angr 9.2.138__py3-none-manylinux2014_x86_64.whl → 9.2.140__py3-none-manylinux2014_x86_64.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of angr might be problematic. Click here for more details.
- angr/__init__.py +1 -1
- angr/analyses/calling_convention/calling_convention.py +48 -21
- angr/analyses/calling_convention/fact_collector.py +59 -12
- angr/analyses/calling_convention/utils.py +2 -2
- angr/analyses/cfg/cfg_base.py +13 -0
- angr/analyses/cfg/cfg_fast.py +23 -4
- angr/analyses/decompiler/ail_simplifier.py +79 -53
- angr/analyses/decompiler/block_simplifier.py +0 -2
- angr/analyses/decompiler/callsite_maker.py +80 -14
- angr/analyses/decompiler/clinic.py +99 -80
- angr/analyses/decompiler/condition_processor.py +2 -2
- angr/analyses/decompiler/decompiler.py +19 -7
- angr/analyses/decompiler/dephication/rewriting_engine.py +16 -7
- angr/analyses/decompiler/expression_narrower.py +1 -1
- angr/analyses/decompiler/optimization_passes/__init__.py +3 -0
- angr/analyses/decompiler/optimization_passes/condition_constprop.py +149 -0
- angr/analyses/decompiler/optimization_passes/const_prop_reverter.py +8 -7
- angr/analyses/decompiler/optimization_passes/deadblock_remover.py +12 -3
- angr/analyses/decompiler/optimization_passes/inlined_string_transformation_simplifier.py +1 -1
- angr/analyses/decompiler/optimization_passes/ite_region_converter.py +21 -13
- angr/analyses/decompiler/optimization_passes/optimization_pass.py +21 -12
- angr/analyses/decompiler/optimization_passes/return_duplicator_base.py +17 -9
- angr/analyses/decompiler/optimization_passes/return_duplicator_high.py +7 -10
- angr/analyses/decompiler/peephole_optimizations/eager_eval.py +12 -1
- angr/analyses/decompiler/peephole_optimizations/remove_redundant_conversions.py +61 -25
- angr/analyses/decompiler/peephole_optimizations/remove_redundant_shifts.py +50 -1
- angr/analyses/decompiler/presets/fast.py +2 -0
- angr/analyses/decompiler/presets/full.py +2 -0
- angr/analyses/decompiler/region_simplifiers/expr_folding.py +259 -108
- angr/analyses/decompiler/region_simplifiers/region_simplifier.py +28 -9
- angr/analyses/decompiler/ssailification/rewriting_engine.py +20 -2
- angr/analyses/decompiler/ssailification/traversal_engine.py +4 -3
- angr/analyses/decompiler/structured_codegen/c.py +10 -3
- angr/analyses/decompiler/structuring/dream.py +28 -19
- angr/analyses/decompiler/structuring/phoenix.py +253 -89
- angr/analyses/decompiler/structuring/recursive_structurer.py +1 -0
- angr/analyses/decompiler/structuring/structurer_base.py +121 -46
- angr/analyses/decompiler/structuring/structurer_nodes.py +6 -1
- angr/analyses/decompiler/utils.py +60 -1
- angr/analyses/deobfuscator/api_obf_finder.py +13 -5
- angr/analyses/deobfuscator/api_obf_type2_finder.py +166 -0
- angr/analyses/deobfuscator/string_obf_finder.py +105 -18
- angr/analyses/forward_analysis/forward_analysis.py +1 -1
- angr/analyses/propagator/top_checker_mixin.py +6 -6
- angr/analyses/reaching_definitions/__init__.py +2 -1
- angr/analyses/reaching_definitions/dep_graph.py +1 -12
- angr/analyses/reaching_definitions/engine_vex.py +36 -31
- angr/analyses/reaching_definitions/function_handler.py +15 -2
- angr/analyses/reaching_definitions/rd_state.py +1 -37
- angr/analyses/reaching_definitions/reaching_definitions.py +13 -24
- angr/analyses/s_propagator.py +129 -87
- angr/analyses/s_reaching_definitions/s_rda_model.py +7 -1
- angr/analyses/s_reaching_definitions/s_rda_view.py +2 -2
- angr/analyses/s_reaching_definitions/s_reaching_definitions.py +3 -1
- angr/analyses/stack_pointer_tracker.py +36 -22
- angr/analyses/typehoon/simple_solver.py +45 -7
- angr/analyses/typehoon/typeconsts.py +18 -5
- angr/analyses/variable_recovery/engine_ail.py +1 -1
- angr/analyses/variable_recovery/engine_base.py +62 -67
- angr/analyses/variable_recovery/engine_vex.py +1 -1
- angr/analyses/variable_recovery/irsb_scanner.py +2 -2
- angr/block.py +69 -107
- angr/callable.py +14 -7
- angr/calling_conventions.py +81 -10
- angr/distributed/__init__.py +1 -1
- angr/engines/__init__.py +7 -8
- angr/engines/engine.py +3 -138
- angr/engines/failure.py +2 -2
- angr/engines/hook.py +2 -2
- angr/engines/light/engine.py +5 -10
- angr/engines/pcode/emulate.py +2 -2
- angr/engines/pcode/engine.py +2 -14
- angr/engines/pcode/lifter.py +2 -2
- angr/engines/procedure.py +2 -2
- angr/engines/soot/engine.py +2 -2
- angr/engines/soot/statements/switch.py +1 -1
- angr/engines/successors.py +123 -17
- angr/engines/syscall.py +2 -2
- angr/engines/unicorn.py +3 -3
- angr/engines/vex/heavy/heavy.py +3 -15
- angr/engines/vex/lifter.py +2 -2
- angr/engines/vex/light/light.py +2 -2
- angr/factory.py +4 -19
- angr/knowledge_plugins/cfg/cfg_model.py +3 -2
- angr/knowledge_plugins/key_definitions/atoms.py +8 -4
- angr/knowledge_plugins/key_definitions/live_definitions.py +41 -103
- angr/knowledge_plugins/labels.py +2 -2
- angr/knowledge_plugins/obfuscations.py +1 -0
- angr/knowledge_plugins/xrefs/xref_manager.py +4 -0
- angr/sim_type.py +19 -17
- angr/state_plugins/plugin.py +19 -4
- angr/storage/memory_mixins/memory_mixin.py +1 -1
- angr/storage/memory_mixins/paged_memory/pages/multi_values.py +10 -5
- angr/utils/ssa/__init__.py +119 -4
- {angr-9.2.138.dist-info → angr-9.2.140.dist-info}/METADATA +6 -6
- {angr-9.2.138.dist-info → angr-9.2.140.dist-info}/RECORD +100 -98
- {angr-9.2.138.dist-info → angr-9.2.140.dist-info}/LICENSE +0 -0
- {angr-9.2.138.dist-info → angr-9.2.140.dist-info}/WHEEL +0 -0
- {angr-9.2.138.dist-info → angr-9.2.140.dist-info}/entry_points.txt +0 -0
- {angr-9.2.138.dist-info → angr-9.2.140.dist-info}/top_level.txt +0 -0
|
@@ -42,7 +42,7 @@ class TypeConstant:
|
|
|
42
42
|
raise NotImplementedError
|
|
43
43
|
return self.SIZE
|
|
44
44
|
|
|
45
|
-
def __repr__(self, memo=None):
|
|
45
|
+
def __repr__(self, memo=None) -> str:
|
|
46
46
|
raise NotImplementedError
|
|
47
47
|
|
|
48
48
|
|
|
@@ -57,7 +57,7 @@ class BottomType(TypeConstant):
|
|
|
57
57
|
|
|
58
58
|
|
|
59
59
|
class Int(TypeConstant):
|
|
60
|
-
def __repr__(self, memo=None):
|
|
60
|
+
def __repr__(self, memo=None) -> str:
|
|
61
61
|
return "intbase"
|
|
62
62
|
|
|
63
63
|
|
|
@@ -82,14 +82,14 @@ class Int16(Int):
|
|
|
82
82
|
class Int32(Int):
|
|
83
83
|
SIZE = 4
|
|
84
84
|
|
|
85
|
-
def __repr__(self, memo=None):
|
|
85
|
+
def __repr__(self, memo=None) -> str:
|
|
86
86
|
return "int32"
|
|
87
87
|
|
|
88
88
|
|
|
89
89
|
class Int64(Int):
|
|
90
90
|
SIZE = 8
|
|
91
91
|
|
|
92
|
-
def __repr__(self, memo=None):
|
|
92
|
+
def __repr__(self, memo=None) -> str:
|
|
93
93
|
return "int64"
|
|
94
94
|
|
|
95
95
|
|
|
@@ -115,7 +115,7 @@ class Int512(Int):
|
|
|
115
115
|
|
|
116
116
|
|
|
117
117
|
class FloatBase(TypeConstant):
|
|
118
|
-
def __repr__(self, memo=None):
|
|
118
|
+
def __repr__(self, memo=None) -> str:
|
|
119
119
|
return "floatbase"
|
|
120
120
|
|
|
121
121
|
|
|
@@ -185,6 +185,12 @@ class Array(TypeConstant):
|
|
|
185
185
|
self.element: TypeConstant | None = element
|
|
186
186
|
self.count: int | None = count
|
|
187
187
|
|
|
188
|
+
@property
|
|
189
|
+
def size(self) -> int:
|
|
190
|
+
if not self.count or not self.element:
|
|
191
|
+
return 0
|
|
192
|
+
return self.element.size * self.count
|
|
193
|
+
|
|
188
194
|
@memoize
|
|
189
195
|
def __repr__(self, memo=None):
|
|
190
196
|
if self.count is None:
|
|
@@ -221,6 +227,13 @@ class Struct(TypeConstant):
|
|
|
221
227
|
tpl = tuple((k, self.fields[k]._hash(visited) if self.fields[k] is not None else None) for k in keys)
|
|
222
228
|
return hash(tpl)
|
|
223
229
|
|
|
230
|
+
@property
|
|
231
|
+
def size(self) -> int:
|
|
232
|
+
if not self.fields:
|
|
233
|
+
return 0
|
|
234
|
+
max_field_off = max(self.fields.keys())
|
|
235
|
+
return max_field_off + self.fields[max_field_off].size
|
|
236
|
+
|
|
224
237
|
@memoize
|
|
225
238
|
def __repr__(self, memo=None):
|
|
226
239
|
prefix = "struct"
|
|
@@ -84,7 +84,7 @@ class SimEngineVRAIL(
|
|
|
84
84
|
if vvar is not None:
|
|
85
85
|
r = self._read_from_vvar(vvar, expr=stmt.src, vvar_id=self._mapped_vvarid(vvar.varid))
|
|
86
86
|
if r.variable is not None:
|
|
87
|
-
pv = self.variable_manager[self.func_addr]._phi_variables
|
|
87
|
+
pv = self.state.variable_manager[self.func_addr]._phi_variables
|
|
88
88
|
if variable not in pv:
|
|
89
89
|
pv[variable] = set()
|
|
90
90
|
pv[variable].add(r.variable)
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
from __future__ import annotations
|
|
2
|
-
from typing import Any,
|
|
2
|
+
from typing import Any, Generic, TypeVar, cast
|
|
3
3
|
import contextlib
|
|
4
4
|
import logging
|
|
5
5
|
|
|
@@ -16,8 +16,6 @@ from angr.code_location import CodeLocation
|
|
|
16
16
|
from angr.analyses.typehoon import typevars, typeconsts
|
|
17
17
|
from angr.analyses.typehoon.typevars import TypeVariable, DerivedTypeVariable, AddN, SubN, Load, Store
|
|
18
18
|
|
|
19
|
-
if TYPE_CHECKING:
|
|
20
|
-
from angr.knowledge_plugins.variables.variable_manager import VariableManager
|
|
21
19
|
|
|
22
20
|
#
|
|
23
21
|
# The base engine used in VariableRecoveryFast
|
|
@@ -72,8 +70,6 @@ class SimEngineVRBase(
|
|
|
72
70
|
and storing data.
|
|
73
71
|
"""
|
|
74
72
|
|
|
75
|
-
variable_manager: VariableManager
|
|
76
|
-
|
|
77
73
|
def __init__(self, project, kb):
|
|
78
74
|
super().__init__(project)
|
|
79
75
|
|
|
@@ -86,10 +82,6 @@ class SimEngineVRBase(
|
|
|
86
82
|
return None
|
|
87
83
|
return self.state.function.addr
|
|
88
84
|
|
|
89
|
-
def process(self, state, *args, **kwargs):
|
|
90
|
-
self.variable_manager = state.variable_manager
|
|
91
|
-
super().process(state, *args, **kwargs)
|
|
92
|
-
|
|
93
85
|
def _top(self, bits):
|
|
94
86
|
return RichR(self.state.top(bits))
|
|
95
87
|
|
|
@@ -130,9 +122,9 @@ class SimEngineVRBase(
|
|
|
130
122
|
if abs_offset.op == "__lshift__" and cast(claripy.ast.BV, abs_offset.args[1]).concrete:
|
|
131
123
|
offset = cast(claripy.ast.BV, abs_offset.args[0])
|
|
132
124
|
elem_size = 2 ** cast(claripy.ast.BV, abs_offset.args[1]).concrete_value
|
|
133
|
-
elif abs_offset.op == "__mul__" and abs_offset.args[1].concrete:
|
|
134
|
-
offset = abs_offset.args[0]
|
|
135
|
-
elem_size = abs_offset.args[1].concrete_value
|
|
125
|
+
elif abs_offset.op == "__mul__" and cast(claripy.ast.BV, abs_offset.args[1]).concrete:
|
|
126
|
+
offset = cast(claripy.ast.BV, abs_offset.args[0])
|
|
127
|
+
elem_size = cast(claripy.ast.BV, abs_offset.args[1]).concrete_value
|
|
136
128
|
|
|
137
129
|
if base_addr is not None and offset is not None and elem_size is not None:
|
|
138
130
|
return base_addr, offset, elem_size
|
|
@@ -152,7 +144,7 @@ class SimEngineVRBase(
|
|
|
152
144
|
# extract stack offset
|
|
153
145
|
stack_offset: int | None = self.state.get_stack_offset(data)
|
|
154
146
|
|
|
155
|
-
variable_manager = self.variable_manager[self.func_addr]
|
|
147
|
+
variable_manager = self.state.variable_manager[self.func_addr]
|
|
156
148
|
var_candidates: list[tuple[SimVariable, int]] = variable_manager.find_variables_by_stmt(
|
|
157
149
|
self.block.addr, self.stmt_idx, "memory"
|
|
158
150
|
)
|
|
@@ -190,10 +182,10 @@ class SimEngineVRBase(
|
|
|
190
182
|
stack_offset,
|
|
191
183
|
lea_size,
|
|
192
184
|
base="bp",
|
|
193
|
-
ident=self.variable_manager[self.func_addr].next_variable_ident("stack"),
|
|
185
|
+
ident=self.state.variable_manager[self.func_addr].next_variable_ident("stack"),
|
|
194
186
|
region=self.func_addr,
|
|
195
187
|
)
|
|
196
|
-
self.variable_manager[self.func_addr].add_variable("stack", stack_offset, variable)
|
|
188
|
+
self.state.variable_manager[self.func_addr].add_variable("stack", stack_offset, variable)
|
|
197
189
|
l.debug("Identified a new stack variable %s at %#x.", variable, self.ins_addr)
|
|
198
190
|
existing_vars.append((variable, 0))
|
|
199
191
|
|
|
@@ -212,7 +204,7 @@ class SimEngineVRBase(
|
|
|
212
204
|
# this is probably an address for a global variable
|
|
213
205
|
global_var_addr = data.concrete_value
|
|
214
206
|
|
|
215
|
-
variable_manager = self.variable_manager["global"]
|
|
207
|
+
variable_manager = self.state.variable_manager["global"]
|
|
216
208
|
|
|
217
209
|
# special case for global variables: find existing variable by base address
|
|
218
210
|
existing_vars = [(var, 0) for var in variable_manager.get_global_variables(global_var_addr)]
|
|
@@ -249,7 +241,7 @@ class SimEngineVRBase(
|
|
|
249
241
|
# extract stack offset
|
|
250
242
|
stack_offset: int | None = self.state.get_stack_offset(data)
|
|
251
243
|
|
|
252
|
-
variable_manager = self.variable_manager[self.func_addr]
|
|
244
|
+
variable_manager = self.state.variable_manager[self.func_addr]
|
|
253
245
|
var_candidates: list[tuple[SimVariable, int]] = variable_manager.find_variables_by_stmt(
|
|
254
246
|
self.block.addr,
|
|
255
247
|
self.stmt_idx,
|
|
@@ -265,7 +257,7 @@ class SimEngineVRBase(
|
|
|
265
257
|
elif self.state.is_global_variable_address(data):
|
|
266
258
|
# this is probably an address for a global variable
|
|
267
259
|
global_var_addr = data.concrete_value
|
|
268
|
-
variable_manager = self.variable_manager["global"]
|
|
260
|
+
variable_manager = self.state.variable_manager["global"]
|
|
269
261
|
# special case for global variables: find existing variable by base address
|
|
270
262
|
existing_vars = [(var, 0) for var in variable_manager.get_global_variables(global_var_addr)]
|
|
271
263
|
else:
|
|
@@ -319,9 +311,9 @@ class SimEngineVRBase(
|
|
|
319
311
|
# handle register writes
|
|
320
312
|
|
|
321
313
|
# first check if there is an existing variable for the atom at this location already
|
|
322
|
-
existing_vars: set[tuple[SimVariable, int]] = self.variable_manager[
|
|
323
|
-
self.
|
|
324
|
-
)
|
|
314
|
+
existing_vars: set[tuple[SimVariable, int]] = self.state.variable_manager[
|
|
315
|
+
self.func_addr
|
|
316
|
+
].find_variables_by_atom(self.block.addr, self.stmt_idx, dst)
|
|
325
317
|
if not existing_vars:
|
|
326
318
|
# next check if we are overwriting *part* of an existing variable that is not an input variable
|
|
327
319
|
addr_and_variables = set()
|
|
@@ -334,7 +326,7 @@ class SimEngineVRBase(
|
|
|
334
326
|
addr_and_variables.update(self.state.extract_variables(value))
|
|
335
327
|
except SimMemoryMissingError:
|
|
336
328
|
pass
|
|
337
|
-
input_vars = self.variable_manager[self.func_addr].input_variables()
|
|
329
|
+
input_vars = self.state.variable_manager[self.func_addr].input_variables()
|
|
338
330
|
existing_vars = {
|
|
339
331
|
(av[1], av[0]) for av in addr_and_variables if av[1] not in input_vars and av[1].size > size
|
|
340
332
|
}
|
|
@@ -343,10 +335,10 @@ class SimEngineVRBase(
|
|
|
343
335
|
variable = SimRegisterVariable(
|
|
344
336
|
offset,
|
|
345
337
|
size,
|
|
346
|
-
ident=self.variable_manager[self.func_addr].next_variable_ident("register"),
|
|
338
|
+
ident=self.state.variable_manager[self.func_addr].next_variable_ident("register"),
|
|
347
339
|
region=self.func_addr,
|
|
348
340
|
)
|
|
349
|
-
self.variable_manager[self.func_addr].add_variable("register", offset, variable)
|
|
341
|
+
self.state.variable_manager[self.func_addr].add_variable("register", offset, variable)
|
|
350
342
|
else:
|
|
351
343
|
variable, _ = next(iter(existing_vars))
|
|
352
344
|
|
|
@@ -355,7 +347,7 @@ class SimEngineVRBase(
|
|
|
355
347
|
v = MultiValues(annotated_data)
|
|
356
348
|
self.state.register_region.store(offset, v)
|
|
357
349
|
# register with the variable manager
|
|
358
|
-
self.variable_manager[self.func_addr].write_to(variable, None, codeloc, atom=dst, overwrite=False)
|
|
350
|
+
self.state.variable_manager[self.func_addr].write_to(variable, None, codeloc, atom=dst, overwrite=False)
|
|
359
351
|
|
|
360
352
|
if richr.typevar is not None:
|
|
361
353
|
if not self.state.typevars.has_type_variable_for(variable, codeloc):
|
|
@@ -397,9 +389,9 @@ class SimEngineVRBase(
|
|
|
397
389
|
self._reference(richr, codeloc)
|
|
398
390
|
|
|
399
391
|
# first check if there is an existing variable for the atom at this location already
|
|
400
|
-
existing_vars: set[tuple[SimVariable, int]] = self.variable_manager[
|
|
401
|
-
self.
|
|
402
|
-
)
|
|
392
|
+
existing_vars: set[tuple[SimVariable, int]] = self.state.variable_manager[
|
|
393
|
+
self.func_addr
|
|
394
|
+
].find_variables_by_atom(self.block.addr, self.stmt_idx, dst)
|
|
403
395
|
if not existing_vars:
|
|
404
396
|
# next check if there is already a variable for the vvar ID
|
|
405
397
|
addr_and_variables = set()
|
|
@@ -415,33 +407,34 @@ class SimEngineVRBase(
|
|
|
415
407
|
variable = SimRegisterVariable(
|
|
416
408
|
vvar.reg_offset,
|
|
417
409
|
vvar.size,
|
|
418
|
-
ident=self.variable_manager[self.func_addr].next_variable_ident("register"),
|
|
410
|
+
ident=self.state.variable_manager[self.func_addr].next_variable_ident("register"),
|
|
419
411
|
region=self.func_addr,
|
|
420
412
|
)
|
|
421
|
-
self.variable_manager[self.func_addr].add_variable("register", vvar.reg_offset, variable)
|
|
413
|
+
self.state.variable_manager[self.func_addr].add_variable("register", vvar.reg_offset, variable)
|
|
422
414
|
elif vvar.was_stack:
|
|
423
415
|
variable = SimStackVariable(
|
|
424
416
|
vvar.stack_offset,
|
|
425
417
|
vvar.size,
|
|
426
|
-
ident=self.variable_manager[self.func_addr].next_variable_ident("stack"),
|
|
418
|
+
ident=self.state.variable_manager[self.func_addr].next_variable_ident("stack"),
|
|
427
419
|
region=self.func_addr,
|
|
428
420
|
)
|
|
429
|
-
self.variable_manager[self.func_addr].add_variable("stack", vvar.stack_offset, variable)
|
|
421
|
+
self.state.variable_manager[self.func_addr].add_variable("stack", vvar.stack_offset, variable)
|
|
430
422
|
elif vvar.was_parameter:
|
|
431
423
|
# FIXME: we assume all parameter vvars were registers
|
|
432
424
|
variable = SimRegisterVariable(
|
|
433
425
|
vvar.reg_offset,
|
|
434
426
|
vvar.size,
|
|
435
|
-
ident=self.variable_manager[self.func_addr].next_variable_ident("register"),
|
|
427
|
+
ident=self.state.variable_manager[self.func_addr].next_variable_ident("register"),
|
|
436
428
|
region=self.func_addr,
|
|
437
429
|
)
|
|
438
|
-
self.variable_manager[self.func_addr].add_variable("register", vvar.oident, variable)
|
|
430
|
+
self.state.variable_manager[self.func_addr].add_variable("register", vvar.oident, variable)
|
|
439
431
|
elif vvar.was_tmp:
|
|
440
432
|
# FIXME: we treat all tmp vvars as registers
|
|
433
|
+
assert vvar.tmp_idx is not None
|
|
441
434
|
variable = SimRegisterVariable(
|
|
442
435
|
4096 + vvar.tmp_idx,
|
|
443
436
|
vvar.size,
|
|
444
|
-
ident=self.variable_manager[self.func_addr].next_variable_ident("register"),
|
|
437
|
+
ident=self.state.variable_manager[self.func_addr].next_variable_ident("register"),
|
|
445
438
|
region=self.func_addr,
|
|
446
439
|
)
|
|
447
440
|
else:
|
|
@@ -452,7 +445,7 @@ class SimEngineVRBase(
|
|
|
452
445
|
# FIXME: The offset does not have to be 0
|
|
453
446
|
annotated_data = self.state.annotate_with_variables(data, [(0, variable)])
|
|
454
447
|
self.vvar_region[vvar_id] = annotated_data
|
|
455
|
-
self.variable_manager[self.func_addr].write_to(variable, None, codeloc, atom=dst, overwrite=False)
|
|
448
|
+
self.state.variable_manager[self.func_addr].write_to(variable, None, codeloc, atom=dst, overwrite=False)
|
|
456
449
|
|
|
457
450
|
if richr.typevar is not None:
|
|
458
451
|
if not self.state.typevars.has_type_variable_for(variable, codeloc):
|
|
@@ -502,26 +495,26 @@ class SimEngineVRBase(
|
|
|
502
495
|
|
|
503
496
|
if not stored:
|
|
504
497
|
# remove existing variables linked to this statement
|
|
505
|
-
existing_vars = self.variable_manager[self.func_addr].find_variables_by_stmt(
|
|
498
|
+
existing_vars = self.state.variable_manager[self.func_addr].find_variables_by_stmt(
|
|
506
499
|
self.block.addr, self.stmt_idx, "memory"
|
|
507
500
|
)
|
|
508
501
|
codeloc = self._codeloc()
|
|
509
502
|
if existing_vars:
|
|
510
503
|
for existing_var, _ in list(existing_vars):
|
|
511
|
-
self.variable_manager[self.func_addr].remove_variable_by_atom(codeloc, existing_var, atom)
|
|
504
|
+
self.state.variable_manager[self.func_addr].remove_variable_by_atom(codeloc, existing_var, atom)
|
|
512
505
|
|
|
513
506
|
# storing to a location specified by a pointer whose value cannot be determined at this point
|
|
514
|
-
self._store_to_variable(richr_addr, size)
|
|
507
|
+
self._store_to_variable(richr_addr, data, size)
|
|
515
508
|
|
|
516
509
|
def _store_to_stack(
|
|
517
510
|
self, stack_offset, data: RichR[claripy.ast.BV | claripy.ast.FP], size, offset=0, atom=None, endness=None
|
|
518
511
|
):
|
|
519
512
|
if atom is None:
|
|
520
|
-
existing_vars = self.variable_manager[self.func_addr].find_variables_by_stmt(
|
|
513
|
+
existing_vars = self.state.variable_manager[self.func_addr].find_variables_by_stmt(
|
|
521
514
|
self.block.addr, self.stmt_idx, "memory"
|
|
522
515
|
)
|
|
523
516
|
else:
|
|
524
|
-
existing_vars = self.variable_manager[self.func_addr].find_variables_by_atom(
|
|
517
|
+
existing_vars = self.state.variable_manager[self.func_addr].find_variables_by_atom(
|
|
525
518
|
self.block.addr, self.stmt_idx, atom
|
|
526
519
|
)
|
|
527
520
|
if not existing_vars:
|
|
@@ -529,12 +522,12 @@ class SimEngineVRBase(
|
|
|
529
522
|
stack_offset,
|
|
530
523
|
size,
|
|
531
524
|
base="bp",
|
|
532
|
-
ident=self.variable_manager[self.func_addr].next_variable_ident("stack"),
|
|
525
|
+
ident=self.state.variable_manager[self.func_addr].next_variable_ident("stack"),
|
|
533
526
|
region=self.func_addr,
|
|
534
527
|
)
|
|
535
528
|
variable_offset = offset
|
|
536
529
|
if isinstance(stack_offset, int):
|
|
537
|
-
self.variable_manager[self.func_addr].set_variable("stack", stack_offset, variable)
|
|
530
|
+
self.state.variable_manager[self.func_addr].set_variable("stack", stack_offset, variable)
|
|
538
531
|
l.debug("Identified a new stack variable %s at %#x.", variable, self.ins_addr)
|
|
539
532
|
|
|
540
533
|
else:
|
|
@@ -562,7 +555,7 @@ class SimEngineVRBase(
|
|
|
562
555
|
offset_into_var = var_offset
|
|
563
556
|
if offset_into_var == 0:
|
|
564
557
|
offset_into_var = None
|
|
565
|
-
self.variable_manager[self.func_addr].write_to(
|
|
558
|
+
self.state.variable_manager[self.func_addr].write_to(
|
|
566
559
|
var,
|
|
567
560
|
offset_into_var,
|
|
568
561
|
codeloc,
|
|
@@ -589,7 +582,7 @@ class SimEngineVRBase(
|
|
|
589
582
|
offset: claripy.ast.BV | None = None,
|
|
590
583
|
elem_size: int | None = None,
|
|
591
584
|
):
|
|
592
|
-
variable_manager = self.variable_manager["global"]
|
|
585
|
+
variable_manager = self.state.variable_manager["global"]
|
|
593
586
|
if stmt is None:
|
|
594
587
|
existing_vars = variable_manager.find_variables_by_stmt(self.block.addr, self.stmt_idx, "memory")
|
|
595
588
|
else:
|
|
@@ -677,7 +670,7 @@ class SimEngineVRBase(
|
|
|
677
670
|
self.state.add_type_constraint(typevars.Subtype(store_typevar, typeconsts.TopType()))
|
|
678
671
|
self.state.add_type_constraint(typevars.Subtype(data.typevar, store_typevar))
|
|
679
672
|
|
|
680
|
-
def _store_to_variable(self, richr_addr: RichR[claripy.ast.BV], size: int):
|
|
673
|
+
def _store_to_variable(self, richr_addr: RichR[claripy.ast.BV], data: RichR, size: int):
|
|
681
674
|
addr_variable = richr_addr.variable
|
|
682
675
|
codeloc = self._codeloc()
|
|
683
676
|
|
|
@@ -696,13 +689,11 @@ class SimEngineVRBase(
|
|
|
696
689
|
base_typevar = typevar
|
|
697
690
|
field_offset = 0
|
|
698
691
|
|
|
699
|
-
# if addr_variable is not None:
|
|
700
|
-
# self.variable_manager[self.func_addr].reference_at(addr_variable, field_offset, codeloc, atom=stmt)
|
|
701
|
-
|
|
702
692
|
store_typevar = self._create_access_typevar(base_typevar, True, size, field_offset)
|
|
703
693
|
if addr_variable is not None:
|
|
704
694
|
self.state.typevars.add_type_variable(addr_variable, codeloc, typevar)
|
|
705
|
-
|
|
695
|
+
data_typevar = data.typevar if data.typevar is not None else typeconsts.TopType()
|
|
696
|
+
self.state.add_type_constraint(typevars.Subtype(store_typevar, data_typevar))
|
|
706
697
|
|
|
707
698
|
def _load(self, richr_addr: RichR[claripy.ast.BV], size: int, expr=None):
|
|
708
699
|
"""
|
|
@@ -766,16 +757,18 @@ class SimEngineVRBase(
|
|
|
766
757
|
all_vars.add((var_offset, var_))
|
|
767
758
|
|
|
768
759
|
if not all_vars and concrete_offset is not None:
|
|
769
|
-
variables = self.variable_manager[self.func_addr].find_variables_by_stack_offset(
|
|
760
|
+
variables = self.state.variable_manager[self.func_addr].find_variables_by_stack_offset(
|
|
761
|
+
concrete_offset
|
|
762
|
+
)
|
|
770
763
|
if not variables:
|
|
771
764
|
variable = SimStackVariable(
|
|
772
765
|
concrete_offset,
|
|
773
766
|
size,
|
|
774
767
|
base="bp",
|
|
775
|
-
ident=self.variable_manager[self.func_addr].next_variable_ident("stack"),
|
|
768
|
+
ident=self.state.variable_manager[self.func_addr].next_variable_ident("stack"),
|
|
776
769
|
region=self.func_addr,
|
|
777
770
|
)
|
|
778
|
-
self.variable_manager[self.func_addr].add_variable("stack", concrete_offset, variable)
|
|
771
|
+
self.state.variable_manager[self.func_addr].add_variable("stack", concrete_offset, variable)
|
|
779
772
|
variables = {variable}
|
|
780
773
|
l.debug("Identified a new stack variable %s at %#x.", variable, self.ins_addr)
|
|
781
774
|
for variable in variables:
|
|
@@ -814,7 +807,7 @@ class SimEngineVRBase(
|
|
|
814
807
|
var_offset,
|
|
815
808
|
),
|
|
816
809
|
)
|
|
817
|
-
self.variable_manager[self.func_addr].read_from(
|
|
810
|
+
self.state.variable_manager[self.func_addr].read_from(
|
|
818
811
|
var,
|
|
819
812
|
offset_into_variable,
|
|
820
813
|
codeloc,
|
|
@@ -864,12 +857,12 @@ class SimEngineVRBase(
|
|
|
864
857
|
if v is None and expr is not None:
|
|
865
858
|
# failed to map the address to a known variable
|
|
866
859
|
# remove existing variables linked to this variable
|
|
867
|
-
existing_vars = self.variable_manager[self.func_addr].find_variables_by_atom(
|
|
860
|
+
existing_vars = self.state.variable_manager[self.func_addr].find_variables_by_atom(
|
|
868
861
|
self.block.addr, self.stmt_idx, expr
|
|
869
862
|
)
|
|
870
863
|
if existing_vars:
|
|
871
864
|
for existing_var, _ in list(existing_vars):
|
|
872
|
-
self.variable_manager[self.func_addr].remove_variable_by_atom(codeloc, existing_var, expr)
|
|
865
|
+
self.state.variable_manager[self.func_addr].remove_variable_by_atom(codeloc, existing_var, expr)
|
|
873
866
|
|
|
874
867
|
# Loading data from a pointer
|
|
875
868
|
if richr_addr.type_constraints:
|
|
@@ -901,7 +894,7 @@ class SimEngineVRBase(
|
|
|
901
894
|
offset: claripy.ast.BV | None = None,
|
|
902
895
|
elem_size: int | None = None,
|
|
903
896
|
) -> RichR[claripy.ast.BV]:
|
|
904
|
-
variable_manager = self.variable_manager["global"]
|
|
897
|
+
variable_manager = self.state.variable_manager["global"]
|
|
905
898
|
if expr is None:
|
|
906
899
|
existing_vars = variable_manager.find_variables_by_stmt(self.block.addr, self.stmt_idx, "memory")
|
|
907
900
|
else:
|
|
@@ -950,13 +943,13 @@ class SimEngineVRBase(
|
|
|
950
943
|
# it's an array!
|
|
951
944
|
if offset.concrete:
|
|
952
945
|
concrete_offset = offset.concrete_value * elem_size
|
|
953
|
-
load_typevar = self._create_access_typevar(typevar,
|
|
946
|
+
load_typevar = self._create_access_typevar(typevar, False, size, concrete_offset)
|
|
954
947
|
self.state.add_type_constraint(typevars.Subtype(load_typevar, typeconsts.TopType()))
|
|
955
948
|
else:
|
|
956
949
|
# FIXME: This is a hack
|
|
957
950
|
for i in range(4):
|
|
958
951
|
concrete_offset = size * i
|
|
959
|
-
load_typevar = self._create_access_typevar(typevar,
|
|
952
|
+
load_typevar = self._create_access_typevar(typevar, False, size, concrete_offset)
|
|
960
953
|
self.state.add_type_constraint(typevars.Subtype(load_typevar, typeconsts.TopType()))
|
|
961
954
|
|
|
962
955
|
return RichR(self.state.top(size * self.project.arch.byte_width), typevar=typevar)
|
|
@@ -992,11 +985,11 @@ class SimEngineVRBase(
|
|
|
992
985
|
variable = SimRegisterVariable(
|
|
993
986
|
offset,
|
|
994
987
|
size if force_variable_size is None else force_variable_size,
|
|
995
|
-
ident=self.variable_manager[self.func_addr].next_variable_ident("register"),
|
|
988
|
+
ident=self.state.variable_manager[self.func_addr].next_variable_ident("register"),
|
|
996
989
|
region=self.func_addr,
|
|
997
990
|
)
|
|
998
991
|
value = self.state.annotate_with_variables(value, [(0, variable)])
|
|
999
|
-
self.variable_manager[self.func_addr].add_variable("register", offset, variable)
|
|
992
|
+
self.state.variable_manager[self.func_addr].add_variable("register", offset, variable)
|
|
1000
993
|
self.state.register_region.store(offset, value)
|
|
1001
994
|
value_list = [{value}]
|
|
1002
995
|
else:
|
|
@@ -1006,7 +999,9 @@ class SimEngineVRBase(
|
|
|
1006
999
|
for value_set in value_list:
|
|
1007
1000
|
for value in value_set:
|
|
1008
1001
|
for _, var in self.state.extract_variables(value):
|
|
1009
|
-
self.variable_manager[self.func_addr].read_from(
|
|
1002
|
+
self.state.variable_manager[self.func_addr].read_from(
|
|
1003
|
+
var, None, codeloc, atom=expr, overwrite=False
|
|
1004
|
+
)
|
|
1010
1005
|
variable_set.add(var)
|
|
1011
1006
|
|
|
1012
1007
|
if offset == self.project.arch.sp_offset:
|
|
@@ -1078,20 +1073,20 @@ class SimEngineVRBase(
|
|
|
1078
1073
|
variable = SimRegisterVariable(
|
|
1079
1074
|
vvar.reg_offset,
|
|
1080
1075
|
vvar.size,
|
|
1081
|
-
ident=self.variable_manager[self.func_addr].next_variable_ident("register"),
|
|
1076
|
+
ident=self.state.variable_manager[self.func_addr].next_variable_ident("register"),
|
|
1082
1077
|
region=self.func_addr,
|
|
1083
1078
|
)
|
|
1084
1079
|
value = self.state.annotate_with_variables(value, [(0, variable)])
|
|
1085
|
-
self.variable_manager[self.func_addr].add_variable("register", vvar.reg_offset, variable)
|
|
1080
|
+
self.state.variable_manager[self.func_addr].add_variable("register", vvar.reg_offset, variable)
|
|
1086
1081
|
elif vvar.category == ailment.Expr.VirtualVariableCategory.STACK:
|
|
1087
1082
|
variable = SimStackVariable(
|
|
1088
1083
|
vvar.stack_offset,
|
|
1089
1084
|
vvar.size,
|
|
1090
|
-
ident=self.variable_manager[self.func_addr].next_variable_ident("stack"),
|
|
1085
|
+
ident=self.state.variable_manager[self.func_addr].next_variable_ident("stack"),
|
|
1091
1086
|
region=self.func_addr,
|
|
1092
1087
|
)
|
|
1093
1088
|
value = self.state.annotate_with_variables(value, [(0, variable)])
|
|
1094
|
-
self.variable_manager[self.func_addr].add_variable("stack", vvar.stack_offset, variable)
|
|
1089
|
+
self.state.variable_manager[self.func_addr].add_variable("stack", vvar.stack_offset, variable)
|
|
1095
1090
|
elif vvar.category == ailment.Expr.VirtualVariableCategory.PARAMETER:
|
|
1096
1091
|
raise KeyError(f"Missing virtual variable for parameter {vvar}")
|
|
1097
1092
|
elif vvar.category == ailment.Expr.VirtualVariableCategory.TMP:
|
|
@@ -1104,7 +1099,7 @@ class SimEngineVRBase(
|
|
|
1104
1099
|
|
|
1105
1100
|
variable_set = set()
|
|
1106
1101
|
for _, var in self.state.extract_variables(value):
|
|
1107
|
-
self.variable_manager[self.func_addr].read_from(var, None, codeloc, atom=expr, overwrite=False)
|
|
1102
|
+
self.state.variable_manager[self.func_addr].read_from(var, None, codeloc, atom=expr, overwrite=False)
|
|
1108
1103
|
variable_set.add(var)
|
|
1109
1104
|
|
|
1110
1105
|
if (
|
|
@@ -51,7 +51,7 @@ class SimEngineVRVEX(
|
|
|
51
51
|
|
|
52
52
|
def _process_block(self, whitelist=None):
|
|
53
53
|
scanner = VEXIRSBScanner(self.project, logger=self.l)
|
|
54
|
-
scanner.
|
|
54
|
+
scanner.process(None, block=self.block)
|
|
55
55
|
self.stmts_to_lower = scanner.stmts_to_lower
|
|
56
56
|
self.reg_read_stmts_to_ignore = scanner.reg_read_stmts_to_ignore
|
|
57
57
|
|
|
@@ -39,12 +39,12 @@ class VEXIRSBScanner(SimEngineLightVEX[None, None, None, None]):
|
|
|
39
39
|
def _is_top(self, expr) -> bool:
|
|
40
40
|
return True
|
|
41
41
|
|
|
42
|
-
def
|
|
42
|
+
def process(self, state, *, block=None, whitelist=None, **kwargs):
|
|
43
43
|
self.tmps_with_64bit_regs = set()
|
|
44
44
|
self.tmps_assignment_stmtidx = {}
|
|
45
45
|
self.tmps_converted_to_32bit = set()
|
|
46
46
|
|
|
47
|
-
super().
|
|
47
|
+
super().process(state, block=block, whitelist=whitelist, **kwargs)
|
|
48
48
|
|
|
49
49
|
self.stmts_to_lower = {self.tmps_assignment_stmtidx[i] for i in self.tmps_converted_to_32bit}
|
|
50
50
|
|