|
445
445
|
base_v = self.INITIAL_SP_64BIT
|
|
446
446
|
mask = 0xFFFF_FFFF_FFFF_FFFF
|
|
447
447
|
else:
|
|
448
|
-
raise ValueError("Unsupported architecture word size
|
|
448
|
+
raise ValueError(f"Unsupported architecture word size {self.arch.bits}")
|
|
449
449
|
return (base_v + offset) & mask
|
|
450
450
|
|
|
451
451
|
def merge(self, *others: LiveDefinitions) -> tuple[LiveDefinitions, bool]:
|
angr/knowledge_plugins/labels.py
CHANGED
|
@@ -17,7 +17,7 @@ class Detail:
|
|
|
17
17
|
or the current function.
|
|
18
18
|
"""
|
|
19
19
|
|
|
20
|
-
__slots__ = ("
|
|
20
|
+
__slots__ = ("def_at", "expr", "size")
|
|
21
21
|
|
|
22
22
|
def __init__(self, size: int, expr: ailment.Expression | None, def_at: CodeLocation | None):
|
|
23
23
|
self.size = size
|
|
@@ -37,8 +37,8 @@ class PropValue:
|
|
|
37
37
|
"""
|
|
38
38
|
|
|
39
39
|
__slots__ = (
|
|
40
|
-
"value",
|
|
41
40
|
"offset_and_details",
|
|
41
|
+
"value",
|
|
42
42
|
)
|
|
43
43
|
|
|
44
44
|
def __init__(self, value: claripy.ast.Bits, offset_and_details: dict[int, Detail] | None = None):
|
|
@@ -15,17 +15,16 @@ class PropagationModel(Serializable):
|
|
|
15
15
|
"""
|
|
16
16
|
|
|
17
17
|
__slots__ = (
|
|
18
|
-
"
|
|
19
|
-
"
|
|
20
|
-
"states",
|
|
21
|
-
"input_states",
|
|
18
|
+
"_function",
|
|
19
|
+
"_initial_state",
|
|
22
20
|
"block_initial_reg_values",
|
|
23
|
-
"replacements",
|
|
24
21
|
"equivalence",
|
|
25
|
-
# internals of the function graph visitor
|
|
26
22
|
"graph_visitor",
|
|
27
|
-
"
|
|
28
|
-
"
|
|
23
|
+
"input_states",
|
|
24
|
+
"key",
|
|
25
|
+
"node_iterations",
|
|
26
|
+
"replacements",
|
|
27
|
+
"states",
|
|
29
28
|
)
|
|
30
29
|
|
|
31
30
|
def __init__(
|
|
@@ -65,20 +65,20 @@ class PropagatorState:
|
|
|
65
65
|
"""
|
|
66
66
|
|
|
67
67
|
__slots__ = (
|
|
68
|
-
"
|
|
69
|
-
"
|
|
68
|
+
"__weakref__",
|
|
69
|
+
"_artificial_reg_offsets",
|
|
70
|
+
"_equivalence",
|
|
70
71
|
"_expr_used_locs",
|
|
72
|
+
"_gp",
|
|
73
|
+
"_max_prop_expr_occurrence",
|
|
71
74
|
"_only_consts",
|
|
72
75
|
"_replacements",
|
|
73
|
-
"_equivalence",
|
|
74
|
-
"project",
|
|
75
|
-
"rda",
|
|
76
76
|
"_store_tops",
|
|
77
|
-
"
|
|
78
|
-
"
|
|
77
|
+
"arch",
|
|
78
|
+
"gpr_size",
|
|
79
79
|
"model",
|
|
80
|
-
"
|
|
81
|
-
"
|
|
80
|
+
"project",
|
|
81
|
+
"rda",
|
|
82
82
|
)
|
|
83
83
|
|
|
84
84
|
_tops = {}
|
|
@@ -237,11 +237,10 @@ class PropagatorState:
|
|
|
237
237
|
or isinstance(repl, claripy.ast.Base)
|
|
238
238
|
)
|
|
239
239
|
and replacements_0[loc][var] is not repl
|
|
240
|
-
|
|
241
|
-
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
)
|
|
240
|
+
) or (
|
|
241
|
+
not isinstance(replacements_0[loc][var], claripy.ast.Base)
|
|
242
|
+
and not isinstance(repl, claripy.ast.Base)
|
|
243
|
+
and replacements_0[loc][var] != repl
|
|
245
244
|
):
|
|
246
245
|
replacements_0[loc][var] = repl
|
|
247
246
|
merge_occurred = True
|
|
@@ -371,8 +370,8 @@ class PropagatorVEXState(PropagatorState):
|
|
|
371
370
|
__slots__ = (
|
|
372
371
|
"_registers",
|
|
373
372
|
"_stack_variables",
|
|
374
|
-
"do_binops",
|
|
375
373
|
"block_initial_reg_values",
|
|
374
|
+
"do_binops",
|
|
376
375
|
)
|
|
377
376
|
|
|
378
377
|
def __init__(
|
|
@@ -551,9 +550,9 @@ class Equivalence:
|
|
|
551
550
|
"""
|
|
552
551
|
|
|
553
552
|
__slots__ = (
|
|
554
|
-
"codeloc",
|
|
555
553
|
"atom0",
|
|
556
554
|
"atom1",
|
|
555
|
+
"codeloc",
|
|
557
556
|
)
|
|
558
557
|
|
|
559
558
|
def __init__(self, codeloc, atom0, atom1):
|
|
@@ -583,14 +582,14 @@ class PropagatorAILState(PropagatorState):
|
|
|
583
582
|
|
|
584
583
|
__slots__ = (
|
|
585
584
|
"_registers",
|
|
585
|
+
"_sp_adjusted",
|
|
586
586
|
"_stack_variables",
|
|
587
587
|
"_tmps",
|
|
588
|
-
"temp_expressions",
|
|
589
|
-
"register_expressions",
|
|
590
|
-
"last_stack_store",
|
|
591
|
-
"global_stores",
|
|
592
588
|
"block_initial_reg_values",
|
|
593
|
-
"
|
|
589
|
+
"global_stores",
|
|
590
|
+
"last_stack_store",
|
|
591
|
+
"register_expressions",
|
|
592
|
+
"temp_expressions",
|
|
594
593
|
)
|
|
595
594
|
|
|
596
595
|
def __init__(
|
|
@@ -917,10 +916,8 @@ class PropagatorAILState(PropagatorState):
|
|
|
917
916
|
replaced = False
|
|
918
917
|
# count-based propagation rule only matters when we are performing a full-function copy propagation
|
|
919
918
|
if self._max_prop_expr_occurrence == 0:
|
|
920
|
-
if (
|
|
921
|
-
isinstance(old, ailment.Expr.
|
|
922
|
-
or isinstance(old, ailment.Expr.Register)
|
|
923
|
-
and self.should_replace_reg(old.reg_offset, bp_as_gpr, new)
|
|
919
|
+
if isinstance(old, ailment.Expr.Tmp) or (
|
|
920
|
+
isinstance(old, ailment.Expr.Register) and self.should_replace_reg(old.reg_offset, bp_as_gpr, new)
|
|
924
921
|
):
|
|
925
922
|
self._replacements[codeloc][old] = (
|
|
926
923
|
new if stmt_to_remove is None else {"expr": new, "stmt_to_remove": stmt_to_remove}
|
|
@@ -963,8 +960,7 @@ class PropagatorAILState(PropagatorState):
|
|
|
963
960
|
force_replace
|
|
964
961
|
or prop_count <= self._max_prop_expr_occurrence
|
|
965
962
|
or isinstance(new, ailment.Expr.StackBaseOffset)
|
|
966
|
-
or isinstance(new, ailment.Expr.Convert)
|
|
967
|
-
and isinstance(new.operand, ailment.Expr.StackBaseOffset)
|
|
963
|
+
or (isinstance(new, ailment.Expr.Convert) and isinstance(new.operand, ailment.Expr.StackBaseOffset))
|
|
968
964
|
or (
|
|
969
965
|
isinstance(old, ailment.Expr.Register)
|
|
970
966
|
and self.arch.is_artificial_register(old.reg_offset, old.size)
|
|
@@ -1020,10 +1016,14 @@ class PropagatorAILState(PropagatorState):
|
|
|
1020
1016
|
isinstance(expr, ailment.Expr.BinaryOp)
|
|
1021
1017
|
and expr.op in {"Add", "Sub"}
|
|
1022
1018
|
and (
|
|
1023
|
-
|
|
1024
|
-
|
|
1025
|
-
|
|
1026
|
-
|
|
1019
|
+
(
|
|
1020
|
+
isinstance(expr.operands[0], ailment.Expr.Register)
|
|
1021
|
+
and PropagatorAILState.is_global_variable_load(expr.operands[1])
|
|
1022
|
+
)
|
|
1023
|
+
or (
|
|
1024
|
+
isinstance(expr.operands[1], ailment.Expr.Register)
|
|
1025
|
+
and PropagatorAILState.is_global_variable_load(expr.operands[0])
|
|
1026
|
+
)
|
|
1027
1027
|
)
|
|
1028
1028
|
)
|
|
1029
1029
|
|
|
@@ -26,11 +26,11 @@ class VariableAccess(Serializable):
|
|
|
26
26
|
"""
|
|
27
27
|
|
|
28
28
|
__slots__ = (
|
|
29
|
-
"variable",
|
|
30
29
|
"access_type",
|
|
30
|
+
"atom_hash",
|
|
31
31
|
"location",
|
|
32
32
|
"offset",
|
|
33
|
-
"
|
|
33
|
+
"variable",
|
|
34
34
|
)
|
|
35
35
|
|
|
36
36
|
def __init__(self, variable, access_type, location, offset, atom_hash=None):
|
|
@@ -390,7 +390,7 @@ class VariableManagerInternal(Serializable):
|
|
|
390
390
|
else:
|
|
391
391
|
prefix = "m"
|
|
392
392
|
|
|
393
|
-
return "i
|
|
393
|
+
return f"i{prefix}_{next(self._variable_counters[sort])}"
|
|
394
394
|
|
|
395
395
|
def add_variable(self, sort, start, variable: SimVariable):
|
|
396
396
|
if sort == "stack":
|
|
@@ -10,13 +10,13 @@ class XRef(Serializable):
|
|
|
10
10
|
"""
|
|
11
11
|
|
|
12
12
|
__slots__ = (
|
|
13
|
-
"ins_addr",
|
|
14
13
|
"block_addr",
|
|
15
|
-
"
|
|
14
|
+
"dst",
|
|
15
|
+
"ins_addr",
|
|
16
16
|
"insn_op_idx",
|
|
17
17
|
"insn_op_type",
|
|
18
18
|
"memory_data",
|
|
19
|
-
"
|
|
19
|
+
"stmt_idx",
|
|
20
20
|
"type",
|
|
21
21
|
)
|
|
22
22
|
|
|
@@ -58,11 +58,8 @@ class XRef(Serializable):
|
|
|
58
58
|
dst_str = hex(self.memory_data.addr)
|
|
59
59
|
else:
|
|
60
60
|
dst_str = "unknown"
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
f"{self.ins_addr:#x}" if self.ins_addr is not None else "%#x[%d]" % (self.block_addr, self.stmt_idx),
|
|
64
|
-
dst_str,
|
|
65
|
-
)
|
|
61
|
+
ins_addr_str = f"{self.ins_addr:#x}" if self.ins_addr is not None else f"{self.block_addr:#x}[{self.stmt_idx}]"
|
|
62
|
+
return f"<XRef {self.type_string}: {ins_addr_str}->{dst_str}>"
|
|
66
63
|
|
|
67
64
|
def __eq__(self, other):
|
|
68
65
|
return (
|
angr/misc/__init__.py
CHANGED
angr/misc/hookset.py
CHANGED
|
@@ -85,11 +85,10 @@ class HookedMethod:
|
|
|
85
85
|
self.pending = []
|
|
86
86
|
|
|
87
87
|
def __repr__(self):
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
)
|
|
88
|
+
class_name = self.func.__self__.__class__.__name__
|
|
89
|
+
func_name = self.func.__name__
|
|
90
|
+
pending_count = len(self.pending)
|
|
91
|
+
return f"<HookedMethod({class_name}.{func_name}, {pending_count} pending)>"
|
|
93
92
|
|
|
94
93
|
def __call__(self, *args, **kwargs):
|
|
95
94
|
if self.pending:
|
angr/misc/loggers.py
CHANGED
angr/misc/telemetry.py
CHANGED
angr/procedures/__init__.py
CHANGED
angr/procedures/cgc/fdwait.py
CHANGED
|
@@ -23,7 +23,7 @@ class fdwait(angr.SimProcedure):
|
|
|
23
23
|
sym_bit = claripy.BVV(1, 1)
|
|
24
24
|
else:
|
|
25
25
|
sym_bit = self.state.solver.Unconstrained(
|
|
26
|
-
"fdwait_read_
|
|
26
|
+
f"fdwait_read_{run_count}_{fd}", 1, key=("syscall", "fdwait", fd, "read_ready")
|
|
27
27
|
)
|
|
28
28
|
fd = claripy.BVV(fd, self.state.arch.bits)
|
|
29
29
|
sym_newbit = claripy.If(claripy.ULT(fd, nfds), sym_bit, 0)
|
|
@@ -40,7 +40,7 @@ class fdwait(angr.SimProcedure):
|
|
|
40
40
|
sym_bit = claripy.BVV(1, 1)
|
|
41
41
|
else:
|
|
42
42
|
sym_bit = self.state.solver.Unconstrained(
|
|
43
|
-
"fdwait_write_
|
|
43
|
+
f"fdwait_write_{run_count}_{fd}", 1, key=("syscall", "fdwait", fd, "write_ready")
|
|
44
44
|
)
|
|
45
45
|
|
|
46
46
|
fd = claripy.BVV(fd, self.state.arch.bits)
|
|
@@ -5,7 +5,7 @@ import os
|
|
|
5
5
|
import logging
|
|
6
6
|
import inspect
|
|
7
7
|
from collections import defaultdict
|
|
8
|
-
from typing import
|
|
8
|
+
from typing import TYPE_CHECKING
|
|
9
9
|
|
|
10
10
|
import itanium_demangler
|
|
11
11
|
|
|
@@ -569,7 +569,7 @@ class SimSyscallLibrary(SimLibrary):
|
|
|
569
569
|
mapping = self.syscall_number_mapping[abi]
|
|
570
570
|
if number in mapping:
|
|
571
571
|
return mapping[number], arch, abi
|
|
572
|
-
return "sys_
|
|
572
|
+
return f"sys_{number}", arch, None
|
|
573
573
|
|
|
574
574
|
def _apply_numerical_metadata(self, proc, number, arch, abi):
|
|
575
575
|
proc.syscall_number = number
|