PyPI - angr - Versions diffs - 9.2.134__py3-none-macosx_10_9_x86_64.whl → 9.2.135__py3-none-macosx_10_9_x86_64.whl - Mend

angr 9.2.134__py3-none-macosx_10_9_x86_64.whl → 9.2.135__py3-none-macosx_10_9_x86_64.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of angr might be problematic. Click here for more details.

Files changed (23) hide show

angr/__init__.py CHANGED Viewed

@@ -2,7 +2,7 @@
 # pylint: disable=wrong-import-position
 from __future__ import annotations
-__version__ = "9.2.134"
+__version__ = "9.2.135"
 if bytes is str:
     raise Exception(

angr/analyses/__init__.py CHANGED Viewed

@@ -30,7 +30,7 @@ from .variable_recovery import VariableRecovery, VariableRecoveryFast
 from .identifier import Identifier
 from .callee_cleanup_finder import CalleeCleanupFinder
 from .reaching_definitions import ReachingDefinitionsAnalysis
-from .calling_convention import CallingConventionAnalysis
+from .calling_convention import CallingConventionAnalysis, FactCollector
 from .code_tagging import CodeTagging
 from .stack_pointer_tracker import StackPointerTracker
 from .dominance_frontier import DominanceFrontier
@@ -84,6 +84,7 @@ __all__ = (
     "Decompiler",
     "Disassembly",
     "DominanceFrontier",
+    "FactCollector",
     "FlirtAnalysis",
     "ForwardAnalysis",
     "Identifier",

angr/analyses/calling_convention/__init__.py ADDED Viewed

@@ -0,0 +1,6 @@
+from __future__ import annotations
+from .calling_convention import CallingConventionAnalysis
+from .fact_collector import FactCollector
+__all__ = ["CallingConventionAnalysis", "FactCollector"]

angr/analyses/{calling_convention.py → calling_convention/calling_convention.py} RENAMED Viewed

@@ -9,7 +9,6 @@ import capstone
 from pyvex.stmt import Put
 from pyvex.expr import RdTmp
-from archinfo.arch_arm import is_arm_arch, ArchARMHF
 import ailment
 from angr.code_location import ExternalCodeLocation
@@ -35,8 +34,9 @@ from angr.knowledge_plugins.variables.variable_access import VariableAccessSort
 from angr.knowledge_plugins.functions import Function
 from angr.utils.constants import DEFAULT_STATEMENT
 from angr import SIM_PROCEDURES
-from .reaching_definitions import get_all_definitions
-from . import Analysis, register_analysis, ReachingDefinitionsAnalysis
+from angr.analyses import Analysis, register_analysis, ReachingDefinitionsAnalysis
+from angr.analyses.reaching_definitions import get_all_definitions
+from .utils import is_sane_register_variable
 if TYPE_CHECKING:
     from angr.knowledge_plugins.cfg import CFGModel
@@ -95,6 +95,8 @@ class CallingConventionAnalysis(Analysis):
         callsite_block_addr: int | None = None,
         callsite_insn_addr: int | None = None,
         func_graph: networkx.DiGraph | None = None,
+        input_args: list[SimRegArg | SimStackArg] | None = None,
+        retval_size: int | None = None,
     ):
         if func is not None and not isinstance(func, Function):
             func = self.kb.functions[func]
@@ -106,6 +108,15 @@ class CallingConventionAnalysis(Analysis):
         self.callsite_block_addr = callsite_block_addr
         self.callsite_insn_addr = callsite_insn_addr
         self._func_graph = func_graph
+        self._input_args = input_args
+        self._retval_size = retval_size
+        if self._retval_size is not None and self._input_args is None:
+            # retval size will be ignored if input_args is not specified - user error?
+            raise TypeError(
+                "input_args must be provided to use retval_size. Otherwise please set both input_args and "
+                "retval_size to None."
+            )
         self.cc: SimCC | None = None
         self.prototype: SimTypeFunction | None = None
@@ -308,9 +319,17 @@ class CallingConventionAnalysis(Analysis):
             # we do not analyze SimProcedures or PLT stubs
             return None
-        if not self._variable_manager.has_function_manager(self._function.addr):
-            l.warning("Please run variable recovery on %r before analyzing its calling convention.", self._function)
-            return None
+        if self._input_args is None:
+            if not self._variable_manager.has_function_manager(self._function.addr):
+                l.warning("Please run variable recovery on %r before analyzing its calling convention.", self._function)
+                return None
+            vm = self._variable_manager[self._function.addr]
+            retval_size = vm.ret_val_size
+            input_variables = vm.input_variables()
+            input_args = self._args_from_vars(input_variables, vm)
+        else:
+            input_args = self._input_args
+            retval_size = self._retval_size
         # check if this function is a variadic function
         if self.project.arch.name == "AMD64":
@@ -319,11 +338,6 @@ class CallingConventionAnalysis(Analysis):
             is_variadic = False
             fixed_args = None
-        vm = self._variable_manager[self._function.addr]
-        input_variables = vm.input_variables()
-        input_args = self._args_from_vars(input_variables, vm)
         # TODO: properly determine sp_delta
         sp_delta = self.project.arch.bytes if self.project.arch.call_pushes_ret else 0
@@ -342,7 +356,7 @@ class CallingConventionAnalysis(Analysis):
             args = args[:fixed_args]
         # guess the type of the return value -- it's going to be a wild guess...
-        ret_type = self._guess_retval_type(cc, vm.ret_val_size)
+        ret_type = self._guess_retval_type(cc, retval_size)
         if self._function.name == "main" and self.project.arch.bits == 64 and isinstance(ret_type, SimTypeLongLong):
             # hack - main must return an int even in 64-bit binaries
             ret_type = SimTypeInt()
@@ -698,14 +712,14 @@ class CallingConventionAnalysis(Analysis):
                     args.add(arg)
             elif isinstance(variable, SimRegisterVariable):
                 # a register variable, convert it to a register argument
-                if not self._is_sane_register_variable(variable, def_cc=def_cc):
+                if not is_sane_register_variable(self.project.arch, variable.reg, variable.size, def_cc=def_cc):
                     continue
-                reg_name = self.project.arch.translate_register_name(variable.reg, size=variable.size)
                 if self.project.arch.name in {"AMD64", "X86"} and variable.size < self.project.arch.bytes:
                     # use complete registers on AMD64 and X86
                     reg_name = self.project.arch.translate_register_name(variable.reg, size=self.project.arch.bytes)
                     arg = SimRegArg(reg_name, self.project.arch.bytes)
                 else:
+                    reg_name = self.project.arch.translate_register_name(variable.reg, size=variable.size)
                     arg = SimRegArg(reg_name, variable.size)
                 args.add(arg)
@@ -748,53 +762,6 @@ class CallingConventionAnalysis(Analysis):
         return args.difference(restored_reg_vars)
-    def _is_sane_register_variable(self, variable: SimRegisterVariable, def_cc: SimCC | None = None) -> bool:
-        """
-        Filters all registers that are surly not members of function arguments.
-        This can be seen as a workaround, since VariableRecoveryFast sometimes gives input variables of cc_ndep (which
-        is a VEX-specific register) :-(
-        :param variable: The variable to test.
-        :return:         True if it is an acceptable function argument, False otherwise.
-        :rtype:          bool
-        """
-        arch = self.project.arch
-        arch_name = arch.name
-        if ":" in arch_name:
-            # for pcode architectures, we only leave registers that are known to be used as input arguments
-            if def_cc is not None:
-                return arch.translate_register_name(variable.reg, size=variable.size) in def_cc.ARG_REGS
-            return True
-        # VEX
-        if arch_name == "AARCH64":
-            return 16 <= variable.reg < 80  # x0-x7
-        if arch_name == "AMD64":
-            return 24 <= variable.reg < 40 or 64 <= variable.reg < 104  # rcx, rdx  # rsi, rdi, r8, r9, r10
-            # 224 <= variable.reg < 480)  # xmm0-xmm7
-        if is_arm_arch(arch):
-            if isinstance(arch, ArchARMHF):
-                return 8 <= variable.reg < 24 or 128 <= variable.reg < 160  # r0 - 32  # s0 - s7, or d0 - d4
-            return 8 <= variable.reg < 24  # r0-r3
-        if arch_name == "MIPS32":
-            return 24 <= variable.reg < 40  # a0-a3
-        if arch_name == "MIPS64":
-            return 48 <= variable.reg < 80 or 112 <= variable.reg < 208  # a0-a3 or t4-t7
-        if arch_name == "PPC32":
-            return 28 <= variable.reg < 60  # r3-r10
-        if arch_name == "X86":
-            return 8 <= variable.reg < 24 or 160 <= variable.reg < 288  # eax, ebx, ecx, edx  # xmm0-xmm7
-        l.critical("Unsupported architecture %s.", arch.name)
-        return True
     def _reorder_args(self, args: list[SimRegArg | SimStackArg], cc: SimCC) -> list[SimRegArg | SimStackArg]:
         """
         Reorder arguments according to the calling convention identified.

angr/analyses/calling_convention/fact_collector.py ADDED Viewed

@@ -0,0 +1,503 @@
+from __future__ import annotations
+from typing import Any
+import pyvex
+import claripy
+from angr.utils.bits import s2u, u2s
+from angr.block import Block
+from angr.analyses.analysis import Analysis
+from angr.analyses import AnalysesHub
+from angr.knowledge_plugins.functions import Function
+from angr.codenode import BlockNode, HookNode
+from angr.engines.light import SimEngineNostmtVEX, SimEngineLight, SpOffset, RegisterOffset
+from angr.calling_conventions import SimRegArg, SimStackArg, default_cc
+from angr.sim_type import SimTypeBottom
+from .utils import is_sane_register_variable
+class FactCollectorState:
+    """
+    The abstract state for FactCollector.
+    """
+    __slots__ = (
+        "bp_value",
+        "callee_stored_regs",
+        "reg_reads",
+        "reg_writes",
+        "simple_stack",
+        "sp_value",
+        "stack_reads",
+        "stack_writes",
+        "tmps",
+    )
+    def __init__(self):
+        self.tmps = {}
+        self.simple_stack = {}
+        self.callee_stored_regs: dict[int, int] = {}  # reg offset -> stack offset
+        self.reg_reads = {}
+        self.reg_writes: set[int] = set()
+        self.stack_reads = {}
+        self.stack_writes: set[int] = set()
+        self.sp_value = 0
+        self.bp_value = 0
+    def register_read(self, offset: int, size_in_bytes: int):
+        if offset in self.reg_writes:
+            return
+        if offset not in self.reg_reads:
+            self.reg_reads[offset] = size_in_bytes
+        else:
+            self.reg_reads[offset] = max(self.reg_reads[offset], size_in_bytes)
+    def register_written(self, offset: int, size_in_bytes: int):
+        for o in range(size_in_bytes):
+            self.reg_writes.add(offset + o)
+    def stack_read(self, offset: int, size_in_bytes: int):
+        if offset in self.stack_writes:
+            return
+        if offset not in self.stack_reads:
+            self.stack_reads[offset] = size_in_bytes
+        else:
+            self.stack_reads[offset] = max(self.stack_reads[offset], size_in_bytes)
+    def stack_written(self, offset: int, size_int_bytes: int):
+        for o in range(size_int_bytes):
+            self.stack_writes.add(offset + o)
+    def copy(self, with_tmps: bool = False) -> FactCollectorState:
+        new_state = FactCollectorState()
+        new_state.reg_reads = self.reg_reads.copy()
+        new_state.stack_reads = self.stack_reads.copy()
+        new_state.stack_writes = self.stack_writes.copy()
+        new_state.reg_writes = self.reg_writes.copy()
+        new_state.callee_stored_regs = self.callee_stored_regs.copy()
+        new_state.sp_value = self.sp_value
+        new_state.bp_value = self.bp_value
+        new_state.simple_stack = self.simple_stack.copy()
+        if with_tmps:
+            new_state.tmps = self.tmps.copy()
+        return new_state
+binop_handler = SimEngineNostmtVEX[FactCollectorState, claripy.ast.BV, FactCollectorState].binop_handler
+class SimEngineFactCollectorVEX(
+    SimEngineNostmtVEX[FactCollectorState, SpOffset | RegisterOffset | int, None],
+    SimEngineLight[type[FactCollectorState], SpOffset | RegisterOffset | int, Block, None],
+):
+    """
+    THe engine for FactCollector.
+    """
+    def __init__(self, project, bp_as_gpr: bool):
+        self.bp_as_gpr = bp_as_gpr
+        super().__init__(project)
+    def _process_block_end(self, stmt_result: list, whitelist: set[int] | None) -> None:
+        if self.block.vex.jumpkind == "Ijk_Call":
+            self.state.register_written(self.arch.ret_offset, self.arch.bytes)
+    def _top(self, bits: int):
+        return None
+    def _is_top(self, expr: Any) -> bool:
+        raise NotImplementedError
+    def _handle_conversion(self, from_size: int, to_size: int, signed: bool, operand: pyvex.IRExpr) -> Any:
+        return None
+    def _handle_stmt_Put(self, stmt):
+        v = self._expr(stmt.data)
+        if stmt.offset == self.arch.sp_offset and isinstance(v, SpOffset):
+            self.state.sp_value = v.offset
+        elif stmt.offset == self.arch.bp_offset and isinstance(v, SpOffset):
+            self.state.bp_value = v.offset
+        else:
+            self.state.register_written(stmt.offset, stmt.data.result_size(self.tyenv) // self.arch.byte_width)
+    def _handle_stmt_Store(self, stmt: pyvex.IRStmt.Store):
+        addr = self._expr(stmt.addr)
+        if isinstance(addr, SpOffset):
+            self.state.stack_written(addr.offset, stmt.data.result_size(self.tyenv) // self.arch.byte_width)
+            data = self._expr(stmt.data)
+            if isinstance(data, RegisterOffset) and not isinstance(data, SpOffset):
+                # push reg; we record the stored register as well as the stack slot offset
+                self.state.callee_stored_regs[data.reg] = u2s(addr.offset, self.arch.bits)
+            if isinstance(data, SpOffset):
+                self.state.simple_stack[addr.offset] = data
+    def _handle_stmt_WrTmp(self, stmt: pyvex.IRStmt.WrTmp):
+        v = self._expr(stmt.data)
+        if v is not None:
+            self.state.tmps[stmt.tmp] = v
+    def _handle_expr_Const(self, expr: pyvex.IRExpr.Const):
+        return expr.con.value
+    def _handle_expr_GSPTR(self, expr):
+        return None
+    def _handle_expr_Get(self, expr) -> SpOffset | None:
+        if expr.offset == self.arch.sp_offset:
+            return SpOffset(self.arch.bits, self.state.sp_value, is_base=False)
+        if expr.offset == self.arch.bp_offset and not self.bp_as_gpr:
+            return SpOffset(self.arch.bits, self.state.bp_value, is_base=False)
+        bits = expr.result_size(self.tyenv)
+        self.state.register_read(expr.offset, bits // self.arch.byte_width)
+        return RegisterOffset(bits, expr.offset, 0)
+    def _handle_expr_GetI(self, expr):
+        return None
+    def _handle_expr_ITE(self, expr):
+        return None
+    def _handle_expr_Load(self, expr):
+        addr = self._expr(expr.addr)
+        if isinstance(addr, SpOffset):
+            self.state.stack_read(addr.offset, expr.result_size(self.tyenv) // self.arch.byte_width)
+            return self.state.simple_stack.get(addr.offset)
+        return None
+    def _handle_expr_RdTmp(self, expr):
+        return self.state.tmps.get(expr.tmp, None)
+    def _handle_expr_VECRET(self, expr):
+        return None
+    @binop_handler
+    def _handle_binop_Add(self, expr):
+        op0, op1 = self._expr(expr.args[0]), self._expr(expr.args[1])
+        if isinstance(op0, SpOffset) and isinstance(op1, int):
+            return SpOffset(op0.bits, s2u(op0.offset + op1, op0.bits), is_base=op0.is_base)
+        if isinstance(op1, SpOffset) and isinstance(op0, int):
+            return SpOffset(op1.bits, s2u(op1.offset + op0, op1.bits), is_base=op1.is_base)
+        return None
+    @binop_handler
+    def _handle_binop_Sub(self, expr):
+        op0, op1 = self._expr(expr.args[0]), self._expr(expr.args[1])
+        if isinstance(op0, SpOffset) and isinstance(op1, int):
+            return SpOffset(op0.bits, s2u(op0.offset - op1, op0.bits), is_base=op0.is_base)
+        if isinstance(op1, SpOffset) and isinstance(op0, int):
+            return SpOffset(op1.bits, s2u(op1.offset - op0, op1.bits), is_base=op1.is_base)
+        return None
+    @binop_handler
+    def _handle_binop_And(self, expr):
+        op0, op1 = self._expr(expr.args[0]), self._expr(expr.args[1])
+        if isinstance(op0, SpOffset):
+            return op0
+        if isinstance(op1, SpOffset):
+            return op1
+        return None
+class FactCollector(Analysis):
+    """
+    An extremely fast analysis that extracts necessary facts of a function for CallingConventionAnalysis to make
+    decision on the calling convention and prototype of a function.
+    """
+    def __init__(self, func: Function, max_depth: int = 5):
+        self.function = func
+        self._max_depth = max_depth
+        self.input_args: list[SimRegArg | SimStackArg] | None = None
+        self.retval_size: int | None = None
+        self._analyze()
+    def _analyze(self):
+        # breadth-first search using function graph, collect registers and stack variables that are written to as well
+        # as read from, until max_depth is reached
+        end_states = self._analyze_startpoint()
+        self._analyze_endpoints_for_retval_size()
+        callee_restored_regs = self._analyze_endpoints_for_restored_regs()
+        self._determine_input_args(end_states, callee_restored_regs)
+    def _analyze_startpoint(self):
+        func_graph = self.function.transition_graph
+        startpoint = self.function.startpoint
+        bp_as_gpr = self.function.info.get("bp_as_gpr", False)
+        engine = SimEngineFactCollectorVEX(self.project, bp_as_gpr)
+        init_state = FactCollectorState()
+        if self.project.arch.call_pushes_ret:
+            init_state.sp_value = self.project.arch.bytes
+        init_state.bp_value = init_state.sp_value
+        traversed = set()
+        queue: list[tuple[int, FactCollectorState, BlockNode | HookNode | Function, BlockNode | HookNode | None]] = [
+            (0, init_state, startpoint, None)
+        ]
+        end_states: list[FactCollectorState] = []
+        while queue:
+            depth, state, node, retnode = queue.pop(0)
+            traversed.add(node)
+            if depth > self._max_depth:
+                end_states.append(state)
+                break
+            if isinstance(node, BlockNode) and node.size == 0:
+                continue
+            if isinstance(node, HookNode):
+                # attempt to convert it into a function
+                if self.kb.functions.contains_addr(node.addr):
+                    node = self.kb.functions.get_by_addr(node.addr)
+                else:
+                    continue
+            if isinstance(node, Function):
+                if node.calling_convention is not None and node.prototype is not None:
+                    # consume args and overwrite the return register
+                    self._handle_function(state, node)
+                if node.returning is False or retnode is None:
+                    # the function call does not return
+                    end_states.append(state)
+                else:
+                    # enqueue the retnode, but we don't increment the depth
+                    new_state = state.copy()
+                    if self.project.arch.call_pushes_ret:
+                        new_state.sp_value += self.project.arch.bytes
+                    queue.append((depth, new_state, retnode, None))
+                continue
+            block = self.project.factory.block(node.addr, size=node.size)
+            engine.process(state, block=block)
+            successor_added = False
+            call_succ, ret_succ = None, None
+            for _, succ, data in func_graph.out_edges(node, data=True):
+                edge_type = data.get("type")
+                if succ not in traversed and depth + 1 <= self._max_depth:
+                    if edge_type == "fake_return":
+                        ret_succ = succ
+                    elif edge_type == "transition":
+                        successor_added = True
+                        queue.append((depth + 1, state.copy(), succ, None))
+                    elif edge_type == "call":
+                        call_succ = succ
+            if call_succ is not None:
+                successor_added = True
+                queue.append((depth + 1, state.copy(), call_succ, ret_succ))
+            if not successor_added:
+                end_states.append(state)
+        return end_states
+    def _handle_function(self, state: FactCollectorState, func: Function) -> None:
+        try:
+            arg_locs = func.calling_convention.arg_locs(func.prototype)
+        except (TypeError, ValueError):
+            func.prototype = None
+            return
+        if None in arg_locs:
+            return
+        for arg_loc in arg_locs:
+            for loc in arg_loc.get_footprint():
+                if isinstance(loc, SimRegArg):
+                    state.register_read(self.project.arch.registers[loc.reg_name][0] + loc.reg_offset, loc.size)
+                elif isinstance(loc, SimStackArg):
+                    sp_value = state.sp_value
+                    if sp_value is not None:
+                        state.stack_read(sp_value + loc.stack_offset, loc.size)
+        # clobber caller-saved regs
+        for reg_name in func.calling_convention.CALLER_SAVED_REGS:
+            offset = self.project.arch.registers[reg_name][0]
+            state.register_written(offset, self.project.arch.registers[reg_name][1])
+    def _analyze_endpoints_for_retval_size(self):
+        """
+        Analyze all endpoints to determine the return value size.
+        """
+        func_graph = self.function.transition_graph
+        cc_cls = default_cc(
+            self.project.arch.name, platform=self.project.simos.name if self.project.simos is not None else None
+        )
+        cc = cc_cls(self.project.arch)
+        if isinstance(cc.RETURN_VAL, SimRegArg):
+            retreg_offset = cc.RETURN_VAL.check_offset(self.project.arch)
+        else:
+            return
+        retval_sizes = []
+        for endpoint in self.function.endpoints:
+            traversed = set()
+            queue: list[tuple[int, BlockNode | HookNode]] = [(0, endpoint)]
+            while queue:
+                depth, node = queue.pop(0)
+                traversed.add(node)
+                if depth > 3:
+                    break
+                if isinstance(node, BlockNode) and node.size == 0:
+                    continue
+                if isinstance(node, HookNode):
+                    # attempt to convert it into a function
+                    if self.kb.functions.contains_addr(node.addr):
+                        node = self.kb.functions.get_by_addr(node.addr)
+                    else:
+                        continue
+                if isinstance(node, Function):
+                    if (
+                        node.calling_convention is not None
+                        and node.prototype is not None
+                        and node.prototype.returnty is not None
+                        and not isinstance(node.prototype.returnty, SimTypeBottom)
+                    ):
+                        # assume the function overwrites the return variable
+                        retval_size = (
+                            node.prototype.returnty.with_arch(self.project.arch).size // self.project.arch.byte_width
+                        )
+                        retval_sizes.append(retval_size)
+                    continue
+                block = self.project.factory.block(node.addr, size=node.size)
+                # scan the block statements backwards to find writes to the return value register
+                retval_size = None
+                for stmt in reversed(block.vex.statements):
+                    if isinstance(stmt, pyvex.IRStmt.Put):
+                        size = stmt.data.result_size(block.vex.tyenv) // self.project.arch.byte_width
+                        if stmt.offset == retreg_offset:
+                            retval_size = max(size, 1)
+                if retval_size is not None:
+                    retval_sizes.append(retval_size)
+                    continue
+                for pred, _, data in func_graph.in_edges(node, data=True):
+                    edge_type = data.get("type")
+                    if pred not in traversed and depth + 1 <= self._max_depth:
+                        if edge_type == "fake_return":
+                            continue
+                        if edge_type in {"transition", "call"}:
+                            queue.append((depth + 1, pred))
+        self.retval_size = max(retval_sizes) if retval_sizes else None
+    def _analyze_endpoints_for_restored_regs(self):
+        """
+        Analyze all endpoints to determine the restored registers.
+        """
+        func_graph = self.function.transition_graph
+        callee_restored_regs = set()
+        for endpoint in self.function.endpoints:
+            traversed = set()
+            queue: list[tuple[int, BlockNode | HookNode]] = [(0, endpoint)]
+            while queue:
+                depth, node = queue.pop(0)
+                traversed.add(node)
+                if depth > 3:
+                    break
+                if isinstance(node, BlockNode) and node.size == 0:
+                    continue
+                if isinstance(node, (HookNode, Function)):
+                    continue
+                block = self.project.factory.block(node.addr, size=node.size)
+                # scan the block statements backwards to find all statements that restore registers from the stack
+                tmps = {}
+                for stmt in block.vex.statements:
+                    if isinstance(stmt, pyvex.IRStmt.WrTmp):
+                        if isinstance(stmt.data, pyvex.IRExpr.Get) and stmt.data.offset in {
+                            self.project.arch.bp_offset,
+                            self.project.arch.sp_offset,
+                        }:
+                            tmps[stmt.tmp] = "sp"
+                        elif (
+                            isinstance(stmt.data, pyvex.IRExpr.Load)
+                            and isinstance(stmt.data.addr, pyvex.IRExpr.RdTmp)
+                            and tmps.get(stmt.data.addr.tmp) == "sp"
+                        ):
+                            tmps[stmt.tmp] = "stack_value"
+                        elif isinstance(stmt.data, pyvex.IRExpr.Const):
+                            tmps[stmt.tmp] = "const"
+                        elif isinstance(stmt.data, pyvex.IRExpr.Binop) and (  # noqa:SIM102
+                            stmt.data.op.startswith("Iop_Add") or stmt.data.op.startswith("Iop_Sub")
+                        ):
+                            if (
+                                isinstance(stmt.data.args[0], pyvex.IRExpr.RdTmp)
+                                and tmps.get(stmt.data.args[0].tmp) == "sp"
+                            ) or (
+                                isinstance(stmt.data.args[1], pyvex.IRExpr.RdTmp)
+                                and tmps.get(stmt.data.args[1].tmp) == "sp"
+                            ):
+                                tmps[stmt.tmp] = "sp"
+                    if isinstance(stmt, pyvex.IRStmt.Put):
+                        size = stmt.data.result_size(block.vex.tyenv) // self.project.arch.byte_width
+                        # is the data loaded from the stack?
+                        if (
+                            size == self.project.arch.bytes
+                            and isinstance(stmt.data, pyvex.IRExpr.RdTmp)
+                            and tmps.get(stmt.data.tmp) == "stack_value"
+                        ):
+                            callee_restored_regs.add(stmt.offset)
+                for pred, _, data in func_graph.in_edges(node, data=True):
+                    edge_type = data.get("type")
+                    if pred not in traversed and depth + 1 <= self._max_depth and edge_type == "transition":
+                        queue.append((depth + 1, pred))
+        return callee_restored_regs
+    def _determine_input_args(self, end_states: list[FactCollectorState], callee_restored_regs: set[int]) -> None:
+        self.input_args = []
+        reg_offset_created = set()
+        callee_saved_regs = set()
+        callee_saved_reg_stack_offsets = set()
+        # determine callee-saved registers
+        for state in end_states:
+            for reg_offset, stack_offset in state.callee_stored_regs.items():
+                if reg_offset in callee_restored_regs:
+                    callee_saved_regs.add(reg_offset)
+                    callee_saved_reg_stack_offsets.add(stack_offset)
+        for state in end_states:
+            for offset, size in state.reg_reads.items():
+                if (
+                    offset in reg_offset_created
+                    or offset == self.project.arch.bp_offset
+                    or not is_sane_register_variable(self.project.arch, offset, size)
+                    or offset in callee_saved_regs
+                ):
+                    continue
+                reg_offset_created.add(offset)
+                if self.project.arch.name in {"AMD64", "X86"} and size < self.project.arch.bytes:
+                    # use complete registers on AMD64 and X86
+                    reg_name = self.project.arch.translate_register_name(offset, size=self.project.arch.bytes)
+                    arg = SimRegArg(reg_name, self.project.arch.bytes)
+                else:
+                    reg_name = self.project.arch.translate_register_name(offset, size=size)
+                    arg = SimRegArg(reg_name, size)
+                self.input_args.append(arg)
+        stack_offset_created = set()
+        ret_addr_offset = 0 if not self.project.arch.call_pushes_ret else self.project.arch.bytes
+        for state in end_states:
+            for offset, size in state.stack_reads.items():
+                offset = u2s(offset, self.project.arch.bits)
+                if offset - ret_addr_offset > 0:
+                    if offset in stack_offset_created or offset in callee_saved_reg_stack_offsets:
+                        continue
+                    stack_offset_created.add(offset)
+                    arg = SimStackArg(offset - ret_addr_offset, size)
+                    self.input_args.append(arg)
+AnalysesHub.register_default("FunctionFactCollector", FactCollector)

angr/analyses/calling_convention/utils.py ADDED Viewed

@@ -0,0 +1,57 @@
+from __future__ import annotations
+import logging
+import archinfo
+from archinfo.arch_arm import is_arm_arch, ArchARMHF
+from angr.calling_conventions import SimCC
+l = logging.getLogger(__name__)
+def is_sane_register_variable(arch: archinfo.Arch, reg_offset: int, reg_size: int, def_cc: SimCC | None = None) -> bool:
+    """
+    Filters all registers that are surly not members of function arguments.
+    This can be seen as a workaround, since VariableRecoveryFast sometimes gives input variables of cc_ndep (which
+    is a VEX-specific register) :-(
+    :param reg_offset:  The register offset.
+    :param reg_size:    The register size.
+    :return:            True if it is an acceptable function argument, False otherwise.
+    :rtype:             bool
+    """
+    arch_name = arch.name
+    if ":" in arch_name:
+        # for pcode architectures, we only leave registers that are known to be used as input arguments
+        if def_cc is not None:
+            return arch.translate_register_name(reg_offset, size=reg_size) in def_cc.ARG_REGS
+        return True
+    # VEX
+    if arch_name == "AARCH64":
+        return 16 <= reg_offset < 80  # x0-x7
+    if arch_name == "AMD64":
+        return 24 <= reg_offset < 40 or 64 <= reg_offset < 104  # rcx, rdx  # rsi, rdi, r8, r9, r10
+        # 224 <= reg_offset < 480)  # xmm0-xmm7
+    if is_arm_arch(arch):
+        if isinstance(arch, ArchARMHF):
+            return 8 <= reg_offset < 24 or 128 <= reg_offset < 160  # r0 - 32  # s0 - s7, or d0 - d4
+        return 8 <= reg_offset < 24  # r0-r3
+    if arch_name == "MIPS32":
+        return 24 <= reg_offset < 40  # a0-a3
+    if arch_name == "MIPS64":
+        return 48 <= reg_offset < 80 or 112 <= reg_offset < 208  # a0-a3 or t4-t7
+    if arch_name == "PPC32":
+        return 28 <= reg_offset < 60  # r3-r10
+    if arch_name == "X86":
+        return 8 <= reg_offset < 24 or 160 <= reg_offset < 288  # eax, ebx, ecx, edx  # xmm0-xmm7
+    l.critical("Unsupported architecture %s.", arch.name)
+    return True

angr/analyses/complete_calling_conventions.py CHANGED Viewed

@@ -7,6 +7,7 @@ import threading
 import time
 import logging
 from collections import defaultdict
+from enum import Enum
 import networkx
@@ -16,7 +17,7 @@ from angr.utils.graph import GraphUtils
 from angr.simos import SimWindows
 from angr.utils.mp import mp_context, Initializer
 from angr.knowledge_plugins.cfg import CFGModel
-from . import Analysis, register_analysis, VariableRecoveryFast, CallingConventionAnalysis
+from . import Analysis, register_analysis, VariableRecoveryFast, CallingConventionAnalysis, FactCollector
 if TYPE_CHECKING:
     from angr.calling_conventions import SimCC
@@ -30,6 +31,18 @@ _l = logging.getLogger(name=__name__)
 _mp_context = mp_context()
+class CallingConventionAnalysisMode(Enum):
+    """
+    The mode of calling convention analysis.
+    FAST: Using FactCollector to collect facts, then use facts for calling convention analysis.
+    VARIABLES: Using variables in VariableManager for calling convention analysis.
+    """
+    FAST = "fast"
+    VARIABLES = "variables"
 class CompleteCallingConventionsAnalysis(Analysis):
     """
     Implements full-binary calling convention analysis. During the initial analysis of a binary, you may set
@@ -39,6 +52,7 @@ class CompleteCallingConventionsAnalysis(Analysis):
     def __init__(
         self,
+        mode: CallingConventionAnalysisMode = CallingConventionAnalysisMode.FAST,
         recover_variables=False,
         low_priority=False,
         force=False,
@@ -71,6 +85,7 @@ class CompleteCallingConventionsAnalysis(Analysis):
         :param workers:             Number of multiprocessing workers.
         """
+        self.mode = mode
         self._recover_variables = recover_variables
         self._low_priority = low_priority
         self._force = force
@@ -88,6 +103,10 @@ class CompleteCallingConventionsAnalysis(Analysis):
         self._func_graphs = func_graphs if func_graphs else {}
         self.prototype_libnames: set[str] = set()
+        # sanity check
+        if self.mode not in {CallingConventionAnalysisMode.FAST, CallingConventionAnalysisMode.VARIABLES}:
+            raise ValueError(f"Invalid calling convention analysis mode {self.mode}.")
         self._func_addrs = []  # a list that holds addresses of all functions to be analyzed
         self._results = []
         if workers > 0:
@@ -322,7 +341,11 @@ class CompleteCallingConventionsAnalysis(Analysis):
                 self.kb.variables.get_function_manager(func_addr),
             )
-        if self._recover_variables and self.function_needs_variable_recovery(func):
+        if (
+            self.mode == CallingConventionAnalysisMode.VARIABLES
+            and self._recover_variables
+            and self.function_needs_variable_recovery(func)
+        ):
             # special case: we don't have a PCode-engine variable recovery analysis for PCode architectures!
             if ":" in self.project.arch.name and self._func_graphs and func.addr in self._func_graphs:
                 # this is a pcode architecture
@@ -341,9 +364,15 @@ class CompleteCallingConventionsAnalysis(Analysis):
                 )
                 return None, None, None, None
+        kwargs = {}
+        if self.mode == CallingConventionAnalysisMode.FAST:
+            facts = self.project.analyses[FactCollector].prep(kb=self.kb)(func)
+            kwargs["input_args"] = facts.input_args
+            kwargs["retval_size"] = facts.retval_size
         # determine the calling convention of each function
         cc_analysis = self.project.analyses[CallingConventionAnalysis].prep(kb=self.kb)(
-            func, cfg=self._cfg, analyze_callsites=self._analyze_callsites
+            func, cfg=self._cfg, analyze_callsites=self._analyze_callsites, **kwargs
         )
         if cc_analysis.cc is not None:

angr/analyses/decompiler/optimization_passes/register_save_area_simplifier.py CHANGED Viewed

@@ -13,12 +13,6 @@ from .optimization_pass import OptimizationPass, OptimizationPassStage
 _l = logging.getLogger(name=__name__)
-def s2u(s, bits):
-    if s > 0:
-        return s
-    return (1 << bits) + s
 class RegisterSaveAreaSimplifier(OptimizationPass):
     """
     Optimizes away register spilling effects, including callee-saved registers.

angr/analyses/decompiler/optimization_passes/stack_canary_simplifier.py CHANGED Viewed

@@ -5,18 +5,13 @@ import logging
 import ailment
+from angr.utils.bits import s2u
 from .optimization_pass import OptimizationPass, OptimizationPassStage
 _l = logging.getLogger(name=__name__)
-def s2u(s, bits):
-    if s > 0:
-        return s
-    return (1 << bits) + s
 class StackCanarySimplifier(OptimizationPass):
     """
     Removes stack canary checks from decompilation results.

angr/analyses/decompiler/optimization_passes/switch_default_case_duplicator.py CHANGED Viewed

@@ -17,12 +17,6 @@ from .optimization_pass import OptimizationPass, OptimizationPassStage
 _l = logging.getLogger(name=__name__)
-def s2u(s, bits):
-    if s > 0:
-        return s
-    return (1 << bits) + s
 class SwitchDefaultCaseDuplicator(OptimizationPass):
     """
     For each switch-case construct (identified by jump tables), duplicate the default-case node when we detect

angr/analyses/decompiler/optimization_passes/win_stack_canary_simplifier.py CHANGED Viewed

@@ -13,12 +13,6 @@ from .optimization_pass import OptimizationPass, OptimizationPassStage
 _l = logging.getLogger(name=__name__)
-def s2u(s, bits):
-    if s > 0:
-        return s
-    return (1 << bits) + s
 class WinStackCanarySimplifier(OptimizationPass):
     """
     Removes stack canary checks from decompilation results for Windows PE files.

angr/analyses/variable_recovery/engine_vex.py CHANGED Viewed

@@ -215,6 +215,11 @@ class SimEngineVRVEX(
                             addr = RichR(loc.stack_offset + one_sp)
                             self._load(addr, loc.size)
+        # clobber caller-saved registers
+        for reg_name in func.calling_convention.CALLER_SAVED_REGS:
+            reg_offset, reg_size = self.arch.registers[reg_name]
+            self._assign_to_register(reg_offset, self._top(reg_size * self.arch.byte_width), reg_size)
     def _process_block_end(self, stmt_result, whitelist):
         # handles block-end calls
         current_addr = self.state.block_addr

angr/calling_conventions.py CHANGED Viewed

@@ -4,6 +4,7 @@ import logging
 from typing import cast
 from collections.abc import Iterable
 from collections import defaultdict
+import contextlib
 import claripy
 import archinfo
@@ -33,7 +34,6 @@ from .sim_type import (
 )
 from .state_plugins.sim_action_object import SimActionObject
 from .engines.soot.engine import SootMixin
-import contextlib
 l = logging.getLogger(name=__name__)
 l.addFilter(UniqueLogFilter())
@@ -656,7 +656,7 @@ class SimCC:
             self.next_arg(session, SimTypePointer(SimTypeBottom()))
         return session
-    def return_in_implicit_outparam(self, ty):
+    def return_in_implicit_outparam(self, ty):  # pylint:disable=unused-argument
         return False
     def stack_space(self, args):
@@ -1098,7 +1098,8 @@ class SimCC:
         all_fp_args: set[int | str] = {_arg_ident(a) for a in sample_inst.fp_args}
         all_int_args: set[int | str] = {_arg_ident(a) for a in sample_inst.int_args}
         both_iter = sample_inst.memory_args
-        some_both_args: set[int | str] = {_arg_ident(next(both_iter)) for _ in range(len(args))}
+        max_args = cls._guess_arg_count(args)
+        some_both_args: set[int | str] = {_arg_ident(next(both_iter)) for _ in range(max_args)}
         new_args = []
         for arg in args:
@@ -1115,6 +1116,13 @@ class SimCC:
         return True
+    @classmethod
+    def _guess_arg_count(cls, args, limit: int = 64) -> int:
+        # pylint:disable=not-callable
+        stack_args = [a for a in args if isinstance(a, SimStackArg)]
+        stack_arg_count = (max(a.stack_offset for a in stack_args) // cls.ARCH().bytes + 1) if stack_args else 0
+        return min(limit, max(len(args), stack_arg_count))
     @staticmethod
     def find_cc(
         arch: archinfo.Arch, args: list[SimFunctionArgument], sp_delta: int, platform: str = "Linux"
@@ -1687,7 +1695,7 @@ class SimCCARM(SimCC):
                     raise NotImplementedError("Bug. Report to @rhelmot")
                 elif cls == "MEMORY":
                     mapped_classes.append(next(session.both_iter))
-                elif cls == "INTEGER" or cls == "SINGLEP":
+                elif cls in {"INTEGER", "SINGLEP"}:
                     try:
                         mapped_classes.append(next(session.int_iter))
                     except StopIteration:

angr/knowledge_plugins/functions/function.py CHANGED Viewed

@@ -12,7 +12,6 @@ from cle.backends.symbol import Symbol
 from archinfo.arch_arm import get_real_address_if_arm
 import claripy
-from angr.block import Block
 from angr.knowledge_plugins.cfg.memory_data import MemoryDataSort
 from angr.codenode import CodeNode, BlockNode, HookNode, SyscallNode
@@ -403,7 +402,7 @@ class Function(Serializable):
     def nodes(self) -> Iterable[CodeNode]:
         return self.transition_graph.nodes()
-    def get_node(self, addr) -> Block:
+    def get_node(self, addr) -> BlockNode | None:
         return self._addr_to_block_node.get(addr, None)
     @property
@@ -1036,8 +1035,9 @@ class Function(Serializable):
                     if function.returning is False:
                         # the target function does not return
                         the_node = self.get_node(src.addr)
-                        self._callout_sites.add(the_node)
-                        self._add_endpoint(the_node, "call")
+                        if the_node is not None:
+                            self._callout_sites.add(the_node)
+                            self._add_endpoint(the_node, "call")
     def get_call_sites(self) -> Iterable[int]:
         """

angr/knowledge_plugins/functions/function_manager.py CHANGED Viewed

@@ -460,6 +460,12 @@ class FunctionManager(KnowledgeBasePlugin, collections.abc.Mapping):
         :rtype: Function or None
         """
         if name is not None and name.startswith("sub_"):
+            # first check if a function with the specified name exists
+            for func in self.get_by_name(name, check_previous_names=check_previous_names):
+                if plt is None or func.is_plt == plt:
+                    return func
+            # then enter the syntactic sugar mode
             try:
                 addr = int(name.split("_")[-1], 16)
                 name = None

angr/lib/angr_native.dylib CHANGED Viewed

Binary file

angr/utils/bits.py CHANGED Viewed

@@ -31,3 +31,16 @@ def zeroextend_on_demand(op0: claripy.ast.BV, op1: claripy.ast.BV) -> claripy.as
     if op0.size() > op1.size():
         return claripy.ZeroExt(op0.size() - op1.size(), op1)
     return op1
+def s2u(s, bits):
+    mask = (1 << bits) - 1
+    if s > 0:
+        return s & mask
+    return ((1 << bits) + s) & mask
+def u2s(u, bits):
+    if u < (1 << (bits - 1)):
+        return u
+    return (u & ((1 << bits) - 1)) - (1 << bits)

{angr-9.2.134.dist-info → angr-9.2.135.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: angr
-Version: 9.2.134
+Version: 9.2.135
 Summary: A multi-architecture binary analysis toolkit, with the ability to perform dynamic symbolic execution and various static analyses on binaries
 Home-page: https://github.com/angr/angr
 License: BSD-2-Clause
@@ -16,13 +16,13 @@ Description-Content-Type: text/markdown
 License-File: LICENSE
 Requires-Dist: CppHeaderParser
 Requires-Dist: GitPython
-Requires-Dist: ailment==9.2.134
-Requires-Dist: archinfo==9.2.134
+Requires-Dist: ailment==9.2.135
+Requires-Dist: archinfo==9.2.135
 Requires-Dist: cachetools
 Requires-Dist: capstone==5.0.3
 Requires-Dist: cffi>=1.14.0
-Requires-Dist: claripy==9.2.134
-Requires-Dist: cle==9.2.134
+Requires-Dist: claripy==9.2.135
+Requires-Dist: cle==9.2.135
 Requires-Dist: itanium-demangler
 Requires-Dist: mulpyplexer
 Requires-Dist: nampa
@@ -31,7 +31,7 @@ Requires-Dist: protobuf>=5.28.2
 Requires-Dist: psutil
 Requires-Dist: pycparser>=2.18
 Requires-Dist: pyformlang
-Requires-Dist: pyvex==9.2.134
+Requires-Dist: pyvex==9.2.135
 Requires-Dist: rich>=13.1.0
 Requires-Dist: sortedcontainers
 Requires-Dist: sympy

{angr-9.2.134.dist-info → angr-9.2.135.dist-info}/RECORD RENAMED Viewed

@@ -1,10 +1,10 @@
-angr/__init__.py,sha256=RdEZBtno9mn8PRTf_VSkaLK0AnqKMT1zIMQkRyqJAfI,9153
+angr/__init__.py,sha256=odyiYDh0AXyqpY0ivUXjx-rMAeY96FK0_h_7pMp_sFU,9153
 angr/__main__.py,sha256=XeawhF6Cco9eWcfMTDWzYYggLB3qjnQ87IIeFOplaHM,2873
 angr/annocfg.py,sha256=0NIvcuCskwz45hbBzigUTAuCrYutjDMwEXtMJf0y0S0,10742
 angr/blade.py,sha256=NhesOPloKJC1DQJRv_HBT18X7oNxK16JwAfNz2Lc1o0,15384
 angr/block.py,sha256=4mP-OKNqiTxOf2-GPfyKokpuF4j4ua_o5WZcC7W6BL8,14815
 angr/callable.py,sha256=1rzhXjWlx62jKJaRKHvp12rbsJ75zNa86vXtCt6eFLo,6065
-angr/calling_conventions.py,sha256=TZZXPPAOFYqoKfq6KYpItgpf-FInNzfit13meSb4TTg,92979
+angr/calling_conventions.py,sha256=zciZ1DAct9heBs-2CkVpkvT2yK5jExIom3SoA9WW2ug,93409
 angr/code_location.py,sha256=kXNJDEMge9VRHadrK4E6HQ8wDdCaHSXNqyAZuHDEGuM,5397
 angr/codenode.py,sha256=hehAHvUuxgUYiVtCFMTxloYC6bO4_CQjcp_52WWDHMA,3781
 angr/errors.py,sha256=I0L-TbxmVYIkC-USuHwaQ9BGPi2YVObnhZXQQ3kJFuo,8385
@@ -26,19 +26,18 @@ angr/slicer.py,sha256=DND0BERanYKafasRH9MDFAng0rSjdjmzXj2-phCD6CQ,10634
 angr/state_hierarchy.py,sha256=qDQCUGXmQm3vOxE3CSoiqTH4OAFFOWZZt9BLhNpeOhA,8484
 angr/tablespecs.py,sha256=Kx1e87FxTx3_ZN7cAHWZSRpdInT4Vfj5gExAWtLkLTw,3259
 angr/vaults.py,sha256=v_RBKEGN2wkyOoskC_akKSlawcRtMicukKh1O1hxrJk,9719
-angr/analyses/__init__.py,sha256=Tj98rg_BM_YBK7EIYrvfcyIxQnMnzFrMZp4-Id43rFE,3434
+angr/analyses/__init__.py,sha256=JVCNQfvffUjtvz5kvzvtYKmH_yG1Qjy-caSuQ8JMgpw,3470
 angr/analyses/analysis.py,sha256=7Jkob2CBEXHzW7F1hZk9AqfOKLglpfHplpyxba1fN_4,14998
 angr/analyses/backward_slice.py,sha256=a9uro3rqqDDiQRCnDCQzaSRcZvDQkCdRzLsrx5xe8uM,27219
 angr/analyses/binary_optimizer.py,sha256=Sm05TR-F5QtU1qx9jKr2lGfj03xw_O1IyBJjwnoUjJ0,26160
 angr/analyses/bindiff.py,sha256=AGOlH6Hsofo-6WwEleX80-DYs70aV-P8JV-GiDnoT9A,51391
 angr/analyses/boyscout.py,sha256=pMJNmVBt8MbCiVe8Pk8SQ3IOppHGK2qHe6G7A3e3WA8,2483
 angr/analyses/callee_cleanup_finder.py,sha256=aogcfYfvzsVPVfseJl2KKczMu7pPPtwC7bqTyQ0UsvI,2812
-angr/analyses/calling_convention.py,sha256=tW8NgKRCN9wjc5YpkzBV8hckAAoRKrb0EXjl3kBVa70,40869
 angr/analyses/cdg.py,sha256=oPgHV4MVpGkfRUE0ZiaghBSkgTsr6tkG1IK4f_GtOBA,6230
 angr/analyses/class_identifier.py,sha256=bytFQ0c7KuQhbYPPJDkhtV0ZU_Xo8_9KLZxHe9TtyMs,3010
 angr/analyses/code_tagging.py,sha256=Gj7Ms24RnmhC9OD57gw7R6_c-pLfqSug-LVUMw_JmXE,3510
 angr/analyses/codecave.py,sha256=k_dDhMN4wcq2bs5VrwpOv96OowQ7AbZSs6j5Z6YbIpk,2209
-angr/analyses/complete_calling_conventions.py,sha256=rwsVfq0TUOx-YW2RtbeXajAreBEfs9QDyQAE51PnEfo,18279
+angr/analyses/complete_calling_conventions.py,sha256=Jsl9YgYW4OaRFBXqcXNTt_AwKoHMP2M7NIMh3kZYodI,19356
 angr/analyses/congruency_check.py,sha256=SRlUKJaylCQydWsb4AGG8LUGuh5RwI8ksKZL6jf-4P8,16166
 angr/analyses/datagraph_meta.py,sha256=Ng0jqLD5ucRn_fBXhYq3l6scs3kczRk6Sk-Sen1forc,3414
 angr/analyses/ddg.py,sha256=c8P8zCkem7P717PYIJD35evK64Oh8YBa_tj6LdCeuTQ,63229
@@ -65,6 +64,10 @@ angr/analyses/vfg.py,sha256=_RDuP83ts55-FTVNMQGx7MJD1aDvNw4FHDhCwa7nUFw,72879
 angr/analyses/vsa_ddg.py,sha256=NQUauuMPZVrW7oCPpvIl-OIvGWUZHk_xEVLw3SCYzj8,16137
 angr/analyses/vtable.py,sha256=1Ed7jzr99rk9VgOGzcxBw_6GFqby5mIdSTGPqQPhcZM,3872
 angr/analyses/xrefs.py,sha256=vs6cpVmwXHOmxrI9lJUwCRMYbPSqvIQXS5_fINMaOGI,10290
+angr/analyses/calling_convention/__init__.py,sha256=bK5VS6AxT5l86LAhTL7l1HUT9IuvXG9x9ikbIohIFoE,194
+angr/analyses/calling_convention/calling_convention.py,sha256=_fTXe9oVCJ61roZrWhRRv_5FGtiQpiJmlLkf1x3ZL9Q,39692
+angr/analyses/calling_convention/fact_collector.py,sha256=FCRGdAr6VmROUemKM3ibpJ4LU3rUT3PwC312zkq6sT4,21334
+angr/analyses/calling_convention/utils.py,sha256=A4m85U1gd_dEuPEjlh4vWBC-mxxozOFIGIhApmgTvdI,2017
 angr/analyses/cfg/__init__.py,sha256=-w8Vd6FD6rtjlQaQ7MxwmliFgS2zt-kZepAY4gHas04,446
 angr/analyses/cfg/cfb.py,sha256=2Iej5PhB_U9JbfvvBuXy_07_UY9j7yiztKZYrGnc0U0,15369
 angr/analyses/cfg/cfg.py,sha256=ZHZFWtP4uD1YxgKy44O_oD_BiSo871Llcd1zpXmFkBE,3177
@@ -154,17 +157,17 @@ angr/analyses/decompiler/optimization_passes/ite_region_converter.py,sha256=gsWg
 angr/analyses/decompiler/optimization_passes/lowered_switch_simplifier.py,sha256=ldEBDJTwS-FfzIkvCilCDY8IxzarHTXxv4jNZG28XDU,38818
 angr/analyses/decompiler/optimization_passes/mod_simplifier.py,sha256=BzgSGM39Uv1WAGPM831wLnKW8t-mw9tQoV07ZlxbU_Y,3379
 angr/analyses/decompiler/optimization_passes/optimization_pass.py,sha256=EYls4BcE4z1Hjvhez5oodKWLjLZe_KpRgKQZV0hck3Q,22637
-angr/analyses/decompiler/optimization_passes/register_save_area_simplifier.py,sha256=tc4FruEl0sFpm1DUu9g8gWlueRm0t9rhfHsdUrVplBo,7932
+angr/analyses/decompiler/optimization_passes/register_save_area_simplifier.py,sha256=X6A252YhqUvT7A6J5NqCKBom2PRlh5NDHpAjXfNvBfg,7854
 angr/analyses/decompiler/optimization_passes/ret_addr_save_simplifier.py,sha256=GIFiYM_C_ChHrD2D1JGRFlE--PU3FOxTqzOX-lXmJLY,6404
 angr/analyses/decompiler/optimization_passes/ret_deduplicator.py,sha256=STMnRyZWiqdoGPa3c7Q4KCHv-JHUdJ2t4oLEltEMpII,7995
 angr/analyses/decompiler/optimization_passes/return_duplicator_base.py,sha256=7QO_sJBR8WgjRxD8PXwxu0NeoCQchNJNClcwMzEmOsU,24921
 angr/analyses/decompiler/optimization_passes/return_duplicator_high.py,sha256=ICDYwQJt5E2OVasdqn42jzbjwUXhSj6Plh3Y1iUHpAQ,2178
 angr/analyses/decompiler/optimization_passes/return_duplicator_low.py,sha256=-mBEVfwGz986lDDEGwBG8wvGQTrFZHE7TLV-7rWt-H0,10076
-angr/analyses/decompiler/optimization_passes/stack_canary_simplifier.py,sha256=Fviff-U5n3_9kHWsbMbW0_FRQhK_010nhuq83Pg8gOU,14467
-angr/analyses/decompiler/optimization_passes/switch_default_case_duplicator.py,sha256=nMI9geZiLG5diaI3YciNKvJ0PAZXtUBLgAfknCf48QE,6539
+angr/analyses/decompiler/optimization_passes/stack_canary_simplifier.py,sha256=vHfTCTG33r-PwwikP8tBbNqWvNt-SvRZfOsDNeAdiPc,14421
+angr/analyses/decompiler/optimization_passes/switch_default_case_duplicator.py,sha256=gvGpjP3t-an8iIBkmPGXob0-aRHL2idGZpd7hErlgFo,6461
 angr/analyses/decompiler/optimization_passes/switch_reused_entry_rewriter.py,sha256=m7ZMkqE2qbl4rl4M_Fi8xS6I1vUaTzUBIzsE6qpbwkM,4020
 angr/analyses/decompiler/optimization_passes/tag_slicer.py,sha256=8_gmoeYgDD1Hb8Rpqcb-01_B4897peDF-J6KA5PjQT8,1176
-angr/analyses/decompiler/optimization_passes/win_stack_canary_simplifier.py,sha256=cpbsP6_ilZDu2M_jX8TEnwVrsQXljHEjSMw25HyK6PM,12806
+angr/analyses/decompiler/optimization_passes/win_stack_canary_simplifier.py,sha256=57AlQgCbaPSiY7OwcKdOXnr0LUACCO0r1TweqIDyUzo,12728
 angr/analyses/decompiler/optimization_passes/x86_gcc_getpc_simplifier.py,sha256=6NxaX2oT6BMkevb8xt9vlS3Jl-CmSK59F0FVab68B48,3088
 angr/analyses/decompiler/optimization_passes/duplication_reverter/__init__.py,sha256=hTeOdooVDZnBnjiAguD7_BS9YJru8rOiSHN3H0sdzcA,126
 angr/analyses/decompiler/optimization_passes/duplication_reverter/ail_merge_graph.py,sha256=nLu-s4wn6b3z6MlItwCH1kWpeAc4C-fP3MNN3WRCSuo,21666
@@ -351,7 +354,7 @@ angr/analyses/variable_recovery/__init__.py,sha256=eA1SHzfSx8aPufUdkvgMmBnbI6VDY
 angr/analyses/variable_recovery/annotations.py,sha256=2va7cXnRHYqVqXeVt00QanxfAo3zanL4BkAcC0-Bk20,1438
 angr/analyses/variable_recovery/engine_ail.py,sha256=ZmJCMH_y0oYdLRTwHw34MOy-5_9SgrklLgnLLLtHf5k,31197
 angr/analyses/variable_recovery/engine_base.py,sha256=ZqIlYpEPSB5WmhQ6p8H0HIMkRUG7ISMlCDOsHuE4-Sc,51146
-angr/analyses/variable_recovery/engine_vex.py,sha256=2xb7zlNrD3PpNILlDUvTp9Vt9JdhOqn3O3zIe101-QQ,20368
+angr/analyses/variable_recovery/engine_vex.py,sha256=UAA2FpOq4lAjsBzy5FoIOoR9dF4615UFNLDlDiWEfCs,20645
 angr/analyses/variable_recovery/irsb_scanner.py,sha256=vWplxRc-iwIJsQ5aHWH1t29zdyLPjfklm8h3CWHseng,5143
 angr/analyses/variable_recovery/variable_recovery.py,sha256=s5hwY9oOibhLxsJIePhYRmrX0mrDIi_zKkfNblwYyhE,22169
 angr/analyses/variable_recovery/variable_recovery_base.py,sha256=cJsc64ev_UmWTb2KNTdRF3HtpZyh4J2CEgnUAlH2MVg,15181
@@ -518,8 +521,8 @@ angr/knowledge_plugins/cfg/cfg_node.py,sha256=mAvQ8XAEURM7y0suc_S9lfxCmfXSTJHmWB
 angr/knowledge_plugins/cfg/indirect_jump.py,sha256=W3KWpH7Sx-6Z7h_BwQjCK_XfP3ce_MaeAu_Aaq3D3qg,2072
 angr/knowledge_plugins/cfg/memory_data.py,sha256=QLxFZfrtwz8u6UJn1L-Sxa-C8S0Gy9IOlfNfHCLPIow,5056
 angr/knowledge_plugins/functions/__init__.py,sha256=asiLNiT6sHbjP6eU-kDpawIoVxv4J35cwz5yQHtQ2E0,167
-angr/knowledge_plugins/functions/function.py,sha256=6G479_dWkp0PAAEKQWCUY3pH0b-qcOWjT9O6dOt4NLk,67287
-angr/knowledge_plugins/functions/function_manager.py,sha256=R-VtbkN3-l1-U4Wk4XHC8lGZo7DpXbEDE7Ok986YYYI,19594
+angr/knowledge_plugins/functions/function.py,sha256=Kiyi18e8ex8OpoQmbX4MHoHyZOGNLeAP3t-SvERiDtU,67326
+angr/knowledge_plugins/functions/function_manager.py,sha256=cU_0alc7yQ_AE5pm2NiCicjAaeL6zLX4KntQAqy32Ws,19893
 angr/knowledge_plugins/functions/function_parser.py,sha256=cpxn0EYp8qTqVQUBfwxodNIEFuNojdQboJG-q7uLdd0,11822
 angr/knowledge_plugins/functions/soot_function.py,sha256=kAEzniVHa2FOjb2qlLElXtbbgAeeUkor7iQIFyJuoYY,5005
 angr/knowledge_plugins/key_definitions/__init__.py,sha256=-x1VGH3LHMze3T-RygodvUG3oXXa5jhKvjXoPKyiU_0,432
@@ -548,7 +551,7 @@ angr/knowledge_plugins/xrefs/__init__.py,sha256=5PhqVOtTZ27lCjJ9wp7akUeJydqILbyC
 angr/knowledge_plugins/xrefs/xref.py,sha256=U2H1rfffp5EXoh0awlGxMBxA4K5MIwl3CXjV3Uih3tA,4856
 angr/knowledge_plugins/xrefs/xref_manager.py,sha256=Yb88z3L8Y26TfGeRHdsGWQlT9f6oWntjEg6s-kcVtUQ,4040
 angr/knowledge_plugins/xrefs/xref_types.py,sha256=LcQ9pD4E4XlC51Us49xiqAoGAFGpnCrpYO4mOzILiKI,308
-angr/lib/angr_native.dylib,sha256=I_fTbNxZZ4GuYLgj1X1yzT2GP-DoW0Xr4Tek5tC5_xU,18820608
+angr/lib/angr_native.dylib,sha256=38Yl0HzTM7bzS8x6DRHepTjDyK9rmOw716DiAUhEhM4,18820608
 angr/misc/__init__.py,sha256=FoUwjk1DhqlIsr2sBN0MlR8MnSOGQv9QJhxmq32RYuA,355
 angr/misc/ansi.py,sha256=nPJHC0SKfqasMQZ0LxdmmIYojjmk4nr5jI6FrzoTwS0,811
 angr/misc/autoimport.py,sha256=iZagpuPwZWczUTYIqs-JkDMQjftMqc_cchcm7OBFiEg,3450
@@ -1333,7 +1336,7 @@ angr/storage/memory_mixins/regioned_memory/static_find_mixin.py,sha256=tWyiNrMxm
 angr/utils/__init__.py,sha256=kBUIJCp9WSgzb62zMg4puUUeheMSl9U4RFqkfiL3en8,1159
 angr/utils/ail.py,sha256=8_FloZ6cP89D2Nfc_2wCPcuVv7ny-aP-OKS3syCSMLk,1054
 angr/utils/algo.py,sha256=4TaEFE4tU-59KyRVFASqXeoiwH01ZMj5fZd_JVcpdOY,1038
-angr/utils/bits.py,sha256=flNgPQ_OlAxk-SsW2lv_DbLSkqYc7J4jGd8VRB_WJE8,817
+angr/utils/bits.py,sha256=_eWPyymSbj01jsLexicRtD_X7sUKKj_fTUI0DEIZ-rc,1054
 angr/utils/constants.py,sha256=ZnK6Ed-1U_8yaw-7ZaCLSM0-z7bSuKPg715bBrquxKE,257
 angr/utils/cowdict.py,sha256=qx2iO1rrCDTQUGX9dqi9ZAly2Dgm6bCEgdSAQw9MxRM,2159
 angr/utils/dynamic_dictlist.py,sha256=bHQrxhUCkk6NDDzEBouAWESjMyKfQUJIk8g38R27iXw,3048
@@ -1354,9 +1357,9 @@ angr/utils/timing.py,sha256=ELuRPzdRSHzOATgtAzTFByMlVr021ypMrsvtpopreLg,1481
 angr/utils/ssa/__init__.py,sha256=OD3eTWAiH9QXGpwliNBCTC3Z4bux9iBX3Sp50aUNHvI,8758
 angr/utils/ssa/tmp_uses_collector.py,sha256=rSpvMxBHzg-tmvhsfjn3iLyPEKzaZN-xpQrdslMq3J4,793
 angr/utils/ssa/vvar_uses_collector.py,sha256=8gfAWdRMz73Deh-ZshDM3GPAot9Lf-rHzCiaCil0hlE,1342
-angr-9.2.134.dist-info/LICENSE,sha256=cgL_ho5B1NH8UxwtBuqThRWdjear8b7hktycaS1sz6g,1327
-angr-9.2.134.dist-info/METADATA,sha256=F82cwrJZ-zYDIYDpEL9zylN0aNkwmUle6tmDKM2kffg,4762
-angr-9.2.134.dist-info/WHEEL,sha256=dYIPLwxtxe-ENqXjLxewAHnumMwYQtssgKNOBq_TWGc,106
-angr-9.2.134.dist-info/entry_points.txt,sha256=Vjh1C8PMyr5dZFMnik5WkEP01Uwr2T73I3a6N32sgQU,44
-angr-9.2.134.dist-info/top_level.txt,sha256=dKw0KWTbwLXytFvv15oAAG4sUs3ey47tt6DorJG9-hw,5
-angr-9.2.134.dist-info/RECORD,,
+angr-9.2.135.dist-info/LICENSE,sha256=cgL_ho5B1NH8UxwtBuqThRWdjear8b7hktycaS1sz6g,1327
+angr-9.2.135.dist-info/METADATA,sha256=Ls0VQIZqogjAt1EPMIvz_70vDMvP4J1vNj2eNH6nT-4,4762
+angr-9.2.135.dist-info/WHEEL,sha256=dYIPLwxtxe-ENqXjLxewAHnumMwYQtssgKNOBq_TWGc,106
+angr-9.2.135.dist-info/entry_points.txt,sha256=Vjh1C8PMyr5dZFMnik5WkEP01Uwr2T73I3a6N32sgQU,44
+angr-9.2.135.dist-info/top_level.txt,sha256=dKw0KWTbwLXytFvv15oAAG4sUs3ey47tt6DorJG9-hw,5
+angr-9.2.135.dist-info/RECORD,,

{angr-9.2.134.dist-info → angr-9.2.135.dist-info}/LICENSE RENAMED Viewed

File without changes

{angr-9.2.134.dist-info → angr-9.2.135.dist-info}/WHEEL RENAMED Viewed

File without changes

{angr-9.2.134.dist-info → angr-9.2.135.dist-info}/entry_points.txt RENAMED Viewed

File without changes

{angr-9.2.134.dist-info → angr-9.2.135.dist-info}/top_level.txt RENAMED Viewed

File without changes