angr 9.2.156__cp310-cp310-macosx_11_0_arm64.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of angr might be problematic. Click here for more details.
- angr/__init__.py +363 -0
- angr/__main__.py +152 -0
- angr/analyses/__init__.py +113 -0
- angr/analyses/analysis.py +407 -0
- angr/analyses/backward_slice.py +686 -0
- angr/analyses/binary_optimizer.py +670 -0
- angr/analyses/bindiff.py +1512 -0
- angr/analyses/boyscout.py +76 -0
- angr/analyses/callee_cleanup_finder.py +74 -0
- angr/analyses/calling_convention/__init__.py +6 -0
- angr/analyses/calling_convention/calling_convention.py +1092 -0
- angr/analyses/calling_convention/fact_collector.py +636 -0
- angr/analyses/calling_convention/utils.py +60 -0
- angr/analyses/cdg.py +189 -0
- angr/analyses/cfg/__init__.py +23 -0
- angr/analyses/cfg/cfb.py +428 -0
- angr/analyses/cfg/cfg.py +74 -0
- angr/analyses/cfg/cfg_arch_options.py +95 -0
- angr/analyses/cfg/cfg_base.py +2886 -0
- angr/analyses/cfg/cfg_emulated.py +3447 -0
- angr/analyses/cfg/cfg_fast.py +5273 -0
- angr/analyses/cfg/cfg_fast_soot.py +662 -0
- angr/analyses/cfg/cfg_job_base.py +203 -0
- angr/analyses/cfg/indirect_jump_resolvers/__init__.py +28 -0
- angr/analyses/cfg/indirect_jump_resolvers/amd64_elf_got.py +62 -0
- angr/analyses/cfg/indirect_jump_resolvers/amd64_pe_iat.py +51 -0
- angr/analyses/cfg/indirect_jump_resolvers/arm_elf_fast.py +149 -0
- angr/analyses/cfg/indirect_jump_resolvers/const_resolver.py +186 -0
- angr/analyses/cfg/indirect_jump_resolvers/constant_value_manager.py +107 -0
- angr/analyses/cfg/indirect_jump_resolvers/default_resolvers.py +76 -0
- angr/analyses/cfg/indirect_jump_resolvers/jumptable.py +2367 -0
- angr/analyses/cfg/indirect_jump_resolvers/memload_resolver.py +81 -0
- angr/analyses/cfg/indirect_jump_resolvers/mips_elf_fast.py +286 -0
- angr/analyses/cfg/indirect_jump_resolvers/mips_elf_got.py +148 -0
- angr/analyses/cfg/indirect_jump_resolvers/propagator_utils.py +46 -0
- angr/analyses/cfg/indirect_jump_resolvers/resolver.py +74 -0
- angr/analyses/cfg/indirect_jump_resolvers/syscall_resolver.py +92 -0
- angr/analyses/cfg/indirect_jump_resolvers/x86_elf_pic_plt.py +88 -0
- angr/analyses/cfg/indirect_jump_resolvers/x86_pe_iat.py +47 -0
- angr/analyses/cfg_slice_to_sink/__init__.py +11 -0
- angr/analyses/cfg_slice_to_sink/cfg_slice_to_sink.py +117 -0
- angr/analyses/cfg_slice_to_sink/graph.py +87 -0
- angr/analyses/cfg_slice_to_sink/transitions.py +27 -0
- angr/analyses/class_identifier.py +63 -0
- angr/analyses/code_tagging.py +123 -0
- angr/analyses/codecave.py +77 -0
- angr/analyses/complete_calling_conventions.py +461 -0
- angr/analyses/congruency_check.py +377 -0
- angr/analyses/data_dep/__init__.py +16 -0
- angr/analyses/data_dep/data_dependency_analysis.py +595 -0
- angr/analyses/data_dep/dep_nodes.py +171 -0
- angr/analyses/data_dep/sim_act_location.py +49 -0
- angr/analyses/datagraph_meta.py +105 -0
- angr/analyses/ddg.py +1670 -0
- angr/analyses/decompiler/__init__.py +41 -0
- angr/analyses/decompiler/ail_simplifier.py +1872 -0
- angr/analyses/decompiler/ailgraph_walker.py +49 -0
- angr/analyses/decompiler/block_io_finder.py +302 -0
- angr/analyses/decompiler/block_similarity.py +196 -0
- angr/analyses/decompiler/block_simplifier.py +371 -0
- angr/analyses/decompiler/callsite_maker.py +555 -0
- angr/analyses/decompiler/ccall_rewriters/__init__.py +9 -0
- angr/analyses/decompiler/ccall_rewriters/amd64_ccalls.py +580 -0
- angr/analyses/decompiler/ccall_rewriters/rewriter_base.py +20 -0
- angr/analyses/decompiler/ccall_rewriters/x86_ccalls.py +313 -0
- angr/analyses/decompiler/clinic.py +3222 -0
- angr/analyses/decompiler/condition_processor.py +1245 -0
- angr/analyses/decompiler/counters/__init__.py +16 -0
- angr/analyses/decompiler/counters/boolean_counter.py +27 -0
- angr/analyses/decompiler/counters/call_counter.py +47 -0
- angr/analyses/decompiler/counters/expression_counters.py +77 -0
- angr/analyses/decompiler/counters/seq_cf_structure_counter.py +63 -0
- angr/analyses/decompiler/decompilation_cache.py +46 -0
- angr/analyses/decompiler/decompilation_options.py +275 -0
- angr/analyses/decompiler/decompiler.py +692 -0
- angr/analyses/decompiler/dephication/__init__.py +6 -0
- angr/analyses/decompiler/dephication/dephication_base.py +89 -0
- angr/analyses/decompiler/dephication/graph_dephication.py +63 -0
- angr/analyses/decompiler/dephication/graph_rewriting.py +116 -0
- angr/analyses/decompiler/dephication/graph_vvar_mapping.py +326 -0
- angr/analyses/decompiler/dephication/rewriting_engine.py +504 -0
- angr/analyses/decompiler/dephication/seqnode_dephication.py +134 -0
- angr/analyses/decompiler/empty_node_remover.py +212 -0
- angr/analyses/decompiler/expression_narrower.py +287 -0
- angr/analyses/decompiler/goto_manager.py +112 -0
- angr/analyses/decompiler/graph_region.py +398 -0
- angr/analyses/decompiler/jump_target_collector.py +37 -0
- angr/analyses/decompiler/jumptable_entry_condition_rewriter.py +67 -0
- angr/analyses/decompiler/label_collector.py +32 -0
- angr/analyses/decompiler/optimization_passes/__init__.py +151 -0
- angr/analyses/decompiler/optimization_passes/base_ptr_save_simplifier.py +157 -0
- angr/analyses/decompiler/optimization_passes/call_stmt_rewriter.py +46 -0
- angr/analyses/decompiler/optimization_passes/code_motion.py +362 -0
- angr/analyses/decompiler/optimization_passes/condition_constprop.py +219 -0
- angr/analyses/decompiler/optimization_passes/const_derefs.py +266 -0
- angr/analyses/decompiler/optimization_passes/const_prop_reverter.py +365 -0
- angr/analyses/decompiler/optimization_passes/cross_jump_reverter.py +106 -0
- angr/analyses/decompiler/optimization_passes/deadblock_remover.py +82 -0
- angr/analyses/decompiler/optimization_passes/determine_load_sizes.py +64 -0
- angr/analyses/decompiler/optimization_passes/div_simplifier.py +425 -0
- angr/analyses/decompiler/optimization_passes/duplication_reverter/__init__.py +5 -0
- angr/analyses/decompiler/optimization_passes/duplication_reverter/ail_merge_graph.py +503 -0
- angr/analyses/decompiler/optimization_passes/duplication_reverter/duplication_reverter.py +1218 -0
- angr/analyses/decompiler/optimization_passes/duplication_reverter/errors.py +16 -0
- angr/analyses/decompiler/optimization_passes/duplication_reverter/similarity.py +126 -0
- angr/analyses/decompiler/optimization_passes/duplication_reverter/utils.py +167 -0
- angr/analyses/decompiler/optimization_passes/eager_std_string_concatenation.py +165 -0
- angr/analyses/decompiler/optimization_passes/engine_base.py +500 -0
- angr/analyses/decompiler/optimization_passes/expr_op_swapper.py +135 -0
- angr/analyses/decompiler/optimization_passes/flip_boolean_cmp.py +113 -0
- angr/analyses/decompiler/optimization_passes/inlined_string_transformation_simplifier.py +615 -0
- angr/analyses/decompiler/optimization_passes/ite_expr_converter.py +224 -0
- angr/analyses/decompiler/optimization_passes/ite_region_converter.py +335 -0
- angr/analyses/decompiler/optimization_passes/lowered_switch_simplifier.py +922 -0
- angr/analyses/decompiler/optimization_passes/mod_simplifier.py +99 -0
- angr/analyses/decompiler/optimization_passes/optimization_pass.py +659 -0
- angr/analyses/decompiler/optimization_passes/register_save_area_simplifier.py +221 -0
- angr/analyses/decompiler/optimization_passes/ret_addr_save_simplifier.py +171 -0
- angr/analyses/decompiler/optimization_passes/ret_deduplicator.py +222 -0
- angr/analyses/decompiler/optimization_passes/return_duplicator_base.py +640 -0
- angr/analyses/decompiler/optimization_passes/return_duplicator_high.py +61 -0
- angr/analyses/decompiler/optimization_passes/return_duplicator_low.py +235 -0
- angr/analyses/decompiler/optimization_passes/stack_canary_simplifier.py +333 -0
- angr/analyses/decompiler/optimization_passes/switch_default_case_duplicator.py +149 -0
- angr/analyses/decompiler/optimization_passes/switch_reused_entry_rewriter.py +102 -0
- angr/analyses/decompiler/optimization_passes/tag_slicer.py +41 -0
- angr/analyses/decompiler/optimization_passes/win_stack_canary_simplifier.py +421 -0
- angr/analyses/decompiler/optimization_passes/x86_gcc_getpc_simplifier.py +88 -0
- angr/analyses/decompiler/peephole_optimizations/__init__.py +127 -0
- angr/analyses/decompiler/peephole_optimizations/a_div_const_add_a_mul_n_div_const.py +42 -0
- angr/analyses/decompiler/peephole_optimizations/a_mul_const_div_shr_const.py +38 -0
- angr/analyses/decompiler/peephole_optimizations/a_mul_const_sub_a.py +34 -0
- angr/analyses/decompiler/peephole_optimizations/a_shl_const_sub_a.py +34 -0
- angr/analyses/decompiler/peephole_optimizations/a_sub_a_div.py +25 -0
- angr/analyses/decompiler/peephole_optimizations/a_sub_a_div_const_mul_const.py +57 -0
- angr/analyses/decompiler/peephole_optimizations/a_sub_a_shr_const_shr_const.py +37 -0
- angr/analyses/decompiler/peephole_optimizations/a_sub_a_sub_n.py +23 -0
- angr/analyses/decompiler/peephole_optimizations/arm_cmpf.py +236 -0
- angr/analyses/decompiler/peephole_optimizations/base.py +157 -0
- angr/analyses/decompiler/peephole_optimizations/basepointeroffset_add_n.py +34 -0
- angr/analyses/decompiler/peephole_optimizations/basepointeroffset_and_mask.py +36 -0
- angr/analyses/decompiler/peephole_optimizations/bitwise_or_to_logical_or.py +34 -0
- angr/analyses/decompiler/peephole_optimizations/bool_expr_xor_1.py +27 -0
- angr/analyses/decompiler/peephole_optimizations/bswap.py +142 -0
- angr/analyses/decompiler/peephole_optimizations/cas_intrinsics.py +115 -0
- angr/analyses/decompiler/peephole_optimizations/cmpord_rewriter.py +71 -0
- angr/analyses/decompiler/peephole_optimizations/coalesce_adjacent_shrs.py +39 -0
- angr/analyses/decompiler/peephole_optimizations/coalesce_same_cascading_ifs.py +28 -0
- angr/analyses/decompiler/peephole_optimizations/const_mull_a_shift.py +189 -0
- angr/analyses/decompiler/peephole_optimizations/constant_derefs.py +44 -0
- angr/analyses/decompiler/peephole_optimizations/conv_a_sub0_shr_and.py +69 -0
- angr/analyses/decompiler/peephole_optimizations/conv_shl_shr.py +52 -0
- angr/analyses/decompiler/peephole_optimizations/eager_eval.py +372 -0
- angr/analyses/decompiler/peephole_optimizations/extended_byte_and_mask.py +56 -0
- angr/analyses/decompiler/peephole_optimizations/inlined_strcpy.py +160 -0
- angr/analyses/decompiler/peephole_optimizations/inlined_strcpy_consolidation.py +109 -0
- angr/analyses/decompiler/peephole_optimizations/inlined_wstrcpy.py +170 -0
- angr/analyses/decompiler/peephole_optimizations/invert_negated_logical_conjuction_disjunction.py +50 -0
- angr/analyses/decompiler/peephole_optimizations/one_sub_bool.py +33 -0
- angr/analyses/decompiler/peephole_optimizations/remove_cascading_conversions.py +45 -0
- angr/analyses/decompiler/peephole_optimizations/remove_cxx_destructor_calls.py +32 -0
- angr/analyses/decompiler/peephole_optimizations/remove_empty_if_body.py +46 -0
- angr/analyses/decompiler/peephole_optimizations/remove_noop_conversions.py +47 -0
- angr/analyses/decompiler/peephole_optimizations/remove_redundant_bitmasks.py +116 -0
- angr/analyses/decompiler/peephole_optimizations/remove_redundant_conversions.py +247 -0
- angr/analyses/decompiler/peephole_optimizations/remove_redundant_ite_branch.py +30 -0
- angr/analyses/decompiler/peephole_optimizations/remove_redundant_ite_comparisons.py +54 -0
- angr/analyses/decompiler/peephole_optimizations/remove_redundant_nots.py +36 -0
- angr/analyses/decompiler/peephole_optimizations/remove_redundant_reinterprets.py +44 -0
- angr/analyses/decompiler/peephole_optimizations/remove_redundant_shifts.py +95 -0
- angr/analyses/decompiler/peephole_optimizations/remove_redundant_shifts_around_comparators.py +44 -0
- angr/analyses/decompiler/peephole_optimizations/rewrite_bit_extractions.py +85 -0
- angr/analyses/decompiler/peephole_optimizations/rewrite_conv_mul.py +40 -0
- angr/analyses/decompiler/peephole_optimizations/rewrite_cxx_operator_calls.py +90 -0
- angr/analyses/decompiler/peephole_optimizations/rewrite_mips_gp_loads.py +49 -0
- angr/analyses/decompiler/peephole_optimizations/rol_ror.py +130 -0
- angr/analyses/decompiler/peephole_optimizations/sar_to_signed_div.py +112 -0
- angr/analyses/decompiler/peephole_optimizations/shl_to_mul.py +25 -0
- angr/analyses/decompiler/peephole_optimizations/simplify_pc_relative_loads.py +51 -0
- angr/analyses/decompiler/peephole_optimizations/single_bit_cond_to_boolexpr.py +53 -0
- angr/analyses/decompiler/peephole_optimizations/single_bit_xor.py +29 -0
- angr/analyses/decompiler/peephole_optimizations/tidy_stack_addr.py +131 -0
- angr/analyses/decompiler/peephole_optimizations/utils.py +18 -0
- angr/analyses/decompiler/presets/__init__.py +20 -0
- angr/analyses/decompiler/presets/basic.py +32 -0
- angr/analyses/decompiler/presets/fast.py +58 -0
- angr/analyses/decompiler/presets/full.py +68 -0
- angr/analyses/decompiler/presets/preset.py +37 -0
- angr/analyses/decompiler/redundant_label_remover.py +134 -0
- angr/analyses/decompiler/region_identifier.py +1218 -0
- angr/analyses/decompiler/region_simplifiers/__init__.py +5 -0
- angr/analyses/decompiler/region_simplifiers/cascading_cond_transformer.py +95 -0
- angr/analyses/decompiler/region_simplifiers/cascading_ifs.py +82 -0
- angr/analyses/decompiler/region_simplifiers/expr_folding.py +789 -0
- angr/analyses/decompiler/region_simplifiers/goto.py +178 -0
- angr/analyses/decompiler/region_simplifiers/if_.py +135 -0
- angr/analyses/decompiler/region_simplifiers/ifelse.py +91 -0
- angr/analyses/decompiler/region_simplifiers/loop.py +143 -0
- angr/analyses/decompiler/region_simplifiers/node_address_finder.py +24 -0
- angr/analyses/decompiler/region_simplifiers/region_simplifier.py +234 -0
- angr/analyses/decompiler/region_simplifiers/switch_cluster_simplifier.py +654 -0
- angr/analyses/decompiler/region_simplifiers/switch_expr_simplifier.py +87 -0
- angr/analyses/decompiler/region_walker.py +24 -0
- angr/analyses/decompiler/return_maker.py +72 -0
- angr/analyses/decompiler/seq_to_blocks.py +20 -0
- angr/analyses/decompiler/sequence_walker.py +257 -0
- angr/analyses/decompiler/ssailification/__init__.py +4 -0
- angr/analyses/decompiler/ssailification/rewriting.py +379 -0
- angr/analyses/decompiler/ssailification/rewriting_engine.py +1053 -0
- angr/analyses/decompiler/ssailification/rewriting_state.py +61 -0
- angr/analyses/decompiler/ssailification/ssailification.py +276 -0
- angr/analyses/decompiler/ssailification/traversal.py +124 -0
- angr/analyses/decompiler/ssailification/traversal_engine.py +297 -0
- angr/analyses/decompiler/ssailification/traversal_state.py +48 -0
- angr/analyses/decompiler/stack_item.py +36 -0
- angr/analyses/decompiler/structured_codegen/__init__.py +25 -0
- angr/analyses/decompiler/structured_codegen/base.py +132 -0
- angr/analyses/decompiler/structured_codegen/c.py +4069 -0
- angr/analyses/decompiler/structured_codegen/dummy.py +15 -0
- angr/analyses/decompiler/structured_codegen/dwarf_import.py +190 -0
- angr/analyses/decompiler/structuring/__init__.py +30 -0
- angr/analyses/decompiler/structuring/dream.py +1217 -0
- angr/analyses/decompiler/structuring/phoenix.py +2999 -0
- angr/analyses/decompiler/structuring/recursive_structurer.py +187 -0
- angr/analyses/decompiler/structuring/sailr.py +112 -0
- angr/analyses/decompiler/structuring/structurer_base.py +1067 -0
- angr/analyses/decompiler/structuring/structurer_nodes.py +438 -0
- angr/analyses/decompiler/utils.py +1106 -0
- angr/analyses/deobfuscator/__init__.py +18 -0
- angr/analyses/deobfuscator/api_obf_finder.py +325 -0
- angr/analyses/deobfuscator/api_obf_peephole_optimizer.py +51 -0
- angr/analyses/deobfuscator/api_obf_type2_finder.py +166 -0
- angr/analyses/deobfuscator/irsb_reg_collector.py +54 -0
- angr/analyses/deobfuscator/string_obf_finder.py +861 -0
- angr/analyses/deobfuscator/string_obf_opt_passes.py +133 -0
- angr/analyses/deobfuscator/string_obf_peephole_optimizer.py +47 -0
- angr/analyses/disassembly.py +1301 -0
- angr/analyses/disassembly_utils.py +101 -0
- angr/analyses/dominance_frontier.py +57 -0
- angr/analyses/fcp/__init__.py +4 -0
- angr/analyses/fcp/fcp.py +426 -0
- angr/analyses/find_objects_static.py +205 -0
- angr/analyses/flirt/__init__.py +47 -0
- angr/analyses/flirt/consts.py +160 -0
- angr/analyses/flirt/flirt.py +244 -0
- angr/analyses/flirt/flirt_function.py +20 -0
- angr/analyses/flirt/flirt_matcher.py +351 -0
- angr/analyses/flirt/flirt_module.py +32 -0
- angr/analyses/flirt/flirt_node.py +23 -0
- angr/analyses/flirt/flirt_sig.py +356 -0
- angr/analyses/flirt/flirt_utils.py +31 -0
- angr/analyses/forward_analysis/__init__.py +12 -0
- angr/analyses/forward_analysis/forward_analysis.py +530 -0
- angr/analyses/forward_analysis/job_info.py +64 -0
- angr/analyses/forward_analysis/visitors/__init__.py +14 -0
- angr/analyses/forward_analysis/visitors/call_graph.py +29 -0
- angr/analyses/forward_analysis/visitors/function_graph.py +86 -0
- angr/analyses/forward_analysis/visitors/graph.py +242 -0
- angr/analyses/forward_analysis/visitors/loop.py +29 -0
- angr/analyses/forward_analysis/visitors/single_node_graph.py +38 -0
- angr/analyses/identifier/__init__.py +5 -0
- angr/analyses/identifier/custom_callable.py +137 -0
- angr/analyses/identifier/errors.py +10 -0
- angr/analyses/identifier/func.py +60 -0
- angr/analyses/identifier/functions/__init__.py +37 -0
- angr/analyses/identifier/functions/atoi.py +73 -0
- angr/analyses/identifier/functions/based_atoi.py +125 -0
- angr/analyses/identifier/functions/fdprintf.py +123 -0
- angr/analyses/identifier/functions/free.py +64 -0
- angr/analyses/identifier/functions/int2str.py +287 -0
- angr/analyses/identifier/functions/malloc.py +111 -0
- angr/analyses/identifier/functions/memcmp.py +67 -0
- angr/analyses/identifier/functions/memcpy.py +89 -0
- angr/analyses/identifier/functions/memset.py +43 -0
- angr/analyses/identifier/functions/printf.py +123 -0
- angr/analyses/identifier/functions/recv_until.py +312 -0
- angr/analyses/identifier/functions/skip_calloc.py +73 -0
- angr/analyses/identifier/functions/skip_realloc.py +97 -0
- angr/analyses/identifier/functions/skip_recv_n.py +105 -0
- angr/analyses/identifier/functions/snprintf.py +112 -0
- angr/analyses/identifier/functions/sprintf.py +116 -0
- angr/analyses/identifier/functions/strcasecmp.py +33 -0
- angr/analyses/identifier/functions/strcmp.py +113 -0
- angr/analyses/identifier/functions/strcpy.py +43 -0
- angr/analyses/identifier/functions/strlen.py +27 -0
- angr/analyses/identifier/functions/strncmp.py +104 -0
- angr/analyses/identifier/functions/strncpy.py +65 -0
- angr/analyses/identifier/functions/strtol.py +89 -0
- angr/analyses/identifier/identify.py +825 -0
- angr/analyses/identifier/runner.py +360 -0
- angr/analyses/init_finder.py +289 -0
- angr/analyses/loop_analysis.py +349 -0
- angr/analyses/loopfinder.py +171 -0
- angr/analyses/patchfinder.py +137 -0
- angr/analyses/pathfinder.py +282 -0
- angr/analyses/propagator/__init__.py +5 -0
- angr/analyses/propagator/engine_base.py +62 -0
- angr/analyses/propagator/engine_vex.py +297 -0
- angr/analyses/propagator/propagator.py +361 -0
- angr/analyses/propagator/top_checker_mixin.py +218 -0
- angr/analyses/propagator/values.py +117 -0
- angr/analyses/propagator/vex_vars.py +68 -0
- angr/analyses/proximity_graph.py +444 -0
- angr/analyses/reaching_definitions/__init__.py +67 -0
- angr/analyses/reaching_definitions/call_trace.py +73 -0
- angr/analyses/reaching_definitions/dep_graph.py +433 -0
- angr/analyses/reaching_definitions/engine_ail.py +1130 -0
- angr/analyses/reaching_definitions/engine_vex.py +1127 -0
- angr/analyses/reaching_definitions/external_codeloc.py +0 -0
- angr/analyses/reaching_definitions/function_handler.py +637 -0
- angr/analyses/reaching_definitions/function_handler_library/__init__.py +12 -0
- angr/analyses/reaching_definitions/function_handler_library/stdio.py +268 -0
- angr/analyses/reaching_definitions/function_handler_library/stdlib.py +189 -0
- angr/analyses/reaching_definitions/function_handler_library/string.py +147 -0
- angr/analyses/reaching_definitions/function_handler_library/unistd.py +44 -0
- angr/analyses/reaching_definitions/heap_allocator.py +70 -0
- angr/analyses/reaching_definitions/rd_initializer.py +237 -0
- angr/analyses/reaching_definitions/rd_state.py +579 -0
- angr/analyses/reaching_definitions/reaching_definitions.py +581 -0
- angr/analyses/reaching_definitions/subject.py +65 -0
- angr/analyses/reassembler.py +2900 -0
- angr/analyses/s_liveness.py +203 -0
- angr/analyses/s_propagator.py +544 -0
- angr/analyses/s_reaching_definitions/__init__.py +12 -0
- angr/analyses/s_reaching_definitions/s_rda_model.py +135 -0
- angr/analyses/s_reaching_definitions/s_rda_view.py +315 -0
- angr/analyses/s_reaching_definitions/s_reaching_definitions.py +174 -0
- angr/analyses/smc.py +161 -0
- angr/analyses/soot_class_hierarchy.py +273 -0
- angr/analyses/stack_pointer_tracker.py +957 -0
- angr/analyses/static_hooker.py +53 -0
- angr/analyses/typehoon/__init__.py +5 -0
- angr/analyses/typehoon/dfa.py +118 -0
- angr/analyses/typehoon/lifter.py +122 -0
- angr/analyses/typehoon/simple_solver.py +1450 -0
- angr/analyses/typehoon/translator.py +279 -0
- angr/analyses/typehoon/typeconsts.py +336 -0
- angr/analyses/typehoon/typehoon.py +305 -0
- angr/analyses/typehoon/typevars.py +578 -0
- angr/analyses/typehoon/variance.py +11 -0
- angr/analyses/unpacker/__init__.py +6 -0
- angr/analyses/unpacker/obfuscation_detector.py +103 -0
- angr/analyses/unpacker/packing_detector.py +138 -0
- angr/analyses/variable_recovery/__init__.py +9 -0
- angr/analyses/variable_recovery/annotations.py +58 -0
- angr/analyses/variable_recovery/engine_ail.py +891 -0
- angr/analyses/variable_recovery/engine_base.py +1185 -0
- angr/analyses/variable_recovery/engine_vex.py +593 -0
- angr/analyses/variable_recovery/irsb_scanner.py +143 -0
- angr/analyses/variable_recovery/variable_recovery.py +573 -0
- angr/analyses/variable_recovery/variable_recovery_base.py +461 -0
- angr/analyses/variable_recovery/variable_recovery_fast.py +652 -0
- angr/analyses/veritesting.py +626 -0
- angr/analyses/vfg.py +1898 -0
- angr/analyses/vsa_ddg.py +420 -0
- angr/analyses/vtable.py +92 -0
- angr/analyses/xrefs.py +286 -0
- angr/angrdb/__init__.py +14 -0
- angr/angrdb/db.py +206 -0
- angr/angrdb/models.py +184 -0
- angr/angrdb/serializers/__init__.py +10 -0
- angr/angrdb/serializers/cfg_model.py +41 -0
- angr/angrdb/serializers/comments.py +60 -0
- angr/angrdb/serializers/funcs.py +61 -0
- angr/angrdb/serializers/kb.py +111 -0
- angr/angrdb/serializers/labels.py +59 -0
- angr/angrdb/serializers/loader.py +165 -0
- angr/angrdb/serializers/structured_code.py +125 -0
- angr/angrdb/serializers/variables.py +58 -0
- angr/angrdb/serializers/xrefs.py +48 -0
- angr/annocfg.py +317 -0
- angr/blade.py +426 -0
- angr/block.py +509 -0
- angr/callable.py +168 -0
- angr/calling_conventions.py +2580 -0
- angr/code_location.py +163 -0
- angr/codenode.py +145 -0
- angr/concretization_strategies/__init__.py +32 -0
- angr/concretization_strategies/any.py +17 -0
- angr/concretization_strategies/any_named.py +35 -0
- angr/concretization_strategies/base.py +81 -0
- angr/concretization_strategies/controlled_data.py +58 -0
- angr/concretization_strategies/eval.py +19 -0
- angr/concretization_strategies/logging.py +35 -0
- angr/concretization_strategies/max.py +25 -0
- angr/concretization_strategies/nonzero.py +16 -0
- angr/concretization_strategies/nonzero_range.py +22 -0
- angr/concretization_strategies/norepeats.py +37 -0
- angr/concretization_strategies/norepeats_range.py +37 -0
- angr/concretization_strategies/range.py +19 -0
- angr/concretization_strategies/signed_add.py +31 -0
- angr/concretization_strategies/single.py +15 -0
- angr/concretization_strategies/solutions.py +20 -0
- angr/concretization_strategies/unlimited_range.py +17 -0
- angr/distributed/__init__.py +9 -0
- angr/distributed/server.py +197 -0
- angr/distributed/worker.py +185 -0
- angr/engines/__init__.py +67 -0
- angr/engines/engine.py +29 -0
- angr/engines/failure.py +27 -0
- angr/engines/hook.py +68 -0
- angr/engines/light/__init__.py +23 -0
- angr/engines/light/data.py +681 -0
- angr/engines/light/engine.py +1285 -0
- angr/engines/pcode/__init__.py +9 -0
- angr/engines/pcode/behavior.py +997 -0
- angr/engines/pcode/cc.py +128 -0
- angr/engines/pcode/emulate.py +443 -0
- angr/engines/pcode/engine.py +242 -0
- angr/engines/pcode/lifter.py +1428 -0
- angr/engines/procedure.py +70 -0
- angr/engines/soot/__init__.py +5 -0
- angr/engines/soot/engine.py +410 -0
- angr/engines/soot/exceptions.py +17 -0
- angr/engines/soot/expressions/__init__.py +87 -0
- angr/engines/soot/expressions/arrayref.py +22 -0
- angr/engines/soot/expressions/base.py +21 -0
- angr/engines/soot/expressions/binop.py +28 -0
- angr/engines/soot/expressions/cast.py +22 -0
- angr/engines/soot/expressions/condition.py +35 -0
- angr/engines/soot/expressions/constants.py +47 -0
- angr/engines/soot/expressions/instanceOf.py +15 -0
- angr/engines/soot/expressions/instancefieldref.py +8 -0
- angr/engines/soot/expressions/invoke.py +114 -0
- angr/engines/soot/expressions/length.py +8 -0
- angr/engines/soot/expressions/local.py +8 -0
- angr/engines/soot/expressions/new.py +16 -0
- angr/engines/soot/expressions/newArray.py +54 -0
- angr/engines/soot/expressions/newMultiArray.py +86 -0
- angr/engines/soot/expressions/paramref.py +8 -0
- angr/engines/soot/expressions/phi.py +30 -0
- angr/engines/soot/expressions/staticfieldref.py +8 -0
- angr/engines/soot/expressions/thisref.py +7 -0
- angr/engines/soot/expressions/unsupported.py +7 -0
- angr/engines/soot/field_dispatcher.py +46 -0
- angr/engines/soot/method_dispatcher.py +46 -0
- angr/engines/soot/statements/__init__.py +44 -0
- angr/engines/soot/statements/assign.py +30 -0
- angr/engines/soot/statements/base.py +79 -0
- angr/engines/soot/statements/goto.py +14 -0
- angr/engines/soot/statements/identity.py +15 -0
- angr/engines/soot/statements/if_.py +19 -0
- angr/engines/soot/statements/invoke.py +12 -0
- angr/engines/soot/statements/return_.py +20 -0
- angr/engines/soot/statements/switch.py +41 -0
- angr/engines/soot/statements/throw.py +15 -0
- angr/engines/soot/values/__init__.py +38 -0
- angr/engines/soot/values/arrayref.py +122 -0
- angr/engines/soot/values/base.py +7 -0
- angr/engines/soot/values/constants.py +18 -0
- angr/engines/soot/values/instancefieldref.py +44 -0
- angr/engines/soot/values/local.py +18 -0
- angr/engines/soot/values/paramref.py +18 -0
- angr/engines/soot/values/staticfieldref.py +38 -0
- angr/engines/soot/values/strref.py +38 -0
- angr/engines/soot/values/thisref.py +149 -0
- angr/engines/successors.py +654 -0
- angr/engines/syscall.py +51 -0
- angr/engines/unicorn.py +490 -0
- angr/engines/vex/__init__.py +20 -0
- angr/engines/vex/claripy/__init__.py +5 -0
- angr/engines/vex/claripy/ccall.py +2097 -0
- angr/engines/vex/claripy/datalayer.py +141 -0
- angr/engines/vex/claripy/irop.py +1276 -0
- angr/engines/vex/heavy/__init__.py +16 -0
- angr/engines/vex/heavy/actions.py +231 -0
- angr/engines/vex/heavy/concretizers.py +403 -0
- angr/engines/vex/heavy/dirty.py +466 -0
- angr/engines/vex/heavy/heavy.py +370 -0
- angr/engines/vex/heavy/inspect.py +52 -0
- angr/engines/vex/heavy/resilience.py +85 -0
- angr/engines/vex/heavy/super_fastpath.py +34 -0
- angr/engines/vex/lifter.py +420 -0
- angr/engines/vex/light/__init__.py +11 -0
- angr/engines/vex/light/light.py +551 -0
- angr/engines/vex/light/resilience.py +74 -0
- angr/engines/vex/light/slicing.py +52 -0
- angr/errors.py +609 -0
- angr/exploration_techniques/__init__.py +53 -0
- angr/exploration_techniques/base.py +126 -0
- angr/exploration_techniques/bucketizer.py +94 -0
- angr/exploration_techniques/common.py +56 -0
- angr/exploration_techniques/dfs.py +37 -0
- angr/exploration_techniques/director.py +520 -0
- angr/exploration_techniques/driller_core.py +100 -0
- angr/exploration_techniques/explorer.py +152 -0
- angr/exploration_techniques/lengthlimiter.py +22 -0
- angr/exploration_techniques/local_loop_seer.py +65 -0
- angr/exploration_techniques/loop_seer.py +236 -0
- angr/exploration_techniques/manual_mergepoint.py +82 -0
- angr/exploration_techniques/memory_watcher.py +43 -0
- angr/exploration_techniques/oppologist.py +92 -0
- angr/exploration_techniques/slicecutor.py +118 -0
- angr/exploration_techniques/spiller.py +280 -0
- angr/exploration_techniques/spiller_db.py +27 -0
- angr/exploration_techniques/stochastic.py +56 -0
- angr/exploration_techniques/stub_stasher.py +19 -0
- angr/exploration_techniques/suggestions.py +159 -0
- angr/exploration_techniques/tech_builder.py +49 -0
- angr/exploration_techniques/threading.py +69 -0
- angr/exploration_techniques/timeout.py +34 -0
- angr/exploration_techniques/tracer.py +1098 -0
- angr/exploration_techniques/unique.py +106 -0
- angr/exploration_techniques/veritesting.py +37 -0
- angr/factory.py +404 -0
- angr/flirt/__init__.py +97 -0
- angr/flirt/build_sig.py +305 -0
- angr/graph_utils.py +0 -0
- angr/keyed_region.py +525 -0
- angr/knowledge_base.py +143 -0
- angr/knowledge_plugins/__init__.py +43 -0
- angr/knowledge_plugins/callsite_prototypes.py +53 -0
- angr/knowledge_plugins/cfg/__init__.py +18 -0
- angr/knowledge_plugins/cfg/cfg_manager.py +95 -0
- angr/knowledge_plugins/cfg/cfg_model.py +1045 -0
- angr/knowledge_plugins/cfg/cfg_node.py +536 -0
- angr/knowledge_plugins/cfg/indirect_jump.py +65 -0
- angr/knowledge_plugins/cfg/memory_data.py +156 -0
- angr/knowledge_plugins/comments.py +16 -0
- angr/knowledge_plugins/custom_strings.py +38 -0
- angr/knowledge_plugins/data.py +22 -0
- angr/knowledge_plugins/debug_variables.py +216 -0
- angr/knowledge_plugins/functions/__init__.py +9 -0
- angr/knowledge_plugins/functions/function.py +1772 -0
- angr/knowledge_plugins/functions/function_manager.py +526 -0
- angr/knowledge_plugins/functions/function_parser.py +299 -0
- angr/knowledge_plugins/functions/soot_function.py +128 -0
- angr/knowledge_plugins/indirect_jumps.py +35 -0
- angr/knowledge_plugins/key_definitions/__init__.py +17 -0
- angr/knowledge_plugins/key_definitions/atoms.py +374 -0
- angr/knowledge_plugins/key_definitions/constants.py +29 -0
- angr/knowledge_plugins/key_definitions/definition.py +214 -0
- angr/knowledge_plugins/key_definitions/environment.py +96 -0
- angr/knowledge_plugins/key_definitions/heap_address.py +33 -0
- angr/knowledge_plugins/key_definitions/key_definition_manager.py +82 -0
- angr/knowledge_plugins/key_definitions/live_definitions.py +1010 -0
- angr/knowledge_plugins/key_definitions/liveness.py +165 -0
- angr/knowledge_plugins/key_definitions/rd_model.py +171 -0
- angr/knowledge_plugins/key_definitions/tag.py +78 -0
- angr/knowledge_plugins/key_definitions/undefined.py +70 -0
- angr/knowledge_plugins/key_definitions/unknown_size.py +86 -0
- angr/knowledge_plugins/key_definitions/uses.py +178 -0
- angr/knowledge_plugins/labels.py +110 -0
- angr/knowledge_plugins/obfuscations.py +37 -0
- angr/knowledge_plugins/patches.py +126 -0
- angr/knowledge_plugins/plugin.py +24 -0
- angr/knowledge_plugins/propagations/__init__.py +10 -0
- angr/knowledge_plugins/propagations/prop_value.py +191 -0
- angr/knowledge_plugins/propagations/propagation_manager.py +60 -0
- angr/knowledge_plugins/propagations/propagation_model.py +73 -0
- angr/knowledge_plugins/propagations/states.py +552 -0
- angr/knowledge_plugins/structured_code.py +63 -0
- angr/knowledge_plugins/types.py +88 -0
- angr/knowledge_plugins/variables/__init__.py +8 -0
- angr/knowledge_plugins/variables/variable_access.py +113 -0
- angr/knowledge_plugins/variables/variable_manager.py +1368 -0
- angr/knowledge_plugins/xrefs/__init__.py +12 -0
- angr/knowledge_plugins/xrefs/xref.py +150 -0
- angr/knowledge_plugins/xrefs/xref_manager.py +127 -0
- angr/knowledge_plugins/xrefs/xref_types.py +16 -0
- angr/lib/angr_native.dylib +0 -0
- angr/misc/__init__.py +19 -0
- angr/misc/ansi.py +47 -0
- angr/misc/autoimport.py +90 -0
- angr/misc/bug_report.py +117 -0
- angr/misc/hookset.py +106 -0
- angr/misc/loggers.py +130 -0
- angr/misc/picklable_lock.py +46 -0
- angr/misc/plugins.py +289 -0
- angr/misc/telemetry.py +54 -0
- angr/misc/testing.py +24 -0
- angr/misc/ux.py +31 -0
- angr/procedures/__init__.py +12 -0
- angr/procedures/advapi32/__init__.py +0 -0
- angr/procedures/cgc/__init__.py +3 -0
- angr/procedures/cgc/_terminate.py +11 -0
- angr/procedures/cgc/allocate.py +75 -0
- angr/procedures/cgc/deallocate.py +67 -0
- angr/procedures/cgc/fdwait.py +65 -0
- angr/procedures/cgc/random.py +67 -0
- angr/procedures/cgc/receive.py +93 -0
- angr/procedures/cgc/transmit.py +65 -0
- angr/procedures/definitions/__init__.py +779 -0
- angr/procedures/definitions/cgc.py +20 -0
- angr/procedures/definitions/glibc.py +8372 -0
- angr/procedures/definitions/gnulib.py +32 -0
- angr/procedures/definitions/libstdcpp.py +21 -0
- angr/procedures/definitions/linux_kernel.py +6171 -0
- angr/procedures/definitions/linux_loader.py +7 -0
- angr/procedures/definitions/msvcr.py +16 -0
- angr/procedures/definitions/parse_syscalls_from_local_system.py +50 -0
- angr/procedures/definitions/parse_win32json.py +2553 -0
- angr/procedures/definitions/types_stl.py +22 -0
- angr/procedures/definitions/types_win32.py +34482 -0
- angr/procedures/definitions/wdk_api-ms-win-dx-d3dkmt-l1-1-4.py +30 -0
- angr/procedures/definitions/wdk_api-ms-win-dx-d3dkmt-l1-1-6.py +26 -0
- angr/procedures/definitions/wdk_clfs.py +140 -0
- angr/procedures/definitions/wdk_fltmgr.py +556 -0
- angr/procedures/definitions/wdk_fwpkclnt.py +30 -0
- angr/procedures/definitions/wdk_fwpuclnt.py +316 -0
- angr/procedures/definitions/wdk_gdi32.py +366 -0
- angr/procedures/definitions/wdk_hal.py +78 -0
- angr/procedures/definitions/wdk_ksecdd.py +62 -0
- angr/procedures/definitions/wdk_ndis.py +238 -0
- angr/procedures/definitions/wdk_ntoskrnl.py +3451 -0
- angr/procedures/definitions/wdk_offreg.py +72 -0
- angr/procedures/definitions/wdk_pshed.py +36 -0
- angr/procedures/definitions/wdk_secur32.py +40 -0
- angr/procedures/definitions/wdk_vhfum.py +34 -0
- angr/procedures/definitions/win32_aclui.py +30 -0
- angr/procedures/definitions/win32_activeds.py +68 -0
- angr/procedures/definitions/win32_advapi32.py +1684 -0
- angr/procedures/definitions/win32_advpack.py +124 -0
- angr/procedures/definitions/win32_amsi.py +38 -0
- angr/procedures/definitions/win32_api-ms-win-appmodel-runtime-l1-1-1.py +44 -0
- angr/procedures/definitions/win32_api-ms-win-appmodel-runtime-l1-1-3.py +34 -0
- angr/procedures/definitions/win32_api-ms-win-appmodel-runtime-l1-1-6.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-core-apiquery-l2-1-0.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-core-backgroundtask-l1-1-0.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-core-comm-l1-1-1.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-core-comm-l1-1-2.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-core-enclave-l1-1-1.py +30 -0
- angr/procedures/definitions/win32_api-ms-win-core-errorhandling-l1-1-3.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-core-featurestaging-l1-1-0.py +34 -0
- angr/procedures/definitions/win32_api-ms-win-core-featurestaging-l1-1-1.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-core-file-fromapp-l1-1-0.py +46 -0
- angr/procedures/definitions/win32_api-ms-win-core-handle-l1-1-0.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-core-ioring-l1-1-0.py +48 -0
- angr/procedures/definitions/win32_api-ms-win-core-marshal-l1-1-0.py +32 -0
- angr/procedures/definitions/win32_api-ms-win-core-memory-l1-1-3.py +32 -0
- angr/procedures/definitions/win32_api-ms-win-core-memory-l1-1-4.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-core-memory-l1-1-5.py +30 -0
- angr/procedures/definitions/win32_api-ms-win-core-memory-l1-1-6.py +32 -0
- angr/procedures/definitions/win32_api-ms-win-core-memory-l1-1-7.py +28 -0
- angr/procedures/definitions/win32_api-ms-win-core-memory-l1-1-8.py +30 -0
- angr/procedures/definitions/win32_api-ms-win-core-path-l1-1-0.py +68 -0
- angr/procedures/definitions/win32_api-ms-win-core-psm-appnotify-l1-1-0.py +28 -0
- angr/procedures/definitions/win32_api-ms-win-core-psm-appnotify-l1-1-1.py +28 -0
- angr/procedures/definitions/win32_api-ms-win-core-realtime-l1-1-1.py +30 -0
- angr/procedures/definitions/win32_api-ms-win-core-realtime-l1-1-2.py +30 -0
- angr/procedures/definitions/win32_api-ms-win-core-slapi-l1-1-0.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-core-state-helpers-l1-1-0.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-core-synch-l1-2-0.py +30 -0
- angr/procedures/definitions/win32_api-ms-win-core-sysinfo-l1-2-0.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-core-sysinfo-l1-2-3.py +28 -0
- angr/procedures/definitions/win32_api-ms-win-core-sysinfo-l1-2-4.py +28 -0
- angr/procedures/definitions/win32_api-ms-win-core-sysinfo-l1-2-6.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-core-util-l1-1-1.py +28 -0
- angr/procedures/definitions/win32_api-ms-win-core-winrt-error-l1-1-0.py +44 -0
- angr/procedures/definitions/win32_api-ms-win-core-winrt-error-l1-1-1.py +38 -0
- angr/procedures/definitions/win32_api-ms-win-core-winrt-l1-1-0.py +40 -0
- angr/procedures/definitions/win32_api-ms-win-core-winrt-registration-l1-1-0.py +24 -0
- angr/procedures/definitions/win32_api-ms-win-core-winrt-robuffer-l1-1-0.py +24 -0
- angr/procedures/definitions/win32_api-ms-win-core-winrt-roparameterizediid-l1-1-0.py +28 -0
- angr/procedures/definitions/win32_api-ms-win-core-winrt-string-l1-1-0.py +76 -0
- angr/procedures/definitions/win32_api-ms-win-core-winrt-string-l1-1-1.py +24 -0
- angr/procedures/definitions/win32_api-ms-win-core-wow64-l1-1-1.py +30 -0
- angr/procedures/definitions/win32_api-ms-win-devices-query-l1-1-0.py +42 -0
- angr/procedures/definitions/win32_api-ms-win-devices-query-l1-1-1.py +34 -0
- angr/procedures/definitions/win32_api-ms-win-dx-d3dkmt-l1-1-0.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-gaming-deviceinformation-l1-1-0.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-gaming-expandedresources-l1-1-0.py +30 -0
- angr/procedures/definitions/win32_api-ms-win-gaming-tcui-l1-1-0.py +38 -0
- angr/procedures/definitions/win32_api-ms-win-gaming-tcui-l1-1-1.py +28 -0
- angr/procedures/definitions/win32_api-ms-win-gaming-tcui-l1-1-2.py +38 -0
- angr/procedures/definitions/win32_api-ms-win-gaming-tcui-l1-1-3.py +28 -0
- angr/procedures/definitions/win32_api-ms-win-gaming-tcui-l1-1-4.py +40 -0
- angr/procedures/definitions/win32_api-ms-win-mm-misc-l1-1-1.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-net-isolation-l1-1-0.py +40 -0
- angr/procedures/definitions/win32_api-ms-win-security-base-l1-2-2.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-security-isolatedcontainer-l1-1-0.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-security-isolatedcontainer-l1-1-1.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-service-core-l1-1-3.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-service-core-l1-1-4.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-service-core-l1-1-5.py +28 -0
- angr/procedures/definitions/win32_api-ms-win-shcore-scaling-l1-1-0.py +30 -0
- angr/procedures/definitions/win32_api-ms-win-shcore-scaling-l1-1-1.py +36 -0
- angr/procedures/definitions/win32_api-ms-win-shcore-scaling-l1-1-2.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-shcore-stream-winrt-l1-1-0.py +28 -0
- angr/procedures/definitions/win32_api-ms-win-wsl-api-l1-1-0.py +38 -0
- angr/procedures/definitions/win32_apphelp.py +26 -0
- angr/procedures/definitions/win32_authz.py +90 -0
- angr/procedures/definitions/win32_avicap32.py +32 -0
- angr/procedures/definitions/win32_avifil32.py +144 -0
- angr/procedures/definitions/win32_avrt.py +52 -0
- angr/procedures/definitions/win32_bcp47mrm.py +28 -0
- angr/procedures/definitions/win32_bcrypt.py +130 -0
- angr/procedures/definitions/win32_bcryptprimitives.py +28 -0
- angr/procedures/definitions/win32_bluetoothapis.py +106 -0
- angr/procedures/definitions/win32_bthprops.py +34 -0
- angr/procedures/definitions/win32_bthprops_cpl.py +36 -0
- angr/procedures/definitions/win32_cabinet.py +68 -0
- angr/procedures/definitions/win32_certadm.py +60 -0
- angr/procedures/definitions/win32_certpoleng.py +40 -0
- angr/procedures/definitions/win32_cfgmgr32.py +502 -0
- angr/procedures/definitions/win32_chakra.py +198 -0
- angr/procedures/definitions/win32_cldapi.py +96 -0
- angr/procedures/definitions/win32_clfsw32.py +142 -0
- angr/procedures/definitions/win32_clusapi.py +584 -0
- angr/procedures/definitions/win32_comctl32.py +254 -0
- angr/procedures/definitions/win32_comdlg32.py +66 -0
- angr/procedures/definitions/win32_compstui.py +32 -0
- angr/procedures/definitions/win32_computecore.py +132 -0
- angr/procedures/definitions/win32_computenetwork.py +110 -0
- angr/procedures/definitions/win32_computestorage.py +48 -0
- angr/procedures/definitions/win32_comsvcs.py +38 -0
- angr/procedures/definitions/win32_coremessaging.py +24 -0
- angr/procedures/definitions/win32_credui.py +62 -0
- angr/procedures/definitions/win32_crypt32.py +482 -0
- angr/procedures/definitions/win32_cryptnet.py +34 -0
- angr/procedures/definitions/win32_cryptui.py +44 -0
- angr/procedures/definitions/win32_cryptxml.py +62 -0
- angr/procedures/definitions/win32_cscapi.py +32 -0
- angr/procedures/definitions/win32_d2d1.py +50 -0
- angr/procedures/definitions/win32_d3d10.py +78 -0
- angr/procedures/definitions/win32_d3d10_1.py +28 -0
- angr/procedures/definitions/win32_d3d11.py +30 -0
- angr/procedures/definitions/win32_d3d12.py +40 -0
- angr/procedures/definitions/win32_d3d9.py +46 -0
- angr/procedures/definitions/win32_d3dcompiler_47.py +76 -0
- angr/procedures/definitions/win32_d3dcsx.py +42 -0
- angr/procedures/definitions/win32_davclnt.py +60 -0
- angr/procedures/definitions/win32_dbgeng.py +32 -0
- angr/procedures/definitions/win32_dbghelp.py +462 -0
- angr/procedures/definitions/win32_dbgmodel.py +26 -0
- angr/procedures/definitions/win32_dciman32.py +64 -0
- angr/procedures/definitions/win32_dcomp.py +48 -0
- angr/procedures/definitions/win32_ddraw.py +38 -0
- angr/procedures/definitions/win32_deviceaccess.py +26 -0
- angr/procedures/definitions/win32_dflayout.py +26 -0
- angr/procedures/definitions/win32_dhcpcsvc.py +54 -0
- angr/procedures/definitions/win32_dhcpcsvc6.py +36 -0
- angr/procedures/definitions/win32_dhcpsapi.py +416 -0
- angr/procedures/definitions/win32_diagnosticdataquery.py +94 -0
- angr/procedures/definitions/win32_dinput8.py +26 -0
- angr/procedures/definitions/win32_directml.py +28 -0
- angr/procedures/definitions/win32_dmprocessxmlfiltered.py +26 -0
- angr/procedures/definitions/win32_dnsapi.py +152 -0
- angr/procedures/definitions/win32_drt.py +56 -0
- angr/procedures/definitions/win32_drtprov.py +42 -0
- angr/procedures/definitions/win32_drttransport.py +28 -0
- angr/procedures/definitions/win32_dsound.py +44 -0
- angr/procedures/definitions/win32_dsparse.py +62 -0
- angr/procedures/definitions/win32_dsprop.py +38 -0
- angr/procedures/definitions/win32_dssec.py +32 -0
- angr/procedures/definitions/win32_dsuiext.py +32 -0
- angr/procedures/definitions/win32_dwmapi.py +86 -0
- angr/procedures/definitions/win32_dwrite.py +26 -0
- angr/procedures/definitions/win32_dxcompiler.py +28 -0
- angr/procedures/definitions/win32_dxcore.py +26 -0
- angr/procedures/definitions/win32_dxgi.py +36 -0
- angr/procedures/definitions/win32_dxva2.py +100 -0
- angr/procedures/definitions/win32_eappcfg.py +52 -0
- angr/procedures/definitions/win32_eappprxy.py +60 -0
- angr/procedures/definitions/win32_efswrt.py +28 -0
- angr/procedures/definitions/win32_elscore.py +34 -0
- angr/procedures/definitions/win32_esent.py +482 -0
- angr/procedures/definitions/win32_evr.py +38 -0
- angr/procedures/definitions/win32_faultrep.py +32 -0
- angr/procedures/definitions/win32_fhsvcctl.py +38 -0
- angr/procedures/definitions/win32_firewallapi.py +30 -0
- angr/procedures/definitions/win32_fltlib.py +80 -0
- angr/procedures/definitions/win32_fontsub.py +28 -0
- angr/procedures/definitions/win32_forceinline.py +30 -0
- angr/procedures/definitions/win32_fwpuclnt.py +408 -0
- angr/procedures/definitions/win32_fxsutility.py +28 -0
- angr/procedures/definitions/win32_gdi32.py +886 -0
- angr/procedures/definitions/win32_gdiplus.py +1282 -0
- angr/procedures/definitions/win32_glu32.py +128 -0
- angr/procedures/definitions/win32_gpedit.py +36 -0
- angr/procedures/definitions/win32_hhctrl_ocx.py +28 -0
- angr/procedures/definitions/win32_hid.py +114 -0
- angr/procedures/definitions/win32_hlink.py +80 -0
- angr/procedures/definitions/win32_hrtfapo.py +26 -0
- angr/procedures/definitions/win32_httpapi.py +110 -0
- angr/procedures/definitions/win32_icm32.py +66 -0
- angr/procedures/definitions/win32_icmui.py +28 -0
- angr/procedures/definitions/win32_icu.py +2074 -0
- angr/procedures/definitions/win32_ieframe.py +82 -0
- angr/procedures/definitions/win32_imagehlp.py +76 -0
- angr/procedures/definitions/win32_imgutil.py +42 -0
- angr/procedures/definitions/win32_imm32.py +188 -0
- angr/procedures/definitions/win32_infocardapi.py +58 -0
- angr/procedures/definitions/win32_inkobjcore.py +78 -0
- angr/procedures/definitions/win32_iphlpapi.py +426 -0
- angr/procedures/definitions/win32_iscsidsc.py +182 -0
- angr/procedures/definitions/win32_isolatedwindowsenvironmentutils.py +28 -0
- angr/procedures/definitions/win32_kernel32.py +3185 -0
- angr/procedures/definitions/win32_kernelbase.py +36 -0
- angr/procedures/definitions/win32_keycredmgr.py +32 -0
- angr/procedures/definitions/win32_ksproxy_ax.py +36 -0
- angr/procedures/definitions/win32_ksuser.py +40 -0
- angr/procedures/definitions/win32_ktmw32.py +102 -0
- angr/procedures/definitions/win32_licenseprotection.py +28 -0
- angr/procedures/definitions/win32_loadperf.py +48 -0
- angr/procedures/definitions/win32_magnification.py +62 -0
- angr/procedures/definitions/win32_mapi32.py +156 -0
- angr/procedures/definitions/win32_mdmlocalmanagement.py +30 -0
- angr/procedures/definitions/win32_mdmregistration.py +54 -0
- angr/procedures/definitions/win32_mf.py +148 -0
- angr/procedures/definitions/win32_mfcore.py +28 -0
- angr/procedures/definitions/win32_mfplat.py +314 -0
- angr/procedures/definitions/win32_mfplay.py +26 -0
- angr/procedures/definitions/win32_mfreadwrite.py +34 -0
- angr/procedures/definitions/win32_mfsensorgroup.py +44 -0
- angr/procedures/definitions/win32_mfsrcsnk.py +28 -0
- angr/procedures/definitions/win32_mgmtapi.py +42 -0
- angr/procedures/definitions/win32_mi.py +26 -0
- angr/procedures/definitions/win32_mmdevapi.py +26 -0
- angr/procedures/definitions/win32_mpr.py +118 -0
- angr/procedures/definitions/win32_mprapi.py +248 -0
- angr/procedures/definitions/win32_mqrt.py +92 -0
- angr/procedures/definitions/win32_mrmsupport.py +78 -0
- angr/procedures/definitions/win32_msacm32.py +108 -0
- angr/procedures/definitions/win32_msajapi.py +1118 -0
- angr/procedures/definitions/win32_mscms.py +182 -0
- angr/procedures/definitions/win32_mscoree.py +78 -0
- angr/procedures/definitions/win32_msctfmonitor.py +30 -0
- angr/procedures/definitions/win32_msdelta.py +56 -0
- angr/procedures/definitions/win32_msdmo.py +46 -0
- angr/procedures/definitions/win32_msdrm.py +192 -0
- angr/procedures/definitions/win32_msi.py +552 -0
- angr/procedures/definitions/win32_msimg32.py +30 -0
- angr/procedures/definitions/win32_mspatcha.py +56 -0
- angr/procedures/definitions/win32_mspatchc.py +42 -0
- angr/procedures/definitions/win32_msports.py +38 -0
- angr/procedures/definitions/win32_msrating.py +62 -0
- angr/procedures/definitions/win32_mssign32.py +44 -0
- angr/procedures/definitions/win32_mstask.py +28 -0
- angr/procedures/definitions/win32_msvfw32.py +110 -0
- angr/procedures/definitions/win32_mswsock.py +56 -0
- angr/procedures/definitions/win32_mtxdm.py +26 -0
- angr/procedures/definitions/win32_ncrypt.py +102 -0
- angr/procedures/definitions/win32_ndfapi.py +56 -0
- angr/procedures/definitions/win32_netapi32.py +436 -0
- angr/procedures/definitions/win32_netsh.py +40 -0
- angr/procedures/definitions/win32_netshell.py +28 -0
- angr/procedures/definitions/win32_newdev.py +46 -0
- angr/procedures/definitions/win32_ninput.py +84 -0
- angr/procedures/definitions/win32_normaliz.py +28 -0
- angr/procedures/definitions/win32_ntdll.py +171 -0
- angr/procedures/definitions/win32_ntdllk.py +26 -0
- angr/procedures/definitions/win32_ntdsapi.py +186 -0
- angr/procedures/definitions/win32_ntlanman.py +44 -0
- angr/procedures/definitions/win32_odbc32.py +392 -0
- angr/procedures/definitions/win32_odbcbcp.py +78 -0
- angr/procedures/definitions/win32_ole32.py +658 -0
- angr/procedures/definitions/win32_oleacc.py +58 -0
- angr/procedures/definitions/win32_oleaut32.py +834 -0
- angr/procedures/definitions/win32_oledlg.py +70 -0
- angr/procedures/definitions/win32_ondemandconnroutehelper.py +34 -0
- angr/procedures/definitions/win32_opengl32.py +734 -0
- angr/procedures/definitions/win32_opmxbox.py +30 -0
- angr/procedures/definitions/win32_p2p.py +240 -0
- angr/procedures/definitions/win32_p2pgraph.py +98 -0
- angr/procedures/definitions/win32_pdh.py +220 -0
- angr/procedures/definitions/win32_peerdist.py +80 -0
- angr/procedures/definitions/win32_powrprof.py +192 -0
- angr/procedures/definitions/win32_prntvpt.py +46 -0
- angr/procedures/definitions/win32_projectedfslib.py +62 -0
- angr/procedures/definitions/win32_propsys.py +460 -0
- angr/procedures/definitions/win32_psapi.py +78 -0
- angr/procedures/definitions/win32_quartz.py +28 -0
- angr/procedures/definitions/win32_query.py +32 -0
- angr/procedures/definitions/win32_qwave.py +46 -0
- angr/procedures/definitions/win32_rasapi32.py +192 -0
- angr/procedures/definitions/win32_rasdlg.py +36 -0
- angr/procedures/definitions/win32_resutils.py +264 -0
- angr/procedures/definitions/win32_rometadata.py +24 -0
- angr/procedures/definitions/win32_rpcns4.py +146 -0
- angr/procedures/definitions/win32_rpcproxy.py +32 -0
- angr/procedures/definitions/win32_rpcrt4.py +918 -0
- angr/procedures/definitions/win32_rstrtmgr.py +46 -0
- angr/procedures/definitions/win32_rtm.py +176 -0
- angr/procedures/definitions/win32_rtutils.py +106 -0
- angr/procedures/definitions/win32_rtworkq.py +90 -0
- angr/procedures/definitions/win32_sas.py +26 -0
- angr/procedures/definitions/win32_scarddlg.py +34 -0
- angr/procedures/definitions/win32_schannel.py +42 -0
- angr/procedures/definitions/win32_sechost.py +28 -0
- angr/procedures/definitions/win32_secur32.py +202 -0
- angr/procedures/definitions/win32_sensapi.py +30 -0
- angr/procedures/definitions/win32_sensorsutilsv2.py +104 -0
- angr/procedures/definitions/win32_setupapi.py +692 -0
- angr/procedures/definitions/win32_sfc.py +36 -0
- angr/procedures/definitions/win32_shdocvw.py +30 -0
- angr/procedures/definitions/win32_shell32.py +512 -0
- angr/procedures/definitions/win32_shlwapi.py +744 -0
- angr/procedures/definitions/win32_slc.py +88 -0
- angr/procedures/definitions/win32_slcext.py +32 -0
- angr/procedures/definitions/win32_slwga.py +26 -0
- angr/procedures/definitions/win32_snmpapi.py +76 -0
- angr/procedures/definitions/win32_spoolss.py +76 -0
- angr/procedures/definitions/win32_srclient.py +26 -0
- angr/procedures/definitions/win32_srpapi.py +46 -0
- angr/procedures/definitions/win32_sspicli.py +38 -0
- angr/procedures/definitions/win32_sti.py +26 -0
- angr/procedures/definitions/win32_t2embed.py +52 -0
- angr/procedures/definitions/win32_tapi32.py +522 -0
- angr/procedures/definitions/win32_tbs.py +52 -0
- angr/procedures/definitions/win32_tdh.py +78 -0
- angr/procedures/definitions/win32_tokenbinding.py +44 -0
- angr/procedures/definitions/win32_traffic.py +64 -0
- angr/procedures/definitions/win32_txfw32.py +42 -0
- angr/procedures/definitions/win32_ualapi.py +32 -0
- angr/procedures/definitions/win32_uiautomationcore.py +220 -0
- angr/procedures/definitions/win32_urlmon.py +178 -0
- angr/procedures/definitions/win32_user32.py +1551 -0
- angr/procedures/definitions/win32_userenv.py +112 -0
- angr/procedures/definitions/win32_usp10.py +104 -0
- angr/procedures/definitions/win32_uxtheme.py +178 -0
- angr/procedures/definitions/win32_verifier.py +26 -0
- angr/procedures/definitions/win32_version.py +52 -0
- angr/procedures/definitions/win32_vertdll.py +38 -0
- angr/procedures/definitions/win32_virtdisk.py +82 -0
- angr/procedures/definitions/win32_vmdevicehost.py +50 -0
- angr/procedures/definitions/win32_vmsavedstatedumpprovider.py +110 -0
- angr/procedures/definitions/win32_vssapi.py +26 -0
- angr/procedures/definitions/win32_wcmapi.py +34 -0
- angr/procedures/definitions/win32_wdsbp.py +38 -0
- angr/procedures/definitions/win32_wdsclientapi.py +98 -0
- angr/procedures/definitions/win32_wdsmc.py +36 -0
- angr/procedures/definitions/win32_wdspxe.py +86 -0
- angr/procedures/definitions/win32_wdstptc.py +50 -0
- angr/procedures/definitions/win32_webauthn.py +50 -0
- angr/procedures/definitions/win32_webservices.py +410 -0
- angr/procedures/definitions/win32_websocket.py +50 -0
- angr/procedures/definitions/win32_wecapi.py +54 -0
- angr/procedures/definitions/win32_wer.py +66 -0
- angr/procedures/definitions/win32_wevtapi.py +94 -0
- angr/procedures/definitions/win32_winbio.py +132 -0
- angr/procedures/definitions/win32_windows_ai_machinelearning.py +26 -0
- angr/procedures/definitions/win32_windows_data_pdf.py +24 -0
- angr/procedures/definitions/win32_windows_media_mediacontrol.py +40 -0
- angr/procedures/definitions/win32_windows_networking.py +26 -0
- angr/procedures/definitions/win32_windows_ui_xaml.py +28 -0
- angr/procedures/definitions/win32_windowscodecs.py +42 -0
- angr/procedures/definitions/win32_winfax.py +136 -0
- angr/procedures/definitions/win32_winhttp.py +136 -0
- angr/procedures/definitions/win32_winhvemulation.py +32 -0
- angr/procedures/definitions/win32_winhvplatform.py +156 -0
- angr/procedures/definitions/win32_wininet.py +616 -0
- angr/procedures/definitions/win32_winml.py +26 -0
- angr/procedures/definitions/win32_winmm.py +376 -0
- angr/procedures/definitions/win32_winscard.py +164 -0
- angr/procedures/definitions/win32_winspool.py +364 -0
- angr/procedures/definitions/win32_winspool_drv.py +368 -0
- angr/procedures/definitions/win32_wintrust.py +144 -0
- angr/procedures/definitions/win32_winusb.py +92 -0
- angr/procedures/definitions/win32_wlanapi.py +144 -0
- angr/procedures/definitions/win32_wlanui.py +26 -0
- angr/procedures/definitions/win32_wldap32.py +510 -0
- angr/procedures/definitions/win32_wldp.py +42 -0
- angr/procedures/definitions/win32_wmvcore.py +46 -0
- angr/procedures/definitions/win32_wnvapi.py +28 -0
- angr/procedures/definitions/win32_wofutil.py +46 -0
- angr/procedures/definitions/win32_ws2_32.py +344 -0
- angr/procedures/definitions/win32_wscapi.py +36 -0
- angr/procedures/definitions/win32_wsclient.py +30 -0
- angr/procedures/definitions/win32_wsdapi.py +88 -0
- angr/procedures/definitions/win32_wsmsvc.py +90 -0
- angr/procedures/definitions/win32_wsnmp32.py +122 -0
- angr/procedures/definitions/win32_wtsapi32.py +150 -0
- angr/procedures/definitions/win32_xaudio2_8.py +32 -0
- angr/procedures/definitions/win32_xinput1_4.py +38 -0
- angr/procedures/definitions/win32_xinputuap.py +36 -0
- angr/procedures/definitions/win32_xmllite.py +36 -0
- angr/procedures/definitions/win32_xolehlp.py +32 -0
- angr/procedures/definitions/win32_xpsprint.py +28 -0
- angr/procedures/glibc/__ctype_b_loc.py +21 -0
- angr/procedures/glibc/__ctype_tolower_loc.py +21 -0
- angr/procedures/glibc/__ctype_toupper_loc.py +21 -0
- angr/procedures/glibc/__errno_location.py +7 -0
- angr/procedures/glibc/__init__.py +3 -0
- angr/procedures/glibc/__libc_init.py +37 -0
- angr/procedures/glibc/__libc_start_main.py +301 -0
- angr/procedures/glibc/dynamic_loading.py +20 -0
- angr/procedures/glibc/scanf.py +11 -0
- angr/procedures/glibc/sscanf.py +6 -0
- angr/procedures/gnulib/__init__.py +3 -0
- angr/procedures/gnulib/xalloc_die.py +14 -0
- angr/procedures/gnulib/xstrtol_fatal.py +14 -0
- angr/procedures/java/__init__.py +42 -0
- angr/procedures/java/unconstrained.py +65 -0
- angr/procedures/java_io/__init__.py +0 -0
- angr/procedures/java_io/read.py +12 -0
- angr/procedures/java_io/write.py +17 -0
- angr/procedures/java_jni/__init__.py +482 -0
- angr/procedures/java_jni/array_operations.py +312 -0
- angr/procedures/java_jni/class_and_interface_operations.py +31 -0
- angr/procedures/java_jni/field_access.py +173 -0
- angr/procedures/java_jni/global_and_local_refs.py +57 -0
- angr/procedures/java_jni/method_calls.py +365 -0
- angr/procedures/java_jni/not_implemented.py +26 -0
- angr/procedures/java_jni/object_operations.py +94 -0
- angr/procedures/java_jni/string_operations.py +87 -0
- angr/procedures/java_jni/version_information.py +12 -0
- angr/procedures/java_lang/__init__.py +0 -0
- angr/procedures/java_lang/character.py +30 -0
- angr/procedures/java_lang/double.py +24 -0
- angr/procedures/java_lang/exit.py +13 -0
- angr/procedures/java_lang/getsimplename.py +18 -0
- angr/procedures/java_lang/integer.py +43 -0
- angr/procedures/java_lang/load_library.py +9 -0
- angr/procedures/java_lang/math.py +15 -0
- angr/procedures/java_lang/string.py +78 -0
- angr/procedures/java_lang/stringbuilder.py +44 -0
- angr/procedures/java_lang/system.py +18 -0
- angr/procedures/java_util/__init__.py +0 -0
- angr/procedures/java_util/collection.py +35 -0
- angr/procedures/java_util/iterator.py +46 -0
- angr/procedures/java_util/list.py +99 -0
- angr/procedures/java_util/map.py +131 -0
- angr/procedures/java_util/random.py +14 -0
- angr/procedures/java_util/scanner_nextline.py +23 -0
- angr/procedures/libc/__init__.py +3 -0
- angr/procedures/libc/abort.py +9 -0
- angr/procedures/libc/access.py +13 -0
- angr/procedures/libc/atoi.py +14 -0
- angr/procedures/libc/atol.py +13 -0
- angr/procedures/libc/calloc.py +8 -0
- angr/procedures/libc/closelog.py +10 -0
- angr/procedures/libc/err.py +14 -0
- angr/procedures/libc/error.py +54 -0
- angr/procedures/libc/exit.py +11 -0
- angr/procedures/libc/fclose.py +19 -0
- angr/procedures/libc/feof.py +21 -0
- angr/procedures/libc/fflush.py +16 -0
- angr/procedures/libc/fgetc.py +27 -0
- angr/procedures/libc/fgets.py +68 -0
- angr/procedures/libc/fopen.py +63 -0
- angr/procedures/libc/fprintf.py +25 -0
- angr/procedures/libc/fputc.py +23 -0
- angr/procedures/libc/fputs.py +24 -0
- angr/procedures/libc/fread.py +24 -0
- angr/procedures/libc/free.py +9 -0
- angr/procedures/libc/fscanf.py +20 -0
- angr/procedures/libc/fseek.py +34 -0
- angr/procedures/libc/ftell.py +22 -0
- angr/procedures/libc/fwrite.py +19 -0
- angr/procedures/libc/getchar.py +13 -0
- angr/procedures/libc/getdelim.py +99 -0
- angr/procedures/libc/getegid.py +8 -0
- angr/procedures/libc/geteuid.py +8 -0
- angr/procedures/libc/getgid.py +8 -0
- angr/procedures/libc/gets.py +68 -0
- angr/procedures/libc/getuid.py +8 -0
- angr/procedures/libc/malloc.py +12 -0
- angr/procedures/libc/memcmp.py +69 -0
- angr/procedures/libc/memcpy.py +38 -0
- angr/procedures/libc/memset.py +72 -0
- angr/procedures/libc/openlog.py +10 -0
- angr/procedures/libc/perror.py +13 -0
- angr/procedures/libc/printf.py +34 -0
- angr/procedures/libc/putchar.py +13 -0
- angr/procedures/libc/puts.py +19 -0
- angr/procedures/libc/rand.py +8 -0
- angr/procedures/libc/realloc.py +8 -0
- angr/procedures/libc/rewind.py +12 -0
- angr/procedures/libc/scanf.py +20 -0
- angr/procedures/libc/setbuf.py +9 -0
- angr/procedures/libc/setvbuf.py +7 -0
- angr/procedures/libc/snprintf.py +36 -0
- angr/procedures/libc/sprintf.py +25 -0
- angr/procedures/libc/srand.py +7 -0
- angr/procedures/libc/sscanf.py +13 -0
- angr/procedures/libc/stpcpy.py +18 -0
- angr/procedures/libc/strcat.py +14 -0
- angr/procedures/libc/strchr.py +48 -0
- angr/procedures/libc/strcmp.py +31 -0
- angr/procedures/libc/strcpy.py +13 -0
- angr/procedures/libc/strlen.py +114 -0
- angr/procedures/libc/strncat.py +19 -0
- angr/procedures/libc/strncmp.py +183 -0
- angr/procedures/libc/strncpy.py +22 -0
- angr/procedures/libc/strnlen.py +13 -0
- angr/procedures/libc/strstr.py +101 -0
- angr/procedures/libc/strtol.py +261 -0
- angr/procedures/libc/strtoul.py +9 -0
- angr/procedures/libc/system.py +13 -0
- angr/procedures/libc/time.py +9 -0
- angr/procedures/libc/tmpnam.py +20 -0
- angr/procedures/libc/tolower.py +10 -0
- angr/procedures/libc/toupper.py +10 -0
- angr/procedures/libc/ungetc.py +20 -0
- angr/procedures/libc/vsnprintf.py +17 -0
- angr/procedures/libc/wchar.py +16 -0
- angr/procedures/libstdcpp/__init__.py +0 -0
- angr/procedures/libstdcpp/_unwind_resume.py +11 -0
- angr/procedures/libstdcpp/std____throw_bad_alloc.py +13 -0
- angr/procedures/libstdcpp/std____throw_bad_cast.py +13 -0
- angr/procedures/libstdcpp/std____throw_length_error.py +13 -0
- angr/procedures/libstdcpp/std____throw_logic_error.py +13 -0
- angr/procedures/libstdcpp/std__terminate.py +13 -0
- angr/procedures/linux_kernel/__init__.py +3 -0
- angr/procedures/linux_kernel/access.py +18 -0
- angr/procedures/linux_kernel/arch_prctl.py +34 -0
- angr/procedures/linux_kernel/arm_user_helpers.py +59 -0
- angr/procedures/linux_kernel/brk.py +18 -0
- angr/procedures/linux_kernel/cwd.py +28 -0
- angr/procedures/linux_kernel/fstat.py +138 -0
- angr/procedures/linux_kernel/fstat64.py +170 -0
- angr/procedures/linux_kernel/futex.py +17 -0
- angr/procedures/linux_kernel/getegid.py +17 -0
- angr/procedures/linux_kernel/geteuid.py +17 -0
- angr/procedures/linux_kernel/getgid.py +17 -0
- angr/procedures/linux_kernel/getpid.py +14 -0
- angr/procedures/linux_kernel/getrlimit.py +24 -0
- angr/procedures/linux_kernel/gettid.py +9 -0
- angr/procedures/linux_kernel/getuid.py +17 -0
- angr/procedures/linux_kernel/iovec.py +47 -0
- angr/procedures/linux_kernel/lseek.py +42 -0
- angr/procedures/linux_kernel/mmap.py +16 -0
- angr/procedures/linux_kernel/mprotect.py +42 -0
- angr/procedures/linux_kernel/munmap.py +8 -0
- angr/procedures/linux_kernel/openat.py +26 -0
- angr/procedures/linux_kernel/set_tid_address.py +8 -0
- angr/procedures/linux_kernel/sigaction.py +19 -0
- angr/procedures/linux_kernel/sigprocmask.py +23 -0
- angr/procedures/linux_kernel/stat.py +23 -0
- angr/procedures/linux_kernel/sysinfo.py +59 -0
- angr/procedures/linux_kernel/tgkill.py +10 -0
- angr/procedures/linux_kernel/time.py +34 -0
- angr/procedures/linux_kernel/uid.py +30 -0
- angr/procedures/linux_kernel/uname.py +29 -0
- angr/procedures/linux_kernel/unlink.py +22 -0
- angr/procedures/linux_kernel/vsyscall.py +16 -0
- angr/procedures/linux_loader/__init__.py +3 -0
- angr/procedures/linux_loader/_dl_initial_error_catch_tsd.py +7 -0
- angr/procedures/linux_loader/_dl_rtld_lock.py +15 -0
- angr/procedures/linux_loader/sim_loader.py +54 -0
- angr/procedures/linux_loader/tls.py +40 -0
- angr/procedures/msvcr/__getmainargs.py +16 -0
- angr/procedures/msvcr/__init__.py +4 -0
- angr/procedures/msvcr/_initterm.py +38 -0
- angr/procedures/msvcr/fmode.py +31 -0
- angr/procedures/ntdll/__init__.py +0 -0
- angr/procedures/ntdll/exceptions.py +60 -0
- angr/procedures/posix/__init__.py +3 -0
- angr/procedures/posix/accept.py +29 -0
- angr/procedures/posix/bind.py +13 -0
- angr/procedures/posix/bzero.py +9 -0
- angr/procedures/posix/chroot.py +27 -0
- angr/procedures/posix/close.py +9 -0
- angr/procedures/posix/closedir.py +7 -0
- angr/procedures/posix/dup.py +56 -0
- angr/procedures/posix/fcntl.py +10 -0
- angr/procedures/posix/fdopen.py +76 -0
- angr/procedures/posix/fileno.py +18 -0
- angr/procedures/posix/fork.py +13 -0
- angr/procedures/posix/getenv.py +35 -0
- angr/procedures/posix/gethostbyname.py +43 -0
- angr/procedures/posix/getpass.py +19 -0
- angr/procedures/posix/getsockopt.py +11 -0
- angr/procedures/posix/htonl.py +11 -0
- angr/procedures/posix/htons.py +11 -0
- angr/procedures/posix/inet_ntoa.py +59 -0
- angr/procedures/posix/listen.py +13 -0
- angr/procedures/posix/mmap.py +144 -0
- angr/procedures/posix/open.py +18 -0
- angr/procedures/posix/opendir.py +10 -0
- angr/procedures/posix/poll.py +55 -0
- angr/procedures/posix/pread64.py +46 -0
- angr/procedures/posix/pthread.py +87 -0
- angr/procedures/posix/pwrite64.py +46 -0
- angr/procedures/posix/read.py +13 -0
- angr/procedures/posix/readdir.py +62 -0
- angr/procedures/posix/recv.py +13 -0
- angr/procedures/posix/recvfrom.py +13 -0
- angr/procedures/posix/select.py +48 -0
- angr/procedures/posix/send.py +23 -0
- angr/procedures/posix/setsockopt.py +9 -0
- angr/procedures/posix/sigaction.py +23 -0
- angr/procedures/posix/sim_time.py +48 -0
- angr/procedures/posix/sleep.py +8 -0
- angr/procedures/posix/socket.py +18 -0
- angr/procedures/posix/strcasecmp.py +26 -0
- angr/procedures/posix/strdup.py +18 -0
- angr/procedures/posix/strtok_r.py +64 -0
- angr/procedures/posix/syslog.py +15 -0
- angr/procedures/posix/tz.py +9 -0
- angr/procedures/posix/unlink.py +11 -0
- angr/procedures/posix/usleep.py +8 -0
- angr/procedures/posix/write.py +13 -0
- angr/procedures/procedure_dict.py +50 -0
- angr/procedures/stubs/CallReturn.py +13 -0
- angr/procedures/stubs/NoReturnUnconstrained.py +13 -0
- angr/procedures/stubs/Nop.py +7 -0
- angr/procedures/stubs/PathTerminator.py +9 -0
- angr/procedures/stubs/Redirect.py +18 -0
- angr/procedures/stubs/ReturnChar.py +11 -0
- angr/procedures/stubs/ReturnUnconstrained.py +24 -0
- angr/procedures/stubs/UnresolvableCallTarget.py +9 -0
- angr/procedures/stubs/UnresolvableJumpTarget.py +9 -0
- angr/procedures/stubs/UserHook.py +18 -0
- angr/procedures/stubs/__init__.py +3 -0
- angr/procedures/stubs/b64_decode.py +15 -0
- angr/procedures/stubs/caller.py +14 -0
- angr/procedures/stubs/crazy_scanf.py +20 -0
- angr/procedures/stubs/format_parser.py +669 -0
- angr/procedures/stubs/syscall_stub.py +24 -0
- angr/procedures/testing/__init__.py +3 -0
- angr/procedures/testing/manyargs.py +9 -0
- angr/procedures/testing/retreg.py +8 -0
- angr/procedures/tracer/__init__.py +4 -0
- angr/procedures/tracer/random.py +9 -0
- angr/procedures/tracer/receive.py +23 -0
- angr/procedures/tracer/transmit.py +26 -0
- angr/procedures/uclibc/__init__.py +3 -0
- angr/procedures/uclibc/__uClibc_main.py +10 -0
- angr/procedures/win32/EncodePointer.py +7 -0
- angr/procedures/win32/ExitProcess.py +9 -0
- angr/procedures/win32/GetCommandLine.py +12 -0
- angr/procedures/win32/GetCurrentProcessId.py +7 -0
- angr/procedures/win32/GetCurrentThreadId.py +7 -0
- angr/procedures/win32/GetLastInputInfo.py +40 -0
- angr/procedures/win32/GetModuleHandle.py +29 -0
- angr/procedures/win32/GetProcessAffinityMask.py +37 -0
- angr/procedures/win32/InterlockedExchange.py +15 -0
- angr/procedures/win32/IsProcessorFeaturePresent.py +7 -0
- angr/procedures/win32/VirtualAlloc.py +114 -0
- angr/procedures/win32/VirtualProtect.py +60 -0
- angr/procedures/win32/__init__.py +3 -0
- angr/procedures/win32/critical_section.py +12 -0
- angr/procedures/win32/dynamic_loading.py +104 -0
- angr/procedures/win32/file_handles.py +47 -0
- angr/procedures/win32/gethostbyname.py +12 -0
- angr/procedures/win32/heap.py +45 -0
- angr/procedures/win32/is_bad_ptr.py +26 -0
- angr/procedures/win32/local_storage.py +88 -0
- angr/procedures/win32/mutex.py +11 -0
- angr/procedures/win32/sim_time.py +135 -0
- angr/procedures/win32/system_paths.py +35 -0
- angr/procedures/win32_kernel/ExAllocatePool.py +13 -0
- angr/procedures/win32_kernel/ExFreePoolWithTag.py +8 -0
- angr/procedures/win32_kernel/__fastfail.py +15 -0
- angr/procedures/win32_kernel/__init__.py +3 -0
- angr/procedures/win_user32/__init__.py +0 -0
- angr/procedures/win_user32/chars.py +15 -0
- angr/procedures/win_user32/keyboard.py +14 -0
- angr/procedures/win_user32/messagebox.py +49 -0
- angr/project.py +837 -0
- angr/protos/__init__.py +19 -0
- angr/protos/cfg_pb2.py +31 -0
- angr/protos/function_pb2.py +27 -0
- angr/protos/primitives_pb2.py +52 -0
- angr/protos/variables_pb2.py +44 -0
- angr/protos/xrefs_pb2.py +25 -0
- angr/py.typed +1 -0
- angr/rustylib.cpython-310-darwin.so +0 -0
- angr/rustylib.pyi +165 -0
- angr/serializable.py +66 -0
- angr/sim_manager.py +971 -0
- angr/sim_options.py +438 -0
- angr/sim_procedure.py +606 -0
- angr/sim_state.py +901 -0
- angr/sim_state_options.py +403 -0
- angr/sim_type.py +3679 -0
- angr/sim_variable.py +434 -0
- angr/simos/__init__.py +47 -0
- angr/simos/cgc.py +153 -0
- angr/simos/javavm.py +458 -0
- angr/simos/linux.py +509 -0
- angr/simos/simos.py +444 -0
- angr/simos/snimmuc_nxp.py +149 -0
- angr/simos/userland.py +163 -0
- angr/simos/windows.py +601 -0
- angr/simos/xbox.py +32 -0
- angr/slicer.py +352 -0
- angr/state_hierarchy.py +262 -0
- angr/state_plugins/__init__.py +84 -0
- angr/state_plugins/callstack.py +398 -0
- angr/state_plugins/cgc.py +155 -0
- angr/state_plugins/debug_variables.py +192 -0
- angr/state_plugins/filesystem.py +463 -0
- angr/state_plugins/gdb.py +148 -0
- angr/state_plugins/globals.py +65 -0
- angr/state_plugins/heap/__init__.py +15 -0
- angr/state_plugins/heap/heap_base.py +128 -0
- angr/state_plugins/heap/heap_brk.py +136 -0
- angr/state_plugins/heap/heap_freelist.py +213 -0
- angr/state_plugins/heap/heap_libc.py +46 -0
- angr/state_plugins/heap/heap_ptmalloc.py +620 -0
- angr/state_plugins/heap/utils.py +22 -0
- angr/state_plugins/history.py +548 -0
- angr/state_plugins/inspect.py +375 -0
- angr/state_plugins/javavm_classloader.py +134 -0
- angr/state_plugins/jni_references.py +95 -0
- angr/state_plugins/libc.py +1263 -0
- angr/state_plugins/light_registers.py +168 -0
- angr/state_plugins/log.py +84 -0
- angr/state_plugins/loop_data.py +92 -0
- angr/state_plugins/plugin.py +170 -0
- angr/state_plugins/posix.py +703 -0
- angr/state_plugins/preconstrainer.py +196 -0
- angr/state_plugins/scratch.py +173 -0
- angr/state_plugins/sim_action.py +326 -0
- angr/state_plugins/sim_action_object.py +271 -0
- angr/state_plugins/sim_event.py +59 -0
- angr/state_plugins/solver.py +1127 -0
- angr/state_plugins/symbolizer.py +291 -0
- angr/state_plugins/trace_additions.py +738 -0
- angr/state_plugins/uc_manager.py +94 -0
- angr/state_plugins/unicorn_engine.py +1886 -0
- angr/state_plugins/view.py +340 -0
- angr/storage/__init__.py +15 -0
- angr/storage/file.py +1210 -0
- angr/storage/memory_mixins/__init__.py +317 -0
- angr/storage/memory_mixins/actions_mixin.py +72 -0
- angr/storage/memory_mixins/address_concretization_mixin.py +384 -0
- angr/storage/memory_mixins/bvv_conversion_mixin.py +73 -0
- angr/storage/memory_mixins/clouseau_mixin.py +137 -0
- angr/storage/memory_mixins/conditional_store_mixin.py +25 -0
- angr/storage/memory_mixins/convenient_mappings_mixin.py +256 -0
- angr/storage/memory_mixins/default_filler_mixin.py +144 -0
- angr/storage/memory_mixins/dirty_addrs_mixin.py +11 -0
- angr/storage/memory_mixins/hex_dumper_mixin.py +82 -0
- angr/storage/memory_mixins/javavm_memory_mixin.py +392 -0
- angr/storage/memory_mixins/keyvalue_memory_mixin.py +42 -0
- angr/storage/memory_mixins/label_merger_mixin.py +31 -0
- angr/storage/memory_mixins/memory_mixin.py +174 -0
- angr/storage/memory_mixins/multi_value_merger_mixin.py +79 -0
- angr/storage/memory_mixins/name_resolution_mixin.py +67 -0
- angr/storage/memory_mixins/paged_memory/__init__.py +0 -0
- angr/storage/memory_mixins/paged_memory/page_backer_mixins.py +266 -0
- angr/storage/memory_mixins/paged_memory/paged_memory_mixin.py +743 -0
- angr/storage/memory_mixins/paged_memory/paged_memory_multivalue_mixin.py +65 -0
- angr/storage/memory_mixins/paged_memory/pages/__init__.py +26 -0
- angr/storage/memory_mixins/paged_memory/pages/base.py +31 -0
- angr/storage/memory_mixins/paged_memory/pages/cooperation.py +341 -0
- angr/storage/memory_mixins/paged_memory/pages/history_tracking_mixin.py +92 -0
- angr/storage/memory_mixins/paged_memory/pages/ispo_mixin.py +55 -0
- angr/storage/memory_mixins/paged_memory/pages/list_page.py +338 -0
- angr/storage/memory_mixins/paged_memory/pages/multi_values.py +324 -0
- angr/storage/memory_mixins/paged_memory/pages/mv_list_page.py +419 -0
- angr/storage/memory_mixins/paged_memory/pages/permissions_mixin.py +36 -0
- angr/storage/memory_mixins/paged_memory/pages/refcount_mixin.py +52 -0
- angr/storage/memory_mixins/paged_memory/pages/ultra_page.py +503 -0
- angr/storage/memory_mixins/paged_memory/privileged_mixin.py +36 -0
- angr/storage/memory_mixins/paged_memory/stack_allocation_mixin.py +74 -0
- angr/storage/memory_mixins/regioned_memory/__init__.py +17 -0
- angr/storage/memory_mixins/regioned_memory/abstract_address_descriptor.py +36 -0
- angr/storage/memory_mixins/regioned_memory/abstract_merger_mixin.py +31 -0
- angr/storage/memory_mixins/regioned_memory/region_category_mixin.py +9 -0
- angr/storage/memory_mixins/regioned_memory/region_data.py +246 -0
- angr/storage/memory_mixins/regioned_memory/region_meta_mixin.py +241 -0
- angr/storage/memory_mixins/regioned_memory/regioned_address_concretization_mixin.py +119 -0
- angr/storage/memory_mixins/regioned_memory/regioned_memory_mixin.py +441 -0
- angr/storage/memory_mixins/regioned_memory/static_find_mixin.py +69 -0
- angr/storage/memory_mixins/simple_interface_mixin.py +71 -0
- angr/storage/memory_mixins/simplification_mixin.py +15 -0
- angr/storage/memory_mixins/size_resolution_mixin.py +143 -0
- angr/storage/memory_mixins/slotted_memory.py +140 -0
- angr/storage/memory_mixins/smart_find_mixin.py +161 -0
- angr/storage/memory_mixins/symbolic_merger_mixin.py +16 -0
- angr/storage/memory_mixins/top_merger_mixin.py +25 -0
- angr/storage/memory_mixins/underconstrained_mixin.py +67 -0
- angr/storage/memory_mixins/unwrapper_mixin.py +26 -0
- angr/storage/memory_object.py +195 -0
- angr/tablespecs.py +91 -0
- angr/utils/__init__.py +46 -0
- angr/utils/ail.py +70 -0
- angr/utils/algo.py +34 -0
- angr/utils/bits.py +46 -0
- angr/utils/constants.py +9 -0
- angr/utils/cowdict.py +63 -0
- angr/utils/cpp.py +17 -0
- angr/utils/doms.py +149 -0
- angr/utils/dynamic_dictlist.py +89 -0
- angr/utils/endness.py +18 -0
- angr/utils/enums_conv.py +97 -0
- angr/utils/env.py +12 -0
- angr/utils/formatting.py +128 -0
- angr/utils/funcid.py +159 -0
- angr/utils/graph.py +898 -0
- angr/utils/lazy_import.py +13 -0
- angr/utils/library.py +211 -0
- angr/utils/loader.py +55 -0
- angr/utils/mp.py +66 -0
- angr/utils/orderedset.py +74 -0
- angr/utils/ssa/__init__.py +395 -0
- angr/utils/ssa/tmp_uses_collector.py +23 -0
- angr/utils/ssa/vvar_uses_collector.py +37 -0
- angr/utils/tagged_interval_map.py +112 -0
- angr/utils/timing.py +74 -0
- angr/utils/types.py +151 -0
- angr/vaults.py +367 -0
- angr-9.2.156.dist-info/METADATA +112 -0
- angr-9.2.156.dist-info/RECORD +1393 -0
- angr-9.2.156.dist-info/WHEEL +5 -0
- angr-9.2.156.dist-info/entry_points.txt +2 -0
- angr-9.2.156.dist-info/licenses/LICENSE +27 -0
- angr-9.2.156.dist-info/top_level.txt +1 -0
|
@@ -0,0 +1,1368 @@
|
|
|
1
|
+
from __future__ import annotations
|
|
2
|
+
from typing import Literal, TYPE_CHECKING, overload
|
|
3
|
+
import logging
|
|
4
|
+
from collections import defaultdict
|
|
5
|
+
from itertools import count, chain
|
|
6
|
+
|
|
7
|
+
import networkx
|
|
8
|
+
|
|
9
|
+
import ailment
|
|
10
|
+
from cle.backends.elf.compilation_unit import CompilationUnit
|
|
11
|
+
from cle.backends.elf.variable import Variable
|
|
12
|
+
|
|
13
|
+
from angr.utils.orderedset import OrderedSet
|
|
14
|
+
from angr.utils.ail import is_phi_assignment
|
|
15
|
+
from angr.utils.types import unpack_pointer, replace_pointer_pts_to
|
|
16
|
+
from angr.protos import variables_pb2
|
|
17
|
+
from angr.serializable import Serializable
|
|
18
|
+
from angr.sim_variable import SimVariable, SimStackVariable, SimMemoryVariable, SimRegisterVariable
|
|
19
|
+
from angr.sim_type import (
|
|
20
|
+
TypeRef,
|
|
21
|
+
SimType,
|
|
22
|
+
SimStruct,
|
|
23
|
+
SimTypeBottom,
|
|
24
|
+
SimTypeChar,
|
|
25
|
+
SimTypeShort,
|
|
26
|
+
SimTypeInt,
|
|
27
|
+
SimTypeLong,
|
|
28
|
+
)
|
|
29
|
+
from angr.keyed_region import KeyedRegion
|
|
30
|
+
from angr.knowledge_plugins.plugin import KnowledgeBasePlugin
|
|
31
|
+
from angr.knowledge_plugins.types import TypesStore
|
|
32
|
+
from .variable_access import VariableAccess, VariableAccessSort
|
|
33
|
+
|
|
34
|
+
if TYPE_CHECKING:
|
|
35
|
+
from angr.analyses.decompiler.stack_item import StackItem
|
|
36
|
+
from angr.code_location import CodeLocation
|
|
37
|
+
|
|
38
|
+
l = logging.getLogger(name=__name__)
|
|
39
|
+
|
|
40
|
+
|
|
41
|
+
class VariableType:
|
|
42
|
+
"""
|
|
43
|
+
Describes variable types.
|
|
44
|
+
"""
|
|
45
|
+
|
|
46
|
+
REGISTER = 0
|
|
47
|
+
MEMORY = 1
|
|
48
|
+
|
|
49
|
+
|
|
50
|
+
class LiveVariables:
|
|
51
|
+
"""
|
|
52
|
+
A collection of live variables at a program point.
|
|
53
|
+
"""
|
|
54
|
+
|
|
55
|
+
__slots__ = (
|
|
56
|
+
"register_region",
|
|
57
|
+
"stack_region",
|
|
58
|
+
)
|
|
59
|
+
|
|
60
|
+
def __init__(self, register_region, stack_region):
|
|
61
|
+
self.register_region = register_region
|
|
62
|
+
self.stack_region = stack_region
|
|
63
|
+
|
|
64
|
+
|
|
65
|
+
def _defaultdict_set():
|
|
66
|
+
return defaultdict(set)
|
|
67
|
+
|
|
68
|
+
|
|
69
|
+
class VariableManagerInternal(Serializable):
|
|
70
|
+
"""
|
|
71
|
+
Manage variables for a function. It is meant to be used internally by VariableManager, but it's common to be
|
|
72
|
+
given a reference to one in response to a query for "the variables for a given function". Maybe a better name
|
|
73
|
+
would be "VariableManagerScope".
|
|
74
|
+
"""
|
|
75
|
+
|
|
76
|
+
def __init__(self, manager, func_addr=None):
|
|
77
|
+
self.manager: VariableManager = manager
|
|
78
|
+
|
|
79
|
+
self.func_addr = func_addr
|
|
80
|
+
|
|
81
|
+
self._variables: OrderedSet[SimVariable] = OrderedSet() # all variables that are added to any region
|
|
82
|
+
self._global_region = KeyedRegion()
|
|
83
|
+
self._stack_region = KeyedRegion()
|
|
84
|
+
self._register_region = KeyedRegion()
|
|
85
|
+
self._live_variables = {} # a mapping between addresses of program points and live variable collections
|
|
86
|
+
|
|
87
|
+
self._variable_accesses: dict[SimVariable, set[VariableAccess]] = defaultdict(set)
|
|
88
|
+
self._insn_to_variable: dict[int, set[tuple[SimVariable, int | None]]] = defaultdict(set)
|
|
89
|
+
self._stmt_to_variable: dict[tuple[int, int] | tuple[int, int, int], set[tuple[SimVariable, int]]] = (
|
|
90
|
+
defaultdict(set)
|
|
91
|
+
)
|
|
92
|
+
self._variable_to_stmt: dict[SimVariable, set[tuple[int, int] | tuple[int, int, int]]] = defaultdict(set)
|
|
93
|
+
self._atom_to_variable: dict[
|
|
94
|
+
tuple[int, int] | tuple[int, int, int], dict[int, set[tuple[SimVariable, int]]]
|
|
95
|
+
] = defaultdict(_defaultdict_set)
|
|
96
|
+
self._ident_to_variable: dict[str, SimVariable] = {}
|
|
97
|
+
self._vvarid_to_variable: dict[int, SimVariable] = {}
|
|
98
|
+
self._variable_to_vvarids: dict[SimVariable, set[int]] = defaultdict(set)
|
|
99
|
+
self._variable_counters = {
|
|
100
|
+
"register": count(),
|
|
101
|
+
"stack": count(),
|
|
102
|
+
"argument": count(),
|
|
103
|
+
"phi": count(),
|
|
104
|
+
"global": count(),
|
|
105
|
+
}
|
|
106
|
+
|
|
107
|
+
self._unified_variables: set[SimVariable] = set()
|
|
108
|
+
self._variables_to_unified_variables: dict[SimVariable, SimVariable] = {}
|
|
109
|
+
|
|
110
|
+
self._phi_variables = {}
|
|
111
|
+
self._variables_to_phivars = defaultdict(set)
|
|
112
|
+
self._phi_variables_by_block = defaultdict(set)
|
|
113
|
+
|
|
114
|
+
self.types = TypesStore(self.manager._kb)
|
|
115
|
+
self.variable_to_types: dict[SimVariable, SimType] = {}
|
|
116
|
+
self.variables_with_manual_types = set()
|
|
117
|
+
|
|
118
|
+
# optimization
|
|
119
|
+
self._variables_without_writes = set()
|
|
120
|
+
|
|
121
|
+
self.stack_offset_to_struct_member_info: dict[SimStackVariable, tuple[int, SimStackVariable, SimStruct]] = {}
|
|
122
|
+
|
|
123
|
+
self.ret_val_size = None
|
|
124
|
+
|
|
125
|
+
#
|
|
126
|
+
# Serialization
|
|
127
|
+
#
|
|
128
|
+
|
|
129
|
+
def __setstate__(self, state):
|
|
130
|
+
self.__dict__.update(state)
|
|
131
|
+
|
|
132
|
+
def __getstate__(self):
|
|
133
|
+
attributes = [
|
|
134
|
+
"func_addr",
|
|
135
|
+
"_variables",
|
|
136
|
+
"_global_region",
|
|
137
|
+
"_stack_region",
|
|
138
|
+
"_register_region",
|
|
139
|
+
"_live_variables",
|
|
140
|
+
"_variable_accesses",
|
|
141
|
+
"_insn_to_variable",
|
|
142
|
+
"_stmt_to_variable",
|
|
143
|
+
"_variable_to_stmt",
|
|
144
|
+
"_atom_to_variable",
|
|
145
|
+
"_ident_to_variable",
|
|
146
|
+
"_vvarid_to_variable",
|
|
147
|
+
"_variable_to_vvarids",
|
|
148
|
+
"_variable_counters",
|
|
149
|
+
"_unified_variables",
|
|
150
|
+
"_variables_to_unified_variables",
|
|
151
|
+
"_phi_variables",
|
|
152
|
+
"_variables_to_phivars",
|
|
153
|
+
"_phi_variables_by_block",
|
|
154
|
+
"types",
|
|
155
|
+
"variable_to_types",
|
|
156
|
+
"variables_with_manual_types",
|
|
157
|
+
"_variables_without_writes",
|
|
158
|
+
"ret_val_size",
|
|
159
|
+
]
|
|
160
|
+
d = {k: getattr(self, k) for k in attributes}
|
|
161
|
+
d["manager"] = None
|
|
162
|
+
d["types"]._kb = None
|
|
163
|
+
return d
|
|
164
|
+
|
|
165
|
+
def set_manager(self, manager: VariableManager):
|
|
166
|
+
self.manager = manager
|
|
167
|
+
self.types._kb = manager._kb
|
|
168
|
+
|
|
169
|
+
@classmethod
|
|
170
|
+
def _get_cmsg(cls):
|
|
171
|
+
return (
|
|
172
|
+
variables_pb2.VariableManagerInternal() # type: ignore[reportAttributeAccessIssue] # pylint:disable=no-member
|
|
173
|
+
)
|
|
174
|
+
|
|
175
|
+
def serialize_to_cmessage(self):
|
|
176
|
+
# pylint:disable=no-member,unused-variable
|
|
177
|
+
cmsg = self._get_cmsg()
|
|
178
|
+
|
|
179
|
+
# variables
|
|
180
|
+
register_variables = []
|
|
181
|
+
stack_variables = []
|
|
182
|
+
memory_variables = []
|
|
183
|
+
|
|
184
|
+
for variable in self._variables:
|
|
185
|
+
vc = variable.serialize_to_cmessage()
|
|
186
|
+
if isinstance(variable, SimRegisterVariable):
|
|
187
|
+
register_variables.append(vc)
|
|
188
|
+
elif isinstance(variable, SimStackVariable):
|
|
189
|
+
stack_variables.append(vc)
|
|
190
|
+
elif isinstance(variable, SimMemoryVariable):
|
|
191
|
+
memory_variables.append(vc)
|
|
192
|
+
else:
|
|
193
|
+
raise NotImplementedError
|
|
194
|
+
for variable in self._phi_variables:
|
|
195
|
+
vc = variable.serialize_to_cmessage()
|
|
196
|
+
vc.base.is_phi = True
|
|
197
|
+
if isinstance(variable, SimRegisterVariable):
|
|
198
|
+
register_variables.append(vc)
|
|
199
|
+
elif isinstance(variable, SimStackVariable):
|
|
200
|
+
stack_variables.append(vc)
|
|
201
|
+
elif isinstance(variable, SimMemoryVariable):
|
|
202
|
+
memory_variables.append(vc)
|
|
203
|
+
else:
|
|
204
|
+
raise NotImplementedError
|
|
205
|
+
|
|
206
|
+
cmsg.regvars.extend(register_variables)
|
|
207
|
+
cmsg.stackvars.extend(stack_variables)
|
|
208
|
+
cmsg.memvars.extend(memory_variables)
|
|
209
|
+
|
|
210
|
+
# accesses
|
|
211
|
+
accesses = []
|
|
212
|
+
for variable_accesses in self._variable_accesses.values():
|
|
213
|
+
for variable_access in variable_accesses:
|
|
214
|
+
accesses.append(variable_access.serialize_to_cmessage())
|
|
215
|
+
cmsg.accesses.extend(accesses)
|
|
216
|
+
|
|
217
|
+
# unified variables
|
|
218
|
+
unified_register_variables = []
|
|
219
|
+
unified_stack_variables = []
|
|
220
|
+
unified_memory_variables = []
|
|
221
|
+
|
|
222
|
+
unified_variable_idents: set[str] = set()
|
|
223
|
+
for variable in self._unified_variables:
|
|
224
|
+
assert isinstance(variable.ident, str)
|
|
225
|
+
unified_variable_idents.add(variable.ident)
|
|
226
|
+
if isinstance(variable, SimRegisterVariable):
|
|
227
|
+
unified_register_variables.append(variable.serialize_to_cmessage())
|
|
228
|
+
elif isinstance(variable, SimStackVariable):
|
|
229
|
+
unified_stack_variables.append(variable.serialize_to_cmessage())
|
|
230
|
+
elif isinstance(variable, SimMemoryVariable):
|
|
231
|
+
unified_memory_variables.append(variable.serialize_to_cmessage())
|
|
232
|
+
else:
|
|
233
|
+
raise NotImplementedError
|
|
234
|
+
|
|
235
|
+
cmsg.unified_regvars.extend(unified_register_variables)
|
|
236
|
+
cmsg.unified_stackvars.extend(unified_stack_variables)
|
|
237
|
+
cmsg.unified_memvars.extend(unified_memory_variables)
|
|
238
|
+
|
|
239
|
+
relations = []
|
|
240
|
+
for variable, unified in self._variables_to_unified_variables.items():
|
|
241
|
+
if unified.ident not in unified_variable_idents:
|
|
242
|
+
l.error(
|
|
243
|
+
"The unified variable %s is missing from the unified variables of function %#x. Please "
|
|
244
|
+
"report it on GitHub.",
|
|
245
|
+
unified.ident,
|
|
246
|
+
self.func_addr,
|
|
247
|
+
)
|
|
248
|
+
continue
|
|
249
|
+
relation = variables_pb2.Var2Unified() # type: ignore[reportAttributeAccessIssue]
|
|
250
|
+
relation.var_ident = variable.ident
|
|
251
|
+
relation.unified_var_ident = unified.ident
|
|
252
|
+
relations.append(relation)
|
|
253
|
+
cmsg.var2unified.extend(relations)
|
|
254
|
+
|
|
255
|
+
# phi vars
|
|
256
|
+
phi_relations = []
|
|
257
|
+
for phi, vars_ in self._phi_variables.items():
|
|
258
|
+
for var in vars_:
|
|
259
|
+
if var not in self._variables and var not in self._phi_variables:
|
|
260
|
+
l.error("Ignore variable %s because it is not in the registered list.", var.ident)
|
|
261
|
+
continue
|
|
262
|
+
relation = variables_pb2.Phi2Var() # type: ignore[reportAttributeAccessIssue]
|
|
263
|
+
relation.phi_ident = phi.ident
|
|
264
|
+
relation.var_ident = var.ident
|
|
265
|
+
phi_relations.append(relation)
|
|
266
|
+
cmsg.phi2var.extend(phi_relations)
|
|
267
|
+
|
|
268
|
+
# TODO: Types
|
|
269
|
+
|
|
270
|
+
# TODO: vvarid_to_varialbes & variable_to_vvarids
|
|
271
|
+
|
|
272
|
+
return cmsg
|
|
273
|
+
|
|
274
|
+
@classmethod
|
|
275
|
+
def parse_from_cmessage(
|
|
276
|
+
cls, cmsg, variable_manager=None, func_addr=None, **kwargs
|
|
277
|
+
) -> VariableManagerInternal: # pylint:disable=arguments-differ
|
|
278
|
+
model = VariableManagerInternal(variable_manager, func_addr=func_addr)
|
|
279
|
+
|
|
280
|
+
variable_by_ident = {}
|
|
281
|
+
|
|
282
|
+
# variables
|
|
283
|
+
all_vars = []
|
|
284
|
+
|
|
285
|
+
for regvar_pb2 in cmsg.regvars:
|
|
286
|
+
all_vars.append(
|
|
287
|
+
(
|
|
288
|
+
regvar_pb2.base.is_phi, # type: ignore[reportAttributeAccessIssue]
|
|
289
|
+
SimRegisterVariable.parse_from_cmessage(regvar_pb2),
|
|
290
|
+
)
|
|
291
|
+
)
|
|
292
|
+
for stackvar_pb2 in cmsg.stackvars:
|
|
293
|
+
all_vars.append(
|
|
294
|
+
(
|
|
295
|
+
stackvar_pb2.base.is_phi, # type: ignore[reportAttributeAccessIssue]
|
|
296
|
+
SimStackVariable.parse_from_cmessage(stackvar_pb2),
|
|
297
|
+
)
|
|
298
|
+
)
|
|
299
|
+
for memvar_pb2 in cmsg.memvars:
|
|
300
|
+
all_vars.append(
|
|
301
|
+
(
|
|
302
|
+
memvar_pb2.base.is_phi, # type: ignore[reportAttributeAccessIssue]
|
|
303
|
+
SimMemoryVariable.parse_from_cmessage(memvar_pb2),
|
|
304
|
+
)
|
|
305
|
+
)
|
|
306
|
+
for is_phi, var in all_vars:
|
|
307
|
+
variable_by_ident[var.ident] = var
|
|
308
|
+
if is_phi:
|
|
309
|
+
model._phi_variables[var] = set()
|
|
310
|
+
else:
|
|
311
|
+
model._variables.add(var)
|
|
312
|
+
model._ident_to_variable[var.ident] = var
|
|
313
|
+
|
|
314
|
+
# variable accesses
|
|
315
|
+
for varaccess_pb2 in cmsg.accesses:
|
|
316
|
+
variable_access = VariableAccess.parse_from_cmessage(varaccess_pb2, variable_by_ident=variable_by_ident)
|
|
317
|
+
variable = variable_access.variable
|
|
318
|
+
offset = variable_access.offset
|
|
319
|
+
assert variable is not None and offset is not None
|
|
320
|
+
tpl = (variable, offset)
|
|
321
|
+
|
|
322
|
+
model._variable_accesses[variable_access.variable].add(variable_access)
|
|
323
|
+
assert variable_access.location.ins_addr is not None
|
|
324
|
+
model._insn_to_variable[variable_access.location.ins_addr].add(tpl)
|
|
325
|
+
assert variable_access.location.block_addr is not None
|
|
326
|
+
assert variable_access.location.stmt_idx is not None
|
|
327
|
+
loc = (
|
|
328
|
+
(variable_access.location.block_addr, variable_access.location.stmt_idx)
|
|
329
|
+
if variable_access.location.block_idx is None
|
|
330
|
+
else (
|
|
331
|
+
variable_access.location.block_addr,
|
|
332
|
+
variable_access.location.block_idx,
|
|
333
|
+
variable_access.location.stmt_idx,
|
|
334
|
+
)
|
|
335
|
+
)
|
|
336
|
+
model._stmt_to_variable[loc].add(tpl)
|
|
337
|
+
model._variable_to_stmt[variable].add(loc)
|
|
338
|
+
if variable_access.atom_hash is not None:
|
|
339
|
+
model._atom_to_variable[loc][variable_access.atom_hash].add(tpl)
|
|
340
|
+
|
|
341
|
+
# unified variables
|
|
342
|
+
unified_variable_by_ident = {}
|
|
343
|
+
for regvar_pb2 in cmsg.unified_regvars:
|
|
344
|
+
regvar = SimRegisterVariable.parse_from_cmessage(regvar_pb2)
|
|
345
|
+
unified_variable_by_ident[regvar.ident] = regvar
|
|
346
|
+
model._unified_variables.add(regvar)
|
|
347
|
+
for stackvar_pb2 in cmsg.unified_stackvars:
|
|
348
|
+
stackvar = SimStackVariable.parse_from_cmessage(stackvar_pb2)
|
|
349
|
+
unified_variable_by_ident[stackvar.ident] = stackvar
|
|
350
|
+
model._unified_variables.add(stackvar)
|
|
351
|
+
for memvar_pb2 in cmsg.unified_memvars:
|
|
352
|
+
memvar = SimMemoryVariable.parse_from_cmessage(memvar_pb2)
|
|
353
|
+
unified_variable_by_ident[memvar.ident] = memvar
|
|
354
|
+
model._unified_variables.add(memvar)
|
|
355
|
+
|
|
356
|
+
for var2unified in cmsg.var2unified:
|
|
357
|
+
variable = variable_by_ident[var2unified.var_ident]
|
|
358
|
+
unified = unified_variable_by_ident.get(var2unified.unified_var_ident, None)
|
|
359
|
+
if unified is None:
|
|
360
|
+
l.warning(
|
|
361
|
+
"Unified variable %s is not found in unified_variable_by_ident.", var2unified.unified_var_ident
|
|
362
|
+
)
|
|
363
|
+
# as a stop gap, we make the variable unify to itself
|
|
364
|
+
model._variables_to_unified_variables[variable] = variable
|
|
365
|
+
continue
|
|
366
|
+
model._variables_to_unified_variables[variable] = unified
|
|
367
|
+
|
|
368
|
+
for phi2var in cmsg.phi2var:
|
|
369
|
+
phi = variable_by_ident.get(phi2var.phi_ident, None)
|
|
370
|
+
if phi is None:
|
|
371
|
+
l.warning("Phi variable %s is not found in variable_by_ident.", phi2var.phi_ident)
|
|
372
|
+
continue
|
|
373
|
+
var = variable_by_ident.get(phi2var.var_ident, None)
|
|
374
|
+
if var is None:
|
|
375
|
+
l.warning("Variable %s is not found in variable_by_ident.", phi2var.var_ident)
|
|
376
|
+
continue
|
|
377
|
+
model._phi_variables[phi].add(var)
|
|
378
|
+
model._variables_to_phivars[var].add(phi)
|
|
379
|
+
|
|
380
|
+
# TODO: Types
|
|
381
|
+
|
|
382
|
+
for var in model._variables:
|
|
383
|
+
if isinstance(var, SimStackVariable):
|
|
384
|
+
region = model._stack_region
|
|
385
|
+
offset = var.offset
|
|
386
|
+
elif isinstance(var, SimRegisterVariable):
|
|
387
|
+
region = model._register_region
|
|
388
|
+
offset = var.reg
|
|
389
|
+
elif isinstance(var, SimMemoryVariable):
|
|
390
|
+
region = model._global_region
|
|
391
|
+
offset = var.addr
|
|
392
|
+
else:
|
|
393
|
+
raise ValueError(f"Unsupported sort {type(var)} in parse_from_cmessage().")
|
|
394
|
+
|
|
395
|
+
region.add_variable(offset, var)
|
|
396
|
+
|
|
397
|
+
model._variables_without_writes = set(model.get_variables_without_writes())
|
|
398
|
+
|
|
399
|
+
return model
|
|
400
|
+
|
|
401
|
+
#
|
|
402
|
+
# Public methods
|
|
403
|
+
#
|
|
404
|
+
|
|
405
|
+
def next_variable_ident(self, sort):
|
|
406
|
+
if sort not in self._variable_counters:
|
|
407
|
+
raise ValueError(f"Unsupported variable sort {sort}")
|
|
408
|
+
|
|
409
|
+
if sort == "register":
|
|
410
|
+
prefix = "r"
|
|
411
|
+
elif sort == "stack":
|
|
412
|
+
prefix = "s"
|
|
413
|
+
elif sort == "argument":
|
|
414
|
+
prefix = "arg"
|
|
415
|
+
elif sort == "global":
|
|
416
|
+
prefix = "g"
|
|
417
|
+
else:
|
|
418
|
+
prefix = "m"
|
|
419
|
+
|
|
420
|
+
return f"i{prefix}_{next(self._variable_counters[sort])}"
|
|
421
|
+
|
|
422
|
+
def add_variable(self, sort, start, variable: SimVariable):
|
|
423
|
+
if sort == "stack":
|
|
424
|
+
region = self._stack_region
|
|
425
|
+
elif sort == "register":
|
|
426
|
+
region = self._register_region
|
|
427
|
+
elif sort == "global":
|
|
428
|
+
region = self._global_region
|
|
429
|
+
else:
|
|
430
|
+
raise ValueError(f"Unsupported sort {sort} in add_variable().")
|
|
431
|
+
|
|
432
|
+
if variable.ident is not None:
|
|
433
|
+
# find if there is already an existing variable with the same identifier
|
|
434
|
+
if variable.ident in self._ident_to_variable:
|
|
435
|
+
existing_var = self._ident_to_variable[variable.ident]
|
|
436
|
+
if existing_var.name is not None and not variable.renamed:
|
|
437
|
+
variable.name = existing_var.name
|
|
438
|
+
variable.renamed = existing_var.renamed
|
|
439
|
+
self._ident_to_variable[variable.ident] = variable
|
|
440
|
+
|
|
441
|
+
region.add_variable(start, variable)
|
|
442
|
+
self._variables.add(variable)
|
|
443
|
+
self._variables_without_writes.add(variable)
|
|
444
|
+
|
|
445
|
+
def set_variable(self, sort, start, variable: SimVariable):
|
|
446
|
+
if sort == "stack":
|
|
447
|
+
region = self._stack_region
|
|
448
|
+
elif sort == "register":
|
|
449
|
+
region = self._register_region
|
|
450
|
+
elif sort == "global":
|
|
451
|
+
region = self._global_region
|
|
452
|
+
else:
|
|
453
|
+
raise ValueError(f"Unsupported sort {sort} in set_variable().")
|
|
454
|
+
# find if there is already an existing variable with the same identifier
|
|
455
|
+
if variable.ident in self._ident_to_variable:
|
|
456
|
+
existing_var = self._ident_to_variable[variable.ident]
|
|
457
|
+
if existing_var.name is not None and not variable.renamed:
|
|
458
|
+
variable.name = existing_var.name
|
|
459
|
+
variable.renamed = existing_var.renamed
|
|
460
|
+
region.set_variable(start, variable)
|
|
461
|
+
self._variables.add(variable)
|
|
462
|
+
self._variables_without_writes.add(variable)
|
|
463
|
+
|
|
464
|
+
def write_to(self, variable, offset, location, overwrite=False, atom=None):
|
|
465
|
+
self._record_variable_access(
|
|
466
|
+
VariableAccessSort.WRITE, variable, offset, location, overwrite=overwrite, atom=atom
|
|
467
|
+
)
|
|
468
|
+
|
|
469
|
+
def read_from(self, variable, offset, location, overwrite=False, atom=None):
|
|
470
|
+
self._record_variable_access(
|
|
471
|
+
VariableAccessSort.READ, variable, offset, location, overwrite=overwrite, atom=atom
|
|
472
|
+
)
|
|
473
|
+
|
|
474
|
+
def reference_at(self, variable, offset, location, overwrite=False, atom=None):
|
|
475
|
+
self._record_variable_access(
|
|
476
|
+
VariableAccessSort.REFERENCE, variable, offset, location, overwrite=overwrite, atom=atom
|
|
477
|
+
)
|
|
478
|
+
|
|
479
|
+
def _record_variable_access(
|
|
480
|
+
self,
|
|
481
|
+
sort: int,
|
|
482
|
+
variable,
|
|
483
|
+
offset,
|
|
484
|
+
location: CodeLocation,
|
|
485
|
+
overwrite=False,
|
|
486
|
+
atom=None,
|
|
487
|
+
):
|
|
488
|
+
atom_hash = (hash(atom) & 0xFFFF_FFFF) if atom is not None else None
|
|
489
|
+
if overwrite:
|
|
490
|
+
self._variable_accesses[variable] = {VariableAccess(variable, sort, location, offset, atom_hash=atom_hash)}
|
|
491
|
+
else:
|
|
492
|
+
self._variable_accesses[variable].add(VariableAccess(variable, sort, location, offset, atom_hash=atom_hash))
|
|
493
|
+
self.record_variable(location, variable, offset, overwrite=overwrite, atom=atom)
|
|
494
|
+
if sort == VariableAccessSort.WRITE and variable in self._variables_without_writes:
|
|
495
|
+
self._variables_without_writes.discard(variable)
|
|
496
|
+
|
|
497
|
+
def record_variable(self, location: CodeLocation, variable, offset, overwrite=False, atom=None):
|
|
498
|
+
if variable.ident not in self._ident_to_variable:
|
|
499
|
+
self._ident_to_variable[variable.ident] = variable
|
|
500
|
+
self._variables.add(variable)
|
|
501
|
+
var_and_offset = variable, offset
|
|
502
|
+
atom_hash = (hash(atom) & 0xFFFF_FFFF) if atom is not None else None
|
|
503
|
+
assert location.block_addr is not None and location.stmt_idx is not None
|
|
504
|
+
key = (
|
|
505
|
+
(location.block_addr, location.stmt_idx)
|
|
506
|
+
if location.block_idx is None
|
|
507
|
+
else (location.block_addr, location.block_idx, location.stmt_idx)
|
|
508
|
+
)
|
|
509
|
+
if overwrite:
|
|
510
|
+
if location.ins_addr is not None:
|
|
511
|
+
self._insn_to_variable[location.ins_addr] = {var_and_offset}
|
|
512
|
+
self._stmt_to_variable[key] = {var_and_offset}
|
|
513
|
+
self._variable_to_stmt[variable].add(key)
|
|
514
|
+
if atom_hash is not None:
|
|
515
|
+
self._atom_to_variable[key][atom_hash] = {var_and_offset}
|
|
516
|
+
if isinstance(atom, ailment.Expr.VirtualVariable):
|
|
517
|
+
self._vvarid_to_variable[atom.varid] = variable
|
|
518
|
+
self._variable_to_vvarids[variable] = set(atom.varid)
|
|
519
|
+
else:
|
|
520
|
+
if location.ins_addr is not None:
|
|
521
|
+
self._insn_to_variable[location.ins_addr].add(var_and_offset)
|
|
522
|
+
self._stmt_to_variable[key].add(var_and_offset)
|
|
523
|
+
self._variable_to_stmt[variable].add(key)
|
|
524
|
+
if atom_hash is not None:
|
|
525
|
+
self._atom_to_variable[key][atom_hash].add(var_and_offset)
|
|
526
|
+
if isinstance(atom, ailment.Expr.VirtualVariable):
|
|
527
|
+
self._vvarid_to_variable[atom.varid] = variable
|
|
528
|
+
self._variable_to_vvarids[variable].add(atom.varid)
|
|
529
|
+
|
|
530
|
+
def remove_variable_by_atom(self, location: CodeLocation, variable: SimVariable, atom):
|
|
531
|
+
assert location.block_addr is not None and location.stmt_idx is not None
|
|
532
|
+
key = (
|
|
533
|
+
(location.block_addr, location.stmt_idx)
|
|
534
|
+
if location.block_idx is None
|
|
535
|
+
else (location.block_addr, location.block_idx, location.stmt_idx)
|
|
536
|
+
)
|
|
537
|
+
if key in self._stmt_to_variable:
|
|
538
|
+
for var_and_offset in list(self._stmt_to_variable[key]):
|
|
539
|
+
if var_and_offset[0] == variable:
|
|
540
|
+
self._stmt_to_variable[key].remove(var_and_offset)
|
|
541
|
+
if not self._stmt_to_variable[key]:
|
|
542
|
+
del self._stmt_to_variable[key]
|
|
543
|
+
|
|
544
|
+
atom_hash = (hash(atom) & 0xFFFF_FFFF) if atom is not None else None
|
|
545
|
+
if key in self._atom_to_variable and atom_hash is not None and atom_hash in self._atom_to_variable[key]:
|
|
546
|
+
for var_and_offset in list(self._atom_to_variable[key][atom_hash]):
|
|
547
|
+
if var_and_offset[0] == variable:
|
|
548
|
+
self._atom_to_variable[key][atom_hash].discard(var_and_offset)
|
|
549
|
+
if not self._atom_to_variable[key][atom_hash]:
|
|
550
|
+
del self._atom_to_variable[key][atom_hash]
|
|
551
|
+
if not self._atom_to_variable[key]:
|
|
552
|
+
del self._atom_to_variable[key]
|
|
553
|
+
|
|
554
|
+
def make_phi_node(self, block_addr, *variables):
|
|
555
|
+
"""
|
|
556
|
+
Create a phi variable for variables at block `block_addr`.
|
|
557
|
+
|
|
558
|
+
:param int block_addr: The address of the current block.
|
|
559
|
+
:param variables: Variables that the phi variable represents.
|
|
560
|
+
:return: The created phi variable.
|
|
561
|
+
"""
|
|
562
|
+
|
|
563
|
+
existing_phis = set()
|
|
564
|
+
non_phis = set()
|
|
565
|
+
for var in variables:
|
|
566
|
+
if self.is_phi_variable(var):
|
|
567
|
+
existing_phis.add(var)
|
|
568
|
+
else:
|
|
569
|
+
non_phis.add(var)
|
|
570
|
+
if var in self._variables_to_phivars:
|
|
571
|
+
for phivar in self._variables_to_phivars[var]:
|
|
572
|
+
existing_phis.add(phivar)
|
|
573
|
+
|
|
574
|
+
if len(existing_phis) >= 1:
|
|
575
|
+
# iterate through existing phi variables to see if any of it is already used as the phi variable for this
|
|
576
|
+
# block. if so, we reuse it to avoid redundant variable allocations
|
|
577
|
+
for phi in existing_phis:
|
|
578
|
+
if block_addr in self._phi_variables_by_block and phi in self._phi_variables_by_block[block_addr]:
|
|
579
|
+
if not non_phis.issubset(self.get_phi_subvariables(phi)):
|
|
580
|
+
# Update the variables that this phi variable represents
|
|
581
|
+
self._phi_variables[phi] |= non_phis
|
|
582
|
+
return phi
|
|
583
|
+
|
|
584
|
+
# allocate a new phi variable
|
|
585
|
+
repre = next(iter(variables))
|
|
586
|
+
repre_type = type(repre)
|
|
587
|
+
repre_size = max(var.size for var in variables)
|
|
588
|
+
if repre_type is SimRegisterVariable:
|
|
589
|
+
ident_sort = "register"
|
|
590
|
+
a = SimRegisterVariable(repre.reg, repre_size, ident=self.next_variable_ident(ident_sort))
|
|
591
|
+
elif repre_type is SimMemoryVariable:
|
|
592
|
+
ident_sort = "global"
|
|
593
|
+
a = SimMemoryVariable(repre.addr, repre_size, ident=self.next_variable_ident(ident_sort))
|
|
594
|
+
elif repre_type is SimStackVariable:
|
|
595
|
+
ident_sort = "stack"
|
|
596
|
+
a = SimStackVariable(repre.offset, repre_size, ident=self.next_variable_ident(ident_sort))
|
|
597
|
+
else:
|
|
598
|
+
raise TypeError(f'make_phi_node(): Unsupported variable type "{type(repre)}".')
|
|
599
|
+
|
|
600
|
+
# Keep a record of all phi variables
|
|
601
|
+
self._phi_variables[a] = set(variables)
|
|
602
|
+
self._phi_variables_by_block[block_addr].add(a)
|
|
603
|
+
for var in variables:
|
|
604
|
+
self._variables_to_phivars[var].add(a)
|
|
605
|
+
|
|
606
|
+
return a
|
|
607
|
+
|
|
608
|
+
def set_live_variables(self, addr, register_region, stack_region):
|
|
609
|
+
lv = LiveVariables(register_region, stack_region)
|
|
610
|
+
self._live_variables[addr] = lv
|
|
611
|
+
|
|
612
|
+
def find_variables_by_insn(self, ins_addr, sort):
|
|
613
|
+
if ins_addr not in self._insn_to_variable:
|
|
614
|
+
return None
|
|
615
|
+
|
|
616
|
+
if sort in (VariableType.MEMORY, "memory"):
|
|
617
|
+
vars_and_offset = [
|
|
618
|
+
(var, offset)
|
|
619
|
+
for var, offset in self._insn_to_variable[ins_addr]
|
|
620
|
+
if isinstance(var, (SimStackVariable, SimMemoryVariable))
|
|
621
|
+
]
|
|
622
|
+
elif sort in (VariableType.REGISTER, "register"):
|
|
623
|
+
vars_and_offset = [
|
|
624
|
+
(var, offset)
|
|
625
|
+
for var, offset in self._insn_to_variable[ins_addr]
|
|
626
|
+
if isinstance(var, SimRegisterVariable)
|
|
627
|
+
]
|
|
628
|
+
else:
|
|
629
|
+
l.error('find_variable_by_insn(): Unsupported variable sort "%s".', sort)
|
|
630
|
+
return []
|
|
631
|
+
|
|
632
|
+
return vars_and_offset
|
|
633
|
+
|
|
634
|
+
def is_variable_used_at(self, variable: SimVariable, loc: tuple[int, int]) -> bool:
|
|
635
|
+
return loc in self._variable_to_stmt[variable]
|
|
636
|
+
|
|
637
|
+
def find_variable_by_stmt(self, block_addr, stmt_idx, sort, block_idx: int | None = None):
|
|
638
|
+
return next(iter(self.find_variables_by_stmt(block_addr, stmt_idx, sort, block_idx=block_idx)), None)
|
|
639
|
+
|
|
640
|
+
def find_variables_by_stmt(
|
|
641
|
+
self, block_addr: int, stmt_idx: int, sort: str, block_idx: int | None = None
|
|
642
|
+
) -> list[tuple[SimVariable, int]]:
|
|
643
|
+
key = (block_addr, stmt_idx) if block_idx is None else (block_addr, block_idx, stmt_idx)
|
|
644
|
+
|
|
645
|
+
if key not in self._stmt_to_variable:
|
|
646
|
+
return []
|
|
647
|
+
|
|
648
|
+
variables = self._stmt_to_variable[key]
|
|
649
|
+
if not variables:
|
|
650
|
+
return []
|
|
651
|
+
|
|
652
|
+
var_and_offsets: list[tuple[SimVariable, int]]
|
|
653
|
+
if sort == "memory":
|
|
654
|
+
var_and_offsets = [
|
|
655
|
+
(var, offset)
|
|
656
|
+
for var, offset in self._stmt_to_variable[key]
|
|
657
|
+
if isinstance(var, (SimStackVariable, SimMemoryVariable))
|
|
658
|
+
]
|
|
659
|
+
elif sort == "register":
|
|
660
|
+
var_and_offsets = [
|
|
661
|
+
(var, offset) for var, offset in self._stmt_to_variable[key] if isinstance(var, SimRegisterVariable)
|
|
662
|
+
]
|
|
663
|
+
else:
|
|
664
|
+
l.error('find_variables_by_stmt(): Unsupported variable sort "%s".', sort)
|
|
665
|
+
return []
|
|
666
|
+
|
|
667
|
+
return var_and_offsets
|
|
668
|
+
|
|
669
|
+
def find_variable_by_atom(self, block_addr, stmt_idx, atom, block_idx: int | None = None):
|
|
670
|
+
return next(iter(self.find_variables_by_atom(block_addr, stmt_idx, atom, block_idx=block_idx)), None)
|
|
671
|
+
|
|
672
|
+
def find_variables_by_atom(
|
|
673
|
+
self, block_addr, stmt_idx, atom, block_idx: int | None = None
|
|
674
|
+
) -> set[tuple[SimVariable, int]]:
|
|
675
|
+
key = (block_addr, stmt_idx) if block_idx is None else (block_addr, block_idx, stmt_idx)
|
|
676
|
+
|
|
677
|
+
if key not in self._atom_to_variable:
|
|
678
|
+
return set()
|
|
679
|
+
|
|
680
|
+
atom_hash = hash(atom) & 0xFFFF_FFFF
|
|
681
|
+
if atom_hash not in self._atom_to_variable[key]:
|
|
682
|
+
return set()
|
|
683
|
+
|
|
684
|
+
return self._atom_to_variable[key][atom_hash]
|
|
685
|
+
|
|
686
|
+
def find_variables_by_stack_offset(self, offset: int) -> set[SimVariable]:
|
|
687
|
+
return self._stack_region.get_variables_by_offset(offset)
|
|
688
|
+
|
|
689
|
+
def find_variables_by_register(self, reg: str | int) -> set[SimVariable]:
|
|
690
|
+
if type(reg) is str:
|
|
691
|
+
reg = self.manager._kb._project.arch.registers.get(reg)[0]
|
|
692
|
+
return self._register_region.get_variables_by_offset(reg)
|
|
693
|
+
|
|
694
|
+
def get_variable_accesses(self, variable: SimVariable, same_name: bool = False) -> list[VariableAccess]:
|
|
695
|
+
if not same_name:
|
|
696
|
+
if variable in self._variable_accesses:
|
|
697
|
+
return list(self._variable_accesses[variable])
|
|
698
|
+
|
|
699
|
+
return []
|
|
700
|
+
|
|
701
|
+
# find all variables with the same variable name
|
|
702
|
+
|
|
703
|
+
vars_list = []
|
|
704
|
+
|
|
705
|
+
for var in self._variable_accesses:
|
|
706
|
+
if variable.name == var.name:
|
|
707
|
+
vars_list.append(var)
|
|
708
|
+
|
|
709
|
+
accesses = []
|
|
710
|
+
for var in vars_list:
|
|
711
|
+
accesses.extend(self.get_variable_accesses(var))
|
|
712
|
+
|
|
713
|
+
return accesses
|
|
714
|
+
|
|
715
|
+
@overload
|
|
716
|
+
def get_variables(self, sort: Literal["stack"], collapse_same_ident: bool = False) -> list[SimStackVariable]: ...
|
|
717
|
+
@overload
|
|
718
|
+
def get_variables(self, sort: Literal["reg"], collapse_same_ident: bool = False) -> list[SimRegisterVariable]: ...
|
|
719
|
+
@overload
|
|
720
|
+
def get_variables(
|
|
721
|
+
self, sort: None = None, collapse_same_ident: bool = False
|
|
722
|
+
) -> list[SimRegisterVariable | SimRegisterVariable]: ...
|
|
723
|
+
|
|
724
|
+
def get_variables(self, sort=None, collapse_same_ident=False):
|
|
725
|
+
"""
|
|
726
|
+
Get a list of variables.
|
|
727
|
+
|
|
728
|
+
:param sort: Sort of the variable to get.
|
|
729
|
+
:param collapse_same_ident: Whether variables of the same identifier should be collapsed or not.
|
|
730
|
+
:return: A list of variables.
|
|
731
|
+
"""
|
|
732
|
+
|
|
733
|
+
variables = []
|
|
734
|
+
|
|
735
|
+
if collapse_same_ident:
|
|
736
|
+
raise NotImplementedError
|
|
737
|
+
|
|
738
|
+
for var in self._variables:
|
|
739
|
+
if sort == "stack" and not isinstance(var, SimStackVariable):
|
|
740
|
+
continue
|
|
741
|
+
if sort == "reg" and not isinstance(var, SimRegisterVariable):
|
|
742
|
+
continue
|
|
743
|
+
variables.append(var)
|
|
744
|
+
|
|
745
|
+
return variables
|
|
746
|
+
|
|
747
|
+
@overload
|
|
748
|
+
def get_unified_variables(self, sort: Literal["stack"]) -> list[SimStackVariable]: ...
|
|
749
|
+
@overload
|
|
750
|
+
def get_unified_variables(self, sort: Literal["reg"]) -> list[SimRegisterVariable]: ...
|
|
751
|
+
@overload
|
|
752
|
+
def get_unified_variables(self, sort: None) -> list[SimRegisterVariable | SimRegisterVariable]: ...
|
|
753
|
+
|
|
754
|
+
def get_unified_variables(self, sort=None):
|
|
755
|
+
"""
|
|
756
|
+
Get a list of unified variables.
|
|
757
|
+
|
|
758
|
+
:param sort: Sort of the variable to get.
|
|
759
|
+
:return: A list of variables.
|
|
760
|
+
"""
|
|
761
|
+
|
|
762
|
+
variables = []
|
|
763
|
+
|
|
764
|
+
for var in self._unified_variables:
|
|
765
|
+
if sort == "stack" and not isinstance(var, SimStackVariable):
|
|
766
|
+
continue
|
|
767
|
+
if sort == "reg" and not isinstance(var, SimRegisterVariable):
|
|
768
|
+
continue
|
|
769
|
+
variables.append(var)
|
|
770
|
+
|
|
771
|
+
return variables
|
|
772
|
+
|
|
773
|
+
def get_global_variables(self, addr):
|
|
774
|
+
"""
|
|
775
|
+
Get global variable by the address of the variable.
|
|
776
|
+
|
|
777
|
+
:param int addr: Address of the variable.
|
|
778
|
+
:return: A set of variables or an empty set if no variable exists.
|
|
779
|
+
"""
|
|
780
|
+
return self._global_region.get_variables_by_offset(addr)
|
|
781
|
+
|
|
782
|
+
def is_phi_variable(self, var):
|
|
783
|
+
"""
|
|
784
|
+
Test if `var` is a phi variable.
|
|
785
|
+
|
|
786
|
+
:param SimVariable var: The variable instance.
|
|
787
|
+
:return: True if `var` is a phi variable, False otherwise.
|
|
788
|
+
:rtype: bool
|
|
789
|
+
"""
|
|
790
|
+
|
|
791
|
+
return var in self._phi_variables
|
|
792
|
+
|
|
793
|
+
def get_phi_subvariables(self, var):
|
|
794
|
+
"""
|
|
795
|
+
Get sub-variables that phi variable `var` represents.
|
|
796
|
+
|
|
797
|
+
:param SimVariable var: The variable instance.
|
|
798
|
+
:return: A set of sub-variables, or an empty set if `var` is not a phi variable.
|
|
799
|
+
:rtype: set
|
|
800
|
+
"""
|
|
801
|
+
|
|
802
|
+
if not self.is_phi_variable(var):
|
|
803
|
+
return set()
|
|
804
|
+
return self._phi_variables[var]
|
|
805
|
+
|
|
806
|
+
def get_phi_variables(self, block_addr):
|
|
807
|
+
"""
|
|
808
|
+
Get a dict of phi variables and their corresponding variables.
|
|
809
|
+
|
|
810
|
+
:param int block_addr: Address of the block.
|
|
811
|
+
:return: A dict of phi variables of an empty dict if there are no phi variables at the block.
|
|
812
|
+
:rtype: dict
|
|
813
|
+
"""
|
|
814
|
+
|
|
815
|
+
if block_addr not in self._phi_variables_by_block:
|
|
816
|
+
return {}
|
|
817
|
+
variables = {}
|
|
818
|
+
for phi in self._phi_variables_by_block[block_addr]:
|
|
819
|
+
variables[phi] = self._phi_variables[phi]
|
|
820
|
+
return variables
|
|
821
|
+
|
|
822
|
+
def get_variables_without_writes(self) -> list[SimVariable]:
|
|
823
|
+
"""
|
|
824
|
+
Get all variables that have never been written to.
|
|
825
|
+
|
|
826
|
+
:return: A list of variables that are never written to.
|
|
827
|
+
"""
|
|
828
|
+
|
|
829
|
+
def has_write_access(accesses):
|
|
830
|
+
return any(acc for acc in accesses if acc.access_type == VariableAccessSort.WRITE)
|
|
831
|
+
|
|
832
|
+
input_variables = []
|
|
833
|
+
|
|
834
|
+
for variable, accesses in self._variable_accesses.items():
|
|
835
|
+
if variable in self._phi_variables:
|
|
836
|
+
# a phi variable is definitely not an input variable
|
|
837
|
+
continue
|
|
838
|
+
if not has_write_access(accesses):
|
|
839
|
+
input_variables.append(variable)
|
|
840
|
+
|
|
841
|
+
return input_variables
|
|
842
|
+
|
|
843
|
+
def input_variables(self, exclude_specials: bool = True):
|
|
844
|
+
"""
|
|
845
|
+
Get all variables that have never been written to.
|
|
846
|
+
|
|
847
|
+
:return: A list of variables that are never written to.
|
|
848
|
+
"""
|
|
849
|
+
|
|
850
|
+
def has_read_access(accesses):
|
|
851
|
+
return any(acc for acc in accesses if acc.access_type == VariableAccessSort.READ)
|
|
852
|
+
|
|
853
|
+
input_variables = []
|
|
854
|
+
|
|
855
|
+
for variable in self._variables_without_writes:
|
|
856
|
+
if variable in self._phi_variables:
|
|
857
|
+
# a phi variable is definitely not an input variable
|
|
858
|
+
continue
|
|
859
|
+
if variable in self._variable_accesses:
|
|
860
|
+
accesses = self._variable_accesses[variable]
|
|
861
|
+
if has_read_access(accesses) and (not exclude_specials or not variable.category):
|
|
862
|
+
input_variables.append(variable)
|
|
863
|
+
|
|
864
|
+
return input_variables
|
|
865
|
+
|
|
866
|
+
def assign_variable_names(self, labels=None, types=None):
|
|
867
|
+
"""
|
|
868
|
+
Assign default names to all SSA variables.
|
|
869
|
+
|
|
870
|
+
:param labels: Known labels in the binary.
|
|
871
|
+
:return: None
|
|
872
|
+
"""
|
|
873
|
+
|
|
874
|
+
for var in self._variables:
|
|
875
|
+
if (types is None or SimStackVariable in types) and isinstance(var, SimStackVariable):
|
|
876
|
+
if var.name is not None:
|
|
877
|
+
continue
|
|
878
|
+
if var.ident and var.ident.startswith("iarg"):
|
|
879
|
+
var.name = f"arg_{var.offset:x}"
|
|
880
|
+
else:
|
|
881
|
+
var.name = "s_%x" % (-var.offset)
|
|
882
|
+
# var.name = var.ident
|
|
883
|
+
elif (types is None or SimRegisterVariable in types) and isinstance(var, SimRegisterVariable):
|
|
884
|
+
if var.name is not None:
|
|
885
|
+
continue
|
|
886
|
+
var.name = var.ident
|
|
887
|
+
elif (types is None or SimMemoryVariable in types) and isinstance(var, SimMemoryVariable):
|
|
888
|
+
if var.name is not None:
|
|
889
|
+
continue
|
|
890
|
+
if labels is not None and var.addr in labels:
|
|
891
|
+
var.name = labels[var.addr]
|
|
892
|
+
if "@@" in var.name:
|
|
893
|
+
var.name = var.name[: var.name.index("@@")]
|
|
894
|
+
elif isinstance(var.addr, int):
|
|
895
|
+
var.name = f"g_{var.addr:x}"
|
|
896
|
+
elif var.ident is not None:
|
|
897
|
+
var.name = var.ident
|
|
898
|
+
else:
|
|
899
|
+
var.name = f"g_{var.addr}"
|
|
900
|
+
|
|
901
|
+
def assign_unified_variable_names(
|
|
902
|
+
self,
|
|
903
|
+
labels=None,
|
|
904
|
+
arg_names: list[str] | None = None,
|
|
905
|
+
reset: bool = False,
|
|
906
|
+
func_blocks: list[ailment.Block] | None = None,
|
|
907
|
+
) -> None:
|
|
908
|
+
"""
|
|
909
|
+
Assign default names to all unified variables. If `func_blocks` is provided, we will find out variables that
|
|
910
|
+
are only ever written to in Phi assignments and never used elsewhere, and put these variables at the end of
|
|
911
|
+
the sorted list. These variables are likely completely removed during the dephication process.
|
|
912
|
+
|
|
913
|
+
:param labels: Known labels in the binary.
|
|
914
|
+
:param arg_names: Known argument names.
|
|
915
|
+
:param reset: Reset all variable names or not.
|
|
916
|
+
:param func_blocks: A list of function blocks of the function where these variables are accessed.
|
|
917
|
+
"""
|
|
918
|
+
|
|
919
|
+
def _id_from_varident(ident: str) -> int:
|
|
920
|
+
return int(ident[ident.find("_") + 1 :])
|
|
921
|
+
|
|
922
|
+
if not self._unified_variables:
|
|
923
|
+
return
|
|
924
|
+
|
|
925
|
+
sorted_stack_variables = []
|
|
926
|
+
sorted_reg_variables = []
|
|
927
|
+
arg_vars = []
|
|
928
|
+
|
|
929
|
+
for var in self._unified_variables:
|
|
930
|
+
if isinstance(var, SimStackVariable):
|
|
931
|
+
if var.ident and var.ident.startswith("arg_"):
|
|
932
|
+
arg_vars.append(var)
|
|
933
|
+
else:
|
|
934
|
+
sorted_stack_variables.append(var)
|
|
935
|
+
|
|
936
|
+
elif isinstance(var, SimRegisterVariable):
|
|
937
|
+
if var.ident and var.ident.startswith("arg_"):
|
|
938
|
+
arg_vars.append(var)
|
|
939
|
+
else:
|
|
940
|
+
sorted_reg_variables.append(var)
|
|
941
|
+
|
|
942
|
+
elif isinstance(var, SimMemoryVariable):
|
|
943
|
+
if not reset and var.name is not None:
|
|
944
|
+
continue
|
|
945
|
+
# assign names directly
|
|
946
|
+
if labels is not None and var.addr in labels:
|
|
947
|
+
var.name = labels[var.addr]
|
|
948
|
+
if "@@" in var.name:
|
|
949
|
+
var.name = var.name[: var.name.index("@@")]
|
|
950
|
+
elif var.ident:
|
|
951
|
+
var.name = var.ident
|
|
952
|
+
else:
|
|
953
|
+
var.name = f"g_{var.addr:x}"
|
|
954
|
+
|
|
955
|
+
# rename variables in a fixed order
|
|
956
|
+
var_ctr = count(0)
|
|
957
|
+
|
|
958
|
+
sorted_stack_variables = sorted(sorted_stack_variables, key=lambda v: (v.offset, v.ident))
|
|
959
|
+
sorted_reg_variables = sorted(sorted_reg_variables, key=lambda v: _id_from_varident(v.ident))
|
|
960
|
+
|
|
961
|
+
# find variables that are likely only used by phi assignments
|
|
962
|
+
phi_only_vars = []
|
|
963
|
+
if func_blocks:
|
|
964
|
+
func_block_by_addr = {(block.addr, block.idx): block for block in func_blocks}
|
|
965
|
+
for var in list(sorted_stack_variables):
|
|
966
|
+
if self._is_variable_only_used_by_phi_stmt(var, func_block_by_addr):
|
|
967
|
+
sorted_stack_variables.remove(var)
|
|
968
|
+
phi_only_vars.append(var)
|
|
969
|
+
for var in list(sorted_reg_variables):
|
|
970
|
+
if self._is_variable_only_used_by_phi_stmt(var, func_block_by_addr):
|
|
971
|
+
sorted_reg_variables.remove(var)
|
|
972
|
+
phi_only_vars.append(var)
|
|
973
|
+
|
|
974
|
+
for var in chain(sorted_stack_variables, sorted_reg_variables, phi_only_vars):
|
|
975
|
+
idx = next(var_ctr)
|
|
976
|
+
if var.name is not None and var.name != var.ident and not reset:
|
|
977
|
+
continue
|
|
978
|
+
if isinstance(var, (SimStackVariable, SimRegisterVariable)):
|
|
979
|
+
var.name = f"v{idx}"
|
|
980
|
+
# clear the hash cache
|
|
981
|
+
var._hash = None
|
|
982
|
+
|
|
983
|
+
# rename arguments but keeping the original order
|
|
984
|
+
arg_ctr = count(0)
|
|
985
|
+
arg_vars = sorted(arg_vars, key=lambda v: _id_from_varident(v.ident))
|
|
986
|
+
for var in arg_vars:
|
|
987
|
+
idx = next(arg_ctr)
|
|
988
|
+
if var.name is not None and var.name != var.ident and not reset:
|
|
989
|
+
continue
|
|
990
|
+
var.name = arg_names[idx] if arg_names else f"a{idx}"
|
|
991
|
+
var._hash = None
|
|
992
|
+
|
|
993
|
+
def _register_struct_type(self, ty: SimStruct, name: str | None = None) -> TypeRef:
|
|
994
|
+
if not name:
|
|
995
|
+
name = ty.name
|
|
996
|
+
if not name:
|
|
997
|
+
name = self.types.unique_type_name()
|
|
998
|
+
if name in self.types:
|
|
999
|
+
return self.types[name]
|
|
1000
|
+
ty_ref = TypeRef(name, ty).with_arch(self.manager._kb._project.arch)
|
|
1001
|
+
self.types[name] = ty_ref
|
|
1002
|
+
return ty_ref
|
|
1003
|
+
|
|
1004
|
+
def set_variable_type(
|
|
1005
|
+
self,
|
|
1006
|
+
var: SimVariable,
|
|
1007
|
+
ty: SimType,
|
|
1008
|
+
name: str | None = None,
|
|
1009
|
+
override_bot: bool = True,
|
|
1010
|
+
all_unified: bool = False,
|
|
1011
|
+
mark_manual: bool = False,
|
|
1012
|
+
) -> None:
|
|
1013
|
+
# we fall back to assigning a default unsigned integer type for the variable
|
|
1014
|
+
if isinstance(ty, SimTypeBottom) and override_bot and var.size is not None:
|
|
1015
|
+
size_to_type = {
|
|
1016
|
+
1: SimTypeChar,
|
|
1017
|
+
2: SimTypeShort,
|
|
1018
|
+
4: SimTypeInt,
|
|
1019
|
+
8: SimTypeLong,
|
|
1020
|
+
}
|
|
1021
|
+
if var.size in size_to_type:
|
|
1022
|
+
ty = size_to_type[var.size](signed=False, label=ty.label).with_arch(self.manager._kb._project.arch)
|
|
1023
|
+
|
|
1024
|
+
if name:
|
|
1025
|
+
if name not in self.types:
|
|
1026
|
+
self.types[name] = TypeRef(name, ty).with_arch(self.manager._kb._project.arch)
|
|
1027
|
+
ty = self.types[name]
|
|
1028
|
+
elif (inner_ty := unpack_pointer(ty, iterative=True)) and isinstance(inner_ty, SimStruct):
|
|
1029
|
+
typeref = self._register_struct_type(inner_ty)
|
|
1030
|
+
# rebuild the multi-layer pointer type
|
|
1031
|
+
replaced_ty = replace_pointer_pts_to(ty, inner_ty, typeref)
|
|
1032
|
+
assert replaced_ty is not None
|
|
1033
|
+
ty = replaced_ty.with_arch(self.manager._kb._project.arch)
|
|
1034
|
+
elif isinstance(ty, SimStruct):
|
|
1035
|
+
ty = self._register_struct_type(ty, name=name)
|
|
1036
|
+
|
|
1037
|
+
self.variable_to_types[var] = ty
|
|
1038
|
+
if mark_manual:
|
|
1039
|
+
self.variables_with_manual_types.add(var)
|
|
1040
|
+
if all_unified:
|
|
1041
|
+
unified = self._variables_to_unified_variables.get(var, None)
|
|
1042
|
+
if unified is not None:
|
|
1043
|
+
for other_var, other_unified in self._variables_to_unified_variables.items():
|
|
1044
|
+
if other_unified is unified and other_var is not var:
|
|
1045
|
+
self.variable_to_types[other_var] = ty
|
|
1046
|
+
if mark_manual:
|
|
1047
|
+
self.variables_with_manual_types.add(other_var)
|
|
1048
|
+
if isinstance(var, SimStackVariable) and isinstance(ty, TypeRef) and isinstance(ty.type, SimStruct):
|
|
1049
|
+
self.stack_offset_to_struct_member_info.update(self._extract_fields_from_struct(var, ty.type))
|
|
1050
|
+
|
|
1051
|
+
def _extract_fields_from_struct(self, var, ty: SimStruct, top_struct_offset=0):
|
|
1052
|
+
result = {}
|
|
1053
|
+
for name, field_offset in ty.offsets.items():
|
|
1054
|
+
field_ty = ty.fields[name]
|
|
1055
|
+
offset = top_struct_offset + field_offset
|
|
1056
|
+
if isinstance(field_ty, TypeRef):
|
|
1057
|
+
field_ty = field_ty.type
|
|
1058
|
+
if isinstance(field_ty, SimStruct):
|
|
1059
|
+
result.update(
|
|
1060
|
+
self._extract_fields_from_struct(var, field_ty, top_struct_offset=top_struct_offset + field_offset)
|
|
1061
|
+
)
|
|
1062
|
+
else:
|
|
1063
|
+
result[var.offset + offset] = (offset, var, ty)
|
|
1064
|
+
return result
|
|
1065
|
+
|
|
1066
|
+
def get_variable_type(self, var) -> SimType | None:
|
|
1067
|
+
return self.variable_to_types.get(var, None)
|
|
1068
|
+
|
|
1069
|
+
def remove_types(self):
|
|
1070
|
+
self.types.clear()
|
|
1071
|
+
self.variable_to_types.clear()
|
|
1072
|
+
|
|
1073
|
+
def _variables_interfere(self, interference: networkx.DiGraph, v0: SimVariable, v1: SimVariable) -> bool:
|
|
1074
|
+
vvar_ids_0 = self._variable_to_vvarids[v0]
|
|
1075
|
+
vvar_ids_1 = self._variable_to_vvarids[v1]
|
|
1076
|
+
for vvar_id_0 in vvar_ids_0:
|
|
1077
|
+
for vvar_id_1 in vvar_ids_1:
|
|
1078
|
+
if interference.has_edge(vvar_id_0, vvar_id_1):
|
|
1079
|
+
return True
|
|
1080
|
+
return False
|
|
1081
|
+
|
|
1082
|
+
def unify_variables(self, interference: networkx.DiGraph | None = None) -> None:
|
|
1083
|
+
"""
|
|
1084
|
+
Map SSA variables to a unified variable. Fill in self._unified_variables.
|
|
1085
|
+
"""
|
|
1086
|
+
|
|
1087
|
+
stack_vars: set[SimStackVariable] = set()
|
|
1088
|
+
reg_vars: set[SimRegisterVariable] = set()
|
|
1089
|
+
|
|
1090
|
+
# unify stack variables based on their locations
|
|
1091
|
+
for v in self.get_variables() + list(self._phi_variables):
|
|
1092
|
+
if v in self._variables_to_unified_variables:
|
|
1093
|
+
# do not unify twice
|
|
1094
|
+
continue
|
|
1095
|
+
if isinstance(v, SimStackVariable):
|
|
1096
|
+
stack_vars.add(v)
|
|
1097
|
+
elif isinstance(v, SimRegisterVariable):
|
|
1098
|
+
reg_vars.add(v)
|
|
1099
|
+
|
|
1100
|
+
# unify variables based on phi nodes
|
|
1101
|
+
graph = networkx.DiGraph() # an edge v1 -> v2 means v2 is the phi variable for v1
|
|
1102
|
+
for v, subvs in self._phi_variables.items():
|
|
1103
|
+
if not isinstance(v, (SimRegisterVariable, SimStackVariable)):
|
|
1104
|
+
continue
|
|
1105
|
+
for subv in subvs:
|
|
1106
|
+
graph.add_edge(subv, v)
|
|
1107
|
+
|
|
1108
|
+
# prune the graph: remove nodes that have never been used
|
|
1109
|
+
while True:
|
|
1110
|
+
unused_nodes = set()
|
|
1111
|
+
for node in [nn for nn in graph.nodes() if graph.out_degree[nn] == 0]:
|
|
1112
|
+
if not self.get_variable_accesses(node):
|
|
1113
|
+
# this node has never been used - discard it
|
|
1114
|
+
unused_nodes.add(node)
|
|
1115
|
+
if unused_nodes:
|
|
1116
|
+
graph.remove_nodes_from(unused_nodes)
|
|
1117
|
+
else:
|
|
1118
|
+
break
|
|
1119
|
+
|
|
1120
|
+
# convert the directional graph into a non-directional graph
|
|
1121
|
+
graph_ = networkx.Graph()
|
|
1122
|
+
graph_.add_nodes_from(graph.nodes)
|
|
1123
|
+
graph_.add_edges_from(graph.edges)
|
|
1124
|
+
|
|
1125
|
+
for nodes in networkx.connected_components(graph_):
|
|
1126
|
+
if len(nodes) <= 1:
|
|
1127
|
+
continue
|
|
1128
|
+
# side effect of sorting: arg_x variables are always in the front of the list
|
|
1129
|
+
nodes = sorted(nodes, key=lambda x: x.ident)
|
|
1130
|
+
unified = nodes[0].copy()
|
|
1131
|
+
for v in nodes:
|
|
1132
|
+
self.set_unified_variable(v, unified)
|
|
1133
|
+
for v in nodes:
|
|
1134
|
+
reg_vars.discard(v)
|
|
1135
|
+
stack_vars.discard(v)
|
|
1136
|
+
|
|
1137
|
+
# deal with remaining variables
|
|
1138
|
+
for v in sorted(reg_vars, key=lambda v: v.ident if v.ident else ""):
|
|
1139
|
+
self.set_unified_variable(v, v)
|
|
1140
|
+
|
|
1141
|
+
if interference is None:
|
|
1142
|
+
# interference graph is unavailable; we do not merge stack variables
|
|
1143
|
+
for v in sorted(stack_vars, key=lambda v: v.ident if v.ident else ""):
|
|
1144
|
+
self.set_unified_variable(v, v)
|
|
1145
|
+
|
|
1146
|
+
else:
|
|
1147
|
+
# merge stack variables at the same offsets only if their corresponding vvars do not interfere
|
|
1148
|
+
stack_vars_by_offset: dict[int, list[SimStackVariable]] = defaultdict(list)
|
|
1149
|
+
for v in sorted(stack_vars, key=lambda v: v.ident if v.ident else ""):
|
|
1150
|
+
stack_vars_by_offset[v.offset].append(v)
|
|
1151
|
+
for vs in stack_vars_by_offset.values():
|
|
1152
|
+
# split vs into disjoint sets based on variable interference relations
|
|
1153
|
+
congruence_classes = {}
|
|
1154
|
+
start = 0
|
|
1155
|
+
while start < len(vs):
|
|
1156
|
+
for i in range(start, len(vs)):
|
|
1157
|
+
v0 = vs[i]
|
|
1158
|
+
added = False
|
|
1159
|
+
for cls in congruence_classes.values(): # the insertion order of the dict is preserved
|
|
1160
|
+
if all(not self._variables_interfere(interference, v, v0) for v in cls):
|
|
1161
|
+
cls.add(v0)
|
|
1162
|
+
added = True
|
|
1163
|
+
break
|
|
1164
|
+
if not added:
|
|
1165
|
+
congruence_classes[v0] = {v0}
|
|
1166
|
+
start = i + 1
|
|
1167
|
+
|
|
1168
|
+
seen = set()
|
|
1169
|
+
for cls in congruence_classes.values():
|
|
1170
|
+
if any(v in seen for v in cls):
|
|
1171
|
+
continue
|
|
1172
|
+
if len(cls) == 1:
|
|
1173
|
+
v = next(iter(cls))
|
|
1174
|
+
self.set_unified_variable(v, v)
|
|
1175
|
+
else:
|
|
1176
|
+
vs = sorted(cls, key=lambda v: v.ident)
|
|
1177
|
+
unified = vs[0].copy()
|
|
1178
|
+
for v in vs:
|
|
1179
|
+
self.set_unified_variable(v, unified)
|
|
1180
|
+
|
|
1181
|
+
def set_unified_variable(self, variable: SimVariable, unified: SimVariable) -> None:
|
|
1182
|
+
"""
|
|
1183
|
+
Set the unified variable for a given SSA variable.
|
|
1184
|
+
|
|
1185
|
+
:param variable: The SSA variable.
|
|
1186
|
+
:param unified: The unified variable.
|
|
1187
|
+
:return: None
|
|
1188
|
+
"""
|
|
1189
|
+
old_unified = self._variables_to_unified_variables.get(variable, None)
|
|
1190
|
+
if old_unified is not None and old_unified is not unified:
|
|
1191
|
+
self._unified_variables.discard(old_unified)
|
|
1192
|
+
if old_unified.name is not None and not unified.renamed:
|
|
1193
|
+
unified.name = old_unified.name
|
|
1194
|
+
unified.renamed = old_unified.renamed
|
|
1195
|
+
|
|
1196
|
+
self._unified_variables.add(unified)
|
|
1197
|
+
self._variables_to_unified_variables[variable] = unified
|
|
1198
|
+
|
|
1199
|
+
def unified_variable(self, variable: SimVariable) -> SimVariable | None:
|
|
1200
|
+
"""
|
|
1201
|
+
Return the unified variable for a given SSA variable,
|
|
1202
|
+
|
|
1203
|
+
:param variable: The SSA variable.
|
|
1204
|
+
:return: The unified variable, or None if there is no such SSA variable.
|
|
1205
|
+
"""
|
|
1206
|
+
|
|
1207
|
+
return self._variables_to_unified_variables.get(variable, None)
|
|
1208
|
+
|
|
1209
|
+
def _is_variable_only_used_by_phi_stmt(
|
|
1210
|
+
self, var: SimVariable, func_block_by_addr: dict[tuple[int, int | None], ailment.Block]
|
|
1211
|
+
) -> bool:
|
|
1212
|
+
accesses = self.get_variable_accesses(var)
|
|
1213
|
+
if not accesses:
|
|
1214
|
+
# not used at all?
|
|
1215
|
+
return False
|
|
1216
|
+
for acc in accesses:
|
|
1217
|
+
assert acc.location.block_addr is not None
|
|
1218
|
+
block = func_block_by_addr.get((acc.location.block_addr, acc.location.block_idx), None)
|
|
1219
|
+
if block is not None:
|
|
1220
|
+
stmt = block.statements[acc.location.stmt_idx]
|
|
1221
|
+
if not is_phi_assignment(stmt):
|
|
1222
|
+
return False
|
|
1223
|
+
return True
|
|
1224
|
+
|
|
1225
|
+
def get_stackvar_max_sizes(self, stack_items: dict[int, StackItem]) -> dict[SimStackVariable, int]:
|
|
1226
|
+
"""
|
|
1227
|
+
Get the maximum size of each stack variable regardless of the type of each stack variable, under the assumption
|
|
1228
|
+
that stack variables do not overlap.
|
|
1229
|
+
|
|
1230
|
+
:return: A dictionary from SimStackVariable to its maximum size.
|
|
1231
|
+
"""
|
|
1232
|
+
|
|
1233
|
+
stackvars_by_offset = defaultdict(list)
|
|
1234
|
+
for v in self._variables:
|
|
1235
|
+
if isinstance(v, SimStackVariable):
|
|
1236
|
+
offset = v.offset
|
|
1237
|
+
stackvars_by_offset[offset].append(v)
|
|
1238
|
+
|
|
1239
|
+
max_sizes = {}
|
|
1240
|
+
offsets = sorted(list(stackvars_by_offset) + list(stack_items))
|
|
1241
|
+
for i, offset in enumerate(offsets):
|
|
1242
|
+
if i + 1 < len(offsets):
|
|
1243
|
+
next_off = offsets[i + 1]
|
|
1244
|
+
sz = next_off - offset
|
|
1245
|
+
if offset in stackvars_by_offset:
|
|
1246
|
+
for v in stackvars_by_offset[offset]:
|
|
1247
|
+
max_sizes[v] = max(v.size, sz)
|
|
1248
|
+
|
|
1249
|
+
return max_sizes
|
|
1250
|
+
|
|
1251
|
+
|
|
1252
|
+
class VariableManager(KnowledgeBasePlugin):
|
|
1253
|
+
"""
|
|
1254
|
+
Manage variables.
|
|
1255
|
+
"""
|
|
1256
|
+
|
|
1257
|
+
def __init__(self, kb):
|
|
1258
|
+
super().__init__(kb=kb)
|
|
1259
|
+
self.global_manager = VariableManagerInternal(self)
|
|
1260
|
+
self.function_managers: dict[int, VariableManagerInternal] = {}
|
|
1261
|
+
|
|
1262
|
+
def __contains__(self, key) -> bool:
|
|
1263
|
+
if key == "global":
|
|
1264
|
+
return True
|
|
1265
|
+
return key in self.function_managers
|
|
1266
|
+
|
|
1267
|
+
def __getitem__(self, key) -> VariableManagerInternal:
|
|
1268
|
+
"""
|
|
1269
|
+
Get the VariableManagerInternal object for a function or a region.
|
|
1270
|
+
|
|
1271
|
+
:param str or int key: Key of the region. "global" for the global region, or a function address for the
|
|
1272
|
+
function.
|
|
1273
|
+
:return: The VariableManagerInternal object.
|
|
1274
|
+
"""
|
|
1275
|
+
|
|
1276
|
+
if key == "global": # pylint:disable=no-else-return
|
|
1277
|
+
return self.global_manager
|
|
1278
|
+
|
|
1279
|
+
# key refers to a function address
|
|
1280
|
+
return self.get_function_manager(key)
|
|
1281
|
+
|
|
1282
|
+
def __delitem__(self, key) -> None:
|
|
1283
|
+
"""
|
|
1284
|
+
Remove the existing VariableManagerInternal object for a function or a region.
|
|
1285
|
+
|
|
1286
|
+
:param Union[str,int] key: Key of the region. "global" for the global region, or a function address for the
|
|
1287
|
+
function.
|
|
1288
|
+
:return: None
|
|
1289
|
+
"""
|
|
1290
|
+
|
|
1291
|
+
if key == "global":
|
|
1292
|
+
self.global_manager = VariableManagerInternal(self)
|
|
1293
|
+
else:
|
|
1294
|
+
del self.function_managers[key]
|
|
1295
|
+
|
|
1296
|
+
def has_function_manager(self, key: int) -> bool:
|
|
1297
|
+
return key in self.function_managers
|
|
1298
|
+
|
|
1299
|
+
def get_function_manager(self, func_addr) -> VariableManagerInternal:
|
|
1300
|
+
if isinstance(func_addr, str):
|
|
1301
|
+
func_addr = self._kb.labels.lookup(func_addr)
|
|
1302
|
+
elif not isinstance(func_addr, int):
|
|
1303
|
+
raise TypeError('Argument "func_addr" must be an int.')
|
|
1304
|
+
|
|
1305
|
+
if func_addr not in self.function_managers:
|
|
1306
|
+
self.function_managers[func_addr] = VariableManagerInternal(self, func_addr=func_addr)
|
|
1307
|
+
|
|
1308
|
+
return self.function_managers[func_addr]
|
|
1309
|
+
|
|
1310
|
+
def initialize_variable_names(self) -> None:
|
|
1311
|
+
self.global_manager.assign_variable_names()
|
|
1312
|
+
for manager in self.function_managers.values():
|
|
1313
|
+
manager.assign_variable_names()
|
|
1314
|
+
|
|
1315
|
+
def get_variable_accesses(self, variable: SimVariable, same_name: bool = False) -> list[VariableAccess]:
|
|
1316
|
+
"""
|
|
1317
|
+
Get a list of all references to the given variable.
|
|
1318
|
+
|
|
1319
|
+
:param variable: The variable.
|
|
1320
|
+
:param same_name: Whether to include all variables with the same variable name, or just based on the
|
|
1321
|
+
variable identifier.
|
|
1322
|
+
:return: All references to the variable.
|
|
1323
|
+
"""
|
|
1324
|
+
|
|
1325
|
+
if variable.region == "global":
|
|
1326
|
+
return self.global_manager.get_variable_accesses(variable, same_name=same_name)
|
|
1327
|
+
|
|
1328
|
+
if variable.region in self.function_managers:
|
|
1329
|
+
return self.function_managers[variable.region].get_variable_accesses(variable, same_name=same_name)
|
|
1330
|
+
|
|
1331
|
+
l.warning("get_variable_accesses(): Region %s is not found.", variable.region)
|
|
1332
|
+
return []
|
|
1333
|
+
|
|
1334
|
+
def copy(self):
|
|
1335
|
+
raise NotImplementedError
|
|
1336
|
+
|
|
1337
|
+
@staticmethod
|
|
1338
|
+
def convert_variable_list(vlist: list[Variable], manager: VariableManagerInternal):
|
|
1339
|
+
for v in vlist:
|
|
1340
|
+
simv = None
|
|
1341
|
+
if v.type is None:
|
|
1342
|
+
l.warning("skipped unknown type for %s", v.name)
|
|
1343
|
+
continue
|
|
1344
|
+
if v.sort == "global":
|
|
1345
|
+
simv = SimMemoryVariable(v.addr, v.type.byte_size)
|
|
1346
|
+
elif v.sort == "register":
|
|
1347
|
+
simv = SimRegisterVariable(v.addr, v.type.byte_size)
|
|
1348
|
+
elif v.sort == "stack":
|
|
1349
|
+
simv = SimStackVariable(v.addr, v.type.byte_size)
|
|
1350
|
+
else:
|
|
1351
|
+
l.warning("undefined variable sort %s for %s", v.sort, v.addr)
|
|
1352
|
+
continue
|
|
1353
|
+
simv.name = v.name
|
|
1354
|
+
manager.add_variable(v.sort, v.addr, simv)
|
|
1355
|
+
|
|
1356
|
+
def load_from_dwarf(self, cu_list: list[CompilationUnit] | None = None):
|
|
1357
|
+
cu_list = cu_list or self._kb._project.loader.main_object.compilation_units
|
|
1358
|
+
if cu_list is None:
|
|
1359
|
+
l.warning("no CompilationUnit found")
|
|
1360
|
+
return
|
|
1361
|
+
for cu in cu_list:
|
|
1362
|
+
self.convert_variable_list(cu.global_variables, self.global_manager)
|
|
1363
|
+
for low_pc, subp in cu.functions.items():
|
|
1364
|
+
manager = self.get_function_manager(low_pc)
|
|
1365
|
+
self.convert_variable_list(subp.local_variables, manager)
|
|
1366
|
+
|
|
1367
|
+
|
|
1368
|
+
KnowledgeBasePlugin.register_default("variables", VariableManager)
|