PyPI - angr - Versions diffs - 9.2.148__py3-none-manylinux2014_aarch64.whl → 9.2.149__py3-none-manylinux2014_aarch64.whl - Mend

angr 9.2.148__py3-none-manylinux2014_aarch64.whl → 9.2.149__py3-none-manylinux2014_aarch64.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of angr might be problematic. Click here for more details.

Files changed (55) hide show

angr/analyses/decompiler/optimization_passes/inlined_string_transformation_simplifier.py CHANGED Viewed

@@ -161,13 +161,28 @@ class InlinedStringTransformationAILEngine(
             return addr.value, "mem"
         if isinstance(addr, StackBaseOffset):
             return (addr.offset + self.STACK_BASE) & self.MASK, "stack"
-        if isinstance(addr, BinaryOp) and isinstance(addr.operands[0], StackBaseOffset):
+        if (
+            isinstance(addr, UnaryOp)
+            and addr.op == "Reference"
+            and isinstance(addr.operand, VirtualVariable)
+            and addr.operand.was_stack
+        ):
+            return (addr.operand.stack_offset + self.STACK_BASE) & self.MASK, "stack"
+        if (
+            isinstance(addr, BinaryOp)
+            and addr.op in {"Add", "Sub"}
+            and isinstance(addr.operands[0], (StackBaseOffset, UnaryOp, Const))
+        ):
             v0_and_type = self._process_address(addr.operands[0])
             if v0_and_type is not None:
                 v0 = v0_and_type[0]
                 v1 = self._expr(addr.operands[1])
                 if isinstance(v1, claripy.ast.Bits) and v1.concrete:
-                    return (v0 + v1.concrete_value) & self.MASK, "stack"
+                    if addr.op == "Add":
+                        return (v0 + v1.concrete_value) & self.MASK, "stack"
+                    if addr.op == "Sub":
+                        return (v0 - v1.concrete_value) & self.MASK, "stack"
+                    raise NotImplementedError("Unreachable")
         return None
     def _handle_stmt_Assignment(self, stmt):

angr/analyses/decompiler/optimization_passes/optimization_pass.py CHANGED Viewed

@@ -53,12 +53,14 @@ class OptimizationPassStage(Enum):
     AFTER_AIL_GRAPH_CREATION = 0
     BEFORE_SSA_LEVEL0_TRANSFORMATION = 1
     AFTER_SINGLE_BLOCK_SIMPLIFICATION = 2
-    AFTER_MAKING_CALLSITES = 3
-    AFTER_GLOBAL_SIMPLIFICATION = 4
-    AFTER_VARIABLE_RECOVERY = 5
-    BEFORE_REGION_IDENTIFICATION = 6
-    DURING_REGION_IDENTIFICATION = 7
-    AFTER_STRUCTURING = 8
+    BEFORE_SSA_LEVEL1_TRANSFORMATION = 3
+    AFTER_MAKING_CALLSITES = 4
+    AFTER_GLOBAL_SIMPLIFICATION = 5
+    BEFORE_VARIABLE_RECOVERY = 6
+    AFTER_VARIABLE_RECOVERY = 7
+    BEFORE_REGION_IDENTIFICATION = 8
+    DURING_REGION_IDENTIFICATION = 9
+    AFTER_STRUCTURING = 10
 class BaseOptimizationPass:
@@ -137,6 +139,7 @@ class OptimizationPass(BaseOptimizationPass):
         avoid_vvar_ids: set[int] | None = None,
         arg_vvars: set[int] | None = None,
         peephole_optimizations=None,
+        stack_pointer_tracker=None,
         **kwargs,
     ):
         super().__init__(func)
@@ -158,6 +161,7 @@ class OptimizationPass(BaseOptimizationPass):
         self._complete_successors = complete_successors
         self._avoid_vvar_ids = avoid_vvar_ids or set()
         self._peephole_optimizations = peephole_optimizations
+        self._stack_pointer_tracker = stack_pointer_tracker
         # output
         self.out_graph: networkx.DiGraph | None = None

angr/analyses/decompiler/optimization_passes/win_stack_canary_simplifier.py CHANGED Viewed

@@ -29,7 +29,7 @@ class WinStackCanarySimplifier(OptimizationPass):
     PLATFORMS = ["windows"]
     STAGE = OptimizationPassStage.AFTER_SINGLE_BLOCK_SIMPLIFICATION
     NAME = "Simplify stack canaries in Windows PE files"
-    DESCRIPTION = __doc__.strip()
+    DESCRIPTION = __doc__.strip()  # type:ignore
     def __init__(self, func, **kwargs):
         super().__init__(func, **kwargs)
@@ -63,19 +63,16 @@ class WinStackCanarySimplifier(OptimizationPass):
         first_block, canary_init_stmt_ids = init_stmts
         canary_init_stmt = first_block.statements[canary_init_stmt_ids[-1]]
         # where is the stack canary stored?
-        if not isinstance(canary_init_stmt, ailment.Stmt.Store) or not isinstance(
-            canary_init_stmt.addr, ailment.Expr.StackBaseOffset
-        ):
+        if not isinstance(canary_init_stmt, ailment.Stmt.Store):
+            return
+        store_offset = self._get_bp_offset(canary_init_stmt.addr, canary_init_stmt.ins_addr)
+        if store_offset is None:
             _l.debug(
-                "Unsupported canary storing location %s. Expects an ailment.Expr.StackBaseOffset.",
+                "Unsupported canary storing location %s. Expects a StackBaseOffset or (bp - Const).",
                 canary_init_stmt.addr,
             )
             return
-        store_offset = canary_init_stmt.addr.offset
-        if not isinstance(store_offset, int):
-            _l.debug("Unsupported canary storing offset %s. Expects an int.", store_offset)
         # The function should have at least one end point calling _security_check_cookie
         # note that (at least for now) we rely on FLIRT to identify the _security_check_cookie function inside the
         # binary.
@@ -154,17 +151,42 @@ class WinStackCanarySimplifier(OptimizationPass):
                 store_offset, canary_init_stmt.size, "canary", StackItemType.STACK_CANARY
             )
-    def _find_canary_init_stmt(self):
+    def _find_canary_init_stmt(self) -> tuple[ailment.Block, list[int]] | None:
         first_block = self._get_block(self._func.addr)
         if first_block is None:
             return None
+        r = self._extract_canary_init_stmt_from_block(first_block)
+        if r is not None:
+            return first_block, r
+        # if the first block is calling alloca_probe, we may want to take the second block instead
+        if (
+            first_block.statements
+            and first_block.original_size > 0
+            and isinstance(first_block.statements[-1], ailment.statement.Call)
+            and isinstance(first_block.statements[-1].target, ailment.expression.Const)
+        ):
+            # check if the target is alloca_probe
+            callee_addr = first_block.statements[-1].target.value
+            if (
+                self.kb.functions.contains_addr(callee_addr)
+                and self.kb.functions.get_by_addr(callee_addr).info.get("is_alloca_probe", False) is True
+            ):
+                second_block = self._get_block(first_block.addr + first_block.original_size)
+                if second_block is not None:
+                    r = self._extract_canary_init_stmt_from_block(second_block)
+                    if r is not None:
+                        return second_block, r
+        return None
+    def _extract_canary_init_stmt_from_block(self, block: ailment.Block) -> list[int] | None:
         load_stmt_idx = None
         load_reg = None
         xor_stmt_idx = None
         xored_reg = None
-        for idx, stmt in enumerate(first_block.statements):
+        for idx, stmt in enumerate(block.statements):
             # if we are lucky and things get folded into one statement:
             if (
                 isinstance(stmt, ailment.Stmt.Store)
@@ -178,7 +200,7 @@ class WinStackCanarySimplifier(OptimizationPass):
                 # Check addr: must be __security_cookie
                 load_addr = stmt.data.operands[0].addr.value
                 if load_addr == self._security_cookie_addr:
-                    return first_block, [idx]
+                    return [idx]
             # or if we are unlucky and the load and the xor are two different statements
             if (
                 isinstance(stmt, ailment.Stmt.Assignment)
@@ -191,33 +213,48 @@ class WinStackCanarySimplifier(OptimizationPass):
                 if load_addr == self._security_cookie_addr:
                     load_stmt_idx = idx
                     load_reg = stmt.dst.reg_offset
-            if load_stmt_idx is not None and idx == load_stmt_idx + 1:
+            if load_stmt_idx is not None and xor_stmt_idx is None and idx >= load_stmt_idx + 1:  # noqa:SIM102
                 if (
                     isinstance(stmt, ailment.Stmt.Assignment)
                     and isinstance(stmt.dst, ailment.Expr.VirtualVariable)
                     and stmt.dst.was_reg
+                    and not self.project.arch.is_artificial_register(stmt.dst.reg_offset, stmt.dst.size)
                     and isinstance(stmt.src, ailment.Expr.BinaryOp)
                     and stmt.src.op == "Xor"
                     and isinstance(stmt.src.operands[0], ailment.Expr.VirtualVariable)
                     and stmt.src.operands[0].was_reg
                     and stmt.src.operands[0].reg_offset == load_reg
-                    and isinstance(stmt.src.operands[1], ailment.Expr.StackBaseOffset)
+                    and (
+                        isinstance(stmt.src.operands[1], ailment.Expr.StackBaseOffset)
+                        or (
+                            isinstance(stmt.src.operands[1], ailment.Expr.VirtualVariable)
+                            and stmt.src.operands[1].was_reg
+                            and stmt.src.operands[1].reg_offset == self.project.arch.registers["ebp"][0]
+                        )
+                    )
                 ):
                     xor_stmt_idx = idx
                     xored_reg = stmt.dst.reg_offset
-                else:
-                    break
-            if xor_stmt_idx is not None and idx == xor_stmt_idx + 1:
+            if load_stmt_idx is not None and xor_stmt_idx is not None and idx == xor_stmt_idx + 1:
                 if (
                     isinstance(stmt, ailment.Stmt.Store)
-                    and isinstance(stmt.addr, ailment.Expr.StackBaseOffset)
+                    and (
+                        isinstance(stmt.addr, ailment.Expr.StackBaseOffset)
+                        or (
+                            isinstance(stmt.addr, ailment.Expr.BinaryOp)
+                            and stmt.addr.op == "Sub"
+                            and isinstance(stmt.addr.operands[0], ailment.Expr.VirtualVariable)
+                            and stmt.addr.operands[0].was_reg
+                            and stmt.addr.operands[0].reg_offset == self.project.arch.registers["ebp"][0]
+                            and isinstance(stmt.addr.operands[1], ailment.Expr.Const)
+                        )
+                    )
                     and isinstance(stmt.data, ailment.Expr.VirtualVariable)
                     and stmt.data.was_reg
                     and stmt.data.reg_offset == xored_reg
                 ):
-                    return first_block, [load_stmt_idx, xor_stmt_idx, idx]
+                    return [load_stmt_idx, xor_stmt_idx, idx]
                 break
         return None
     def _find_amd64_canary_storing_stmt(self, block, canary_value_stack_offset):
@@ -275,6 +312,7 @@ class WinStackCanarySimplifier(OptimizationPass):
     def _find_x86_canary_storing_stmt(self, block, canary_value_stack_offset):
         load_stmt_idx = None
+        canary_reg_dst_offset = None
         for idx, stmt in enumerate(block.statements):
             # when we are lucky, we have one instruction
@@ -283,7 +321,7 @@ class WinStackCanarySimplifier(OptimizationPass):
                     isinstance(stmt, ailment.Stmt.Assignment)
                     and isinstance(stmt.dst, ailment.Expr.VirtualVariable)
                     and stmt.dst.was_reg
-                    and stmt.dst.reg_offset == self.project.arch.registers["eax"][0]
+                    and not self.project.arch.is_artificial_register(stmt.dst.reg_offset, stmt.dst.size)
                 )
                 and isinstance(stmt.src, ailment.Expr.BinaryOp)
                 and stmt.src.op == "Xor"
@@ -291,8 +329,7 @@ class WinStackCanarySimplifier(OptimizationPass):
                 op0, op1 = stmt.src.operands
                 if (
                     isinstance(op0, ailment.Expr.Load)
-                    and isinstance(op0.addr, ailment.Expr.StackBaseOffset)
-                    and op0.addr.offset == canary_value_stack_offset
+                    and self._get_bp_offset(op0.addr, stmt.ins_addr) == canary_value_stack_offset
                 ) and isinstance(op1, ailment.Expr.StackBaseOffset):
                     # found it
                     return idx
@@ -300,12 +337,12 @@ class WinStackCanarySimplifier(OptimizationPass):
             if (
                 isinstance(stmt, ailment.Stmt.Assignment)
                 and isinstance(stmt.dst, ailment.Expr.VirtualVariable)
-                and stmt.dst.reg_offset == self.project.arch.registers["eax"][0]
+                and not self.project.arch.is_artificial_register(stmt.dst.reg_offset, stmt.dst.size)
                 and isinstance(stmt.src, ailment.Expr.Load)
-                and isinstance(stmt.src.addr, ailment.Expr.StackBaseOffset)
-                and stmt.src.addr.offset == canary_value_stack_offset
+                and self._get_bp_offset(stmt.src.addr, stmt.ins_addr) == canary_value_stack_offset
             ):
                 load_stmt_idx = idx
+                canary_reg_dst_offset = stmt.dst.reg_offset
             if (
                 load_stmt_idx is not None
                 and idx >= load_stmt_idx + 1
@@ -313,19 +350,49 @@ class WinStackCanarySimplifier(OptimizationPass):
                     isinstance(stmt, ailment.Stmt.Assignment)
                     and isinstance(stmt.dst, ailment.Expr.VirtualVariable)
                     and stmt.dst.was_reg
+                    and not self.project.arch.is_artificial_register(stmt.dst.reg_offset, stmt.dst.size)
                     and isinstance(stmt.src, ailment.Expr.BinaryOp)
                     and stmt.src.op == "Xor"
                 )
                 and (
                     isinstance(stmt.src.operands[0], ailment.Expr.VirtualVariable)
                     and stmt.src.operands[0].was_reg
-                    and stmt.src.operands[0].reg_offset == self.project.arch.registers["eax"][0]
-                    and isinstance(stmt.src.operands[1], ailment.Expr.StackBaseOffset)
+                    and stmt.src.operands[0].reg_offset == canary_reg_dst_offset
+                    and self._get_bp_offset(stmt.src.operands[1], stmt.ins_addr) is not None
                 )
             ):
                 return idx
         return None
+    def _get_bp_offset(self, expr: ailment.Expr.Expression, ins_addr: int) -> int | None:
+        if isinstance(expr, ailment.Expr.StackBaseOffset):
+            return expr.offset
+        if (
+            isinstance(expr, ailment.Expr.VirtualVariable)
+            and expr.was_reg
+            and expr.reg_offset == self.project.arch.bp_offset
+        ):
+            if self._stack_pointer_tracker is None:
+                return None
+            return self._stack_pointer_tracker.offset_before(ins_addr, self.project.arch.bp_offset)
+        if (
+            isinstance(expr, ailment.Expr.BinaryOp)
+            and expr.op == "Sub"
+            and isinstance(expr.operands[0], ailment.Expr.VirtualVariable)
+            and expr.operands[0].was_reg
+            and expr.operands[0].reg_offset == self.project.arch.bp_offset
+            and isinstance(expr.operands[1], ailment.Expr.Const)
+        ):
+            if self._stack_pointer_tracker is None:
+                return None
+            base_bp_offset = self._stack_pointer_tracker.offset_before(ins_addr, self.project.arch.bp_offset)
+            if base_bp_offset is None:
+                return None
+            bp_off = base_bp_offset - expr.operands[1].value
+            mask = 0xFFFF_FFFF if self.project.arch.bits == 32 else 0xFFFF_FFFF_FFFF_FFFF
+            return bp_off & mask
+        return None
     @staticmethod
     def _find_return_addr_storing_stmt(block):
         for idx, stmt in enumerate(block.statements):
@@ -339,11 +406,13 @@ class WinStackCanarySimplifier(OptimizationPass):
         return None
     def _find_stmt_calling_security_check_cookie(self, node):
+        assert self._security_cookie_addr is not None
         for idx, stmt in enumerate(node.statements):
             if isinstance(stmt, ailment.Stmt.Call) and isinstance(stmt.target, ailment.Expr.Const):
                 const_target = stmt.target.value
-                if const_target in self.kb.functions:
-                    func = self.kb.functions.function(addr=const_target)
+                if self.kb.functions.contains_addr(const_target):
+                    func = self.kb.functions.get_by_addr(const_target)
+                    assert func is not None
                     if func.name == "_security_check_cookie" or is_function_security_check_cookie(
                         func, self.project, self._security_cookie_addr
                     ):

angr/analyses/decompiler/peephole_optimizations/__init__.py CHANGED Viewed

@@ -48,6 +48,9 @@ from .inlined_wstrcpy import InlinedWstrcpy
 from .cmpord_rewriter import CmpORDRewriter
 from .coalesce_adjacent_shrs import CoalesceAdjacentShiftRights
 from .a_mul_const_sub_a import AMulConstSubA
+from .rewrite_cxx_operator_calls import RewriteCxxOperatorCalls
+from .remove_cxx_destructor_calls import RemoveCxxDestructorCalls
+from .rewrite_conv_mul import RewriteConvMul
 from .base import PeepholeOptimizationExprBase, PeepholeOptimizationStmtBase, PeepholeOptimizationMultiStmtBase
@@ -100,6 +103,9 @@ ALL_PEEPHOLE_OPTS: list[type[PeepholeOptimizationExprBase]] = [
     CmpORDRewriter,
     CoalesceAdjacentShiftRights,
     ShlToMul,
+    RewriteCxxOperatorCalls,
+    RemoveCxxDestructorCalls,
+    RewriteConvMul,
 ]
 MULTI_STMT_OPTS: list[type[PeepholeOptimizationMultiStmtBase]] = [

angr/analyses/decompiler/peephole_optimizations/base.py CHANGED Viewed

@@ -4,6 +4,7 @@ from ailment.statement import Statement, Assignment
 from ailment import Block
 from angr.project import Project
 from angr.knowledge_base import KnowledgeBase
+from angr.knowledge_plugins.key_definitions import atoms
 class PeepholeOptimizationStmtBase:
@@ -14,20 +15,33 @@ class PeepholeOptimizationStmtBase:
     __slots__ = (
         "func_addr",
         "kb",
+        "preserve_vvar_ids",
         "project",
+        "type_hints",
     )
     project: Project | None
     kb: KnowledgeBase | None
     func_addr: int | None
+    preserve_vvar_ids: set[int]
+    type_hints: list[tuple[atoms.VirtualVariable | atoms.MemoryLocation, str]]
     NAME = "Peephole Optimization - Statement"
     DESCRIPTION = "Peephole Optimization - Statement"
     stmt_classes = None
-    def __init__(self, project: Project | None, kb: KnowledgeBase | None, func_addr: int | None = None):
+    def __init__(
+        self,
+        project: Project | None,
+        kb: KnowledgeBase | None,
+        func_addr: int | None = None,
+        preserve_vvar_ids: set[int] | None = None,
+        type_hints: list[tuple[atoms.VirtualVariable | atoms.MemoryLocation, str]] | None = None,
+    ):
         self.project = project
         self.kb = kb
         self.func_addr = func_addr
+        self.preserve_vvar_ids = set() if preserve_vvar_ids is None else preserve_vvar_ids
+        self.type_hints = [] if type_hints is None else type_hints
     def optimize(self, stmt, stmt_idx: int | None = None, block=None, **kwargs):
         raise NotImplementedError("_optimize() is not implemented.")
@@ -41,20 +55,33 @@ class PeepholeOptimizationMultiStmtBase:
     __slots__ = (
         "func_addr",
         "kb",
+        "preserve_vvar_ids",
         "project",
+        "type_hints",
     )
     project: Project | None
     kb: KnowledgeBase | None
     func_addr: int | None
+    preserve_vvar_ids: set[int]
+    type_hints: list[tuple[atoms.VirtualVariable | atoms.MemoryLocation, str]]
     NAME = "Peephole Optimization - Multi-statement"
     DESCRIPTION = "Peephole Optimization - Multi-statement"
     stmt_classes = None
-    def __init__(self, project: Project | None, kb: KnowledgeBase | None, func_addr: int | None = None):
+    def __init__(
+        self,
+        project: Project | None,
+        kb: KnowledgeBase | None,
+        func_addr: int | None = None,
+        preserve_vvar_ids: set[int] | None = None,
+        type_hints: list[tuple[atoms.VirtualVariable | atoms.MemoryLocation, str]] | None = None,
+    ):
         self.project = project
         self.kb = kb
         self.func_addr = func_addr
+        self.preserve_vvar_ids = set() if preserve_vvar_ids is None else preserve_vvar_ids
+        self.type_hints = [] if type_hints is None else type_hints
     def optimize(self, stmts: list[Statement], stmt_idx: int | None = None, block=None, **kwargs):
         raise NotImplementedError("_optimize() is not implemented.")
@@ -68,20 +95,33 @@ class PeepholeOptimizationExprBase:
     __slots__ = (
         "func_addr",
         "kb",
+        "preserve_vvar_ids",
         "project",
+        "type_hints",
     )
     project: Project | None
     kb: KnowledgeBase | None
     func_addr: int | None
+    preserve_vvar_ids: set[int]
+    type_hints: list[tuple[atoms.VirtualVariable | atoms.MemoryLocation, str]]
     NAME = "Peephole Optimization - Expression"
     DESCRIPTION = "Peephole Optimization - Expression"
     expr_classes = None
-    def __init__(self, project: Project | None, kb: KnowledgeBase | None, func_addr: int | None = None):
+    def __init__(
+        self,
+        project: Project | None,
+        kb: KnowledgeBase | None,
+        func_addr: int | None = None,
+        preserve_vvar_ids: set[int] | None = None,
+        type_hints: list[tuple[atoms.VirtualVariable | atoms.MemoryLocation, str]] | None = None,
+    ):
         self.project = project
         self.kb = kb
         self.func_addr = func_addr
+        self.preserve_vvar_ids = set() if preserve_vvar_ids is None else preserve_vvar_ids
+        self.type_hints = [] if type_hints is None else type_hints
     def optimize(self, expr, **kwargs):
         raise NotImplementedError("_optimize() is not implemented.")

angr/analyses/decompiler/peephole_optimizations/constant_derefs.py CHANGED Viewed

@@ -16,7 +16,7 @@ class ConstantDereferences(PeepholeOptimizationExprBase):
     expr_classes = (Load,)
     def optimize(self, expr: Load, **kwargs):
-        if isinstance(expr.addr, Const):
+        if isinstance(expr.addr, Const) and expr.size in {1, 2, 4, 8, 10, 16, 32, 64, 128, 256}:
             # is it loading from a read-only section?
             sec = self.project.loader.find_section_containing(expr.addr.value)
             if sec is not None and sec.is_readable and (not sec.is_writable or "got" in sec.name):

angr/analyses/decompiler/peephole_optimizations/inlined_strcpy.py CHANGED Viewed

@@ -7,6 +7,7 @@ from archinfo import Endness
 from ailment.expression import Const, StackBaseOffset, VirtualVariable
 from ailment.statement import Call, Assignment
+from angr import SIM_LIBRARIES
 from angr.utils.endness import ail_const_to_be
 from .base import PeepholeOptimizationStmtBase
@@ -44,6 +45,7 @@ class InlinedStrcpy(PeepholeOptimizationStmtBase):
                         Const(None, None, str_id, self.project.arch.bits, custom_string=True),
                         Const(None, None, len(s), self.project.arch.bits),
                     ],
+                    prototype=SIM_LIBRARIES["libc.so"][0].get_prototype("strncpy"),
                     **stmt.tags,
                 )
@@ -85,6 +87,7 @@ class InlinedStrcpy(PeepholeOptimizationStmtBase):
                                 Const(None, None, str_id, self.project.arch.bits, custom_string=True),
                                 Const(None, None, len(s), self.project.arch.bits),
                             ],
+                            prototype=SIM_LIBRARIES["libc.so"][0].get_prototype("strncpy"),
                             **stmt.tags,
                         )

angr/analyses/decompiler/peephole_optimizations/inlined_strcpy_consolidation.py CHANGED Viewed

@@ -4,6 +4,7 @@ from __future__ import annotations
 from ailment.expression import Expression, BinaryOp, Const, Register, StackBaseOffset
 from ailment.statement import Call, Store
+from angr import SIM_LIBRARIES
 from .base import PeepholeOptimizationMultiStmtBase
 from .inlined_strcpy import InlinedStrcpy
@@ -58,6 +59,7 @@ class InlinedStrcpyConsolidation(PeepholeOptimizationMultiStmtBase):
                         last_stmt.args[0],
                         Const(None, None, new_str_idx, last_stmt.args[0].bits, custom_string=True),
                     ]
+                    prototype = SIM_LIBRARIES["libc.so"][0].get_prototype("strcpy")
                 else:
                     call_name = "strncpy"
                     new_str_idx = self.kb.custom_strings.allocate(new_str)
@@ -66,8 +68,9 @@ class InlinedStrcpyConsolidation(PeepholeOptimizationMultiStmtBase):
                         Const(None, None, new_str_idx, last_stmt.args[0].bits, custom_string=True),
                         Const(None, None, len(new_str), self.project.arch.bits),
                     ]
+                    prototype = SIM_LIBRARIES["libc.so"][0].get_prototype("strncpy")
-                return [Call(stmt.idx, call_name, args=args, **stmt.tags)]
+                return [Call(stmt.idx, call_name, args=args, prototype=prototype, **stmt.tags)]
         return None

angr/analyses/decompiler/peephole_optimizations/remove_cxx_destructor_calls.py ADDED Viewed

@@ -0,0 +1,32 @@
+# pylint:disable=arguments-differ
+from __future__ import annotations
+from ailment.expression import Const
+from ailment.statement import Call
+from .base import PeepholeOptimizationStmtBase
+class RemoveCxxDestructorCalls(PeepholeOptimizationStmtBase):
+    """
+    Rewrite C++ operator function calls into operations.
+    """
+    __slots__ = ()
+    NAME = "Remove C++ destructor function calls"
+    stmt_classes = (Call,)
+    def optimize(self, stmt: Call, **kwargs) -> tuple | None:  # type:ignore
+        # are we calling a function that we deem as a C++ destructor?
+        assert self.project is not None
+        if isinstance(stmt.target, Const):
+            func_addr = stmt.target.value
+            if not self.project.kb.functions.contains_addr(func_addr):
+                return None
+            func = self.project.kb.functions[func_addr]
+            if "::~" in func.demangled_name and stmt.args is not None:
+                # yes it is!
+                return ()
+        return None

angr/analyses/decompiler/peephole_optimizations/remove_redundant_bitmasks.py CHANGED Viewed

@@ -20,10 +20,19 @@ class RemoveRedundantBitmasks(PeepholeOptimizationExprBase):
     __slots__ = ()
     NAME = "Remove redundant bitmasks"
-    expr_classes = (BinaryOp,)
+    expr_classes = (BinaryOp, Convert)
-    def optimize(self, expr: BinaryOp, **kwargs):
+    def optimize(self, expr: BinaryOp | Convert, **kwargs):
+        if isinstance(expr, BinaryOp):
+            return self._optimize_BinaryOp(expr)
+        if isinstance(expr, Convert):
+            return RemoveRedundantBitmasks._optimize_Convert(expr)
+        return None
+    def _optimize_BinaryOp(self, expr: BinaryOp):
         # And(expr, full_N_bitmask) ==> expr
+        # And(SHR(expr, N), bitmask)) ==> SHR(expr, N)
         # And(Conv(1->N, expr), bitmask) ==> Conv(1->N, expr)
         # And(Conv(1->N, bool_expr), bitmask) ==> Conv(1->N, bool_expr)
         # And(ITE(?, const_expr, const_expr), bitmask) ==> ITE(?, const_expr, const_expr)
@@ -31,6 +40,17 @@ class RemoveRedundantBitmasks(PeepholeOptimizationExprBase):
             inner_expr = expr.operands[0]
             if expr.operands[1].value == _MASKS.get(inner_expr.bits, None):
                 return inner_expr
+            if isinstance(inner_expr, BinaryOp) and inner_expr.op == "Shr":
+                mask = expr.operands[1]
+                shift_val = inner_expr.operands[1]
+                if (
+                    isinstance(shift_val, Const)
+                    and shift_val.value in _MASKS
+                    and mask.value == _MASKS.get(int(64 - shift_val.value), None)
+                ):
+                    return inner_expr
             if isinstance(inner_expr, Convert) and self.is_bool_expr(inner_expr.operand):
                 # useless masking
                 return inner_expr
@@ -47,3 +67,50 @@ class RemoveRedundantBitmasks(PeepholeOptimizationExprBase):
                     return ite
         return None
+    @staticmethod
+    def _optimize_Convert(expr: Convert):
+        # Conv(64->32, (expr & bitmask) + expr)
+        # => Conv(64->32, (expr + expr))
+        if (
+            expr.op == "Convert"
+            and expr.from_bits > expr.to_bits
+            and isinstance(expr.operand, BinaryOp)
+            and expr.operand.op == "Add"
+        ):
+            operand_expr = expr.operand
+            op0, op1 = operand_expr.operands
+            if (
+                isinstance(op0, BinaryOp)
+                and op0.op == "And"
+                and isinstance(op0.operands[1], Const)
+                and op0.operands[1].value == _MASKS.get(expr.to_bits, None)
+            ):
+                new_op0 = op0.operands[0]
+                replaced, new_operand_expr = operand_expr.replace(op0, new_op0)
+                if replaced:
+                    expr.operand = new_operand_expr
+                    return expr
+        # Conv(64->32, (expr) - (expr) & 0xffffffff<64>)))
+        # => Conv(64->32, (expr - expr))
+        elif (
+            expr.op == "Convert"
+            and expr.from_bits > expr.to_bits
+            and isinstance(expr.operand, BinaryOp)
+            and expr.operand.op == "Sub"
+        ):
+            operand_expr = expr.operand
+            op0, op1 = operand_expr.operands
+            if (
+                isinstance(op1, BinaryOp)
+                and op1.op == "And"
+                and isinstance(op1.operands[1], Const)
+                and op1.operands[1].value == _MASKS.get(expr.to_bits, None)
+            ):
+                new_op1 = op1.operands[0]
+                replaced, new_operand_expr = operand_expr.replace(op1, new_op1)
+                if replaced:
+                    expr.operand = new_operand_expr
+                    return expr
+        return None