angr 9.2.147__py3-none-win_amd64.whl → 9.2.149__py3-none-win_amd64.whl

angr/__init__.py

@@ -2,7 +2,7 @@
 # pylint: disable=wrong-import-position
 from __future__ import annotations
 
-__version__ = "9.2.147"
+__version__ = "9.2.149"
 
 if bytes is str:
     raise Exception(

angr/analyses/analysis.py

@@ -18,7 +18,6 @@ import typing
 from rich import progress
 
 from angr.misc.plugins import PluginVendor, VendorPreset
-from angr.misc.ux import deprecated
 from angr.misc import telemetry
 from angr.misc.testing import is_testing
 
@@ -121,10 +120,6 @@ class AnalysesHub(PluginVendor[A]):
         super().__init__()
         self.project = project
 
-    @deprecated()
-    def reload_analyses(self):  # pylint: disable=no-self-use
-        return
-
     def _init_plugin(self, plugin_cls: type[A]) -> AnalysisFactory[A]:
         return AnalysisFactory(self.project, plugin_cls)
 
@@ -392,12 +387,9 @@ class Analysis:
 
     def __getstate__(self):
         d = dict(self.__dict__)
-        if "_progressbar" in d:
-            del d["_progressbar"]
-        if "_progress_callback" in d:
-            del d["_progress_callback"]
-        if "_statusbar" in d:
-            del d["_statusbar"]
+        d.pop("_progressbar", None)
+        d.pop("_progress_callback", None)
+        d.pop("_statusbar", None)
         return d
 
     def __setstate__(self, state):

angr/analyses/calling_convention/calling_convention.py

@@ -13,8 +13,16 @@ import ailment
 
 from angr.code_location import ExternalCodeLocation
 
-from angr.calling_conventions import SimFunctionArgument, SimRegArg, SimStackArg, SimCC, default_cc
+from angr.calling_conventions import (
+    SimFunctionArgument,
+    SimRegArg,
+    SimStackArg,
+    SimCC,
+    default_cc,
+    SimCCMicrosoftThiscall,
+)
 from angr.sim_type import (
+    SimTypeCppFunction,
     SimTypeInt,
     SimTypeFunction,
     SimType,
@@ -24,6 +32,7 @@ from angr.sim_type import (
     SimTypeBottom,
     SimTypeFloat,
     SimTypeDouble,
+    parse_cpp_file,
 )
 from angr.sim_variable import SimStackVariable, SimRegisterVariable
 from angr.knowledge_plugins.key_definitions.atoms import Register, MemoryLocation, SpOffset
@@ -153,6 +162,13 @@ class CallingConventionAnalysis(Analysis):
 
         assert self._function is not None
 
+        demangled_name = self._function.demangled_name
+        if demangled_name != self._function.name:
+            r_demangled = self._analyze_demangled_name(demangled_name)
+            if r_demangled is not None:
+                self.cc, self.prototype, self.prototype_libname = r_demangled
+                return
+
         if self._function.is_simprocedure:
             hooker = self.project.hooked_by(self._function.addr)
             if isinstance(
@@ -348,6 +364,30 @@ class CallingConventionAnalysis(Analysis):
 
         return None
 
+    def _analyze_demangled_name(self, name: str) -> tuple[SimCC, SimTypeFunction, str | None] | None:
+        """
+        Analyze a function with a demangled name. Only C++ names are supported for now.
+
+        :param name:    The demangled name of the function.
+        :return:        A tuple of the calling convention, the function type, and the library name if available.
+        """
+        parsed, _ = parse_cpp_file(name)
+        if not parsed or len(parsed) != 1:
+            return None
+        proto = next(iter(parsed.values()))
+        if (
+            isinstance(proto, SimTypeCppFunction)
+            and self.project.simos.name == "Win32"
+            and self.project.arch.name == "X86"
+            and proto.convention == "__thiscall"
+        ):
+            cc_cls = SimCCMicrosoftThiscall
+        else:
+            cc_cls = default_cc(self.project.arch.name, self.project.simos.name)
+            assert cc_cls is not None
+        cc = cc_cls(self.project.arch)
+        return cc, proto, None
+
     def _analyze_function(self) -> tuple[SimCC, SimTypeFunction] | None:
         """
         Go over the variable information in variable manager for this function, and return all uninitialized
@@ -681,7 +721,7 @@ class CallingConventionAnalysis(Analysis):
                     # no more arguments
                     temp_args.append(None)
             elif isinstance(arg_loc, SimStackArg):
-                if arg_loc.stack_offset in defs_by_stack_offset:
+                if arg_loc.stack_offset - cc.STACKARG_SP_DIFF in defs_by_stack_offset:
                     temp_args.append(arg_loc)
                 else:
                     # no more arguments

angr/analyses/calling_convention/fact_collector.py

@@ -445,10 +445,11 @@ class FactCollector(Analysis):
                             if func_succ.prototype_libname is not None:
                                 # we need to deref the prototype in case it uses SimTypeRef internally
                                 type_collections = []
-                                prototype_lib = SIM_LIBRARIES[func_succ.prototype_libname]
-                                if prototype_lib.type_collection_names:
-                                    for typelib_name in prototype_lib.type_collection_names:
-                                        type_collections.append(SIM_TYPE_COLLECTIONS[typelib_name])
+                                for prototype_lib in SIM_LIBRARIES[func_succ.prototype_libname]:
+                                    if prototype_lib.type_collection_names:
+                                        for typelib_name in prototype_lib.type_collection_names:
+                                            type_collections.append(SIM_TYPE_COLLECTIONS[typelib_name])
+                                if type_collections:
                                     proto = dereference_simtype(proto, type_collections)
 
                             assert isinstance(proto, SimTypeFunction) and proto.returnty is not None

angr/analyses/calling_convention/utils.py

@@ -35,6 +35,7 @@ def is_sane_register_variable(
         return 16 <= reg_offset < 80  # x0-x7
 
     if arch_name == "AMD64":
+        # TODO is rbx ever a register?
         return 24 <= reg_offset < 40 or 64 <= reg_offset < 104  # rcx, rdx  # rsi, rdi, r8, r9, r10
         # 224 <= reg_offset < 480)  # xmm0-xmm7
 

angr/analyses/cfg/cfg_base.py

@@ -17,7 +17,6 @@ from archinfo.arch_arm import is_arm_arch, get_real_address_if_arm
 from angr.knowledge_plugins.functions.function_manager import FunctionManager
 from angr.knowledge_plugins.functions.function import Function
 from angr.knowledge_plugins.cfg import IndirectJump, CFGNode, CFGENode, CFGModel  # pylint:disable=unused-import
-from angr.misc.ux import deprecated
 from angr.procedures.stubs.UnresolvableJumpTarget import UnresolvableJumpTarget
 from angr.utils.constants import DEFAULT_STATEMENT
 from angr.procedures.procedure_dict import SIM_PROCEDURES
@@ -354,64 +353,9 @@ class CFGBase(Analysis):
 
         raise NotImplementedError("I'm too lazy to implement it right now")
 
-    @deprecated(replacement="self.model.get_predecessors()")
-    def get_predecessors(self, cfgnode, excluding_fakeret=True, jumpkind=None):
-        return self._model.get_predecessors(cfgnode, excluding_fakeret=excluding_fakeret, jumpkind=jumpkind)
-
-    @deprecated(replacement="self.model.get_successors()")
-    def get_successors(self, node, excluding_fakeret=True, jumpkind=None):
-        return self._model.get_successors(node, excluding_fakeret=excluding_fakeret, jumpkind=jumpkind)
-
-    @deprecated(replacement="self.model.get_successors_and_jumpkind")
-    def get_successors_and_jumpkind(self, node, excluding_fakeret=True):
-        return self._model.get_successors_and_jumpkind(node, excluding_fakeret=excluding_fakeret)
-
-    @deprecated(replacement="self.model.get_all_predecessors()")
-    def get_all_predecessors(self, cfgnode, depth_limit=None):
-        return self._model.get_all_predecessors(cfgnode, depth_limit)
-
-    @deprecated(replacement="self.model.get_all_successors()")
-    def get_all_successors(self, cfgnode, depth_limit=None):
-        return self._model.get_all_successors(cfgnode, depth_limit)
-
-    @deprecated(replacement="self.model.get_node()")
-    def get_node(self, block_id):
-        return self._model.get_node(block_id)
-
-    @deprecated(replacement="self.model.get_any_node()")
-    def get_any_node(self, addr, is_syscall=None, anyaddr=False, force_fastpath=False):
-        return self._model.get_any_node(addr, is_syscall=is_syscall, anyaddr=anyaddr, force_fastpath=force_fastpath)
-
-    @deprecated(replacement="self.model.get_all_nodes()")
-    def get_all_nodes(self, addr, is_syscall=None, anyaddr=False):
-        return self._model.get_all_nodes(addr, is_syscall=is_syscall, anyaddr=anyaddr)
-
-    @deprecated(replacement="self.model.nodes()")
-    def nodes(self):
-        return self._model.nodes()
-
-    @deprecated(replacement="nodes")
-    def nodes_iter(self):
-        """
-        (Decrepated) An iterator of all nodes in the graph. Will be removed in the future.
-
-        :return: The iterator.
-        :rtype: iterator
-        """
-
-        return self.nodes()
-
     def get_loop_back_edges(self):
         return self._loop_back_edges
 
-    @deprecated(replacement="self.model.get_branching_nodes()")
-    def get_branching_nodes(self):
-        return self._model.get_branching_nodes()
-
-    @deprecated(replacement="self.model.get_exit_stmt_idx")
-    def get_exit_stmt_idx(self, src_block, dst_block):
-        return self._model.get_exit_stmt_idx(src_block, dst_block)
-
     @property
     def graph(self) -> networkx.DiGraph[CFGNode]:
         raise NotImplementedError
@@ -1555,7 +1499,7 @@ class CFGBase(Analysis):
                 ):
                     # all nops. mark this function as a function alignment
                     l.debug("Function chunk %#x is probably used as a function alignment (all nops).", func_addr)
-                    self.kb.functions[func_addr].alignment = True
+                    self.kb.functions[func_addr].is_alignment = True
                     continue
                 node = function.get_node(block.addr)
                 assert node is not None
@@ -1563,7 +1507,7 @@ class CFGBase(Analysis):
                 if len(successors) == 1 and successors[0].addr == node.addr:
                     # self loop. mark this function as a function alignment
                     l.debug("Function chunk %#x is probably used as a function alignment (self-loop).", func_addr)
-                    self.kb.functions[func_addr].alignment = True
+                    self.kb.functions[func_addr].is_alignment = True
                     continue
 
     def make_functions(self):
@@ -2110,7 +2054,7 @@ class CFGBase(Analysis):
                 continue
             if func_addr in jumptable_entries:
                 # is there any call edge pointing to it?
-                func_node = self.get_any_node(func_addr, force_fastpath=True)
+                func_node = self.model.get_any_node(func_addr, force_fastpath=True)
                 if func_node is not None:
                     in_edges = self.graph.in_edges(func_node, data=True)
                     has_transition_pred = None

angr/analyses/cfg/cfg_emulated.py

@@ -472,7 +472,7 @@ class CFGEmulated(ForwardAnalysis, CFGBase):  # pylint: disable=abstract-method
                 src_blocknode: BlockNode = back_edge[0]
                 dst_blocknode: BlockNode = back_edge[1]
 
-                for src in self.get_all_nodes(src_blocknode.addr):
+                for src in self.model.get_all_nodes(src_blocknode.addr):
                     for dst in graph.successors(src):
                         if dst.addr != dst_blocknode.addr:
                             continue
@@ -524,7 +524,7 @@ class CFGEmulated(ForwardAnalysis, CFGBase):  # pylint: disable=abstract-method
         start = self._starts[0]
         if isinstance(start, tuple):
             start, _ = start  # pylint: disable=unpacking-non-sequence
-        start_node = self.get_any_node(start)
+        start_node = self.model.get_any_node(start)
         if start_node is None:
             raise AngrCFGError("Cannot find start node when trying to unroll loops. The CFG might be empty.")
 
@@ -720,7 +720,7 @@ class CFGEmulated(ForwardAnalysis, CFGBase):  # pylint: disable=abstract-method
         # FIXME: syscalls are not supported
         # FIXME: start should also take a CFGNode instance
 
-        start_node = self.get_any_node(start)
+        start_node = self.model.get_any_node(start)
         assert start_node is not None
 
         node_wrapper = (start_node, 0)
@@ -2286,9 +2286,9 @@ class CFGEmulated(ForwardAnalysis, CFGBase):  # pylint: disable=abstract-method
                     # Remove that edge!
                     graph.remove_edge(call_func_addr, return_to_addr)
                     # Remove the edge in CFG
-                    nodes = self.get_all_nodes(callsite_block_addr)
+                    nodes = self.model.get_all_nodes(callsite_block_addr)
                     for n in nodes:
-                        successors = self.get_successors_and_jumpkind(n, excluding_fakeret=False)
+                        successors = self.model.get_successors_and_jumpkind(n, excluding_fakeret=False)
                         for successor, jumpkind in successors:
                             if jumpkind == "Ijk_FakeRet" and successor.addr == return_to_addr:
                                 self.remove_edge(n, successor)
@@ -2548,7 +2548,7 @@ class CFGEmulated(ForwardAnalysis, CFGBase):  # pylint: disable=abstract-method
         for start in starts:
             l.debug("Start symbolic execution at 0x%x on program slice.", start)
             # Get the state from our CFG
-            node = self.get_any_node(start)
+            node = self.model.get_any_node(start)
             if node is None:
                 # Well, we have to live with an empty state
                 base_state = self.project.factory.blank_state(addr=start)
@@ -2561,7 +2561,7 @@ class CFGEmulated(ForwardAnalysis, CFGBase):  # pylint: disable=abstract-method
                 initial_nodes = [n for n in bc.taint_graph.nodes() if bc.taint_graph.in_degree(n) == 0]
                 for cl in initial_nodes:
                     # Iterate in all actions of this node, and pick corresponding actions
-                    cfg_nodes = self.get_all_nodes(cl.block_addr)
+                    cfg_nodes = self.model.get_all_nodes(cl.block_addr)
                     for n in cfg_nodes:
                         if not n.final_states:
                             continue
@@ -2967,10 +2967,13 @@ class CFGEmulated(ForwardAnalysis, CFGBase):  # pylint: disable=abstract-method
                 new_state.options.add(o.DO_RET_EMULATION)
                 # Remove bad constraints
                 # FIXME: This is so hackish...
-                new_state.solver._solver.constraints = [
+                preserved_constraints = [
                     c for c in new_state.solver.constraints if c.op != "BoolV" or c.args[0] is not False
                 ]
-                new_state.solver._solver._result = None
+                new_solver = new_state.solver._solver.blank_copy()
+                new_solver.add(preserved_constraints)
+                new_state.solver._stored_solver = new_solver
+
                 # Swap them
                 saved_state, job.state = job.state, new_state
                 sim_successors, exception_info, _ = self._get_simsuccessors(addr, job)
@@ -3376,9 +3379,9 @@ class CFGEmulated(ForwardAnalysis, CFGBase):  # pylint: disable=abstract-method
 
         all_predecessors = []
 
-        nodes = self.get_all_nodes(function_address)
+        nodes = self.model.get_all_nodes(function_address)
         for n in nodes:
-            predecessors = list(self.get_predecessors(n))
+            predecessors = list(self.model.get_predecessors(n))
             all_predecessors.extend(predecessors)
 
         return all_predecessors
@@ -3391,8 +3394,8 @@ class CFGEmulated(ForwardAnalysis, CFGBase):  # pylint: disable=abstract-method
         Return: a list of lists of nodes representing paths.
         """
         if isinstance(begin, int) and isinstance(end, int):
-            n_begin = self.get_any_node(begin)
-            n_end = self.get_any_node(end)
+            n_begin = self.model.get_any_node(begin)
+            n_end = self.model.get_any_node(end)
 
         elif isinstance(begin, CFGENode) and isinstance(end, CFGENode):
             n_begin = begin
@@ -3417,7 +3420,7 @@ class CFGEmulated(ForwardAnalysis, CFGBase):  # pylint: disable=abstract-method
 
         for ep in self._entry_points:
             # FIXME: This is not always correct. We'd better store CFGNodes in self._entry_points
-            ep_node = self.get_any_node(ep)
+            ep_node = self.model.get_any_node(ep)
 
             if not ep_node:
                 continue

angr/analyses/cfg/cfg_fast.py

@@ -22,10 +22,10 @@ from archinfo.arch_soot import SootAddressDescriptor
 from archinfo.arch_arm import is_arm_arch, get_real_address_if_arm
 
 from angr.analyses import AnalysesHub
+from angr.misc.ux import once
 from angr.knowledge_plugins.cfg import CFGNode, MemoryDataSort, MemoryData, IndirectJump, IndirectJumpType
 from angr.knowledge_plugins.xrefs import XRef, XRefType
 from angr.knowledge_plugins.functions import Function
-from angr.misc.ux import deprecated
 from angr.codenode import HookNode
 from angr import sim_options as o
 from angr.errors import (
@@ -589,10 +589,10 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase):  # pylin
         regions=None,
         pickle_intermediate_results=False,
         symbols=True,
-        function_prologues=True,
+        function_prologues: bool | None = None,
         resolve_indirect_jumps=True,
         force_segment=False,
-        force_smart_scan=True,
+        force_smart_scan: bool | None = None,
         force_complete_scan=False,
         indirect_jump_target_limit=100000,
         data_references=True,
@@ -712,6 +712,20 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase):  # pylin
         if binary is not None and not objects:
             objects = [binary]
 
+        is_dotnet = (
+            isinstance(self.project.loader.main_object, cle.backends.pe.PE)
+            and self.project.loader.main_object.is_dotnet
+        )
+
+        if function_prologues is None:
+            function_prologues = not is_dotnet
+            if is_dotnet and once("dotnet_native"):
+                l.warning("You're trying to analyze a .NET binary as native code. Are you sure?")
+        if force_smart_scan is None:
+            force_smart_scan = not is_dotnet
+            if is_dotnet and once("dotnet_native"):
+                l.warning("You're trying to analyze a .NET binary as native code. Are you sure?")
+
         CFGBase.__init__(
             self,
             "fast",
@@ -2117,6 +2131,7 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase):  # pylin
                 src_func = self.functions.function(addr=cfg_job.src_node.addr, create=True)
             else:
                 src_func = self.functions.get_by_addr(cfg_job.src_node.addr)
+            assert src_func is not None
             if len(src_func.block_addrs_set) <= 1 and src_func.is_default_name:
                 # assign a name to the caller function that jumps to this procedure
                 src_func.name = procedure.display_name
@@ -3843,6 +3858,7 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase):  # pylin
 
             for ep in endpoints:
                 src = self.model.get_any_node(ep.addr)
+                assert src is not None
                 for rt in return_targets:
                     if not src.instruction_addrs:
                         ins_addr = None
@@ -4333,7 +4349,7 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase):  # pylin
 
             # extra check for ARM
             if is_arm_arch(self.project.arch) and self._seg_list.occupied_by_sort(addr) == "code":
-                existing_node = self.get_any_node(addr, anyaddr=True)
+                existing_node = self.model.get_any_node(addr, anyaddr=True)
                 if existing_node is not None and (addr & 1) != (existing_node.addr & 1):
                     # we are trying to break an existing ARM node with a THUMB node, or vice versa
                     # this is probably because our current node is unexpected
@@ -4825,66 +4841,68 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase):  # pylin
 
             # determine if the function uses ebp as a general purpose register or not
             if addr == func_addr or 0 < addr - func_addr <= 0x20:
-                ebp_as_gpr = True
-                cap = self._lift(addr, size=cfg_node.size).capstone
-                for insn in cap.insns:
-                    if (
-                        insn.mnemonic == "mov"
-                        and len(insn.operands) == 2
-                        and insn.operands[0].type == capstone.x86.X86_OP_REG
-                        and insn.operands[1].type == capstone.x86.X86_OP_REG
-                    ):
+                func = self.kb.functions.get_by_addr(func_addr)
+                if "bp_as_gpr" not in func.info:
+                    ebp_as_gpr = True
+                    cap = self._lift(addr, size=cfg_node.size).capstone
+                    for insn in cap.insns:
                         if (
+                            insn.mnemonic == "mov"
+                            and len(insn.operands) == 2
+                            and insn.operands[0].type == capstone.x86.X86_OP_REG
+                            and insn.operands[1].type == capstone.x86.X86_OP_REG
+                        ):
+                            if (
+                                insn.operands[0].reg == capstone.x86.X86_REG_EBP
+                                and insn.operands[1].reg == capstone.x86.X86_REG_ESP
+                            ):
+                                ebp_as_gpr = False
+                                break
+                        elif (
+                            insn.mnemonic == "lea"
+                            and len(insn.operands) == 2
+                            and insn.operands[0].type == capstone.x86.X86_OP_REG
+                            and insn.operands[1].type == capstone.x86.X86_OP_MEM
+                        ) and (
                             insn.operands[0].reg == capstone.x86.X86_REG_EBP
-                            and insn.operands[1].reg == capstone.x86.X86_REG_ESP
+                            and insn.operands[1].mem.base == capstone.x86.X86_REG_ESP
                         ):
                             ebp_as_gpr = False
                             break
-                    elif (
-                        insn.mnemonic == "lea"
-                        and len(insn.operands) == 2
-                        and insn.operands[0].type == capstone.x86.X86_OP_REG
-                        and insn.operands[1].type == capstone.x86.X86_OP_MEM
-                    ) and (
-                        insn.operands[0].reg == capstone.x86.X86_REG_EBP
-                        and insn.operands[1].mem.base == capstone.x86.X86_REG_ESP
-                    ):
-                        ebp_as_gpr = False
-                        break
-                func = self.kb.functions.get_by_addr(func_addr)
-                func.info["bp_as_gpr"] = ebp_as_gpr
+                    func.info["bp_as_gpr"] = ebp_as_gpr
 
         elif self.project.arch.name == "AMD64":
             # determine if the function uses rbp as a general purpose register or not
             if addr == func_addr or 0 < addr - func_addr <= 0x20:
-                rbp_as_gpr = True
-                cap = self._lift(addr, size=cfg_node.size).capstone
-                for insn in cap.insns:
-                    if (
-                        insn.mnemonic == "mov"
-                        and len(insn.operands) == 2
-                        and insn.operands[0].type == capstone.x86.X86_OP_REG
-                        and insn.operands[1].type == capstone.x86.X86_OP_REG
-                    ):
+                func = self.kb.functions.get_by_addr(func_addr)
+                if "bp_as_gpr" not in func.info:
+                    rbp_as_gpr = True
+                    cap = self._lift(addr, size=cfg_node.size).capstone
+                    for insn in cap.insns:
                         if (
+                            insn.mnemonic == "mov"
+                            and len(insn.operands) == 2
+                            and insn.operands[0].type == capstone.x86.X86_OP_REG
+                            and insn.operands[1].type == capstone.x86.X86_OP_REG
+                        ):
+                            if (
+                                insn.operands[0].reg == capstone.x86.X86_REG_RBP
+                                and insn.operands[1].reg == capstone.x86.X86_REG_RSP
+                            ):
+                                rbp_as_gpr = False
+                                break
+                        elif (
+                            insn.mnemonic == "lea"
+                            and len(insn.operands) == 2
+                            and insn.operands[0].type == capstone.x86.X86_OP_REG
+                            and insn.operands[1].type == capstone.x86.X86_OP_MEM
+                        ) and (
                             insn.operands[0].reg == capstone.x86.X86_REG_RBP
-                            and insn.operands[1].reg == capstone.x86.X86_REG_RSP
+                            and insn.operands[1].mem.base == capstone.x86.X86_REG_RSP
                         ):
                             rbp_as_gpr = False
                             break
-                    elif (
-                        insn.mnemonic == "lea"
-                        and len(insn.operands) == 2
-                        and insn.operands[0].type == capstone.x86.X86_OP_REG
-                        and insn.operands[1].type == capstone.x86.X86_OP_MEM
-                    ) and (
-                        insn.operands[0].reg == capstone.x86.X86_REG_RBP
-                        and insn.operands[1].mem.base == capstone.x86.X86_REG_RSP
-                    ):
-                        rbp_as_gpr = False
-                        break
-                func = self.kb.functions.get_by_addr(func_addr)
-                func.info["bp_as_gpr"] = rbp_as_gpr
+                    func.info["bp_as_gpr"] = rbp_as_gpr
 
     def _extract_node_cluster_by_dependency(self, addr, include_successors=False) -> set[int]:
         to_remove = {addr}
@@ -5212,18 +5230,5 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase):  # pylin
     def output(self):
         return f"{self._graph.edges(data=True)}"
 
-    @deprecated(replacement="angr.analyses.CFB")
-    def generate_code_cover(self):
-        """
-        Generate a list of all recovered basic blocks.
-        """
-
-        lst = []
-        for cfg_node in self.graph.nodes():
-            size = cfg_node.size
-            lst.append((cfg_node.addr, size))
-
-        return sorted(lst, key=lambda x: x[0])
-
 
 AnalysesHub.register_default("CFGFast", CFGFast)

angr/analyses/cfg/cfg_fast_soot.py

@@ -487,7 +487,7 @@ class CFGFastSoot(CFGFast):
                 # it might be a jumpout
                 target_func_addr = None
                 if target_addr in self._traced_addresses:
-                    node = self.get_any_node(target_addr)
+                    node = self.model.get_any_node(target_addr)
                     if node is not None:
                         target_func_addr = node.function_address
                 if target_func_addr is None:
@@ -578,7 +578,7 @@ class CFGFastSoot(CFGFast):
             if jumpkind == "Ijk_Call" or jumpkind.startswith("Ijk_Sys"):
                 function_nodes.add(dst)
 
-        entry_node = self.get_any_node(self._binary.entry)
+        entry_node = self.model.get_any_node(self._binary.entry)
         if entry_node is not None:
             function_nodes.add(entry_node)
 
@@ -616,7 +616,7 @@ class CFGFastSoot(CFGFast):
         secondary_function_nodes = set()
         # add all function chunks ("functions" that are not called from anywhere)
         for func_addr in tmp_functions:
-            node = self.get_any_node(func_addr)
+            node = self.model.get_any_node(func_addr)
             if node is None:
                 continue
             if node.addr not in blockaddr_to_function: