angr 9.2.132__py3-none-manylinux2014_x86_64.whl → 9.2.133__py3-none-manylinux2014_x86_64.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of angr might be problematic. Click here for more details.
- angr/__init__.py +128 -128
- angr/analyses/__init__.py +38 -38
- angr/analyses/backward_slice.py +3 -4
- angr/analyses/binary_optimizer.py +5 -12
- angr/analyses/bindiff.py +3 -6
- angr/analyses/calling_convention.py +3 -4
- angr/analyses/cfg/__init__.py +3 -3
- angr/analyses/cfg/cfg_base.py +1 -1
- angr/analyses/cfg/cfg_fast.py +17 -15
- angr/analyses/cfg/indirect_jump_resolvers/__init__.py +5 -5
- angr/analyses/cfg/indirect_jump_resolvers/amd64_elf_got.py +1 -1
- angr/analyses/cfg/indirect_jump_resolvers/jumptable.py +9 -7
- angr/analyses/data_dep/__init__.py +4 -4
- angr/analyses/datagraph_meta.py +1 -1
- angr/analyses/ddg.py +2 -6
- angr/analyses/decompiler/__init__.py +12 -12
- angr/analyses/decompiler/ail_simplifier.py +21 -10
- angr/analyses/decompiler/block_similarity.py +2 -4
- angr/analyses/decompiler/callsite_maker.py +1 -1
- angr/analyses/decompiler/ccall_rewriters/rewriter_base.py +1 -1
- angr/analyses/decompiler/clinic.py +14 -7
- angr/analyses/decompiler/condition_processor.py +45 -29
- angr/analyses/decompiler/counters/__init__.py +3 -3
- angr/analyses/decompiler/decompilation_cache.py +7 -7
- angr/analyses/decompiler/dephication/__init__.py +1 -1
- angr/analyses/decompiler/dephication/graph_vvar_mapping.py +11 -3
- angr/analyses/decompiler/expression_narrower.py +1 -1
- angr/analyses/decompiler/graph_region.py +8 -8
- angr/analyses/decompiler/optimization_passes/__init__.py +20 -20
- angr/analyses/decompiler/optimization_passes/deadblock_remover.py +1 -2
- angr/analyses/decompiler/optimization_passes/duplication_reverter/duplication_reverter.py +8 -7
- angr/analyses/decompiler/optimization_passes/duplication_reverter/utils.py +1 -3
- angr/analyses/decompiler/optimization_passes/engine_base.py +1 -1
- angr/analyses/decompiler/optimization_passes/inlined_string_transformation_simplifier.py +2 -4
- angr/analyses/decompiler/optimization_passes/ite_region_converter.py +2 -5
- angr/analyses/decompiler/optimization_passes/lowered_switch_simplifier.py +5 -5
- angr/analyses/decompiler/optimization_passes/mod_simplifier.py +9 -3
- angr/analyses/decompiler/optimization_passes/optimization_pass.py +3 -0
- angr/analyses/decompiler/optimization_passes/stack_canary_simplifier.py +9 -5
- angr/analyses/decompiler/peephole_optimizations/__init__.py +1 -1
- angr/analyses/decompiler/peephole_optimizations/base.py +6 -6
- angr/analyses/decompiler/peephole_optimizations/rewrite_bit_extractions.py +1 -1
- angr/analyses/decompiler/presets/__init__.py +1 -1
- angr/analyses/decompiler/region_simplifiers/expr_folding.py +3 -3
- angr/analyses/decompiler/region_simplifiers/switch_cluster_simplifier.py +8 -12
- angr/analyses/decompiler/ssailification/rewriting_engine.py +1 -1
- angr/analyses/decompiler/structured_codegen/__init__.py +5 -5
- angr/analyses/decompiler/structured_codegen/base.py +3 -3
- angr/analyses/decompiler/structured_codegen/c.py +34 -37
- angr/analyses/decompiler/structuring/__init__.py +3 -3
- angr/analyses/decompiler/structuring/phoenix.py +19 -20
- angr/analyses/decompiler/structuring/structurer_base.py +2 -2
- angr/analyses/decompiler/structuring/structurer_nodes.py +14 -14
- angr/analyses/deobfuscator/__init__.py +3 -3
- angr/analyses/deobfuscator/string_obf_opt_passes.py +1 -1
- angr/analyses/disassembly.py +4 -4
- angr/analyses/forward_analysis/__init__.py +1 -1
- angr/analyses/forward_analysis/visitors/graph.py +6 -6
- angr/analyses/loop_analysis.py +1 -1
- angr/analyses/loopfinder.py +1 -1
- angr/analyses/propagator/outdated_definition_walker.py +12 -6
- angr/analyses/propagator/vex_vars.py +3 -3
- angr/analyses/reaching_definitions/__init__.py +9 -9
- angr/analyses/reaching_definitions/call_trace.py +2 -2
- angr/analyses/reaching_definitions/function_handler_library/__init__.py +1 -1
- angr/analyses/reaching_definitions/rd_state.py +10 -10
- angr/analyses/reassembler.py +26 -31
- angr/analyses/s_liveness.py +8 -0
- angr/analyses/s_reaching_definitions/s_rda_view.py +2 -5
- angr/analyses/stack_pointer_tracker.py +4 -4
- angr/analyses/typehoon/simple_solver.py +7 -9
- angr/analyses/typehoon/translator.py +2 -2
- angr/analyses/typehoon/typeconsts.py +1 -1
- angr/analyses/typehoon/typevars.py +17 -19
- angr/analyses/unpacker/__init__.py +1 -1
- angr/analyses/variable_recovery/engine_base.py +3 -4
- angr/analyses/variable_recovery/variable_recovery_base.py +1 -1
- angr/analyses/variable_recovery/variable_recovery_fast.py +2 -6
- angr/analyses/veritesting.py +2 -2
- angr/analyses/vfg.py +5 -5
- angr/angrdb/serializers/__init__.py +1 -1
- angr/annocfg.py +1 -1
- angr/blade.py +2 -2
- angr/block.py +16 -16
- angr/calling_conventions.py +11 -13
- angr/code_location.py +6 -10
- angr/codenode.py +3 -3
- angr/engines/__init__.py +12 -14
- angr/engines/engine.py +1 -54
- angr/engines/light/__init__.py +4 -4
- angr/engines/light/data.py +1 -1
- angr/engines/pcode/__init__.py +1 -1
- angr/engines/pcode/behavior.py +1 -1
- angr/engines/pcode/lifter.py +13 -15
- angr/engines/soot/expressions/__init__.py +12 -12
- angr/engines/soot/statements/__init__.py +6 -6
- angr/engines/soot/values/__init__.py +6 -6
- angr/engines/soot/values/arrayref.py +2 -2
- angr/engines/soot/values/constants.py +1 -1
- angr/engines/soot/values/instancefieldref.py +1 -1
- angr/engines/soot/values/paramref.py +1 -1
- angr/engines/soot/values/staticfieldref.py +1 -1
- angr/engines/successors.py +2 -5
- angr/engines/vex/__init__.py +5 -5
- angr/engines/vex/claripy/ccall.py +2 -2
- angr/engines/vex/claripy/irop.py +18 -18
- angr/engines/vex/heavy/__init__.py +2 -2
- angr/engines/vex/heavy/actions.py +1 -3
- angr/engines/vex/heavy/heavy.py +4 -6
- angr/engines/vex/lifter.py +2 -4
- angr/engines/vex/light/light.py +0 -2
- angr/engines/vex/light/slicing.py +3 -3
- angr/exploration_techniques/__init__.py +18 -18
- angr/exploration_techniques/threading.py +0 -6
- angr/factory.py +36 -6
- angr/keyed_region.py +4 -4
- angr/knowledge_base.py +1 -1
- angr/knowledge_plugins/__init__.py +11 -11
- angr/knowledge_plugins/cfg/__init__.py +5 -5
- angr/knowledge_plugins/cfg/cfg_manager.py +2 -2
- angr/knowledge_plugins/cfg/cfg_model.py +8 -8
- angr/knowledge_plugins/cfg/cfg_node.py +19 -19
- angr/knowledge_plugins/cfg/indirect_jump.py +6 -6
- angr/knowledge_plugins/cfg/memory_data.py +5 -7
- angr/knowledge_plugins/functions/function.py +48 -52
- angr/knowledge_plugins/functions/function_parser.py +4 -4
- angr/knowledge_plugins/key_definitions/__init__.py +3 -3
- angr/knowledge_plugins/key_definitions/atoms.py +6 -6
- angr/knowledge_plugins/key_definitions/definition.py +1 -1
- angr/knowledge_plugins/key_definitions/live_definitions.py +14 -14
- angr/knowledge_plugins/labels.py +1 -1
- angr/knowledge_plugins/propagations/__init__.py +1 -1
- angr/knowledge_plugins/propagations/prop_value.py +2 -2
- angr/knowledge_plugins/propagations/propagation_model.py +7 -8
- angr/knowledge_plugins/propagations/states.py +31 -31
- angr/knowledge_plugins/variables/variable_access.py +2 -2
- angr/knowledge_plugins/variables/variable_manager.py +1 -1
- angr/knowledge_plugins/xrefs/xref.py +5 -8
- angr/misc/__init__.py +4 -4
- angr/misc/hookset.py +4 -5
- angr/misc/loggers.py +2 -2
- angr/misc/telemetry.py +1 -1
- angr/procedures/__init__.py +1 -1
- angr/procedures/cgc/fdwait.py +2 -2
- angr/procedures/definitions/__init__.py +2 -2
- angr/procedures/definitions/linux_kernel.py +0 -1
- angr/procedures/definitions/parse_syscalls_from_local_system.py +1 -1
- angr/procedures/definitions/parse_win32json.py +0 -1
- angr/procedures/ntdll/exceptions.py +1 -1
- angr/procedures/stubs/format_parser.py +3 -3
- angr/procedures/win32/dynamic_loading.py +1 -1
- angr/protos/__init__.py +3 -3
- angr/sim_manager.py +2 -2
- angr/sim_state.py +1 -1
- angr/sim_state_options.py +3 -3
- angr/sim_type.py +10 -14
- angr/sim_variable.py +13 -17
- angr/simos/__init__.py +4 -4
- angr/simos/cgc.py +1 -1
- angr/simos/simos.py +1 -1
- angr/simos/userland.py +1 -1
- angr/slicer.py +4 -7
- angr/state_plugins/__init__.py +34 -34
- angr/state_plugins/callstack.py +5 -12
- angr/state_plugins/heap/__init__.py +2 -2
- angr/state_plugins/heap/heap_brk.py +2 -4
- angr/state_plugins/heap/heap_ptmalloc.py +1 -1
- angr/state_plugins/jni_references.py +3 -2
- angr/state_plugins/scratch.py +1 -1
- angr/state_plugins/sim_action.py +1 -4
- angr/state_plugins/sim_event.py +1 -1
- angr/state_plugins/solver.py +7 -9
- angr/state_plugins/uc_manager.py +1 -1
- angr/state_plugins/view.py +2 -2
- angr/storage/__init__.py +1 -1
- angr/storage/file.py +10 -10
- angr/storage/memory_mixins/__init__.py +46 -46
- angr/storage/memory_mixins/default_filler_mixin.py +1 -3
- angr/storage/memory_mixins/javavm_memory_mixin.py +2 -2
- angr/storage/memory_mixins/name_resolution_mixin.py +2 -2
- angr/storage/memory_mixins/paged_memory/paged_memory_mixin.py +1 -3
- angr/storage/memory_mixins/paged_memory/pages/__init__.py +6 -6
- angr/storage/memory_mixins/paged_memory/pages/list_page.py +1 -1
- angr/storage/memory_mixins/paged_memory/pages/multi_values.py +1 -1
- angr/storage/memory_mixins/paged_memory/pages/mv_list_page.py +1 -1
- angr/storage/memory_mixins/paged_memory/pages/ultra_page.py +2 -4
- angr/storage/memory_mixins/regioned_memory/__init__.py +3 -3
- angr/storage/memory_mixins/regioned_memory/region_data.py +5 -5
- angr/storage/memory_mixins/regioned_memory/region_meta_mixin.py +7 -9
- angr/storage/memory_mixins/regioned_memory/regioned_memory_mixin.py +4 -4
- angr/storage/memory_object.py +4 -4
- angr/utils/__init__.py +3 -3
- angr/utils/dynamic_dictlist.py +1 -1
- angr/utils/graph.py +1 -1
- angr/utils/segment_list.py +2 -2
- angr/utils/ssa/__init__.py +12 -5
- {angr-9.2.132.dist-info → angr-9.2.133.dist-info}/METADATA +6 -6
- {angr-9.2.132.dist-info → angr-9.2.133.dist-info}/RECORD +202 -202
- {angr-9.2.132.dist-info → angr-9.2.133.dist-info}/LICENSE +0 -0
- {angr-9.2.132.dist-info → angr-9.2.133.dist-info}/WHEEL +0 -0
- {angr-9.2.132.dist-info → angr-9.2.133.dist-info}/entry_points.txt +0 -0
- {angr-9.2.132.dist-info → angr-9.2.133.dist-info}/top_level.txt +0 -0
angr/__init__.py
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
# pylint: disable=wrong-import-position
|
|
3
3
|
from __future__ import annotations
|
|
4
4
|
|
|
5
|
-
__version__ = "9.2.
|
|
5
|
+
__version__ = "9.2.133"
|
|
6
6
|
|
|
7
7
|
if bytes is str:
|
|
8
8
|
raise Exception(
|
|
@@ -202,162 +202,162 @@ loggers.load_all_loggers()
|
|
|
202
202
|
load_external_definitions()
|
|
203
203
|
|
|
204
204
|
__all__ = (
|
|
205
|
-
"
|
|
206
|
-
"SIM_PROCEDURES",
|
|
207
|
-
"SIM_LIBRARIES",
|
|
208
|
-
"SIM_TYPE_COLLECTIONS",
|
|
209
|
-
"sim_options",
|
|
210
|
-
"options",
|
|
211
|
-
"BP_BEFORE",
|
|
205
|
+
"BP",
|
|
212
206
|
"BP_AFTER",
|
|
207
|
+
"BP_BEFORE",
|
|
213
208
|
"BP_BOTH",
|
|
214
209
|
"BP_IPDB",
|
|
215
210
|
"BP_IPYTHON",
|
|
216
|
-
"
|
|
217
|
-
"
|
|
218
|
-
"
|
|
219
|
-
"
|
|
220
|
-
"
|
|
221
|
-
"
|
|
222
|
-
"AngrValueError",
|
|
223
|
-
"AngrLifterError",
|
|
224
|
-
"AngrExitError",
|
|
225
|
-
"AngrPathError",
|
|
226
|
-
"AngrVaultError",
|
|
227
|
-
"PathUnreachableError",
|
|
228
|
-
"SimulationManagerError",
|
|
229
|
-
"AngrInvalidArgumentError",
|
|
230
|
-
"AngrSurveyorError",
|
|
211
|
+
"DEFAULT_CC",
|
|
212
|
+
"SIM_LIBRARIES",
|
|
213
|
+
"SIM_PROCEDURES",
|
|
214
|
+
"SIM_TYPE_COLLECTIONS",
|
|
215
|
+
"SYSCALL_CC",
|
|
216
|
+
"Analysis",
|
|
231
217
|
"AngrAnalysisError",
|
|
232
|
-
"AngrBladeError",
|
|
233
|
-
"AngrBladeSimProcError",
|
|
234
218
|
"AngrAnnotatedCFGError",
|
|
219
|
+
"AngrAssemblyError",
|
|
235
220
|
"AngrBackwardSlicingError",
|
|
221
|
+
"AngrBladeError",
|
|
222
|
+
"AngrBladeSimProcError",
|
|
223
|
+
"AngrCFGError",
|
|
236
224
|
"AngrCallableError",
|
|
237
225
|
"AngrCallableMultistateError",
|
|
238
|
-
"
|
|
239
|
-
"
|
|
240
|
-
"
|
|
241
|
-
"
|
|
242
|
-
"
|
|
243
|
-
"AngrIncongruencyError",
|
|
244
|
-
"AngrForwardAnalysisError",
|
|
245
|
-
"AngrSkipJobNotice",
|
|
226
|
+
"AngrCorruptDBError",
|
|
227
|
+
"AngrDBError",
|
|
228
|
+
"AngrDDGError",
|
|
229
|
+
"AngrDataGraphError",
|
|
230
|
+
"AngrDecompilationError",
|
|
246
231
|
"AngrDelayJobNotice",
|
|
232
|
+
"AngrDirectorError",
|
|
233
|
+
"AngrError",
|
|
234
|
+
"AngrExitError",
|
|
235
|
+
"AngrExplorationTechniqueError",
|
|
236
|
+
"AngrExplorerError",
|
|
237
|
+
"AngrForwardAnalysisError",
|
|
238
|
+
"AngrIncompatibleDBError",
|
|
239
|
+
"AngrIncongruencyError",
|
|
240
|
+
"AngrInvalidArgumentError",
|
|
247
241
|
"AngrJobMergingFailureNotice",
|
|
248
242
|
"AngrJobWideningFailureNotice",
|
|
249
|
-
"
|
|
250
|
-
"AngrVFGError",
|
|
251
|
-
"AngrVFGRestartAnalysisNotice",
|
|
252
|
-
"AngrDataGraphError",
|
|
253
|
-
"AngrDDGError",
|
|
243
|
+
"AngrLifterError",
|
|
254
244
|
"AngrLoopAnalysisError",
|
|
255
|
-
"
|
|
256
|
-
"
|
|
257
|
-
"
|
|
245
|
+
"AngrMissingTypeError",
|
|
246
|
+
"AngrNoPluginError",
|
|
247
|
+
"AngrPathError",
|
|
248
|
+
"AngrRuntimeError",
|
|
249
|
+
"AngrSimOSError",
|
|
250
|
+
"AngrSkipJobNotice",
|
|
251
|
+
"AngrSurveyorError",
|
|
252
|
+
"AngrSyscallError",
|
|
258
253
|
"AngrTracerError",
|
|
259
|
-
"
|
|
260
|
-
"
|
|
261
|
-
"
|
|
262
|
-
"
|
|
263
|
-
"
|
|
264
|
-
"
|
|
265
|
-
"
|
|
266
|
-
"
|
|
267
|
-
"
|
|
254
|
+
"AngrTypeError",
|
|
255
|
+
"AngrUnsupportedSyscallError",
|
|
256
|
+
"AngrVFGError",
|
|
257
|
+
"AngrVFGRestartAnalysisNotice",
|
|
258
|
+
"AngrValueError",
|
|
259
|
+
"AngrVaultError",
|
|
260
|
+
"Blade",
|
|
261
|
+
"Block",
|
|
262
|
+
"ExplorationTechnique",
|
|
263
|
+
"KnowledgeBase",
|
|
264
|
+
"PTChunk",
|
|
265
|
+
"PathUnreachableError",
|
|
266
|
+
"PointerWrapper",
|
|
267
|
+
"Project",
|
|
268
|
+
"Server",
|
|
268
269
|
"SimAbstractMemoryError",
|
|
269
|
-
"
|
|
270
|
-
"
|
|
271
|
-
"
|
|
272
|
-
"
|
|
270
|
+
"SimActionError",
|
|
271
|
+
"SimCC",
|
|
272
|
+
"SimCCError",
|
|
273
|
+
"SimCCallError",
|
|
274
|
+
"SimConcreteBreakpointError",
|
|
275
|
+
"SimConcreteMemoryError",
|
|
276
|
+
"SimConcreteRegisterError",
|
|
277
|
+
"SimEmptyCallStackError",
|
|
278
|
+
"SimEngineError",
|
|
279
|
+
"SimError",
|
|
273
280
|
"SimEventError",
|
|
274
|
-
"
|
|
275
|
-
"
|
|
276
|
-
"
|
|
281
|
+
"SimException",
|
|
282
|
+
"SimExpressionError",
|
|
283
|
+
"SimFastMemoryError",
|
|
284
|
+
"SimFastPathError",
|
|
285
|
+
"SimFile",
|
|
286
|
+
"SimFileBase",
|
|
287
|
+
"SimFileDescriptor",
|
|
288
|
+
"SimFileDescriptorDuplex",
|
|
277
289
|
"SimFileError",
|
|
290
|
+
"SimFileStream",
|
|
291
|
+
"SimFilesystemError",
|
|
292
|
+
"SimHeapBrk",
|
|
278
293
|
"SimHeapError",
|
|
279
|
-
"
|
|
294
|
+
"SimHeapPTMalloc",
|
|
295
|
+
"SimHostFilesystem",
|
|
296
|
+
"SimIRSBError",
|
|
297
|
+
"SimIRSBNoDecodeError",
|
|
298
|
+
"SimMemoryAddressError",
|
|
299
|
+
"SimMemoryError",
|
|
300
|
+
"SimMemoryLimitError",
|
|
301
|
+
"SimMemoryMissingError",
|
|
302
|
+
"SimMergeError",
|
|
303
|
+
"SimMissingTempError",
|
|
304
|
+
"SimMount",
|
|
305
|
+
"SimOS",
|
|
306
|
+
"SimOperationError",
|
|
307
|
+
"SimPackets",
|
|
308
|
+
"SimPacketsStream",
|
|
309
|
+
"SimPosixError",
|
|
310
|
+
"SimProcedure",
|
|
311
|
+
"SimProcedureArgumentError",
|
|
312
|
+
"SimProcedureError",
|
|
313
|
+
"SimProcedures",
|
|
314
|
+
"SimRegionMapError",
|
|
315
|
+
"SimReliftException",
|
|
316
|
+
"SimSegfaultError",
|
|
317
|
+
"SimSegfaultException",
|
|
318
|
+
"SimShadowStackError",
|
|
319
|
+
"SimSlicerError",
|
|
280
320
|
"SimSolverError",
|
|
281
321
|
"SimSolverModeError",
|
|
282
322
|
"SimSolverOptionError",
|
|
283
|
-
"
|
|
284
|
-
"
|
|
285
|
-
"
|
|
286
|
-
"
|
|
287
|
-
"SimExpressionError",
|
|
288
|
-
"UnsupportedIRExprError",
|
|
289
|
-
"SimCCallError",
|
|
290
|
-
"UnsupportedCCallError",
|
|
291
|
-
"SimUninitializedAccessError",
|
|
323
|
+
"SimState",
|
|
324
|
+
"SimStateError",
|
|
325
|
+
"SimStateOptionsError",
|
|
326
|
+
"SimStatePlugin",
|
|
292
327
|
"SimStatementError",
|
|
293
|
-
"
|
|
294
|
-
"UnsupportedDirtyError",
|
|
295
|
-
"SimMissingTempError",
|
|
296
|
-
"SimEngineError",
|
|
297
|
-
"SimIRSBError",
|
|
328
|
+
"SimSymbolicFilesystemError",
|
|
298
329
|
"SimTranslationError",
|
|
299
|
-
"SimProcedureError",
|
|
300
|
-
"SimProcedureArgumentError",
|
|
301
|
-
"SimShadowStackError",
|
|
302
|
-
"SimFastPathError",
|
|
303
|
-
"SimIRSBNoDecodeError",
|
|
304
|
-
"AngrUnsupportedSyscallError",
|
|
305
|
-
"UnsupportedSyscallError",
|
|
306
|
-
"SimReliftException",
|
|
307
|
-
"SimSlicerError",
|
|
308
|
-
"SimActionError",
|
|
309
|
-
"SimCCError",
|
|
310
|
-
"SimUCManagerError",
|
|
311
330
|
"SimUCManagerAllocationError",
|
|
312
|
-
"
|
|
331
|
+
"SimUCManagerError",
|
|
313
332
|
"SimUnicornError",
|
|
314
333
|
"SimUnicornSymbolic",
|
|
315
|
-
"
|
|
316
|
-
"
|
|
317
|
-
"
|
|
318
|
-
"
|
|
319
|
-
"
|
|
334
|
+
"SimUnicornUnsupport",
|
|
335
|
+
"SimUninitializedAccessError",
|
|
336
|
+
"SimUnsatError",
|
|
337
|
+
"SimUnsupportedError",
|
|
338
|
+
"SimValueError",
|
|
320
339
|
"SimZeroDivisionException",
|
|
321
|
-
"AngrNoPluginError",
|
|
322
|
-
"SimConcreteMemoryError",
|
|
323
|
-
"SimConcreteRegisterError",
|
|
324
|
-
"SimConcreteBreakpointError",
|
|
325
|
-
"AngrDecompilationError",
|
|
326
|
-
"UnsupportedNodeTypeError",
|
|
327
|
-
"Blade",
|
|
328
|
-
"SimOS",
|
|
329
|
-
"Block",
|
|
330
340
|
"SimulationManager",
|
|
331
|
-
"
|
|
332
|
-
"register_analysis",
|
|
333
|
-
"analyses",
|
|
334
|
-
"knowledge_plugins",
|
|
335
|
-
"exploration_techniques",
|
|
336
|
-
"ExplorationTechnique",
|
|
337
|
-
"types",
|
|
341
|
+
"SimulationManagerError",
|
|
338
342
|
"StateHierarchy",
|
|
339
|
-
"
|
|
340
|
-
"
|
|
341
|
-
"
|
|
342
|
-
"
|
|
343
|
-
"
|
|
344
|
-
"
|
|
345
|
-
"
|
|
346
|
-
"
|
|
347
|
-
"
|
|
348
|
-
"SimPackets",
|
|
349
|
-
"SimFileStream",
|
|
350
|
-
"SimPacketsStream",
|
|
351
|
-
"SimFileDescriptor",
|
|
352
|
-
"SimFileDescriptorDuplex",
|
|
353
|
-
"SimMount",
|
|
354
|
-
"SimHostFilesystem",
|
|
355
|
-
"SimHeapBrk",
|
|
356
|
-
"SimHeapPTMalloc",
|
|
357
|
-
"PTChunk",
|
|
343
|
+
"TracerEnvironmentError",
|
|
344
|
+
"UnsupportedCCallError",
|
|
345
|
+
"UnsupportedDirtyError",
|
|
346
|
+
"UnsupportedIRExprError",
|
|
347
|
+
"UnsupportedIROpError",
|
|
348
|
+
"UnsupportedIRStmtError",
|
|
349
|
+
"UnsupportedNodeTypeError",
|
|
350
|
+
"UnsupportedSyscallError",
|
|
351
|
+
"analyses",
|
|
358
352
|
"concretization_strategies",
|
|
359
|
-
"
|
|
353
|
+
"default_cc",
|
|
354
|
+
"engines",
|
|
355
|
+
"exploration_techniques",
|
|
356
|
+
"knowledge_plugins",
|
|
357
|
+
"load_shellcode",
|
|
360
358
|
"manager",
|
|
361
|
-
"
|
|
362
|
-
"
|
|
359
|
+
"options",
|
|
360
|
+
"register_analysis",
|
|
361
|
+
"sim_options",
|
|
362
|
+
"types",
|
|
363
363
|
)
|
angr/analyses/__init__.py
CHANGED
|
@@ -58,59 +58,59 @@ from . import deobfuscator
|
|
|
58
58
|
|
|
59
59
|
|
|
60
60
|
__all__ = (
|
|
61
|
-
"Analysis",
|
|
62
|
-
"AnalysesHub",
|
|
63
|
-
"register_analysis",
|
|
64
|
-
"ForwardAnalysis",
|
|
65
|
-
"visitors",
|
|
66
|
-
"PropagatorAnalysis",
|
|
67
|
-
"CFGFast",
|
|
68
|
-
"CFGEmulated",
|
|
69
|
-
"CFG",
|
|
70
|
-
"CFGArchOptions",
|
|
71
|
-
"CFGFastSoot",
|
|
72
61
|
"CDG",
|
|
62
|
+
"CFG",
|
|
73
63
|
"DDG",
|
|
74
64
|
"VFG",
|
|
75
|
-
"BoyScout",
|
|
76
|
-
"BackwardSlice",
|
|
77
|
-
"Veritesting",
|
|
78
65
|
"VSA_DDG",
|
|
66
|
+
"AnalysesHub",
|
|
67
|
+
"Analysis",
|
|
68
|
+
"BackwardSlice",
|
|
79
69
|
"BinDiff",
|
|
80
|
-
"LoopFinder",
|
|
81
|
-
"CongruencyCheck",
|
|
82
|
-
"StaticHooker",
|
|
83
|
-
"Reassembler",
|
|
84
70
|
"BinaryOptimizer",
|
|
85
|
-
"
|
|
86
|
-
"
|
|
87
|
-
"
|
|
88
|
-
"
|
|
71
|
+
"BoyScout",
|
|
72
|
+
"CFGArchOptions",
|
|
73
|
+
"CFGEmulated",
|
|
74
|
+
"CFGFast",
|
|
75
|
+
"CFGFastSoot",
|
|
89
76
|
"CalleeCleanupFinder",
|
|
90
|
-
"ReachingDefinitionsAnalysis",
|
|
91
77
|
"CallingConventionAnalysis",
|
|
78
|
+
"ClassIdentifier",
|
|
79
|
+
"CodeCaveAnalysis",
|
|
92
80
|
"CodeTagging",
|
|
93
|
-
"
|
|
94
|
-
"
|
|
81
|
+
"CompleteCallingConventionsAnalysis",
|
|
82
|
+
"CongruencyCheck",
|
|
95
83
|
"DataDependencyGraphAnalysis",
|
|
96
84
|
"Decompiler",
|
|
97
|
-
"
|
|
98
|
-
"
|
|
85
|
+
"Disassembly",
|
|
86
|
+
"DominanceFrontier",
|
|
87
|
+
"FlirtAnalysis",
|
|
88
|
+
"ForwardAnalysis",
|
|
89
|
+
"Identifier",
|
|
99
90
|
"InitializationFinder",
|
|
100
|
-
"
|
|
101
|
-
"
|
|
91
|
+
"LoopFinder",
|
|
92
|
+
"PackingDetector",
|
|
93
|
+
"PatchFinderAnalysis",
|
|
94
|
+
"Pathfinder",
|
|
95
|
+
"PropagatorAnalysis",
|
|
102
96
|
"ProximityGraphAnalysis",
|
|
103
|
-
"
|
|
104
|
-
"
|
|
105
|
-
"
|
|
106
|
-
"FlirtAnalysis",
|
|
97
|
+
"ReachingDefinitionsAnalysis",
|
|
98
|
+
"Reassembler",
|
|
99
|
+
"SLivenessAnalysis",
|
|
107
100
|
"SPropagatorAnalysis",
|
|
108
101
|
"SReachingDefinitionsAnalysis",
|
|
109
|
-
"SLivenessAnalysis",
|
|
110
|
-
"CodeCaveAnalysis",
|
|
111
|
-
"PatchFinderAnalysis",
|
|
112
|
-
"Pathfinder",
|
|
113
102
|
"SelfModifyingCodeAnalysis",
|
|
114
|
-
"
|
|
103
|
+
"SootClassHierarchy",
|
|
104
|
+
"StackPointerTracker",
|
|
105
|
+
"StaticHooker",
|
|
106
|
+
"StaticObjectFinder",
|
|
107
|
+
"Typehoon",
|
|
108
|
+
"VariableRecovery",
|
|
109
|
+
"VariableRecoveryFast",
|
|
110
|
+
"Veritesting",
|
|
111
|
+
"VtableFinder",
|
|
112
|
+
"XRefsAnalysis",
|
|
115
113
|
"deobfuscator",
|
|
114
|
+
"register_analysis",
|
|
115
|
+
"visitors",
|
|
116
116
|
)
|
angr/analyses/backward_slice.py
CHANGED
|
@@ -110,10 +110,9 @@ class BackwardSlice(Analysis):
|
|
|
110
110
|
s = repr(self) + "\n"
|
|
111
111
|
|
|
112
112
|
if len(self.chosen_statements) > max_display:
|
|
113
|
-
s += "
|
|
113
|
+
s += f"{len(self.chosen_statements)} SimRuns in program slice, displaying {max_display}.\n"
|
|
114
114
|
else:
|
|
115
|
-
s += "
|
|
116
|
-
|
|
115
|
+
s += f"{len(self.chosen_statements)} SimRuns in program slice.\n"
|
|
117
116
|
# Pretty-print the first `max_display` basic blocks
|
|
118
117
|
if max_display is None:
|
|
119
118
|
# Output all
|
|
@@ -150,7 +149,7 @@ class BackwardSlice(Analysis):
|
|
|
150
149
|
statements = vex_block.statements
|
|
151
150
|
for i in range(len(statements)):
|
|
152
151
|
line = "+" if i in chosen_statements else "-"
|
|
153
|
-
line += "[
|
|
152
|
+
line += f"[{i: 3d}] "
|
|
154
153
|
line += str(statements[i])
|
|
155
154
|
ss += line + "\n"
|
|
156
155
|
|
|
@@ -35,12 +35,8 @@ class RedundantStackVariable:
|
|
|
35
35
|
self.argument_register_as_retval = False
|
|
36
36
|
|
|
37
37
|
def __repr__(self):
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
self.argument,
|
|
41
|
-
len(self.stack_variable_consuming_locs),
|
|
42
|
-
" - retval" if self.argument_register_as_retval else "",
|
|
43
|
-
)
|
|
38
|
+
retval_str = " - retval" if self.argument_register_as_retval else ""
|
|
39
|
+
return f"<StackVar {self.stack_variable} for {self.argument} at {len(self.stack_variable_consuming_locs)} locations{retval_str}>"
|
|
44
40
|
|
|
45
41
|
|
|
46
42
|
class RegisterReallocation:
|
|
@@ -79,12 +75,9 @@ class RegisterReallocation:
|
|
|
79
75
|
self.epilogue_size = epilogue_size
|
|
80
76
|
|
|
81
77
|
def __repr__(self):
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
len(self.stack_variable_sources),
|
|
86
|
-
len(self.stack_variable_consumers),
|
|
87
|
-
)
|
|
78
|
+
sources_count = len(self.stack_variable_sources)
|
|
79
|
+
consumers_count = len(self.stack_variable_consumers)
|
|
80
|
+
return f"<RegisterReallocation {self.register_variable} for {self.stack_variable} with {sources_count} sources and {consumers_count} consumers>"
|
|
88
81
|
|
|
89
82
|
|
|
90
83
|
class DeadAssignment:
|
angr/analyses/bindiff.py
CHANGED
|
@@ -208,11 +208,8 @@ def compare_statement_dict(statement_1, statement_2):
|
|
|
208
208
|
# constants
|
|
209
209
|
if isinstance(statement_1, (int, float, str, bytes)):
|
|
210
210
|
if (
|
|
211
|
-
isinstance(statement_1, float)
|
|
212
|
-
|
|
213
|
-
and math.isnan(statement_2)
|
|
214
|
-
or statement_1 == statement_2
|
|
215
|
-
):
|
|
211
|
+
isinstance(statement_1, float) and math.isnan(statement_1) and math.isnan(statement_2)
|
|
212
|
+
) or statement_1 == statement_2:
|
|
216
213
|
return []
|
|
217
214
|
return [Difference(None, statement_1, statement_2)]
|
|
218
215
|
|
|
@@ -283,7 +280,7 @@ class NormalizedBlock:
|
|
|
283
280
|
|
|
284
281
|
def __repr__(self):
|
|
285
282
|
size = sum([b.size for b in self.blocks])
|
|
286
|
-
return "<Normalized Block for
|
|
283
|
+
return f"<Normalized Block for {self.addr:#x}, {size} bytes>"
|
|
287
284
|
|
|
288
285
|
|
|
289
286
|
class NormalizedFunction:
|
|
@@ -277,7 +277,7 @@ class CallingConventionAnalysis(Analysis):
|
|
|
277
277
|
# prioritize the hooker
|
|
278
278
|
hooker = self.project.hooked_by(real_func.addr)
|
|
279
279
|
if hooker is not None and (
|
|
280
|
-
not hooker.is_stub or hooker.is_function and not hooker.guessed_prototype
|
|
280
|
+
not hooker.is_stub or (hooker.is_function and not hooker.guessed_prototype)
|
|
281
281
|
):
|
|
282
282
|
return real_func.calling_convention, hooker.prototype
|
|
283
283
|
if real_func.calling_convention and real_func.prototype:
|
|
@@ -414,7 +414,7 @@ class CallingConventionAnalysis(Analysis):
|
|
|
414
414
|
|
|
415
415
|
for src, _, data in sorted(in_edges, key=lambda x: x[0].addr):
|
|
416
416
|
edge_type = data.get("jumpkind", "Ijk_Call")
|
|
417
|
-
if not (edge_type == "Ijk_Call" or edge_type == "Ijk_Boring" and self._cfg.graph.out_degree[src] == 1):
|
|
417
|
+
if not (edge_type == "Ijk_Call" or (edge_type == "Ijk_Boring" and self._cfg.graph.out_degree[src] == 1)):
|
|
418
418
|
continue
|
|
419
419
|
if not self.kb.functions.contains_addr(src.function_address):
|
|
420
420
|
continue
|
|
@@ -523,8 +523,7 @@ class CallingConventionAnalysis(Analysis):
|
|
|
523
523
|
def_
|
|
524
524
|
for def_ in rda.all_uses._uses_by_definition
|
|
525
525
|
if (
|
|
526
|
-
def_.codeloc.block_addr == caller_block_addr
|
|
527
|
-
and def_.codeloc.stmt_idx == DEFAULT_STATEMENT
|
|
526
|
+
(def_.codeloc.block_addr == caller_block_addr and def_.codeloc.stmt_idx == DEFAULT_STATEMENT)
|
|
528
527
|
or any(isinstance(tag, ReturnValueTag) for tag in def_.tags)
|
|
529
528
|
)
|
|
530
529
|
}
|
angr/analyses/cfg/__init__.py
CHANGED
angr/analyses/cfg/cfg_base.py
CHANGED
|
@@ -111,7 +111,7 @@ class CFGBase(Analysis):
|
|
|
111
111
|
|
|
112
112
|
# Sanity checks
|
|
113
113
|
if context_sensitivity_level < 0:
|
|
114
|
-
raise ValueError("Unsupported context sensitivity level
|
|
114
|
+
raise ValueError(f"Unsupported context sensitivity level {context_sensitivity_level}")
|
|
115
115
|
|
|
116
116
|
self._binary = binary if binary is not None else self.project.loader.main_object
|
|
117
117
|
self._force_segment = force_segment
|
angr/analyses/cfg/cfg_fast.py
CHANGED
|
@@ -100,9 +100,9 @@ class FunctionReturn:
|
|
|
100
100
|
"""
|
|
101
101
|
|
|
102
102
|
__slots__ = (
|
|
103
|
+
"call_site_addr",
|
|
103
104
|
"callee_func_addr",
|
|
104
105
|
"caller_func_addr",
|
|
105
|
-
"call_site_addr",
|
|
106
106
|
"return_to",
|
|
107
107
|
)
|
|
108
108
|
|
|
@@ -287,9 +287,9 @@ class FunctionEdge:
|
|
|
287
287
|
"""
|
|
288
288
|
|
|
289
289
|
__slots__ = (
|
|
290
|
+
"ins_addr",
|
|
290
291
|
"src_func_addr",
|
|
291
292
|
"stmt_idx",
|
|
292
|
-
"ins_addr",
|
|
293
293
|
)
|
|
294
294
|
|
|
295
295
|
def apply(self, cfg):
|
|
@@ -302,11 +302,11 @@ class FunctionTransitionEdge(FunctionEdge):
|
|
|
302
302
|
"""
|
|
303
303
|
|
|
304
304
|
__slots__ = (
|
|
305
|
-
"src_node",
|
|
306
305
|
"dst_addr",
|
|
307
|
-
"to_outside",
|
|
308
306
|
"dst_func_addr",
|
|
309
307
|
"is_exception",
|
|
308
|
+
"src_node",
|
|
309
|
+
"to_outside",
|
|
310
310
|
)
|
|
311
311
|
|
|
312
312
|
def __init__(
|
|
@@ -353,7 +353,7 @@ class FunctionCallEdge(FunctionEdge):
|
|
|
353
353
|
Describes a call edge in functions' transition graphs.
|
|
354
354
|
"""
|
|
355
355
|
|
|
356
|
-
__slots__ = ("
|
|
356
|
+
__slots__ = ("dst_addr", "ret_addr", "src_node", "syscall")
|
|
357
357
|
|
|
358
358
|
def __init__(self, src_node, dst_addr, ret_addr, src_func_addr, syscall=False, stmt_idx=None, ins_addr=None):
|
|
359
359
|
self.src_node = src_node
|
|
@@ -380,7 +380,7 @@ class FunctionFakeRetEdge(FunctionEdge):
|
|
|
380
380
|
Describes a FakeReturn (also called fall-through) edge in functions' transition graphs.
|
|
381
381
|
"""
|
|
382
382
|
|
|
383
|
-
__slots__ = ("
|
|
383
|
+
__slots__ = ("confirmed", "dst_addr", "src_node")
|
|
384
384
|
|
|
385
385
|
def __init__(self, src_node, dst_addr, src_func_addr, confirmed=None):
|
|
386
386
|
self.src_node = src_node
|
|
@@ -402,7 +402,7 @@ class FunctionReturnEdge(FunctionEdge):
|
|
|
402
402
|
Describes a return (from a function call or a syscall) edge in functions' transition graphs.
|
|
403
403
|
"""
|
|
404
404
|
|
|
405
|
-
__slots__ = ("
|
|
405
|
+
__slots__ = ("dst_func_addr", "ret_from_addr", "ret_to_addr")
|
|
406
406
|
|
|
407
407
|
def __init__(self, ret_from_addr, ret_to_addr, dst_func_addr):
|
|
408
408
|
self.ret_from_addr = ret_from_addr
|
|
@@ -437,19 +437,19 @@ class CFGJob:
|
|
|
437
437
|
"""
|
|
438
438
|
|
|
439
439
|
__slots__ = (
|
|
440
|
+
"_func_edges",
|
|
440
441
|
"addr",
|
|
441
442
|
"func_addr",
|
|
443
|
+
"gp",
|
|
444
|
+
"job_type",
|
|
442
445
|
"jumpkind",
|
|
443
|
-
"ret_target",
|
|
444
446
|
"last_addr",
|
|
445
|
-
"
|
|
447
|
+
"ret_target",
|
|
448
|
+
"returning_source",
|
|
446
449
|
"src_ins_addr",
|
|
450
|
+
"src_node",
|
|
447
451
|
"src_stmt_idx",
|
|
448
|
-
"returning_source",
|
|
449
452
|
"syscall",
|
|
450
|
-
"_func_edges",
|
|
451
|
-
"job_type",
|
|
452
|
-
"gp",
|
|
453
453
|
)
|
|
454
454
|
|
|
455
455
|
def __init__(
|
|
@@ -1812,7 +1812,8 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase): # pylin
|
|
|
1812
1812
|
elif (
|
|
1813
1813
|
not security_init_cookie_found
|
|
1814
1814
|
and is_function_security_init_cookie(func, self.project, security_cookie_addr)
|
|
1815
|
-
|
|
1815
|
+
) or (
|
|
1816
|
+
not security_init_cookie_found
|
|
1816
1817
|
and is_function_security_init_cookie_win8(func, self.project, security_cookie_addr)
|
|
1817
1818
|
):
|
|
1818
1819
|
security_init_cookie_found = True
|
|
@@ -3036,7 +3037,8 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase): # pylin
|
|
|
3036
3037
|
self.kb.xrefs.add_xref(cr)
|
|
3037
3038
|
|
|
3038
3039
|
if is_arm_arch(self.project.arch) and (
|
|
3039
|
-
(irsb_addr & 1) == 1 and data_addr == (insn_addr & 0xFFFF_FFFF_FFFF_FFFE) + 4
|
|
3040
|
+
((irsb_addr & 1) == 1 and data_addr == (insn_addr & 0xFFFF_FFFF_FFFF_FFFE) + 4)
|
|
3041
|
+
or data_addr == insn_addr + 8
|
|
3040
3042
|
):
|
|
3041
3043
|
return
|
|
3042
3044
|
self.insn_addr_to_memory_data[insn_addr] = self.model.memory_data[data_addr]
|
|
@@ -12,13 +12,13 @@ from .amd64_pe_iat import AMD64PeIatResolver
|
|
|
12
12
|
|
|
13
13
|
|
|
14
14
|
__all__ = (
|
|
15
|
+
"AMD64ElfGotResolver",
|
|
16
|
+
"AMD64PeIatResolver",
|
|
17
|
+
"ArmElfFastResolver",
|
|
18
|
+
"ConstantResolver",
|
|
19
|
+
"JumpTableResolver",
|
|
15
20
|
"MipsElfFastResolver",
|
|
16
21
|
"MipsElfGotResolver",
|
|
17
22
|
"X86ElfPicPltResolver",
|
|
18
|
-
"JumpTableResolver",
|
|
19
23
|
"X86PeIatResolver",
|
|
20
|
-
"AMD64ElfGotResolver",
|
|
21
|
-
"ArmElfFastResolver",
|
|
22
|
-
"ConstantResolver",
|
|
23
|
-
"AMD64PeIatResolver",
|
|
24
24
|
)
|
|
@@ -19,7 +19,7 @@ class AMD64ElfGotResolver(IndirectJumpResolver):
|
|
|
19
19
|
super().__init__(project, timeless=True)
|
|
20
20
|
|
|
21
21
|
def filter(self, cfg, addr, func_addr, block, jumpkind):
|
|
22
|
-
return jumpkind == "Ijk_Call" or jumpkind == "Ijk_Boring" and addr == func_addr
|
|
22
|
+
return jumpkind == "Ijk_Call" or (jumpkind == "Ijk_Boring" and addr == func_addr)
|
|
23
23
|
|
|
24
24
|
def resolve( # pylint:disable=unused-argument
|
|
25
25
|
self, cfg, addr, func_addr, block, jumpkind, func_graph_complete: bool = True, **kwargs
|