angr 9.2.164__cp310-abi3-macosx_11_0_arm64.whl → 9.2.165__cp310-abi3-macosx_11_0_arm64.whl

angr/__init__.py

@@ -2,7 +2,7 @@
 # pylint: disable=wrong-import-position
 from __future__ import annotations
 
-__version__ = "9.2.164"
+__version__ = "9.2.165"
 
 if bytes is str:
     raise Exception(

angr/analyses/analysis.py

@@ -1,5 +1,6 @@
 from __future__ import annotations
 import functools
+import os
 import sys
 import contextlib
 from collections import defaultdict
@@ -14,6 +15,8 @@ import logging
 import time
 import typing
 
+import psutil
+
 from rich import progress
 
 from angr.misc.plugins import PluginVendor, VendorPreset
@@ -287,6 +290,8 @@ class Analysis:
     _name: str
     errors: list[AnalysisLogEntry] = []
     named_errors: defaultdict[str, list[AnalysisLogEntry]] = defaultdict(list)
+    _ram_usage: float | None = None
+    _last_ramusage_update: float = 0.0
     _progress_callback = None
     _show_progressbar = False
     _progressbar = None
@@ -295,7 +300,7 @@ class Analysis:
     _PROGRESS_WIDGETS = [
         progress.TaskProgressColumn(),
         progress.BarColumn(),
-        progress.TextColumn("Elapsed Time:"),
+        progress.TextColumn("Elapsed:"),
         progress.TimeElapsedColumn(),
         progress.TextColumn("Time:"),
         progress.TimeRemainingColumn(),
@@ -311,7 +316,9 @@ class Analysis:
                 raise
             else:
                 error = AnalysisLogEntry("exception occurred", exc_info=True)
-                l.error("Caught and logged %s with resilience: %s", error.exc_type.__name__, error.exc_value)
+                l.error(
+                    "Caught and logged %s with resilience: %s", error.exc_type.__name__, error.exc_value  # type:ignore
+                )
                 if name is None:
                     self.errors.append(error)
                 else:
@@ -342,10 +349,12 @@ class Analysis:
             if self._progressbar is None:
                 self._initialize_progressbar()
 
+            assert self._task is not None
+            assert self._progressbar is not None
             self._progressbar.update(self._task, completed=percentage)
 
-        if text is not None and self._progressbar:
-            self._progressbar.update(self._task, description=text)
+            if text is not None and self._progressbar:
+                self._progressbar.update(self._task, description=text)
 
         if self._progress_callback is not None:
             self._progress_callback(percentage, text=text, **kwargs)  # pylint:disable=not-callable
@@ -360,6 +369,7 @@ class Analysis:
             if self._progressbar is None:
                 self._initialize_progressbar()
             if self._progressbar is not None:
+                assert self._task is not None
                 self._progressbar.update(self._task, completed=100)
                 self._progressbar.stop()
                 self._progressbar = None
@@ -384,6 +394,19 @@ class Analysis:
         if ctr != 0 and ctr % freq == 0:
             time.sleep(sleep_time)
 
+    @property
+    def ram_usage(self) -> float:
+        """
+        Return the current RAM usage of the Python process, in bytes. The value is updated at most once per second.
+        """
+
+        if time.time() - self._last_ramusage_update > 1:
+            self._last_ramusage_update = time.time()
+            proc = psutil.Process(os.getpid())
+            meminfo = proc.memory_info()
+            self._ram_usage = meminfo.rss
+        return self._ram_usage if self._ram_usage is not None else -0.1
+
     def __getstate__(self):
         d = dict(self.__dict__)
         d.pop("_progressbar", None)

angr/analyses/cfg/cfg_fast.py

@@ -846,6 +846,8 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase):  # pylin
         # exception handling
         self._exception_handling_by_endaddr = SortedDict()
 
+        self.stage: str = ""
+
         #
         # Variables used during analysis
         #
@@ -1361,6 +1363,8 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase):  # pylin
         return job.addr
 
     def _pre_analysis(self):
+        self.stage = "Pre-analysis"
+
         # Create a read-only memory view in loader for faster data loading
         self.project.loader.gen_ro_memview()
 
@@ -1446,6 +1450,8 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase):  # pylin
 
         self._job_ctr = 0
 
+        self.stage = "Analysis (Stage 1)"
+
     def _pre_job_handling(self, job: CFGJob):  # pylint:disable=arguments-differ
         """
         Some pre job-processing tasks, like update progress bar.
@@ -1481,7 +1487,13 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase):  # pylin
             percentage = min(
                 self._seg_list.occupied_size * max_percentage_stage_1 / self._regions_size, max_percentage_stage_1
             )
-            self._update_progress(percentage, cfg=self)
+            ram_usage = self.ram_usage / (1024 * 1024)
+            text = (
+                f"{self.stage} | {len(self.functions)} funcs, {len(self.graph)} blocks | "
+                f"{len(self._indirect_jumps_to_resolve)}/{len(self.indirect_jumps)} IJs | "
+                f"{ram_usage:0.2f} MB RAM"
+            )
+            self._update_progress(percentage, text=text, cfg=self)
 
     def _intra_analysis(self):
         pass
@@ -1780,6 +1792,9 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase):  # pylin
         self._model.edges_to_repair = remaining_edges_to_repair
 
     def _post_analysis(self):
+
+        self.stage = "Analysis (Stage 2)"
+
         self._repair_edges()
 
         self._make_completed_functions()

angr/analyses/decompiler/condition_processor.py

@@ -13,8 +13,6 @@ from unique_log_filter import UniqueLogFilter
 
 
 from angr.utils.graph import GraphUtils
-from angr.utils.lazy_import import lazy_import
-from angr.utils import is_pyinstaller
 from angr.utils.graph import dominates, inverted_idoms
 from angr.utils.ail import is_head_controlled_loop_block
 from angr.block import Block, BlockNode
@@ -37,12 +35,6 @@ from .structuring.structurer_nodes import (
 from .graph_region import GraphRegion
 from .utils import peephole_optimize_expr
 
-if is_pyinstaller():
-    # PyInstaller is not happy with lazy import
-    import sympy
-else:
-    sympy = lazy_import("sympy")
-
 
 l = logging.getLogger(__name__)
 l.addFilter(UniqueLogFilter())
@@ -953,6 +945,9 @@ class ConditionProcessor:
 
     @staticmethod
     def claripy_ast_to_sympy_expr(ast, memo=None):
+
+        import sympy  # pylint:disable=import-outside-toplevel
+
         if ast.op == "And":
             return sympy.And(*(ConditionProcessor.claripy_ast_to_sympy_expr(arg, memo=memo) for arg in ast.args))
         if ast.op == "Or":
@@ -974,6 +969,9 @@ class ConditionProcessor:
 
     @staticmethod
     def sympy_expr_to_claripy_ast(expr, memo: dict):
+
+        import sympy  # pylint:disable=import-outside-toplevel
+
         if expr.is_Symbol:
             return memo[expr]
         if isinstance(expr, sympy.Or):
@@ -990,6 +988,9 @@ class ConditionProcessor:
 
     @staticmethod
     def simplify_condition(cond, depth_limit=8, variables_limit=8):
+
+        import sympy  # pylint:disable=import-outside-toplevel
+
         memo = {}
         if cond.depth > depth_limit or len(cond.variables) > variables_limit:
             return cond

angr/analyses/decompiler/peephole_optimizations/__init__.py

@@ -43,6 +43,7 @@ from .sar_to_signed_div import SarToSignedDiv
 from .tidy_stack_addr import TidyStackAddr
 from .invert_negated_logical_conjuction_disjunction import InvertNegatedLogicalConjunctionsAndDisjunctions
 from .rol_ror import RolRorRewriter
+from .inlined_memcpy import InlinedMemcpy
 from .inlined_strcpy import InlinedStrcpy
 from .inlined_strcpy_consolidation import InlinedStrcpyConsolidation
 from .inlined_wstrcpy import InlinedWstrcpy
@@ -99,6 +100,7 @@ ALL_PEEPHOLE_OPTS: list[type[PeepholeOptimizationExprBase]] = [
     TidyStackAddr,
     InvertNegatedLogicalConjunctionsAndDisjunctions,
     RolRorRewriter,
+    InlinedMemcpy,
     InlinedStrcpy,
     InlinedStrcpyConsolidation,
     InlinedWstrcpy,

angr/analyses/decompiler/peephole_optimizations/inlined_memcpy.py

@@ -0,0 +1,78 @@
+# pylint:disable=arguments-differ
+from __future__ import annotations
+
+from angr.ailment.expression import Const, StackBaseOffset, VirtualVariable, Load, UnaryOp
+from angr.ailment.statement import Call, Assignment, Store
+from angr import SIM_LIBRARIES
+from .base import PeepholeOptimizationStmtBase
+
+
+class InlinedMemcpy(PeepholeOptimizationStmtBase):
+    """
+    Simplifies inlined data copying logic into calls to memcpy.
+    """
+
+    __slots__ = ()
+
+    NAME = "Simplifying inlined strcpy"
+    stmt_classes = (Assignment, Store)
+
+    def optimize(self, stmt: Assignment | Store, stmt_idx: int | None = None, block=None, **kwargs):
+        should_replace = False
+        dst_offset, src_offset, store_size = None, None, None
+        if (
+            isinstance(stmt, Assignment)
+            and isinstance(stmt.dst, VirtualVariable)
+            and stmt.dst.was_stack
+            and stmt.dst.size == 16
+            and isinstance(stmt.src, Load)
+        ):
+            dst_offset = stmt.dst.stack_offset
+            store_size = stmt.dst.size
+            if (
+                isinstance(stmt.src.addr, UnaryOp)
+                and stmt.src.addr.op == "Reference"
+                and isinstance(stmt.src.addr.operand, VirtualVariable)
+            ):
+                should_replace = True
+                src_offset = stmt.src.addr.operand.stack_offset
+            elif isinstance(stmt.src.addr, StackBaseOffset):
+                should_replace = True
+                src_offset = stmt.src.addr.offset
+
+        if (
+            isinstance(stmt, Store)
+            and isinstance(stmt.addr, StackBaseOffset)
+            and stmt.size == 16
+            and isinstance(stmt.data, Load)
+        ):
+            dst_offset = stmt.addr.offset
+            store_size = stmt.size
+            if (
+                isinstance(stmt.data.addr, UnaryOp)
+                and stmt.data.addr.op == "Reference"
+                and isinstance(stmt.data.addr.operand, VirtualVariable)
+            ):
+                should_replace = True
+                src_offset = stmt.data.addr.operand.stack_offset
+            elif isinstance(stmt.data.addr, StackBaseOffset):
+                should_replace = True
+                src_offset = stmt.data.addr.offset
+
+        if should_replace:
+            assert dst_offset is not None and src_offset is not None and store_size is not None
+            # replace it with a call to memcpy
+            assert self.project is not None
+            return Call(
+                stmt.idx,
+                "memcpy",
+                args=[
+                    StackBaseOffset(None, self.project.arch.bits, dst_offset),
+                    StackBaseOffset(None, self.project.arch.bits, src_offset),
+                    Const(None, None, store_size, self.project.arch.bits),
+                ],
+                prototype=SIM_LIBRARIES["libc.so"][0].get_prototype("memcpy"),
+                **stmt.tags,
+            )
+
+        return None

angr/analyses/decompiler/peephole_optimizations/inlined_strcpy.py

@@ -1,11 +1,11 @@
-# pylint:disable=arguments-differ
+# pylint:disable=arguments-differ,too-many-boolean-expressions
 from __future__ import annotations
 import string
 
 from archinfo import Endness
 
-from angr.ailment.expression import Const, StackBaseOffset, VirtualVariable
-from angr.ailment.statement import Call, Assignment
+from angr.ailment.expression import Const, StackBaseOffset, VirtualVariable, UnaryOp
+from angr.ailment.statement import Call, Assignment, Store, Statement
 
 from angr import SIM_LIBRARIES
 from angr.utils.endness import ail_const_to_be
@@ -24,24 +24,54 @@ class InlinedStrcpy(PeepholeOptimizationStmtBase):
     __slots__ = ()
 
     NAME = "Simplifying inlined strcpy"
-    stmt_classes = (Assignment,)
+    stmt_classes = (Assignment, Store)
+
+    def optimize(self, stmt: Assignment | Store, stmt_idx: int | None = None, block=None, **kwargs):
+        inlined_strcpy_candidate = False
+        src: Const | None = None
+        strcpy_dst: StackBaseOffset | UnaryOp | None = None
+
+        assert self.project is not None
 
-    def optimize(self, stmt: Assignment, stmt_idx: int | None = None, block=None, **kwargs):
         if (
-            isinstance(stmt.dst, VirtualVariable)
+            isinstance(stmt, Assignment)
+            and isinstance(stmt.dst, VirtualVariable)
             and stmt.dst.was_stack
             and isinstance(stmt.src, Const)
             and isinstance(stmt.src.value, int)
         ):
-            r, s = self.is_integer_likely_a_string(stmt.src.value, stmt.src.size, self.project.arch.memory_endness)
+            inlined_strcpy_candidate = True
+            src = stmt.src
+            strcpy_dst = StackBaseOffset(None, self.project.arch.bits, stmt.dst.stack_offset)
+        elif (
+            isinstance(stmt, Store)
+            and isinstance(stmt.addr, UnaryOp)
+            and stmt.addr.op == "Reference"
+            and isinstance(stmt.addr.operand, VirtualVariable)
+            and stmt.addr.operand.was_stack
+            and isinstance(stmt.data, Const)
+            and isinstance(stmt.data.value, int)
+        ):
+            inlined_strcpy_candidate = True
+            src = stmt.data
+            strcpy_dst = stmt.addr
+
+        if inlined_strcpy_candidate:
+            assert src is not None and strcpy_dst is not None
+            assert isinstance(src.value, int)
+            assert self.kb is not None
+
+            r, s = self.is_integer_likely_a_string(src.value, src.size, self.project.arch.memory_endness)
             if r:
+                assert s is not None
+
                 # replace it with a call to strncpy
                 str_id = self.kb.custom_strings.allocate(s.encode("ascii"))
                 return Call(
                     stmt.idx,
                     "strncpy",
                     args=[
-                        StackBaseOffset(None, self.project.arch.bits, stmt.dst.stack_offset),
+                        strcpy_dst,
                         Const(None, None, str_id, self.project.arch.bits, custom_string=True),
                         Const(None, None, len(s), self.project.arch.bits),
                     ],
@@ -68,9 +98,21 @@ class InlinedStrcpy(PeepholeOptimizationStmtBase):
                             next_offset = None
                             stride = []
 
+                    if not stride:
+                        return None
+                    min_stride_stmt_idx = min(stmt_idx_ for _, stmt_idx_, _ in stride)
+                    if min_stride_stmt_idx > stmt_idx:
+                        # the current statement is not involved in the stride. we can't simplify here, otherwise we
+                        # will incorrectly remove the current statement
+                        return None
+
                     integer, size = self.stride_to_int(stride)
-                    r, s = self.is_integer_likely_a_string(integer, size, Endness.BE)
+                    prev_stmt = None if stmt_idx == 0 else block.statements[stmt_idx - 1]
+                    min_str_length = 1 if prev_stmt is not None and self.is_inlined_strcpy(prev_stmt) else 4
+                    r, s = self.is_integer_likely_a_string(integer, size, Endness.BE, min_length=min_str_length)
                     if r:
+                        assert s is not None
+
                         # we remove all involved statements whose statement IDs are greater than the current one
                         for _, stmt_idx_, _ in reversed(stride):
                             if stmt_idx_ <= stmt_idx:
@@ -83,7 +125,7 @@ class InlinedStrcpy(PeepholeOptimizationStmtBase):
                             stmt.idx,
                             "strncpy",
                             args=[
-                                StackBaseOffset(None, self.project.arch.bits, stmt.dst.stack_offset),
+                                strcpy_dst,
                                 Const(None, None, str_id, self.project.arch.bits, custom_string=True),
                                 Const(None, None, len(s), self.project.arch.bits),
                             ],
@@ -101,10 +143,13 @@ class InlinedStrcpy(PeepholeOptimizationStmtBase):
         for _, _, v in stride:
             size += v.size
             n <<= v.bits
+            assert isinstance(v.value, int)
             n |= v.value
         return n, size
 
     def collect_constant_stores(self, block, starting_stmt_idx: int) -> dict[int, tuple[int, Const | None]]:
+        assert self.project is not None
+
         r = {}
         for idx, stmt in enumerate(block.statements):
             if idx < starting_stmt_idx:
@@ -158,3 +203,15 @@ class InlinedStrcpy(PeepholeOptimizationStmtBase):
                 return False, None
             return True, "".join(chars)
         return False, None
+
+    @staticmethod
+    def is_inlined_strcpy(stmt: Statement) -> bool:
+        return (
+            isinstance(stmt, Call)
+            and isinstance(stmt.target, str)
+            and stmt.target == "strncpy"
+            and stmt.args is not None
+            and len(stmt.args) == 3
+            and isinstance(stmt.args[1], Const)
+            and hasattr(stmt.args[1], "custom_string")
+        )

angr/analyses/decompiler/peephole_optimizations/inlined_strcpy_consolidation.py

@@ -1,7 +1,7 @@
 # pylint:disable=arguments-differ
 from __future__ import annotations
 
-from angr.ailment.expression import Expression, BinaryOp, Const, Register, StackBaseOffset
+from angr.ailment.expression import Expression, BinaryOp, Const, Register, StackBaseOffset, UnaryOp, VirtualVariable
 from angr.ailment.statement import Call, Store
 
 from angr import SIM_LIBRARIES
@@ -21,12 +21,12 @@ class InlinedStrcpyConsolidation(PeepholeOptimizationMultiStmtBase):
 
     def optimize(self, stmts: list[Call], **kwargs):
         last_stmt, stmt = stmts
-        if InlinedStrcpyConsolidation._is_inlined_strcpy(last_stmt):
+        if InlinedStrcpy.is_inlined_strcpy(last_stmt):
             s_last: bytes = self.kb.custom_strings[last_stmt.args[1].value]
             addr_last = last_stmt.args[0]
             new_str = None  # will be set if consolidation should happen
 
-            if isinstance(stmt, Call) and InlinedStrcpyConsolidation._is_inlined_strcpy(stmt):
+            if isinstance(stmt, Call) and InlinedStrcpy.is_inlined_strcpy(stmt):
                 # consolidating two calls
                 s_curr: bytes = self.kb.custom_strings[stmt.args[1].value]
                 addr_curr = stmt.args[0]
@@ -74,22 +74,19 @@ class InlinedStrcpyConsolidation(PeepholeOptimizationMultiStmtBase):
 
         return None
 
-    @staticmethod
-    def _is_inlined_strcpy(stmt: Call):
-        return (
-            isinstance(stmt.target, str)
-            and stmt.target == "strncpy"
-            and len(stmt.args) == 3
-            and isinstance(stmt.args[1], Const)
-            and hasattr(stmt.args[1], "custom_string")
-        )
-
     @staticmethod
     def _parse_addr(addr: Expression) -> tuple[Expression, int]:
         if isinstance(addr, Register):
             return addr, 0
         if isinstance(addr, StackBaseOffset):
             return StackBaseOffset(None, addr.bits, 0), addr.offset
+        if (
+            isinstance(addr, UnaryOp)
+            and addr.op == "Reference"
+            and isinstance(addr.operand, VirtualVariable)
+            and addr.operand.was_stack
+        ):
+            return StackBaseOffset(None, addr.bits, 0), addr.operand.stack_offset
         if isinstance(addr, BinaryOp):
             if addr.op == "Add" and isinstance(addr.operands[1], Const):
                 base_0, offset_0 = InlinedStrcpyConsolidation._parse_addr(addr.operands[0])