angr 9.2.135__py3-none-manylinux2014_aarch64.whl → 9.2.137__py3-none-manylinux2014_aarch64.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of angr might be problematic. Click here for more details.
- angr/__init__.py +1 -1
- angr/analyses/__init__.py +3 -7
- angr/analyses/analysis.py +4 -0
- angr/analyses/backward_slice.py +1 -2
- angr/analyses/binary_optimizer.py +3 -4
- angr/analyses/bindiff.py +4 -6
- angr/analyses/boyscout.py +1 -3
- angr/analyses/callee_cleanup_finder.py +4 -4
- angr/analyses/calling_convention/calling_convention.py +6 -4
- angr/analyses/calling_convention/fact_collector.py +10 -3
- angr/analyses/cdg.py +1 -2
- angr/analyses/cfg/cfb.py +1 -3
- angr/analyses/cfg/cfg.py +2 -2
- angr/analyses/cfg/cfg_base.py +40 -68
- angr/analyses/cfg/cfg_emulated.py +1 -104
- angr/analyses/cfg/cfg_fast.py +90 -27
- angr/analyses/cfg/cfg_fast_soot.py +1 -1
- angr/analyses/cfg/indirect_jump_resolvers/__init__.py +2 -0
- angr/analyses/cfg/indirect_jump_resolvers/const_resolver.py +46 -10
- angr/analyses/cfg/indirect_jump_resolvers/default_resolvers.py +5 -1
- angr/analyses/cfg/indirect_jump_resolvers/jumptable.py +65 -14
- angr/analyses/cfg/indirect_jump_resolvers/memload_resolver.py +81 -0
- angr/analyses/cfg/indirect_jump_resolvers/propagator_utils.py +24 -5
- angr/analyses/cfg/indirect_jump_resolvers/x86_pe_iat.py +2 -5
- angr/analyses/class_identifier.py +1 -2
- angr/analyses/complete_calling_conventions.py +3 -0
- angr/analyses/congruency_check.py +2 -3
- angr/analyses/data_dep/data_dependency_analysis.py +2 -2
- angr/analyses/ddg.py +1 -4
- angr/analyses/decompiler/ail_simplifier.py +15 -5
- angr/analyses/decompiler/block_simplifier.py +2 -2
- angr/analyses/decompiler/ccall_rewriters/__init__.py +2 -0
- angr/analyses/decompiler/ccall_rewriters/amd64_ccalls.py +1 -1
- angr/analyses/decompiler/ccall_rewriters/x86_ccalls.py +69 -0
- angr/analyses/decompiler/clinic.py +119 -72
- angr/analyses/decompiler/condition_processor.py +2 -0
- angr/analyses/decompiler/decompiler.py +1 -0
- angr/analyses/decompiler/dephication/dephication_base.py +2 -0
- angr/analyses/decompiler/dephication/rewriting_engine.py +8 -6
- angr/analyses/decompiler/dephication/seqnode_dephication.py +10 -1
- angr/analyses/decompiler/optimization_passes/duplication_reverter/ail_merge_graph.py +2 -2
- angr/analyses/decompiler/optimization_passes/duplication_reverter/duplication_reverter.py +2 -2
- angr/analyses/decompiler/optimization_passes/ite_region_converter.py +1 -1
- angr/analyses/decompiler/optimization_passes/lowered_switch_simplifier.py +1 -1
- angr/analyses/decompiler/optimization_passes/return_duplicator_base.py +1 -2
- angr/analyses/decompiler/optimization_passes/stack_canary_simplifier.py +1 -1
- angr/analyses/decompiler/sequence_walker.py +6 -2
- angr/analyses/decompiler/ssailification/rewriting.py +11 -1
- angr/analyses/decompiler/ssailification/rewriting_engine.py +56 -19
- angr/analyses/decompiler/ssailification/ssailification.py +13 -3
- angr/analyses/decompiler/ssailification/traversal.py +28 -2
- angr/analyses/decompiler/ssailification/traversal_state.py +6 -1
- angr/analyses/decompiler/structured_codegen/c.py +44 -21
- angr/analyses/decompiler/structuring/phoenix.py +118 -15
- angr/analyses/decompiler/utils.py +113 -8
- angr/analyses/disassembly.py +5 -5
- angr/analyses/fcp/__init__.py +4 -0
- angr/analyses/fcp/fcp.py +429 -0
- angr/analyses/identifier/identify.py +1 -3
- angr/analyses/loopfinder.py +4 -3
- angr/analyses/patchfinder.py +1 -1
- angr/analyses/propagator/engine_base.py +4 -3
- angr/analyses/propagator/propagator.py +14 -53
- angr/analyses/reaching_definitions/function_handler.py +1 -1
- angr/analyses/reassembler.py +1 -2
- angr/analyses/s_liveness.py +5 -1
- angr/analyses/s_propagator.py +26 -7
- angr/analyses/s_reaching_definitions/s_rda_model.py +2 -1
- angr/analyses/s_reaching_definitions/s_rda_view.py +20 -1
- angr/analyses/s_reaching_definitions/s_reaching_definitions.py +11 -1
- angr/analyses/soot_class_hierarchy.py +1 -2
- angr/analyses/stack_pointer_tracker.py +29 -3
- angr/analyses/static_hooker.py +1 -2
- angr/analyses/typehoon/simple_solver.py +2 -2
- angr/analyses/variable_recovery/engine_ail.py +19 -7
- angr/analyses/variable_recovery/engine_base.py +16 -14
- angr/analyses/variable_recovery/engine_vex.py +2 -2
- angr/analyses/variable_recovery/variable_recovery_fast.py +23 -3
- angr/analyses/veritesting.py +4 -7
- angr/analyses/vfg.py +1 -1
- angr/analyses/vsa_ddg.py +1 -2
- angr/block.py +62 -22
- angr/callable.py +1 -3
- angr/calling_conventions.py +3 -3
- angr/codenode.py +5 -1
- angr/concretization_strategies/__init__.py +1 -83
- angr/concretization_strategies/any.py +2 -1
- angr/concretization_strategies/any_named.py +1 -1
- angr/concretization_strategies/base.py +81 -0
- angr/concretization_strategies/controlled_data.py +2 -1
- angr/concretization_strategies/eval.py +2 -1
- angr/concretization_strategies/logging.py +3 -1
- angr/concretization_strategies/max.py +2 -1
- angr/concretization_strategies/nonzero.py +2 -1
- angr/concretization_strategies/nonzero_range.py +2 -1
- angr/concretization_strategies/norepeats.py +2 -1
- angr/concretization_strategies/norepeats_range.py +2 -1
- angr/concretization_strategies/range.py +2 -1
- angr/concretization_strategies/signed_add.py +2 -1
- angr/concretization_strategies/single.py +2 -1
- angr/concretization_strategies/solutions.py +2 -1
- angr/concretization_strategies/unlimited_range.py +2 -1
- angr/engines/__init__.py +8 -5
- angr/engines/engine.py +3 -5
- angr/engines/failure.py +4 -5
- angr/engines/pcode/emulate.py +1 -1
- angr/engines/pcode/lifter.py +31 -18
- angr/engines/procedure.py +5 -7
- angr/engines/soot/expressions/__init__.py +20 -23
- angr/engines/soot/expressions/base.py +4 -4
- angr/engines/soot/expressions/invoke.py +1 -2
- angr/engines/soot/statements/__init__.py +10 -12
- angr/engines/soot/values/__init__.py +10 -12
- angr/engines/soot/values/arrayref.py +3 -3
- angr/engines/soot/values/instancefieldref.py +3 -2
- angr/engines/successors.py +18 -12
- angr/engines/syscall.py +4 -6
- angr/engines/unicorn.py +3 -2
- angr/engines/vex/claripy/ccall.py +8 -10
- angr/engines/vex/claripy/datalayer.py +4 -5
- angr/engines/vex/lifter.py +9 -6
- angr/exploration_techniques/__init__.py +0 -2
- angr/exploration_techniques/spiller.py +1 -3
- angr/exploration_techniques/stochastic.py +2 -3
- angr/factory.py +3 -9
- angr/flirt/build_sig.py +8 -15
- angr/knowledge_plugins/cfg/cfg_model.py +20 -17
- angr/knowledge_plugins/functions/function.py +70 -79
- angr/knowledge_plugins/functions/function_manager.py +8 -7
- angr/knowledge_plugins/functions/function_parser.py +1 -1
- angr/knowledge_plugins/functions/soot_function.py +21 -24
- angr/knowledge_plugins/propagations/propagation_model.py +4 -5
- angr/knowledge_plugins/propagations/states.py +0 -511
- angr/knowledge_plugins/variables/variable_manager.py +16 -10
- angr/procedures/libc/memcpy.py +4 -4
- angr/procedures/procedure_dict.py +3 -2
- angr/protos/__init__.py +2 -5
- angr/protos/cfg_pb2.py +21 -18
- angr/protos/function_pb2.py +17 -14
- angr/protos/primitives_pb2.py +44 -39
- angr/protos/variables_pb2.py +36 -31
- angr/protos/xrefs_pb2.py +15 -12
- angr/sim_procedure.py +15 -16
- angr/sim_variable.py +13 -1
- angr/simos/__init__.py +2 -0
- angr/simos/javavm.py +4 -6
- angr/simos/xbox.py +32 -0
- angr/state_plugins/__init__.py +0 -2
- angr/state_plugins/callstack.py +4 -4
- angr/state_plugins/cgc.py +3 -2
- angr/state_plugins/gdb.py +6 -5
- angr/state_plugins/globals.py +1 -2
- angr/state_plugins/heap/heap_brk.py +1 -2
- angr/state_plugins/history.py +10 -12
- angr/state_plugins/inspect.py +3 -5
- angr/state_plugins/libc.py +2 -2
- angr/state_plugins/log.py +8 -10
- angr/state_plugins/loop_data.py +1 -2
- angr/state_plugins/posix.py +7 -7
- angr/state_plugins/preconstrainer.py +2 -3
- angr/state_plugins/scratch.py +5 -8
- angr/state_plugins/sim_action.py +3 -3
- angr/state_plugins/solver.py +8 -3
- angr/state_plugins/symbolizer.py +5 -4
- angr/state_plugins/uc_manager.py +3 -3
- angr/state_plugins/unicorn_engine.py +5 -1
- angr/state_plugins/view.py +3 -5
- angr/storage/file.py +3 -5
- angr/storage/memory_mixins/address_concretization_mixin.py +2 -2
- angr/storage/memory_mixins/bvv_conversion_mixin.py +3 -3
- angr/storage/memory_mixins/clouseau_mixin.py +1 -3
- angr/storage/memory_mixins/name_resolution_mixin.py +1 -3
- angr/storage/memory_mixins/paged_memory/paged_memory_mixin.py +13 -15
- angr/storage/memory_mixins/paged_memory/pages/__init__.py +1 -22
- angr/storage/memory_mixins/paged_memory/pages/base.py +31 -0
- angr/storage/memory_mixins/paged_memory/pages/list_page.py +1 -1
- angr/storage/memory_mixins/paged_memory/pages/mv_list_page.py +1 -1
- angr/storage/memory_mixins/paged_memory/pages/ultra_page.py +2 -4
- angr/storage/memory_mixins/paged_memory/privileged_mixin.py +3 -4
- angr/storage/memory_mixins/regioned_memory/abstract_merger_mixin.py +4 -2
- angr/storage/memory_mixins/smart_find_mixin.py +1 -1
- angr/storage/memory_mixins/underconstrained_mixin.py +1 -1
- angr/storage/memory_mixins/unwrapper_mixin.py +1 -3
- angr/utils/enums_conv.py +28 -12
- angr/utils/segment_list.py +25 -22
- angr/utils/timing.py +18 -1
- angr/vaults.py +5 -6
- {angr-9.2.135.dist-info → angr-9.2.137.dist-info}/METADATA +7 -7
- {angr-9.2.135.dist-info → angr-9.2.137.dist-info}/RECORD +193 -191
- {angr-9.2.135.dist-info → angr-9.2.137.dist-info}/WHEEL +1 -1
- angr/analyses/propagator/outdated_definition_walker.py +0 -159
- angr/analyses/propagator/tmpvar_finder.py +0 -18
- angr/engines/concrete.py +0 -180
- angr/exploration_techniques/symbion.py +0 -80
- angr/state_plugins/concrete.py +0 -295
- {angr-9.2.135.dist-info → angr-9.2.137.dist-info}/LICENSE +0 -0
- {angr-9.2.135.dist-info → angr-9.2.137.dist-info}/entry_points.txt +0 -0
- {angr-9.2.135.dist-info → angr-9.2.137.dist-info}/top_level.txt +0 -0
angr/block.py
CHANGED
|
@@ -1,18 +1,26 @@
|
|
|
1
1
|
# pylint:disable=wrong-import-position,arguments-differ
|
|
2
2
|
from __future__ import annotations
|
|
3
3
|
import logging
|
|
4
|
+
from typing import TYPE_CHECKING
|
|
4
5
|
|
|
5
6
|
import pyvex
|
|
6
7
|
from pyvex import IRSB
|
|
7
|
-
from archinfo import ArchARM
|
|
8
|
+
from archinfo import Arch, ArchARM
|
|
9
|
+
|
|
10
|
+
from .protos import primitives_pb2 as pb2
|
|
11
|
+
from .serializable import Serializable
|
|
8
12
|
|
|
9
13
|
try:
|
|
10
14
|
from .engines import pcode
|
|
11
15
|
except ImportError:
|
|
12
16
|
pcode = None
|
|
13
17
|
|
|
14
|
-
|
|
15
|
-
from
|
|
18
|
+
if TYPE_CHECKING:
|
|
19
|
+
from angr import Project
|
|
20
|
+
from angr.engines.vex import VEXLifter
|
|
21
|
+
from angr.engines.pcode.lifter import PcodeLifterEngineMixin, IRSB as PcodeIRSB
|
|
22
|
+
from angr.engines.soot.engine import SootMixin
|
|
23
|
+
|
|
16
24
|
|
|
17
25
|
l = logging.getLogger(name=__name__)
|
|
18
26
|
|
|
@@ -147,7 +155,7 @@ class Block(Serializable):
|
|
|
147
155
|
self,
|
|
148
156
|
addr,
|
|
149
157
|
project=None,
|
|
150
|
-
arch=None,
|
|
158
|
+
arch: Arch = None,
|
|
151
159
|
size=None,
|
|
152
160
|
max_size=None,
|
|
153
161
|
byte_string=None,
|
|
@@ -167,6 +175,7 @@ class Block(Serializable):
|
|
|
167
175
|
skip_stmts=False,
|
|
168
176
|
):
|
|
169
177
|
# set up arch
|
|
178
|
+
self.arch: Arch
|
|
170
179
|
if project is not None:
|
|
171
180
|
self.arch = project.arch
|
|
172
181
|
else:
|
|
@@ -186,7 +195,7 @@ class Block(Serializable):
|
|
|
186
195
|
else:
|
|
187
196
|
thumb = False
|
|
188
197
|
|
|
189
|
-
self._project = project
|
|
198
|
+
self._project: Project | None = project
|
|
190
199
|
self.thumb = thumb
|
|
191
200
|
self.addr = addr
|
|
192
201
|
self._opt_level = opt_level
|
|
@@ -205,8 +214,15 @@ class Block(Serializable):
|
|
|
205
214
|
else:
|
|
206
215
|
if self._initial_regs:
|
|
207
216
|
self.set_initial_regs()
|
|
217
|
+
clemory = None
|
|
218
|
+
if project is not None:
|
|
219
|
+
clemory = (
|
|
220
|
+
project.loader.memory_ro_view
|
|
221
|
+
if project.loader.memory_ro_view is not None
|
|
222
|
+
else project.loader.memory
|
|
223
|
+
)
|
|
208
224
|
vex = self._vex_engine.lift_vex(
|
|
209
|
-
clemory=
|
|
225
|
+
clemory=clemory,
|
|
210
226
|
state=backup_state,
|
|
211
227
|
insn_bytes=byte_string,
|
|
212
228
|
addr=addr,
|
|
@@ -242,7 +258,7 @@ class Block(Serializable):
|
|
|
242
258
|
self._load_from_ro_regions = load_from_ro_regions
|
|
243
259
|
self._const_prop = const_prop
|
|
244
260
|
|
|
245
|
-
self._instructions = num_inst
|
|
261
|
+
self._instructions: int | None = num_inst
|
|
246
262
|
self._instruction_addrs: list[int] = []
|
|
247
263
|
|
|
248
264
|
if skip_stmts:
|
|
@@ -257,7 +273,7 @@ class Block(Serializable):
|
|
|
257
273
|
if type(self._bytes) is memoryview:
|
|
258
274
|
self._bytes = bytes(self._bytes)
|
|
259
275
|
elif type(self._bytes) is not bytes:
|
|
260
|
-
self._bytes = bytes(pyvex.ffi.buffer(self._bytes, size))
|
|
276
|
+
self._bytes = bytes(pyvex.ffi.buffer(self._bytes, size)) # type:ignore
|
|
261
277
|
else:
|
|
262
278
|
self._bytes = None
|
|
263
279
|
elif type(byte_string) is bytes:
|
|
@@ -268,7 +284,7 @@ class Block(Serializable):
|
|
|
268
284
|
else:
|
|
269
285
|
# Convert bytestring to a str
|
|
270
286
|
# size will ALWAYS be known at this point
|
|
271
|
-
self._bytes =
|
|
287
|
+
self._bytes = bytes(pyvex.ffi.buffer(byte_string, self.size)) # type:ignore
|
|
272
288
|
|
|
273
289
|
def _parse_vex_info(self, vex_block):
|
|
274
290
|
if vex_block is not None:
|
|
@@ -322,16 +338,25 @@ class Block(Serializable):
|
|
|
322
338
|
pyvex.pvc.reset_initial_register_values()
|
|
323
339
|
|
|
324
340
|
@property
|
|
325
|
-
def _vex_engine(self):
|
|
326
|
-
|
|
341
|
+
def _vex_engine(self) -> VEXLifter | PcodeLifterEngineMixin:
|
|
342
|
+
if self._project is None:
|
|
343
|
+
raise ValueError("Project is not set")
|
|
344
|
+
return self._project.factory.default_engine # type:ignore
|
|
327
345
|
|
|
328
346
|
@property
|
|
329
|
-
def vex(self) -> IRSB:
|
|
347
|
+
def vex(self) -> IRSB | PcodeIRSB:
|
|
330
348
|
if not self._vex:
|
|
331
349
|
if self._initial_regs:
|
|
332
350
|
self.set_initial_regs()
|
|
351
|
+
clemory = None
|
|
352
|
+
if self._project is not None:
|
|
353
|
+
clemory = (
|
|
354
|
+
self._project.loader.memory_ro_view
|
|
355
|
+
if self._project.loader.memory_ro_view is not None
|
|
356
|
+
else self._project.loader.memory
|
|
357
|
+
)
|
|
333
358
|
self._vex = self._vex_engine.lift_vex(
|
|
334
|
-
clemory=
|
|
359
|
+
clemory=clemory,
|
|
335
360
|
insn_bytes=self._bytes,
|
|
336
361
|
addr=self.addr,
|
|
337
362
|
thumb=self.thumb,
|
|
@@ -349,6 +374,7 @@ class Block(Serializable):
|
|
|
349
374
|
self.reset_initial_regs()
|
|
350
375
|
self._parse_vex_info(self._vex)
|
|
351
376
|
|
|
377
|
+
assert self._vex is not None
|
|
352
378
|
return self._vex
|
|
353
379
|
|
|
354
380
|
@property
|
|
@@ -361,8 +387,15 @@ class Block(Serializable):
|
|
|
361
387
|
|
|
362
388
|
if self._initial_regs:
|
|
363
389
|
self.set_initial_regs()
|
|
390
|
+
clemory = None
|
|
391
|
+
if self._project is not None:
|
|
392
|
+
clemory = (
|
|
393
|
+
self._project.loader.memory_ro_view
|
|
394
|
+
if self._project.loader.memory_ro_view is not None
|
|
395
|
+
else self._project.loader.memory
|
|
396
|
+
)
|
|
364
397
|
self._vex_nostmt = self._vex_engine.lift_vex(
|
|
365
|
-
clemory=
|
|
398
|
+
clemory=clemory,
|
|
366
399
|
insn_bytes=self._bytes,
|
|
367
400
|
addr=self.addr,
|
|
368
401
|
thumb=self.thumb,
|
|
@@ -393,17 +426,17 @@ class Block(Serializable):
|
|
|
393
426
|
"""
|
|
394
427
|
if self._disassembly is None:
|
|
395
428
|
if self._using_pcode_engine:
|
|
396
|
-
self._disassembly = self.vex.disassembly
|
|
429
|
+
self._disassembly = self.vex.disassembly # type:ignore
|
|
397
430
|
else:
|
|
398
431
|
self._disassembly = self.capstone
|
|
399
432
|
return self._disassembly
|
|
400
433
|
|
|
401
434
|
@property
|
|
402
|
-
def capstone(self):
|
|
435
|
+
def capstone(self) -> CapstoneBlock:
|
|
403
436
|
if self._capstone:
|
|
404
437
|
return self._capstone
|
|
405
438
|
|
|
406
|
-
cs = self.arch.capstone if not self.thumb else self.arch.capstone_thumb
|
|
439
|
+
cs = self.arch.capstone if not self.thumb else self.arch.capstone_thumb # type:ignore
|
|
407
440
|
|
|
408
441
|
insns = []
|
|
409
442
|
|
|
@@ -422,12 +455,18 @@ class Block(Serializable):
|
|
|
422
455
|
return BlockNode(self.addr, self.size, bytestr=self.bytes, thumb=self.thumb)
|
|
423
456
|
|
|
424
457
|
@property
|
|
425
|
-
def bytes(self) -> bytes:
|
|
458
|
+
def bytes(self) -> bytes | None:
|
|
426
459
|
if self._bytes is None:
|
|
427
460
|
addr = self.addr
|
|
428
461
|
if self.thumb:
|
|
429
462
|
addr = (addr >> 1) << 1
|
|
430
|
-
|
|
463
|
+
if self._project is not None:
|
|
464
|
+
mem = (
|
|
465
|
+
self._project.loader.memory_ro_view
|
|
466
|
+
if self._project.loader.memory_ro_view is not None
|
|
467
|
+
else self._project.loader.memory
|
|
468
|
+
)
|
|
469
|
+
self._bytes = mem.load(addr, self.size)
|
|
431
470
|
return self._bytes
|
|
432
471
|
|
|
433
472
|
@property
|
|
@@ -436,6 +475,7 @@ class Block(Serializable):
|
|
|
436
475
|
# initialize from VEX
|
|
437
476
|
_ = self.vex
|
|
438
477
|
|
|
478
|
+
assert self._instructions is not None
|
|
439
479
|
return self._instructions
|
|
440
480
|
|
|
441
481
|
@property
|
|
@@ -476,17 +516,17 @@ class SootBlock:
|
|
|
476
516
|
Represents a Soot IR basic block.
|
|
477
517
|
"""
|
|
478
518
|
|
|
479
|
-
def __init__(self, addr, project
|
|
519
|
+
def __init__(self, addr, *, project: Project, arch: Arch):
|
|
480
520
|
self.addr = addr
|
|
481
521
|
self.arch = arch
|
|
482
522
|
self._project = project
|
|
483
523
|
self._the_binary = project.loader.main_object
|
|
484
524
|
|
|
485
525
|
@property
|
|
486
|
-
def _soot_engine(self):
|
|
526
|
+
def _soot_engine(self) -> SootMixin:
|
|
487
527
|
if self._project is None:
|
|
488
528
|
assert False, "This should be unreachable"
|
|
489
|
-
return self._project.factory.default_engine
|
|
529
|
+
return self._project.factory.default_engine # type:ignore
|
|
490
530
|
|
|
491
531
|
@property
|
|
492
532
|
def soot(self):
|
angr/callable.py
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
from __future__ import annotations
|
|
2
2
|
import pycparser
|
|
3
3
|
|
|
4
|
+
from .errors import AngrCallableError, AngrCallableMultistateError
|
|
4
5
|
from .calling_conventions import default_cc, SimCC
|
|
5
6
|
|
|
6
7
|
|
|
@@ -158,6 +159,3 @@ class Callable:
|
|
|
158
159
|
raise AngrCallableError(f"Unsupported expression type {type(expr)}.")
|
|
159
160
|
|
|
160
161
|
return self.__call__(*args)
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
from .errors import AngrCallableError, AngrCallableMultistateError
|
angr/calling_conventions.py
CHANGED
|
@@ -1600,7 +1600,7 @@ class SimCCSystemVAMD64(SimCC):
|
|
|
1600
1600
|
# TODO I think we need an explicit stride field on array types
|
|
1601
1601
|
result[idx * ty.elem_type.size // self.arch.byte_width + suboffset] += subsubty_list
|
|
1602
1602
|
elif isinstance(ty, SimUnion):
|
|
1603
|
-
for
|
|
1603
|
+
for subty in ty.members.values():
|
|
1604
1604
|
subresult = self._flatten(subty)
|
|
1605
1605
|
if subresult is None:
|
|
1606
1606
|
return None
|
|
@@ -1772,7 +1772,7 @@ class SimCCARM(SimCC):
|
|
|
1772
1772
|
# TODO I think we need an explicit stride field on array types
|
|
1773
1773
|
result[idx * ty.elem_type.size // self.arch.byte_width + suboffset] += subsubty_list
|
|
1774
1774
|
elif isinstance(ty, SimUnion):
|
|
1775
|
-
for
|
|
1775
|
+
for subty in ty.members.values():
|
|
1776
1776
|
subresult = self._flatten(subty)
|
|
1777
1777
|
if subresult is None:
|
|
1778
1778
|
return None
|
|
@@ -1991,7 +1991,7 @@ class SimCCO32(SimCC):
|
|
|
1991
1991
|
# TODO I think we need an explicit stride field on array types
|
|
1992
1992
|
result[idx * ty.elem_type.size // self.arch.byte_width + suboffset] += subsubty_list
|
|
1993
1993
|
elif isinstance(ty, SimUnion):
|
|
1994
|
-
for
|
|
1994
|
+
for subty in ty.members.values():
|
|
1995
1995
|
subresult = self._flatten(subty)
|
|
1996
1996
|
if subresult is None:
|
|
1997
1997
|
return None
|
angr/codenode.py
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
from __future__ import annotations
|
|
2
2
|
import logging
|
|
3
|
+
import weakref
|
|
3
4
|
|
|
4
5
|
l = logging.getLogger(name=__name__)
|
|
5
6
|
|
|
@@ -17,7 +18,7 @@ class CodeNode:
|
|
|
17
18
|
self.addr: int = addr
|
|
18
19
|
self.size: int = size
|
|
19
20
|
self.thumb = thumb
|
|
20
|
-
self._graph = graph
|
|
21
|
+
self._graph = weakref.proxy(graph) if graph is not None else None
|
|
21
22
|
|
|
22
23
|
self._hash = None
|
|
23
24
|
|
|
@@ -46,6 +47,9 @@ class CodeNode:
|
|
|
46
47
|
self._hash = hash((self.addr, self.size))
|
|
47
48
|
return self._hash
|
|
48
49
|
|
|
50
|
+
def set_graph(self, graph):
|
|
51
|
+
self._graph = weakref.proxy(graph)
|
|
52
|
+
|
|
49
53
|
def successors(self) -> list[CodeNode]:
|
|
50
54
|
if self._graph is None:
|
|
51
55
|
raise ValueError("Cannot calculate successors for graphless node")
|
|
@@ -1,89 +1,7 @@
|
|
|
1
1
|
from __future__ import annotations
|
|
2
2
|
|
|
3
|
-
|
|
4
|
-
class SimConcretizationStrategy:
|
|
5
|
-
"""
|
|
6
|
-
Concretization strategies control the resolution of symbolic memory indices
|
|
7
|
-
in SimuVEX. By subclassing this class and setting it as a concretization strategy
|
|
8
|
-
(on state.memory.read_strategies and state.memory.write_strategies), SimuVEX's
|
|
9
|
-
memory index concretization behavior can be modified.
|
|
10
|
-
"""
|
|
11
|
-
|
|
12
|
-
def __init__(self, filter=None, exact=True): # pylint:disable=redefined-builtin
|
|
13
|
-
"""
|
|
14
|
-
Initializes the base SimConcretizationStrategy.
|
|
15
|
-
|
|
16
|
-
:param filter: A function, taking arguments of (SimMemory, claripy.AST) that determines
|
|
17
|
-
if this strategy can handle resolving the provided AST.
|
|
18
|
-
:param exact: A flag (default: True) that determines if the convenience resolution
|
|
19
|
-
functions provided by this class use exact or approximate resolution.
|
|
20
|
-
"""
|
|
21
|
-
self._exact = exact
|
|
22
|
-
self._filter = filter
|
|
23
|
-
|
|
24
|
-
def _min(self, memory, addr, **kwargs):
|
|
25
|
-
"""
|
|
26
|
-
Gets the minimum solution of an address.
|
|
27
|
-
"""
|
|
28
|
-
return memory.state.solver.min(addr, exact=kwargs.pop("exact", self._exact), **kwargs)
|
|
29
|
-
|
|
30
|
-
def _max(self, memory, addr, **kwargs):
|
|
31
|
-
"""
|
|
32
|
-
Gets the maximum solution of an address.
|
|
33
|
-
"""
|
|
34
|
-
return memory.state.solver.max(addr, exact=kwargs.pop("exact", self._exact), **kwargs)
|
|
35
|
-
|
|
36
|
-
def _any(self, memory, addr, **kwargs):
|
|
37
|
-
"""
|
|
38
|
-
Gets any solution of an address.
|
|
39
|
-
"""
|
|
40
|
-
return memory.state.solver.eval(addr, exact=kwargs.pop("exact", self._exact), **kwargs)
|
|
41
|
-
|
|
42
|
-
def _eval(self, memory, addr, n, **kwargs):
|
|
43
|
-
"""
|
|
44
|
-
Gets n solutions for an address.
|
|
45
|
-
"""
|
|
46
|
-
return memory.state.solver.eval_upto(addr, n, exact=kwargs.pop("exact", self._exact), **kwargs)
|
|
47
|
-
|
|
48
|
-
def _range(self, memory, addr, **kwargs):
|
|
49
|
-
"""
|
|
50
|
-
Gets the (min, max) range of solutions for an address.
|
|
51
|
-
"""
|
|
52
|
-
return (self._min(memory, addr, **kwargs), self._max(memory, addr, **kwargs))
|
|
53
|
-
|
|
54
|
-
def concretize(self, memory, addr, **kwargs):
|
|
55
|
-
"""
|
|
56
|
-
Concretizes the address into a list of values.
|
|
57
|
-
If this strategy cannot handle this address, returns None.
|
|
58
|
-
"""
|
|
59
|
-
if self._filter is None or self._filter(memory, addr):
|
|
60
|
-
return self._concretize(memory, addr, **kwargs)
|
|
61
|
-
return None
|
|
62
|
-
|
|
63
|
-
def _concretize(self, memory, addr, **kwargs):
|
|
64
|
-
"""
|
|
65
|
-
Should be implemented by child classes to handle concretization.
|
|
66
|
-
:param **kwargs:
|
|
67
|
-
"""
|
|
68
|
-
raise NotImplementedError
|
|
69
|
-
|
|
70
|
-
def copy(self):
|
|
71
|
-
"""
|
|
72
|
-
Returns a copy of the strategy, if there is data that should be kept separate between
|
|
73
|
-
states. If not, returns self.
|
|
74
|
-
"""
|
|
75
|
-
return self
|
|
76
|
-
|
|
77
|
-
def merge(self, others):
|
|
78
|
-
"""
|
|
79
|
-
Merges this strategy with others (if there is data that should be kept separate between
|
|
80
|
-
states. If not, is a no-op.
|
|
81
|
-
"""
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
# pylint: disable=wrong-import-position
|
|
85
|
-
# FIXME: This is a circular import, move base class to a separate file
|
|
86
3
|
from .any import SimConcretizationStrategyAny
|
|
4
|
+
from .base import SimConcretizationStrategy
|
|
87
5
|
from .controlled_data import SimConcretizationStrategyControlledData
|
|
88
6
|
from .eval import SimConcretizationStrategyEval
|
|
89
7
|
from .max import SimConcretizationStrategyMax
|
|
@@ -0,0 +1,81 @@
|
|
|
1
|
+
from __future__ import annotations
|
|
2
|
+
|
|
3
|
+
|
|
4
|
+
class SimConcretizationStrategy:
|
|
5
|
+
"""
|
|
6
|
+
Concretization strategies control the resolution of symbolic memory indices
|
|
7
|
+
in SimuVEX. By subclassing this class and setting it as a concretization strategy
|
|
8
|
+
(on state.memory.read_strategies and state.memory.write_strategies), SimuVEX's
|
|
9
|
+
memory index concretization behavior can be modified.
|
|
10
|
+
"""
|
|
11
|
+
|
|
12
|
+
def __init__(self, filter=None, exact=True): # pylint:disable=redefined-builtin
|
|
13
|
+
"""
|
|
14
|
+
Initializes the base SimConcretizationStrategy.
|
|
15
|
+
|
|
16
|
+
:param filter: A function, taking arguments of (SimMemory, claripy.AST) that determines
|
|
17
|
+
if this strategy can handle resolving the provided AST.
|
|
18
|
+
:param exact: A flag (default: True) that determines if the convenience resolution
|
|
19
|
+
functions provided by this class use exact or approximate resolution.
|
|
20
|
+
"""
|
|
21
|
+
self._exact = exact
|
|
22
|
+
self._filter = filter
|
|
23
|
+
|
|
24
|
+
def _min(self, memory, addr, **kwargs):
|
|
25
|
+
"""
|
|
26
|
+
Gets the minimum solution of an address.
|
|
27
|
+
"""
|
|
28
|
+
return memory.state.solver.min(addr, exact=kwargs.pop("exact", self._exact), **kwargs)
|
|
29
|
+
|
|
30
|
+
def _max(self, memory, addr, **kwargs):
|
|
31
|
+
"""
|
|
32
|
+
Gets the maximum solution of an address.
|
|
33
|
+
"""
|
|
34
|
+
return memory.state.solver.max(addr, exact=kwargs.pop("exact", self._exact), **kwargs)
|
|
35
|
+
|
|
36
|
+
def _any(self, memory, addr, **kwargs):
|
|
37
|
+
"""
|
|
38
|
+
Gets any solution of an address.
|
|
39
|
+
"""
|
|
40
|
+
return memory.state.solver.eval(addr, exact=kwargs.pop("exact", self._exact), **kwargs)
|
|
41
|
+
|
|
42
|
+
def _eval(self, memory, addr, n, **kwargs):
|
|
43
|
+
"""
|
|
44
|
+
Gets n solutions for an address.
|
|
45
|
+
"""
|
|
46
|
+
return memory.state.solver.eval_upto(addr, n, exact=kwargs.pop("exact", self._exact), **kwargs)
|
|
47
|
+
|
|
48
|
+
def _range(self, memory, addr, **kwargs):
|
|
49
|
+
"""
|
|
50
|
+
Gets the (min, max) range of solutions for an address.
|
|
51
|
+
"""
|
|
52
|
+
return (self._min(memory, addr, **kwargs), self._max(memory, addr, **kwargs))
|
|
53
|
+
|
|
54
|
+
def concretize(self, memory, addr, **kwargs):
|
|
55
|
+
"""
|
|
56
|
+
Concretizes the address into a list of values.
|
|
57
|
+
If this strategy cannot handle this address, returns None.
|
|
58
|
+
"""
|
|
59
|
+
if self._filter is None or self._filter(memory, addr):
|
|
60
|
+
return self._concretize(memory, addr, **kwargs)
|
|
61
|
+
return None
|
|
62
|
+
|
|
63
|
+
def _concretize(self, memory, addr, **kwargs):
|
|
64
|
+
"""
|
|
65
|
+
Should be implemented by child classes to handle concretization.
|
|
66
|
+
:param **kwargs:
|
|
67
|
+
"""
|
|
68
|
+
raise NotImplementedError
|
|
69
|
+
|
|
70
|
+
def copy(self):
|
|
71
|
+
"""
|
|
72
|
+
Returns a copy of the strategy, if there is data that should be kept separate between
|
|
73
|
+
states. If not, returns self.
|
|
74
|
+
"""
|
|
75
|
+
return self
|
|
76
|
+
|
|
77
|
+
def merge(self, others):
|
|
78
|
+
"""
|
|
79
|
+
Merges this strategy with others (if there is data that should be kept separate between
|
|
80
|
+
states. If not, is a no-op.
|
|
81
|
+
"""
|
angr/engines/__init__.py
CHANGED
|
@@ -8,13 +8,10 @@ from .procedure import ProcedureMixin, ProcedureEngine
|
|
|
8
8
|
from .unicorn import SimEngineUnicorn
|
|
9
9
|
from .failure import SimEngineFailure
|
|
10
10
|
from .syscall import SimEngineSyscall
|
|
11
|
-
from .concrete import SimEngineConcrete
|
|
12
11
|
from .hook import HooksMixin
|
|
13
12
|
from .soot import SootMixin
|
|
14
13
|
|
|
15
14
|
|
|
16
|
-
# The default execution engine
|
|
17
|
-
# You may remove unused mixins from this default engine to speed up execution
|
|
18
15
|
class UberEngine(
|
|
19
16
|
SimEngineFailure,
|
|
20
17
|
SimEngineSyscall,
|
|
@@ -27,7 +24,14 @@ class UberEngine(
|
|
|
27
24
|
SootMixin,
|
|
28
25
|
HeavyVEXMixin,
|
|
29
26
|
):
|
|
30
|
-
|
|
27
|
+
"""
|
|
28
|
+
The default execution engine for angr. This engine includes mixins for most
|
|
29
|
+
common functionality in angr, including VEX IR, unicorn, syscall handling,
|
|
30
|
+
and simprocedure handling.
|
|
31
|
+
|
|
32
|
+
For some performance-sensitive applications, you may want to create a custom
|
|
33
|
+
engine with only the necessary mixins.
|
|
34
|
+
"""
|
|
31
35
|
|
|
32
36
|
|
|
33
37
|
__all__ = [
|
|
@@ -37,7 +41,6 @@ __all__ = [
|
|
|
37
41
|
"ProcedureEngine",
|
|
38
42
|
"ProcedureMixin",
|
|
39
43
|
"SimEngine",
|
|
40
|
-
"SimEngineConcrete",
|
|
41
44
|
"SimEngineFailure",
|
|
42
45
|
"SimEngineSyscall",
|
|
43
46
|
"SimEngineUnicorn",
|
angr/engines/engine.py
CHANGED
|
@@ -32,9 +32,7 @@ class SimEngineBase(Generic[StateType]):
|
|
|
32
32
|
|
|
33
33
|
state: StateType
|
|
34
34
|
|
|
35
|
-
def __init__(self, project: angr.Project
|
|
36
|
-
if kwargs:
|
|
37
|
-
raise TypeError("Unused initializer args: " + ", ".join(kwargs.keys()))
|
|
35
|
+
def __init__(self, project: angr.Project):
|
|
38
36
|
self.project = project
|
|
39
37
|
self.arch = self.project.arch
|
|
40
38
|
|
|
@@ -66,8 +64,8 @@ class SuccessorsMixin(SimEngine[HeavyState, SimSuccessors]):
|
|
|
66
64
|
and dispatches to a ``process_successors`` method to fill a SimSuccessors object with the results.
|
|
67
65
|
"""
|
|
68
66
|
|
|
69
|
-
def __init__(self,
|
|
70
|
-
super().__init__(
|
|
67
|
+
def __init__(self, project: angr.Project):
|
|
68
|
+
super().__init__(project)
|
|
71
69
|
|
|
72
70
|
self.successors: SimSuccessors | None = None
|
|
73
71
|
|