angr 9.2.148__py3-none-win_amd64.whl → 9.2.150__py3-none-win_amd64.whl

angr/calling_conventions.py

@@ -1196,7 +1196,7 @@ class SimCC:
 
     @staticmethod
     def find_cc(
-        arch: archinfo.Arch, args: list[SimRegArg | SimStackArg], sp_delta: int, platform: str = "Linux"
+        arch: archinfo.Arch, args: list[SimRegArg | SimStackArg], sp_delta: int, platform: str | None = "Linux"
     ) -> SimCC | None:
         """
         Pinpoint the best-fit calling convention and return the corresponding SimCC instance, or None if no fit is
@@ -1335,6 +1335,21 @@ class SimCCMicrosoftCdecl(SimCCCdecl):
     STRUCT_RETURN_THRESHOLD = 64
 
 
+class SimCCMicrosoftThiscall(SimCCCdecl):
+    CALLEE_CLEANUP = True
+    ARG_REGS = ["ecx"]
+    CALLER_SAVED_REGS = ["eax", "ecx", "edx"]
+    STRUCT_RETURN_THRESHOLD = 64
+
+    def arg_locs(self, prototype) -> list[SimFunctionArgument]:
+        if prototype._arch is None:
+            prototype = prototype.with_arch(self.arch)
+        session = self.arg_session(prototype.returnty)
+        if not prototype.args:
+            return []
+        return [SimRegArg("ecx", self.arch.bytes)] + [self.next_arg(session, arg_ty) for arg_ty in prototype.args[1:]]
+
+
 class SimCCStdcall(SimCCMicrosoftCdecl):
     CALLEE_CLEANUP = True
 
@@ -1469,7 +1484,7 @@ class SimCCSyscall(SimCC):
         self.ERROR_REG.set_value(state, error_reg_val)
         return expr
 
-    def set_return_val(self, state, val, ty, **kwargs):  # pylint:disable=arguments-differ
+    def set_return_val(self, state, val, ty, **kwargs):  # type:ignore  # pylint:disable=arguments-differ
         if self.ERROR_REG is not None:
             val = self.linux_syscall_update_error_reg(state, val)
         super().set_return_val(state, val, ty, **kwargs)
@@ -1607,6 +1622,7 @@ class SimCCSystemVAMD64(SimCC):
         classification = self._classify(ty)
         if any(cls == "MEMORY" for cls in classification):
             assert all(cls == "MEMORY" for cls in classification)
+            assert ty.size is not None
             byte_size = ty.size // self.arch.byte_width
             referenced_locs = [SimStackArg(offset, self.arch.bytes) for offset in range(0, byte_size, self.arch.bytes)]
             referenced_loc = refine_locs_with_struct_type(self.arch, referenced_locs, ty)
@@ -1645,6 +1661,7 @@ class SimCCSystemVAMD64(SimCC):
         if isinstance(ty, (SimTypeFloat,)):
             return ["SSE"] + ["SSEUP"] * (nchunks - 1)
         if isinstance(ty, (SimStruct, SimTypeFixedSizeArray, SimUnion)):
+            assert ty.size is not None
             if ty.size > 512:
                 return ["MEMORY"] * nchunks
             flattened = self._flatten(ty)
@@ -1723,7 +1740,7 @@ class SimCCAMD64LinuxSyscall(SimCCSyscall):
     CALLER_SAVED_REGS = ["rax", "rcx", "r11"]
 
     @staticmethod
-    def _match(arch, args, sp_delta):  # pylint: disable=unused-argument
+    def _match(arch, args, sp_delta):  # type:ignore # pylint: disable=unused-argument
         # doesn't appear anywhere but syscalls
         return False
 
@@ -1855,6 +1872,7 @@ class SimCCARM(SimCC):
                 for suboffset, subsubty_list in subresult.items():
                     result[offset + suboffset] += subsubty_list
         elif isinstance(ty, SimTypeFixedSizeArray):
+            assert ty.elem_type.size is not None
             subresult = self._flatten(ty.elem_type)
             if subresult is None:
                 return None
@@ -2273,7 +2291,7 @@ class SimCCUnknown(SimCC):
     """
 
     @staticmethod
-    def _match(arch, args, sp_delta):  # pylint: disable=unused-argument
+    def _match(arch, args, sp_delta):  # type:ignore  # pylint: disable=unused-argument
         # It always returns True
         return True
 
@@ -2317,7 +2335,7 @@ CC: dict[str, dict[str, list[type[SimCC]]]] = {
         "default": [SimCCCdecl],
         "Linux": [SimCCCdecl],
         "CGC": [SimCCCdecl],
-        "Win32": [SimCCMicrosoftCdecl, SimCCMicrosoftFastcall],
+        "Win32": [SimCCMicrosoftCdecl, SimCCMicrosoftFastcall, SimCCMicrosoftThiscall],
     },
     "ARMEL": {
         "default": [SimCCARM],

angr/engines/light/engine.py

@@ -533,6 +533,7 @@ class SimEngineLightAIL(
     def __init__(self, *args, **kwargs):
         self._stmt_handlers: dict[str, Callable[[Any], StmtDataType]] = {
             "Assignment": self._handle_stmt_Assignment,
+            "WeakAssignment": self._handle_stmt_WeakAssignment,
             "Store": self._handle_stmt_Store,
             "Jump": self._handle_stmt_Jump,
             "ConditionalJump": self._handle_stmt_ConditionalJump,
@@ -697,6 +698,9 @@ class SimEngineLightAIL(
     @abstractmethod
     def _handle_stmt_Assignment(self, stmt: ailment.statement.Assignment) -> StmtDataType: ...
 
+    @abstractmethod
+    def _handle_stmt_WeakAssignment(self, stmt: ailment.statement.WeakAssignment) -> StmtDataType: ...
+
     @abstractmethod
     def _handle_stmt_Store(self, stmt: ailment.statement.Store) -> StmtDataType: ...
 
@@ -1006,6 +1010,9 @@ class SimEngineNostmtAIL(
     def _handle_stmt_Assignment(self, stmt) -> StmtDataType | None:
         pass
 
+    def _handle_stmt_WeakAssignment(self, stmt) -> StmtDataType | None:
+        pass
+
     def _handle_stmt_Store(self, stmt) -> StmtDataType | None:
         pass
 

angr/engines/pcode/lifter.py

@@ -427,6 +427,13 @@ class IRSB:
 
         return exits
 
+    @property
+    def is_noop_block(self) -> bool:
+        """
+        Returns True if this block is a no-op block (i.e. it has no instructions and no jumps).
+        """
+        return not any(op.opcode != pypcode.OpCode.IMARK for op in self._ops)
+
     #
     # private methods
     #

angr/knowledge_plugins/functions/function.py

@@ -26,6 +26,7 @@ from angr.calling_conventions import DEFAULT_CC, default_cc
 from angr.sim_type import SimTypeFunction, parse_defns
 from angr.calling_conventions import SimCC
 from angr.project import Project
+from angr.utils.library import get_cpp_function_name
 from .function_parser import FunctionParser
 
 l = logging.getLogger(name=__name__)
@@ -1582,11 +1583,78 @@ class Function(Serializable):
         # int, long
         return addr
 
+    def is_rust_function(self):
+        ast = pydemumble.demangle(self.name)
+        if ast:
+            nodes = ast.split("::")
+            if len(nodes) >= 2:
+                last_node = nodes[-1]
+                return (
+                    len(last_node) == 17
+                    and last_node.startswith("h")
+                    and all(c in "0123456789abcdef" for c in last_node[1:])
+                )
+        return False
+
+    @staticmethod
+    def _rust_fmt_node(node):
+        result = []
+        rest = node
+        if rest.startswith("_$"):
+            rest = rest[1:]
+        while True:
+            if rest.startswith("."):
+                if len(rest) > 1 and rest[1] == ".":
+                    result.append("::")
+                    rest = rest[2:]
+                else:
+                    result.append(".")
+                    rest = rest[1:]
+            elif rest.startswith("$"):
+                if "$" in rest[1:]:
+                    escape, rest = rest[1:].split("$", 1)
+                else:
+                    break
+
+                unescaped = {"SP": "@", "BP": "*", "RF": "&", "LT": "<", "GT": ">", "LP": "(", "RP": ")", "C": ","}.get(
+                    escape
+                )
+
+                if unescaped is None and escape.startswith("u"):
+                    digits = escape[1:]
+                    if all(c in "0123456789abcdef" for c in digits):
+                        c = chr(int(digits, 16))
+                        if ord(c) >= 32 and ord(c) != 127:
+                            result.append(c)
+                            continue
+                if unescaped:
+                    result.append(unescaped)
+                else:
+                    break
+            else:
+                idx = min((rest.find(c) for c in "$." if c in rest), default=len(rest))
+                result.append(rest[:idx])
+                rest = rest[idx:]
+                if not rest:
+                    break
+        return "".join(result)
+
     @property
     def demangled_name(self):
         ast = pydemumble.demangle(self.name)
+        if self.is_rust_function():
+            nodes = ast.split("::")[:-1]
+            ast = "::".join([Function._rust_fmt_node(node) for node in nodes])
         return ast if ast else self.name
 
+    @property
+    def short_name(self):
+        if self.is_rust_function():
+            ast = pydemumble.demangle(self.name)
+            return Function._rust_fmt_node(ast.split("::")[-2])
+        func_name = get_cpp_function_name(self.demangled_name, specialized=False, qualified=True)
+        return func_name.split("::")[-1]
+
     def get_unambiguous_name(self, display_name: str | None = None) -> str:
         """
         Get a disambiguated function name.

angr/knowledge_plugins/propagations/states.py

@@ -527,12 +527,14 @@ class Equivalence:
         "atom0",
         "atom1",
         "codeloc",
+        "is_weakassignment",
     )
 
-    def __init__(self, codeloc, atom0, atom1):
+    def __init__(self, codeloc, atom0, atom1, is_weakassignment: bool = False):
         self.codeloc = codeloc
         self.atom0 = atom0
         self.atom1 = atom1
+        self.is_weakassignment = is_weakassignment
 
     def __repr__(self):
         return f"<Eq@{self.codeloc!r}: {self.atom0!r}=={self.atom1!r}>"
@@ -543,7 +545,8 @@ class Equivalence:
             and other.codeloc == self.codeloc
             and other.atom0 == self.atom0
             and other.atom1 == self.atom1
+            and other.is_weakassignment == self.is_weakassignment
         )
 
     def __hash__(self):
-        return hash((Equivalence, self.codeloc, self.atom0, self.atom1))
+        return hash((Equivalence, self.codeloc, self.atom0, self.atom1, self.is_weakassignment))

angr/knowledge_plugins/variables/variable_manager.py

@@ -934,7 +934,7 @@ class VariableManagerInternal(Serializable):
 
         for var in chain(sorted_stack_variables, sorted_reg_variables, phi_only_vars):
             idx = next(var_ctr)
-            if var.name is not None and not reset:
+            if var.name is not None and var.name != var.ident and not reset:
                 continue
             if isinstance(var, (SimStackVariable, SimRegisterVariable)):
                 var.name = f"v{idx}"
@@ -946,7 +946,7 @@ class VariableManagerInternal(Serializable):
         arg_vars = sorted(arg_vars, key=lambda v: _id_from_varident(v.ident))
         for var in arg_vars:
             idx = next(arg_ctr)
-            if var.name is not None and not reset:
+            if var.name is not None and var.name != var.ident and not reset:
                 continue
             var.name = arg_names[idx] if arg_names else f"a{idx}"
             var._hash = None
@@ -1040,7 +1040,7 @@ class VariableManagerInternal(Serializable):
         reg_vars: set[SimRegisterVariable] = set()
 
         # unify stack variables based on their locations
-        for v in self.get_variables():
+        for v in self.get_variables() + list(self._phi_variables):
             if v in self._variables_to_unified_variables:
                 # do not unify twice
                 continue

angr/procedures/definitions/__init__.py

@@ -397,7 +397,7 @@ class SimCppLibrary(SimLibrary):
         stub = super().get_stub(demangled_name, arch)
         # try to determine a prototype from the function name if possible
         if demangled_name != name:
-            # itanium-mangled function name
+            # mangled function name
             stub.prototype = self._proto_from_demangled_name(demangled_name)
             if stub.prototype is not None:
                 stub.prototype = stub.prototype.with_arch(arch)

angr/procedures/definitions/types_stl.py

@@ -0,0 +1,22 @@
+# pylint:disable=line-too-long
+from __future__ import annotations
+from collections import OrderedDict
+
+from angr.procedures.definitions import SimTypeCollection
+from angr.sim_type import SimCppClass, SimTypePointer, SimTypeChar, SimTypeInt
+
+typelib = SimTypeCollection()
+typelib.set_names("cpp::std")
+typelib.types = {
+    "class std::basic_string<char, struct std::char_traits<char>, class std::allocator<char>>": SimCppClass(
+        unique_name="class std::basic_string<char, struct std::char_traits<char>, class std::allocator<char>>",
+        name="std::string",
+        members=OrderedDict(
+            [
+                ("m_data", SimTypePointer(SimTypeChar())),
+                ("m_size", SimTypeInt(signed=False)),
+                ("m_capacity", SimTypeInt(signed=False)),
+            ]
+        ),
+    ),
+}