angr 9.2.135__py3-none-manylinux2014_aarch64.whl → 9.2.137__py3-none-manylinux2014_aarch64.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of angr might be problematic. Click here for more details.
- angr/__init__.py +1 -1
- angr/analyses/__init__.py +3 -7
- angr/analyses/analysis.py +4 -0
- angr/analyses/backward_slice.py +1 -2
- angr/analyses/binary_optimizer.py +3 -4
- angr/analyses/bindiff.py +4 -6
- angr/analyses/boyscout.py +1 -3
- angr/analyses/callee_cleanup_finder.py +4 -4
- angr/analyses/calling_convention/calling_convention.py +6 -4
- angr/analyses/calling_convention/fact_collector.py +10 -3
- angr/analyses/cdg.py +1 -2
- angr/analyses/cfg/cfb.py +1 -3
- angr/analyses/cfg/cfg.py +2 -2
- angr/analyses/cfg/cfg_base.py +40 -68
- angr/analyses/cfg/cfg_emulated.py +1 -104
- angr/analyses/cfg/cfg_fast.py +90 -27
- angr/analyses/cfg/cfg_fast_soot.py +1 -1
- angr/analyses/cfg/indirect_jump_resolvers/__init__.py +2 -0
- angr/analyses/cfg/indirect_jump_resolvers/const_resolver.py +46 -10
- angr/analyses/cfg/indirect_jump_resolvers/default_resolvers.py +5 -1
- angr/analyses/cfg/indirect_jump_resolvers/jumptable.py +65 -14
- angr/analyses/cfg/indirect_jump_resolvers/memload_resolver.py +81 -0
- angr/analyses/cfg/indirect_jump_resolvers/propagator_utils.py +24 -5
- angr/analyses/cfg/indirect_jump_resolvers/x86_pe_iat.py +2 -5
- angr/analyses/class_identifier.py +1 -2
- angr/analyses/complete_calling_conventions.py +3 -0
- angr/analyses/congruency_check.py +2 -3
- angr/analyses/data_dep/data_dependency_analysis.py +2 -2
- angr/analyses/ddg.py +1 -4
- angr/analyses/decompiler/ail_simplifier.py +15 -5
- angr/analyses/decompiler/block_simplifier.py +2 -2
- angr/analyses/decompiler/ccall_rewriters/__init__.py +2 -0
- angr/analyses/decompiler/ccall_rewriters/amd64_ccalls.py +1 -1
- angr/analyses/decompiler/ccall_rewriters/x86_ccalls.py +69 -0
- angr/analyses/decompiler/clinic.py +119 -72
- angr/analyses/decompiler/condition_processor.py +2 -0
- angr/analyses/decompiler/decompiler.py +1 -0
- angr/analyses/decompiler/dephication/dephication_base.py +2 -0
- angr/analyses/decompiler/dephication/rewriting_engine.py +8 -6
- angr/analyses/decompiler/dephication/seqnode_dephication.py +10 -1
- angr/analyses/decompiler/optimization_passes/duplication_reverter/ail_merge_graph.py +2 -2
- angr/analyses/decompiler/optimization_passes/duplication_reverter/duplication_reverter.py +2 -2
- angr/analyses/decompiler/optimization_passes/ite_region_converter.py +1 -1
- angr/analyses/decompiler/optimization_passes/lowered_switch_simplifier.py +1 -1
- angr/analyses/decompiler/optimization_passes/return_duplicator_base.py +1 -2
- angr/analyses/decompiler/optimization_passes/stack_canary_simplifier.py +1 -1
- angr/analyses/decompiler/sequence_walker.py +6 -2
- angr/analyses/decompiler/ssailification/rewriting.py +11 -1
- angr/analyses/decompiler/ssailification/rewriting_engine.py +56 -19
- angr/analyses/decompiler/ssailification/ssailification.py +13 -3
- angr/analyses/decompiler/ssailification/traversal.py +28 -2
- angr/analyses/decompiler/ssailification/traversal_state.py +6 -1
- angr/analyses/decompiler/structured_codegen/c.py +44 -21
- angr/analyses/decompiler/structuring/phoenix.py +118 -15
- angr/analyses/decompiler/utils.py +113 -8
- angr/analyses/disassembly.py +5 -5
- angr/analyses/fcp/__init__.py +4 -0
- angr/analyses/fcp/fcp.py +429 -0
- angr/analyses/identifier/identify.py +1 -3
- angr/analyses/loopfinder.py +4 -3
- angr/analyses/patchfinder.py +1 -1
- angr/analyses/propagator/engine_base.py +4 -3
- angr/analyses/propagator/propagator.py +14 -53
- angr/analyses/reaching_definitions/function_handler.py +1 -1
- angr/analyses/reassembler.py +1 -2
- angr/analyses/s_liveness.py +5 -1
- angr/analyses/s_propagator.py +26 -7
- angr/analyses/s_reaching_definitions/s_rda_model.py +2 -1
- angr/analyses/s_reaching_definitions/s_rda_view.py +20 -1
- angr/analyses/s_reaching_definitions/s_reaching_definitions.py +11 -1
- angr/analyses/soot_class_hierarchy.py +1 -2
- angr/analyses/stack_pointer_tracker.py +29 -3
- angr/analyses/static_hooker.py +1 -2
- angr/analyses/typehoon/simple_solver.py +2 -2
- angr/analyses/variable_recovery/engine_ail.py +19 -7
- angr/analyses/variable_recovery/engine_base.py +16 -14
- angr/analyses/variable_recovery/engine_vex.py +2 -2
- angr/analyses/variable_recovery/variable_recovery_fast.py +23 -3
- angr/analyses/veritesting.py +4 -7
- angr/analyses/vfg.py +1 -1
- angr/analyses/vsa_ddg.py +1 -2
- angr/block.py +62 -22
- angr/callable.py +1 -3
- angr/calling_conventions.py +3 -3
- angr/codenode.py +5 -1
- angr/concretization_strategies/__init__.py +1 -83
- angr/concretization_strategies/any.py +2 -1
- angr/concretization_strategies/any_named.py +1 -1
- angr/concretization_strategies/base.py +81 -0
- angr/concretization_strategies/controlled_data.py +2 -1
- angr/concretization_strategies/eval.py +2 -1
- angr/concretization_strategies/logging.py +3 -1
- angr/concretization_strategies/max.py +2 -1
- angr/concretization_strategies/nonzero.py +2 -1
- angr/concretization_strategies/nonzero_range.py +2 -1
- angr/concretization_strategies/norepeats.py +2 -1
- angr/concretization_strategies/norepeats_range.py +2 -1
- angr/concretization_strategies/range.py +2 -1
- angr/concretization_strategies/signed_add.py +2 -1
- angr/concretization_strategies/single.py +2 -1
- angr/concretization_strategies/solutions.py +2 -1
- angr/concretization_strategies/unlimited_range.py +2 -1
- angr/engines/__init__.py +8 -5
- angr/engines/engine.py +3 -5
- angr/engines/failure.py +4 -5
- angr/engines/pcode/emulate.py +1 -1
- angr/engines/pcode/lifter.py +31 -18
- angr/engines/procedure.py +5 -7
- angr/engines/soot/expressions/__init__.py +20 -23
- angr/engines/soot/expressions/base.py +4 -4
- angr/engines/soot/expressions/invoke.py +1 -2
- angr/engines/soot/statements/__init__.py +10 -12
- angr/engines/soot/values/__init__.py +10 -12
- angr/engines/soot/values/arrayref.py +3 -3
- angr/engines/soot/values/instancefieldref.py +3 -2
- angr/engines/successors.py +18 -12
- angr/engines/syscall.py +4 -6
- angr/engines/unicorn.py +3 -2
- angr/engines/vex/claripy/ccall.py +8 -10
- angr/engines/vex/claripy/datalayer.py +4 -5
- angr/engines/vex/lifter.py +9 -6
- angr/exploration_techniques/__init__.py +0 -2
- angr/exploration_techniques/spiller.py +1 -3
- angr/exploration_techniques/stochastic.py +2 -3
- angr/factory.py +3 -9
- angr/flirt/build_sig.py +8 -15
- angr/knowledge_plugins/cfg/cfg_model.py +20 -17
- angr/knowledge_plugins/functions/function.py +70 -79
- angr/knowledge_plugins/functions/function_manager.py +8 -7
- angr/knowledge_plugins/functions/function_parser.py +1 -1
- angr/knowledge_plugins/functions/soot_function.py +21 -24
- angr/knowledge_plugins/propagations/propagation_model.py +4 -5
- angr/knowledge_plugins/propagations/states.py +0 -511
- angr/knowledge_plugins/variables/variable_manager.py +16 -10
- angr/procedures/libc/memcpy.py +4 -4
- angr/procedures/procedure_dict.py +3 -2
- angr/protos/__init__.py +2 -5
- angr/protos/cfg_pb2.py +21 -18
- angr/protos/function_pb2.py +17 -14
- angr/protos/primitives_pb2.py +44 -39
- angr/protos/variables_pb2.py +36 -31
- angr/protos/xrefs_pb2.py +15 -12
- angr/sim_procedure.py +15 -16
- angr/sim_variable.py +13 -1
- angr/simos/__init__.py +2 -0
- angr/simos/javavm.py +4 -6
- angr/simos/xbox.py +32 -0
- angr/state_plugins/__init__.py +0 -2
- angr/state_plugins/callstack.py +4 -4
- angr/state_plugins/cgc.py +3 -2
- angr/state_plugins/gdb.py +6 -5
- angr/state_plugins/globals.py +1 -2
- angr/state_plugins/heap/heap_brk.py +1 -2
- angr/state_plugins/history.py +10 -12
- angr/state_plugins/inspect.py +3 -5
- angr/state_plugins/libc.py +2 -2
- angr/state_plugins/log.py +8 -10
- angr/state_plugins/loop_data.py +1 -2
- angr/state_plugins/posix.py +7 -7
- angr/state_plugins/preconstrainer.py +2 -3
- angr/state_plugins/scratch.py +5 -8
- angr/state_plugins/sim_action.py +3 -3
- angr/state_plugins/solver.py +8 -3
- angr/state_plugins/symbolizer.py +5 -4
- angr/state_plugins/uc_manager.py +3 -3
- angr/state_plugins/unicorn_engine.py +5 -1
- angr/state_plugins/view.py +3 -5
- angr/storage/file.py +3 -5
- angr/storage/memory_mixins/address_concretization_mixin.py +2 -2
- angr/storage/memory_mixins/bvv_conversion_mixin.py +3 -3
- angr/storage/memory_mixins/clouseau_mixin.py +1 -3
- angr/storage/memory_mixins/name_resolution_mixin.py +1 -3
- angr/storage/memory_mixins/paged_memory/paged_memory_mixin.py +13 -15
- angr/storage/memory_mixins/paged_memory/pages/__init__.py +1 -22
- angr/storage/memory_mixins/paged_memory/pages/base.py +31 -0
- angr/storage/memory_mixins/paged_memory/pages/list_page.py +1 -1
- angr/storage/memory_mixins/paged_memory/pages/mv_list_page.py +1 -1
- angr/storage/memory_mixins/paged_memory/pages/ultra_page.py +2 -4
- angr/storage/memory_mixins/paged_memory/privileged_mixin.py +3 -4
- angr/storage/memory_mixins/regioned_memory/abstract_merger_mixin.py +4 -2
- angr/storage/memory_mixins/smart_find_mixin.py +1 -1
- angr/storage/memory_mixins/underconstrained_mixin.py +1 -1
- angr/storage/memory_mixins/unwrapper_mixin.py +1 -3
- angr/utils/enums_conv.py +28 -12
- angr/utils/segment_list.py +25 -22
- angr/utils/timing.py +18 -1
- angr/vaults.py +5 -6
- {angr-9.2.135.dist-info → angr-9.2.137.dist-info}/METADATA +7 -7
- {angr-9.2.135.dist-info → angr-9.2.137.dist-info}/RECORD +193 -191
- {angr-9.2.135.dist-info → angr-9.2.137.dist-info}/WHEEL +1 -1
- angr/analyses/propagator/outdated_definition_walker.py +0 -159
- angr/analyses/propagator/tmpvar_finder.py +0 -18
- angr/engines/concrete.py +0 -180
- angr/exploration_techniques/symbion.py +0 -80
- angr/state_plugins/concrete.py +0 -295
- {angr-9.2.135.dist-info → angr-9.2.137.dist-info}/LICENSE +0 -0
- {angr-9.2.135.dist-info → angr-9.2.137.dist-info}/entry_points.txt +0 -0
- {angr-9.2.135.dist-info → angr-9.2.137.dist-info}/top_level.txt +0 -0
angr/state_plugins/gdb.py
CHANGED
|
@@ -1,12 +1,15 @@
|
|
|
1
1
|
from __future__ import annotations
|
|
2
|
+
|
|
3
|
+
import binascii
|
|
4
|
+
import logging
|
|
2
5
|
import os
|
|
3
6
|
import re
|
|
4
|
-
|
|
7
|
+
|
|
5
8
|
import claripy
|
|
6
|
-
import binascii
|
|
7
9
|
|
|
8
|
-
from .plugin import SimStatePlugin
|
|
9
10
|
from angr.errors import SimStateError
|
|
11
|
+
from angr.sim_state import SimState
|
|
12
|
+
from .plugin import SimStatePlugin
|
|
10
13
|
|
|
11
14
|
l = logging.getLogger(name=__name__)
|
|
12
15
|
|
|
@@ -142,6 +145,4 @@ class GDB(SimStatePlugin):
|
|
|
142
145
|
return GDB()
|
|
143
146
|
|
|
144
147
|
|
|
145
|
-
from angr.sim_state import SimState
|
|
146
|
-
|
|
147
148
|
SimState.register_default("gdb", GDB)
|
angr/state_plugins/globals.py
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
from __future__ import annotations
|
|
2
2
|
import logging
|
|
3
3
|
|
|
4
|
+
from angr.sim_state import SimState
|
|
4
5
|
from .plugin import SimStatePlugin
|
|
5
6
|
|
|
6
7
|
l = logging.getLogger(name=__name__)
|
|
@@ -61,6 +62,4 @@ class SimStateGlobals(SimStatePlugin):
|
|
|
61
62
|
return SimStateGlobals(dict(self._backer))
|
|
62
63
|
|
|
63
64
|
|
|
64
|
-
from angr.sim_state import SimState
|
|
65
|
-
|
|
66
65
|
SimState.register_default("globals", SimStateGlobals)
|
|
@@ -4,6 +4,7 @@ import logging
|
|
|
4
4
|
import claripy
|
|
5
5
|
|
|
6
6
|
from angr.errors import SimSolverError
|
|
7
|
+
from angr.sim_state import SimState
|
|
7
8
|
from angr.state_plugins.plugin import SimStatePlugin
|
|
8
9
|
from . import SimHeapBase
|
|
9
10
|
|
|
@@ -132,6 +133,4 @@ class SimHeapBrk(SimHeapBase):
|
|
|
132
133
|
return self._combine(others)
|
|
133
134
|
|
|
134
135
|
|
|
135
|
-
from angr.sim_state import SimState
|
|
136
|
-
|
|
137
136
|
SimState.register_default("heap", SimHeapBrk)
|
angr/state_plugins/history.py
CHANGED
|
@@ -1,16 +1,19 @@
|
|
|
1
1
|
from __future__ import annotations
|
|
2
|
-
|
|
3
|
-
import operator
|
|
4
|
-
import logging
|
|
5
|
-
import itertools
|
|
2
|
+
|
|
6
3
|
import contextlib
|
|
4
|
+
import itertools
|
|
5
|
+
import logging
|
|
6
|
+
import operator
|
|
7
|
+
from collections.abc import Reversible
|
|
7
8
|
|
|
8
9
|
import claripy
|
|
9
|
-
from claripy.ast.bv import BV
|
|
10
10
|
|
|
11
|
-
from .plugin import SimStatePlugin
|
|
12
11
|
from angr import sim_options
|
|
12
|
+
from angr.sim_state import SimState
|
|
13
13
|
from angr.state_plugins.sim_action import SimActionObject
|
|
14
|
+
from .plugin import SimStatePlugin
|
|
15
|
+
from .sim_action import SimAction, SimActionConstraint
|
|
16
|
+
from .sim_event import SimEvent
|
|
14
17
|
|
|
15
18
|
l = logging.getLogger(name=__name__)
|
|
16
19
|
|
|
@@ -41,7 +44,7 @@ class SimStateHistory(SimStatePlugin):
|
|
|
41
44
|
self.jump_target = None if clone is None else clone.jump_target
|
|
42
45
|
self.jump_source = None if clone is None else clone.jump_source
|
|
43
46
|
self.jump_avoidable = None if clone is None else clone.jump_avoidable
|
|
44
|
-
self.jump_guard: BV | None = None if clone is None else clone.jump_guard
|
|
47
|
+
self.jump_guard: claripy.ast.BV | None = None if clone is None else clone.jump_guard
|
|
45
48
|
self.jumpkind: str | None = None if clone is None else clone.jumpkind
|
|
46
49
|
|
|
47
50
|
# the execution log for this history
|
|
@@ -542,9 +545,4 @@ class LambdaIterIter(LambdaAttrIter):
|
|
|
542
545
|
yield from reversed(self._f(hist)) if self._reverse else self._f(hist)
|
|
543
546
|
|
|
544
547
|
|
|
545
|
-
from angr.sim_state import SimState
|
|
546
|
-
|
|
547
548
|
SimState.register_default("history", SimStateHistory)
|
|
548
|
-
|
|
549
|
-
from .sim_action import SimAction, SimActionConstraint
|
|
550
|
-
from .sim_event import SimEvent
|
angr/state_plugins/inspect.py
CHANGED
|
@@ -3,6 +3,9 @@ from __future__ import annotations
|
|
|
3
3
|
|
|
4
4
|
import logging
|
|
5
5
|
|
|
6
|
+
from angr.sim_state import SimState
|
|
7
|
+
from .plugin import SimStatePlugin
|
|
8
|
+
|
|
6
9
|
l = logging.getLogger(name=__name__)
|
|
7
10
|
|
|
8
11
|
event_types = {
|
|
@@ -224,9 +227,6 @@ class BP:
|
|
|
224
227
|
)
|
|
225
228
|
|
|
226
229
|
|
|
227
|
-
from .plugin import SimStatePlugin
|
|
228
|
-
|
|
229
|
-
|
|
230
230
|
class SimInspector(SimStatePlugin):
|
|
231
231
|
"""
|
|
232
232
|
The breakpoint interface, used to instrument execution. For usage information, look here:
|
|
@@ -372,6 +372,4 @@ class SimInspector(SimStatePlugin):
|
|
|
372
372
|
state.supports_inspect = True
|
|
373
373
|
|
|
374
374
|
|
|
375
|
-
from angr.sim_state import SimState
|
|
376
|
-
|
|
377
375
|
SimState.register_default("inspect", SimInspector)
|
angr/state_plugins/libc.py
CHANGED
|
@@ -1,4 +1,6 @@
|
|
|
1
1
|
from __future__ import annotations
|
|
2
|
+
|
|
3
|
+
from angr.sim_state import SimState
|
|
2
4
|
from .plugin import SimStatePlugin
|
|
3
5
|
|
|
4
6
|
|
|
@@ -1258,6 +1260,4 @@ class SimStateLibc(SimStatePlugin):
|
|
|
1258
1260
|
return -1
|
|
1259
1261
|
|
|
1260
1262
|
|
|
1261
|
-
from angr.sim_state import SimState
|
|
1262
|
-
|
|
1263
1263
|
SimState.register_default("libc", SimStateLibc)
|
angr/state_plugins/log.py
CHANGED
|
@@ -1,11 +1,16 @@
|
|
|
1
1
|
from __future__ import annotations
|
|
2
|
-
import logging
|
|
3
|
-
|
|
4
|
-
l = logging.getLogger(name=__name__)
|
|
5
2
|
|
|
6
3
|
import itertools
|
|
4
|
+
import logging
|
|
7
5
|
|
|
6
|
+
from angr.errors import SimEventError
|
|
7
|
+
from angr.sim_state import SimState
|
|
8
8
|
from .plugin import SimStatePlugin
|
|
9
|
+
from .sim_event import SimEvent
|
|
10
|
+
from .sim_action import SimAction, SimActionConstraint
|
|
11
|
+
|
|
12
|
+
|
|
13
|
+
l = logging.getLogger(name=__name__)
|
|
9
14
|
|
|
10
15
|
|
|
11
16
|
class SimStateLog(SimStatePlugin):
|
|
@@ -76,11 +81,4 @@ class SimStateLog(SimStatePlugin):
|
|
|
76
81
|
# self.input_variables.clear()
|
|
77
82
|
|
|
78
83
|
|
|
79
|
-
from angr.errors import SimEventError
|
|
80
|
-
from .sim_event import SimEvent
|
|
81
|
-
from .sim_action import SimAction, SimActionConstraint
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
from angr.sim_state import SimState
|
|
85
|
-
|
|
86
84
|
SimState.register_default("log", SimStateLog)
|
angr/state_plugins/loop_data.py
CHANGED
|
@@ -3,6 +3,7 @@ import logging
|
|
|
3
3
|
import copy
|
|
4
4
|
from collections import defaultdict
|
|
5
5
|
|
|
6
|
+
from angr.sim_state import SimState
|
|
6
7
|
from .plugin import SimStatePlugin
|
|
7
8
|
|
|
8
9
|
|
|
@@ -88,6 +89,4 @@ class SimStateLoopData(SimStatePlugin):
|
|
|
88
89
|
)
|
|
89
90
|
|
|
90
91
|
|
|
91
|
-
from angr.sim_state import SimState
|
|
92
|
-
|
|
93
92
|
SimState.register_default("loop_data", SimStateLoopData)
|
angr/state_plugins/posix.py
CHANGED
|
@@ -1,12 +1,16 @@
|
|
|
1
1
|
from __future__ import annotations
|
|
2
|
+
|
|
2
3
|
import logging
|
|
3
4
|
|
|
4
5
|
import claripy
|
|
5
6
|
|
|
6
|
-
from .plugin import SimStatePlugin
|
|
7
|
-
from .filesystem import SimMount, Stat
|
|
8
|
-
from angr.storage.file import SimFile, SimPacketsStream, Flags, SimFileDescriptor, SimFileDescriptorDuplex
|
|
9
7
|
from angr import sim_options as options
|
|
8
|
+
from angr.errors import SimPosixError, SimSolverError, SimMergeError, SimMemoryError
|
|
9
|
+
from angr.sim_state import SimState
|
|
10
|
+
from angr.storage.file import SimFile, SimPacketsStream, Flags, SimFileDescriptor, SimFileDescriptorDuplex
|
|
11
|
+
from .filesystem import SimMount, Stat
|
|
12
|
+
from .plugin import SimStatePlugin
|
|
13
|
+
|
|
10
14
|
|
|
11
15
|
l = logging.getLogger(name=__name__)
|
|
12
16
|
|
|
@@ -696,8 +700,4 @@ class SimSystemPosix(SimStatePlugin):
|
|
|
696
700
|
return self.get_fd(fd).concretize(**kwargs)
|
|
697
701
|
|
|
698
702
|
|
|
699
|
-
from angr.sim_state import SimState
|
|
700
|
-
|
|
701
703
|
SimState.register_default("posix", SimSystemPosix)
|
|
702
|
-
|
|
703
|
-
from angr.errors import SimPosixError, SimSolverError, SimMergeError, SimMemoryError
|
|
@@ -3,9 +3,10 @@ import logging
|
|
|
3
3
|
|
|
4
4
|
import claripy
|
|
5
5
|
|
|
6
|
-
from .plugin import SimStatePlugin
|
|
7
6
|
from angr import sim_options as o
|
|
8
7
|
from angr.errors import AngrError
|
|
8
|
+
from angr.sim_state import SimState
|
|
9
|
+
from .plugin import SimStatePlugin
|
|
9
10
|
|
|
10
11
|
|
|
11
12
|
l = logging.getLogger(name=__name__)
|
|
@@ -192,6 +193,4 @@ class SimStatePreconstrainer(SimStatePlugin):
|
|
|
192
193
|
l.warning("var %s not found in self.variable_map", var)
|
|
193
194
|
|
|
194
195
|
|
|
195
|
-
from angr.sim_state import SimState
|
|
196
|
-
|
|
197
196
|
SimState.register_default("preconstrainer", SimStatePreconstrainer)
|
angr/state_plugins/scratch.py
CHANGED
|
@@ -3,7 +3,12 @@ import logging
|
|
|
3
3
|
|
|
4
4
|
import claripy
|
|
5
5
|
|
|
6
|
+
from angr import sim_options as o
|
|
7
|
+
from angr.errors import SimValueError, SimMissingTempError
|
|
8
|
+
from angr.sim_state import SimState
|
|
9
|
+
from .inspect import BP_AFTER, BP_BEFORE
|
|
6
10
|
from .plugin import SimStatePlugin
|
|
11
|
+
from .sim_action import SimActionObject, SimActionData
|
|
7
12
|
|
|
8
13
|
|
|
9
14
|
l = logging.getLogger(name=__name__)
|
|
@@ -165,12 +170,4 @@ class SimStateScratch(SimStatePlugin):
|
|
|
165
170
|
self.jumpkind = j # preserve jumpkind - "what is the previous jumpkind" is an important question sometimes
|
|
166
171
|
|
|
167
172
|
|
|
168
|
-
# pylint:disable=wrong-import-position
|
|
169
|
-
from .sim_action import SimActionObject, SimActionData
|
|
170
|
-
from angr.errors import SimValueError, SimMissingTempError
|
|
171
|
-
from angr import sim_options as o
|
|
172
|
-
from .inspect import BP_AFTER, BP_BEFORE
|
|
173
|
-
|
|
174
|
-
from angr.sim_state import SimState
|
|
175
|
-
|
|
176
173
|
SimState.register_default("scratch", SimStateScratch)
|
angr/state_plugins/sim_action.py
CHANGED
|
@@ -1,15 +1,15 @@
|
|
|
1
1
|
# This module contains data structures for handling memory, code, and register references.
|
|
2
2
|
from __future__ import annotations
|
|
3
3
|
|
|
4
|
+
import contextlib
|
|
4
5
|
import logging
|
|
5
6
|
|
|
7
|
+
from .sim_event import SimEvent
|
|
8
|
+
|
|
6
9
|
l = logging.getLogger(name=__name__)
|
|
7
10
|
|
|
8
11
|
_noneset = frozenset()
|
|
9
12
|
|
|
10
|
-
from .sim_event import SimEvent
|
|
11
|
-
import contextlib
|
|
12
|
-
|
|
13
13
|
|
|
14
14
|
class SimAction(SimEvent):
|
|
15
15
|
"""
|
angr/state_plugins/solver.py
CHANGED
|
@@ -373,7 +373,7 @@ class SimSolver(SimStatePlugin):
|
|
|
373
373
|
max=None,
|
|
374
374
|
stride=None,
|
|
375
375
|
uninitialized=False,
|
|
376
|
-
explicit_name=
|
|
376
|
+
explicit_name=False,
|
|
377
377
|
key=None,
|
|
378
378
|
eternal=False,
|
|
379
379
|
inspect=True,
|
|
@@ -408,18 +408,23 @@ class SimSolver(SimStatePlugin):
|
|
|
408
408
|
if key is not None and eternal and key in self.eternal_tracked_variables:
|
|
409
409
|
r = self.eternal_tracked_variables[key]
|
|
410
410
|
# pylint: disable=too-many-boolean-expressions
|
|
411
|
-
if
|
|
411
|
+
if (
|
|
412
|
+
size != r.length
|
|
413
|
+
or uninitialized != r.has_annotation_type(claripy.annotation.UninitializedAnnotation)
|
|
414
|
+
or bool(explicit_name) ^ (r.args[0] == name)
|
|
415
|
+
):
|
|
412
416
|
l.warning("Variable %s being retrieved with different settings than it was tracked with", name)
|
|
413
417
|
else:
|
|
414
418
|
r = claripy.BVS(
|
|
415
419
|
name,
|
|
416
420
|
size,
|
|
417
|
-
uninitialized=uninitialized,
|
|
418
421
|
explicit_name=explicit_name,
|
|
419
422
|
**kwargs,
|
|
420
423
|
)
|
|
421
424
|
if any(x is not None for x in (min, max, stride)):
|
|
422
425
|
r = r.annotate(claripy.annotation.StridedIntervalAnnotation(stride, min, max))
|
|
426
|
+
if uninitialized:
|
|
427
|
+
r = r.annotate(claripy.annotation.UninitializedAnnotation())
|
|
423
428
|
if key is not None:
|
|
424
429
|
self.register_variable(r, key, eternal)
|
|
425
430
|
|
angr/state_plugins/symbolizer.py
CHANGED
|
@@ -1,10 +1,13 @@
|
|
|
1
1
|
from __future__ import annotations
|
|
2
|
+
|
|
2
3
|
import logging
|
|
3
|
-
import claripy
|
|
4
4
|
import struct
|
|
5
5
|
|
|
6
|
-
|
|
6
|
+
import claripy
|
|
7
|
+
|
|
8
|
+
from angr.sim_state import SimState
|
|
7
9
|
from angr.storage.memory_mixins import PagedMemoryMixin
|
|
10
|
+
from .plugin import SimStatePlugin
|
|
8
11
|
|
|
9
12
|
|
|
10
13
|
l = logging.getLogger(name=__name__)
|
|
@@ -285,6 +288,4 @@ class SimSymbolizer(SimStatePlugin): # pylint:disable=abstract-method
|
|
|
285
288
|
return sc
|
|
286
289
|
|
|
287
290
|
|
|
288
|
-
from angr.sim_state import SimState
|
|
289
|
-
|
|
290
291
|
SimState.register_default("symbolizer", SimSymbolizer)
|
angr/state_plugins/uc_manager.py
CHANGED
|
@@ -3,8 +3,10 @@ import logging
|
|
|
3
3
|
|
|
4
4
|
import claripy
|
|
5
5
|
|
|
6
|
-
from .plugin import SimStatePlugin
|
|
7
6
|
from angr.errors import SimUCManagerAllocationError
|
|
7
|
+
from angr.sim_state import SimState
|
|
8
|
+
from .plugin import SimStatePlugin
|
|
9
|
+
|
|
8
10
|
|
|
9
11
|
l = logging.getLogger(name=__name__)
|
|
10
12
|
|
|
@@ -89,6 +91,4 @@ class SimUCManager(SimStatePlugin):
|
|
|
89
91
|
self._region_base = 0xD0 << (self.state.arch.bits - 8)
|
|
90
92
|
|
|
91
93
|
|
|
92
|
-
from angr.sim_state import SimState
|
|
93
|
-
|
|
94
94
|
SimState.register_default("uc_manager", SimUCManager)
|
|
@@ -990,7 +990,11 @@ class Unicorn(SimStatePlugin):
|
|
|
990
990
|
:param from_where: the ID of the memory region it comes from ('mem' or 'reg')
|
|
991
991
|
:returns: the value to be inserted into Unicorn, or None
|
|
992
992
|
"""
|
|
993
|
-
|
|
993
|
+
allowed_annotations = (claripy.annotation.UninitializedAnnotation,)
|
|
994
|
+
filtered_annotations = [
|
|
995
|
+
a for a in d.annotations if not isinstance(a, allowed_annotations) and not a.eliminatable
|
|
996
|
+
]
|
|
997
|
+
if len(filtered_annotations) > 0:
|
|
994
998
|
l.debug("Blocking annotated AST.")
|
|
995
999
|
return None
|
|
996
1000
|
if not d.symbolic:
|
angr/state_plugins/view.py
CHANGED
|
@@ -6,6 +6,9 @@ from typing import ClassVar, TYPE_CHECKING
|
|
|
6
6
|
import claripy
|
|
7
7
|
from archinfo.arch_soot import ArchSoot, SootAddressDescriptor
|
|
8
8
|
from archinfo.arch_arm import is_arm_arch
|
|
9
|
+
|
|
10
|
+
from angr.sim_state import SimState
|
|
11
|
+
from angr.sim_type import ALL_TYPES, SimTypeFixedSizeArray, SimTypePointer
|
|
9
12
|
from .plugin import SimStatePlugin
|
|
10
13
|
|
|
11
14
|
if TYPE_CHECKING:
|
|
@@ -331,12 +334,7 @@ class StructMode:
|
|
|
331
334
|
self.__getattr__(k).store(v)
|
|
332
335
|
|
|
333
336
|
|
|
334
|
-
from angr.sim_type import ALL_TYPES, SimTypeFixedSizeArray, SimTypePointer
|
|
335
|
-
|
|
336
337
|
SimMemView.types = ALL_TYPES # identity purposefully here
|
|
337
338
|
|
|
338
|
-
|
|
339
|
-
from angr.sim_state import SimState
|
|
340
|
-
|
|
341
339
|
SimState.register_default("mem", SimMemView)
|
|
342
340
|
SimState.register_default("regs", SimRegNameView)
|
angr/storage/file.py
CHANGED
|
@@ -4,10 +4,11 @@ import itertools
|
|
|
4
4
|
|
|
5
5
|
import claripy
|
|
6
6
|
|
|
7
|
-
from
|
|
7
|
+
from angr import sim_options
|
|
8
|
+
from angr.errors import SimMergeError, SimFileError, SimSolverError
|
|
8
9
|
from angr.state_plugins.plugin import SimStatePlugin
|
|
9
10
|
from angr.state_plugins.sim_action_object import SimActionObject
|
|
10
|
-
from
|
|
11
|
+
from .memory_mixins import DefaultMemory
|
|
11
12
|
|
|
12
13
|
l = logging.getLogger(name=__name__)
|
|
13
14
|
|
|
@@ -1207,6 +1208,3 @@ class SimPacketsSlots(SimFileBase):
|
|
|
1207
1208
|
|
|
1208
1209
|
def widen(self, _):
|
|
1209
1210
|
raise SimMergeError("Widening the filesystem is unsupported")
|
|
1210
|
-
|
|
1211
|
-
|
|
1212
|
-
from angr.errors import SimMergeError, SimFileError, SimSolverError
|
|
@@ -20,9 +20,9 @@ class MultiwriteAnnotation(claripy.Annotation):
|
|
|
20
20
|
return True
|
|
21
21
|
|
|
22
22
|
|
|
23
|
-
def _multiwrite_filter(mem, ast): # pylint:disable=unused-argument
|
|
23
|
+
def _multiwrite_filter(mem, ast: claripy.ast.Base): # pylint:disable=unused-argument
|
|
24
24
|
# this is a huge hack, but so is the whole multiwrite crap
|
|
25
|
-
return
|
|
25
|
+
return ast.has_annotation_type(MultiwriteAnnotation)
|
|
26
26
|
|
|
27
27
|
|
|
28
28
|
SimStateOptions.register_option(
|
|
@@ -1,7 +1,10 @@
|
|
|
1
1
|
from __future__ import annotations
|
|
2
|
+
|
|
2
3
|
import logging
|
|
4
|
+
|
|
3
5
|
import claripy
|
|
4
6
|
|
|
7
|
+
from angr.errors import SimMemoryError
|
|
5
8
|
from angr.storage.memory_mixins.memory_mixin import MemoryMixin
|
|
6
9
|
|
|
7
10
|
l = logging.getLogger(__name__)
|
|
@@ -68,6 +71,3 @@ class DataNormalizationMixin(MemoryMixin):
|
|
|
68
71
|
raise TypeError("Bad value passed to memory", thing) from None
|
|
69
72
|
else:
|
|
70
73
|
return raw_to_bv()
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
from angr.errors import SimMemoryError
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
from __future__ import annotations
|
|
2
2
|
|
|
3
|
+
from angr.state_plugins.inspect import BP_BEFORE, BP_AFTER
|
|
3
4
|
from angr.storage.memory_mixins.memory_mixin import MemoryMixin
|
|
4
5
|
|
|
5
6
|
|
|
@@ -128,6 +129,3 @@ class InspectMixinHigh(MemoryMixin):
|
|
|
128
129
|
add_constraints = self.state._inspect_getattr("address_concretization_add_constraints", add_constraints)
|
|
129
130
|
|
|
130
131
|
super()._add_constraints(c, add_constraints=add_constraints, inspect=inspect, **kwargs)
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
from angr.state_plugins.inspect import BP_BEFORE, BP_AFTER
|
|
@@ -3,6 +3,7 @@ from __future__ import annotations
|
|
|
3
3
|
import claripy
|
|
4
4
|
from archinfo.arch_arm import is_arm_arch
|
|
5
5
|
|
|
6
|
+
from angr.errors import SimMemoryError
|
|
6
7
|
from angr.storage.memory_mixins.memory_mixin import MemoryMixin
|
|
7
8
|
|
|
8
9
|
stn_map = {f"st{n}": n for n in range(8)}
|
|
@@ -64,6 +65,3 @@ class NameResolutionMixin(MemoryMixin):
|
|
|
64
65
|
named_addr, named_size = self._resolve_location_name(addr, is_write=False)
|
|
65
66
|
return super().load(named_addr, size=named_size if size is None else size, **kwargs)
|
|
66
67
|
return super().load(addr, size=size, **kwargs)
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
from angr.errors import SimMemoryError
|
|
@@ -1,16 +1,17 @@
|
|
|
1
1
|
from __future__ import annotations
|
|
2
|
-
|
|
3
|
-
from typing import Any, Generic, Literal, overload
|
|
4
|
-
from collections.abc import Iterable
|
|
2
|
+
|
|
5
3
|
import logging
|
|
6
4
|
from collections import defaultdict
|
|
5
|
+
from collections.abc import Iterable
|
|
6
|
+
from typing import Any, Generic, Literal, overload
|
|
7
7
|
|
|
8
|
+
import cffi
|
|
8
9
|
import claripy
|
|
9
10
|
|
|
11
|
+
from angr.errors import SimMemoryError
|
|
10
12
|
from angr.state_plugins.sim_action_object import SimActionObject
|
|
11
13
|
from angr.storage.memory_mixins.memory_mixin import MemoryMixin
|
|
12
14
|
from angr.storage.memory_mixins.paged_memory.pages import PageType, ListPage, UltraPage, MVListPage
|
|
13
|
-
from angr.errors import SimMemoryError
|
|
14
15
|
|
|
15
16
|
# yeet
|
|
16
17
|
ffi = cffi.FFI()
|
|
@@ -107,7 +108,12 @@ class PagedMemoryMixin(
|
|
|
107
108
|
permissions = perms
|
|
108
109
|
break
|
|
109
110
|
|
|
110
|
-
return
|
|
111
|
+
return {
|
|
112
|
+
"memory": self,
|
|
113
|
+
"memory_id": f"{self.id}_{pageno}",
|
|
114
|
+
"permissions": permissions,
|
|
115
|
+
**self._extra_page_kwargs,
|
|
116
|
+
}
|
|
111
117
|
|
|
112
118
|
def _divide_addr(self, addr: int) -> tuple[int, int]:
|
|
113
119
|
return divmod(addr, self.page_size)
|
|
@@ -498,11 +504,7 @@ class PagedMemoryMixin(
|
|
|
498
504
|
|
|
499
505
|
# everything from here on out has exactly one goal: to maximize the amount of concrete data
|
|
500
506
|
# we can return (up to the limit!)
|
|
501
|
-
for i, byte in enumerate(bitmap)
|
|
502
|
-
if byte != 0:
|
|
503
|
-
break
|
|
504
|
-
else:
|
|
505
|
-
i = len(bitmap)
|
|
507
|
+
i = next((i for i, byte in enumerate(bitmap) if byte != 0), len(bitmap))
|
|
506
508
|
|
|
507
509
|
if i != subsize:
|
|
508
510
|
return data[:i]
|
|
@@ -523,11 +525,7 @@ class PagedMemoryMixin(
|
|
|
523
525
|
break
|
|
524
526
|
else:
|
|
525
527
|
newdata, bitmap = concrete_load(offset, subsize, with_bitmap=True, **kwargs)
|
|
526
|
-
for i, byte in enumerate(bitmap)
|
|
527
|
-
if byte != 0:
|
|
528
|
-
break
|
|
529
|
-
else:
|
|
530
|
-
i = len(bitmap)
|
|
528
|
+
i = next((i for i, byte in enumerate(bitmap) if byte != 0), len(bitmap))
|
|
531
529
|
|
|
532
530
|
# magic: check if the memory regions are physically adjacent
|
|
533
531
|
if physically_adjacent and ffi.cast(ffi.BVoidP, ffi.from_buffer(data)) + len(data) == ffi.cast(
|
|
@@ -1,32 +1,11 @@
|
|
|
1
1
|
from __future__ import annotations
|
|
2
|
-
import typing
|
|
3
2
|
|
|
4
|
-
from angr.storage.memory_mixins.memory_mixin import MemoryMixin
|
|
5
3
|
from .cooperation import CooperationBase, MemoryObjectMixin
|
|
6
4
|
from .ispo_mixin import ISPOMixin
|
|
7
5
|
from .refcount_mixin import RefcountMixin
|
|
8
6
|
from .permissions_mixin import PermissionsMixin
|
|
9
7
|
from .history_tracking_mixin import HistoryTrackingMixin
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
class PageBase(HistoryTrackingMixin, RefcountMixin, CooperationBase, ISPOMixin, PermissionsMixin, MemoryMixin):
|
|
13
|
-
"""
|
|
14
|
-
This is a fairly succinct definition of the contract between PagedMemoryMixin and its constituent pages:
|
|
15
|
-
|
|
16
|
-
- Pages must implement the MemoryMixin model for loads, stores, copying, merging, etc
|
|
17
|
-
- However, loading/storing may not necessarily use the same data domain as PagedMemoryMixin. In order to do more
|
|
18
|
-
efficient loads/stores across pages, we use the CooperationBase interface which allows the page class to
|
|
19
|
-
determine how to generate and unwrap the objects which are actually stored.
|
|
20
|
-
- To support COW, we use the RefcountMixin and the ISPOMixin (which adds the contract element that ``memory=self``
|
|
21
|
-
be passed to every method call)
|
|
22
|
-
- Pages have permissions associated with them, stored in the PermissionsMixin.
|
|
23
|
-
|
|
24
|
-
Read the docstrings for each of the constituent classes to understand the nuances of their functionalities
|
|
25
|
-
"""
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
PageType = typing.TypeVar("PageType", bound=PageBase)
|
|
29
|
-
|
|
8
|
+
from .base import PageBase, PageType
|
|
30
9
|
from .list_page import ListPage
|
|
31
10
|
from .mv_list_page import MVListPage
|
|
32
11
|
from .ultra_page import UltraPage
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
from __future__ import annotations
|
|
2
|
+
|
|
3
|
+
import typing
|
|
4
|
+
|
|
5
|
+
from angr.storage.memory_mixins.memory_mixin import MemoryMixin
|
|
6
|
+
from .cooperation import CooperationBase
|
|
7
|
+
from .ispo_mixin import ISPOMixin
|
|
8
|
+
from .refcount_mixin import RefcountMixin
|
|
9
|
+
from .permissions_mixin import PermissionsMixin
|
|
10
|
+
from .history_tracking_mixin import HistoryTrackingMixin
|
|
11
|
+
|
|
12
|
+
|
|
13
|
+
class PageBase(HistoryTrackingMixin, RefcountMixin, CooperationBase, ISPOMixin, PermissionsMixin, MemoryMixin):
|
|
14
|
+
"""
|
|
15
|
+
This is a fairly succinct definition of the contract between PagedMemoryMixin and its constituent pages:
|
|
16
|
+
|
|
17
|
+
- Pages must implement the MemoryMixin model for loads, stores, copying, merging, etc
|
|
18
|
+
- However, loading/storing may not necessarily use the same data domain as PagedMemoryMixin. In order to do more
|
|
19
|
+
efficient loads/stores across pages, we use the CooperationBase interface which allows the page class to
|
|
20
|
+
determine how to generate and unwrap the objects which are actually stored.
|
|
21
|
+
- To support COW, we use the RefcountMixin and the ISPOMixin (which adds the contract element that ``memory=self``
|
|
22
|
+
be passed to every method call)
|
|
23
|
+
- Pages have permissions associated with them, stored in the PermissionsMixin.
|
|
24
|
+
|
|
25
|
+
Read the docstrings for each of the constituent classes to understand the nuances of their functionalities
|
|
26
|
+
"""
|
|
27
|
+
|
|
28
|
+
|
|
29
|
+
PageType = typing.TypeVar("PageType", bound=PageBase)
|
|
30
|
+
|
|
31
|
+
__all__ = ("PageBase", "PageType")
|
|
@@ -7,7 +7,7 @@ from collections.abc import Callable
|
|
|
7
7
|
from angr.storage.memory_mixins.memory_mixin import MemoryMixin
|
|
8
8
|
from angr.utils.dynamic_dictlist import DynamicDictList
|
|
9
9
|
from angr.storage.memory_object import SimMemoryObject, SimLabeledMemoryObject
|
|
10
|
-
from . import PageBase
|
|
10
|
+
from .base import PageBase
|
|
11
11
|
from .cooperation import MemoryObjectSetMixin
|
|
12
12
|
|
|
13
13
|
|
|
@@ -9,7 +9,8 @@ from sortedcontainers import SortedDict
|
|
|
9
9
|
import claripy
|
|
10
10
|
|
|
11
11
|
from angr.errors import SimMemoryError
|
|
12
|
-
from . import
|
|
12
|
+
from angr.storage.memory_mixins.paged_memory.page_backer_mixins import NotMemoryview
|
|
13
|
+
from .base import PageBase
|
|
13
14
|
from .cooperation import MemoryObjectMixin, SimMemoryObject
|
|
14
15
|
|
|
15
16
|
|
|
@@ -500,6 +501,3 @@ class UltraPage(MemoryObjectMixin, PageBase):
|
|
|
500
501
|
self._update_mappings(b, old.object, new.object, memory=memory)
|
|
501
502
|
|
|
502
503
|
return new
|
|
503
|
-
|
|
504
|
-
|
|
505
|
-
from angr.storage.memory_mixins.paged_memory.page_backer_mixins import NotMemoryview
|
|
@@ -1,4 +1,7 @@
|
|
|
1
1
|
from __future__ import annotations
|
|
2
|
+
|
|
3
|
+
from angr.errors import SimSegfaultException
|
|
4
|
+
from angr import sim_options as o
|
|
2
5
|
from .paged_memory_mixin import PagedMemoryMixin
|
|
3
6
|
|
|
4
7
|
|
|
@@ -31,7 +34,3 @@ class PrivilegedPagingMixin(PagedMemoryMixin):
|
|
|
31
34
|
raise SimSegfaultException(pageno * self.page_size, "unmapped")
|
|
32
35
|
|
|
33
36
|
return super()._initialize_page(pageno, **kwargs)
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
from angr.errors import SimSegfaultException
|
|
37
|
-
from angr import sim_options as o
|