angr 9.2.164__cp310-abi3-win_amd64.whl → 9.2.165__cp310-abi3-win_amd64.whl

angr/__init__.py

@@ -2,7 +2,7 @@
 # pylint: disable=wrong-import-position
 from __future__ import annotations
 
-__version__ = "9.2.164"
+__version__ = "9.2.165"
 
 if bytes is str:
     raise Exception(

angr/analyses/analysis.py

@@ -1,5 +1,6 @@
 from __future__ import annotations
 import functools
+import os
 import sys
 import contextlib
 from collections import defaultdict
@@ -14,6 +15,8 @@ import logging
 import time
 import typing
 
+import psutil
+
 from rich import progress
 
 from angr.misc.plugins import PluginVendor, VendorPreset
@@ -287,6 +290,8 @@ class Analysis:
     _name: str
     errors: list[AnalysisLogEntry] = []
     named_errors: defaultdict[str, list[AnalysisLogEntry]] = defaultdict(list)
+    _ram_usage: float | None = None
+    _last_ramusage_update: float = 0.0
     _progress_callback = None
     _show_progressbar = False
     _progressbar = None
@@ -295,7 +300,7 @@ class Analysis:
     _PROGRESS_WIDGETS = [
         progress.TaskProgressColumn(),
         progress.BarColumn(),
-        progress.TextColumn("Elapsed Time:"),
+        progress.TextColumn("Elapsed:"),
         progress.TimeElapsedColumn(),
         progress.TextColumn("Time:"),
         progress.TimeRemainingColumn(),
@@ -311,7 +316,9 @@ class Analysis:
                 raise
             else:
                 error = AnalysisLogEntry("exception occurred", exc_info=True)
-                l.error("Caught and logged %s with resilience: %s", error.exc_type.__name__, error.exc_value)
+                l.error(
+                    "Caught and logged %s with resilience: %s", error.exc_type.__name__, error.exc_value  # type:ignore
+                )
                 if name is None:
                     self.errors.append(error)
                 else:
@@ -342,10 +349,12 @@ class Analysis:
             if self._progressbar is None:
                 self._initialize_progressbar()
 
+            assert self._task is not None
+            assert self._progressbar is not None
             self._progressbar.update(self._task, completed=percentage)
 
-        if text is not None and self._progressbar:
-            self._progressbar.update(self._task, description=text)
+            if text is not None and self._progressbar:
+                self._progressbar.update(self._task, description=text)
 
         if self._progress_callback is not None:
             self._progress_callback(percentage, text=text, **kwargs)  # pylint:disable=not-callable
@@ -360,6 +369,7 @@ class Analysis:
             if self._progressbar is None:
                 self._initialize_progressbar()
             if self._progressbar is not None:
+                assert self._task is not None
                 self._progressbar.update(self._task, completed=100)
                 self._progressbar.stop()
                 self._progressbar = None
@@ -384,6 +394,19 @@ class Analysis:
         if ctr != 0 and ctr % freq == 0:
             time.sleep(sleep_time)
 
+    @property
+    def ram_usage(self) -> float:
+        """
+        Return the current RAM usage of the Python process, in bytes. The value is updated at most once per second.
+        """
+
+        if time.time() - self._last_ramusage_update > 1:
+            self._last_ramusage_update = time.time()
+            proc = psutil.Process(os.getpid())
+            meminfo = proc.memory_info()
+            self._ram_usage = meminfo.rss
+        return self._ram_usage if self._ram_usage is not None else -0.1
+
     def __getstate__(self):
         d = dict(self.__dict__)
         d.pop("_progressbar", None)

angr/analyses/cfg/cfg_fast.py

@@ -846,6 +846,8 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase):  # pylin
         # exception handling
         self._exception_handling_by_endaddr = SortedDict()
 
+        self.stage: str = ""
+
         #
         # Variables used during analysis
         #
@@ -1361,6 +1363,8 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase):  # pylin
         return job.addr
 
     def _pre_analysis(self):
+        self.stage = "Pre-analysis"
+
         # Create a read-only memory view in loader for faster data loading
         self.project.loader.gen_ro_memview()
 
@@ -1446,6 +1450,8 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase):  # pylin
 
         self._job_ctr = 0
 
+        self.stage = "Analysis (Stage 1)"
+
     def _pre_job_handling(self, job: CFGJob):  # pylint:disable=arguments-differ
         """
         Some pre job-processing tasks, like update progress bar.
@@ -1481,7 +1487,13 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase):  # pylin
             percentage = min(
                 self._seg_list.occupied_size * max_percentage_stage_1 / self._regions_size, max_percentage_stage_1
             )
-            self._update_progress(percentage, cfg=self)
+            ram_usage = self.ram_usage / (1024 * 1024)
+            text = (
+                f"{self.stage} | {len(self.functions)} funcs, {len(self.graph)} blocks | "
+                f"{len(self._indirect_jumps_to_resolve)}/{len(self.indirect_jumps)} IJs | "
+                f"{ram_usage:0.2f} MB RAM"
+            )
+            self._update_progress(percentage, text=text, cfg=self)
 
     def _intra_analysis(self):
         pass
@@ -1780,6 +1792,9 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase):  # pylin
         self._model.edges_to_repair = remaining_edges_to_repair
 
     def _post_analysis(self):
+
+        self.stage = "Analysis (Stage 2)"
+
         self._repair_edges()
 
         self._make_completed_functions()

angr/analyses/decompiler/condition_processor.py

@@ -13,8 +13,6 @@ from unique_log_filter import UniqueLogFilter
 
 
 from angr.utils.graph import GraphUtils
-from angr.utils.lazy_import import lazy_import
-from angr.utils import is_pyinstaller
 from angr.utils.graph import dominates, inverted_idoms
 from angr.utils.ail import is_head_controlled_loop_block
 from angr.block import Block, BlockNode
@@ -37,12 +35,6 @@ from .structuring.structurer_nodes import (
 from .graph_region import GraphRegion
 from .utils import peephole_optimize_expr
 
-if is_pyinstaller():
-    # PyInstaller is not happy with lazy import
-    import sympy
-else:
-    sympy = lazy_import("sympy")
-
 
 l = logging.getLogger(__name__)
 l.addFilter(UniqueLogFilter())
@@ -953,6 +945,9 @@ class ConditionProcessor:
 
     @staticmethod
     def claripy_ast_to_sympy_expr(ast, memo=None):
+
+        import sympy  # pylint:disable=import-outside-toplevel
+
         if ast.op == "And":
             return sympy.And(*(ConditionProcessor.claripy_ast_to_sympy_expr(arg, memo=memo) for arg in ast.args))
         if ast.op == "Or":
@@ -974,6 +969,9 @@ class ConditionProcessor:
 
     @staticmethod
     def sympy_expr_to_claripy_ast(expr, memo: dict):
+
+        import sympy  # pylint:disable=import-outside-toplevel
+
         if expr.is_Symbol:
             return memo[expr]
         if isinstance(expr, sympy.Or):
@@ -990,6 +988,9 @@ class ConditionProcessor:
 
     @staticmethod
     def simplify_condition(cond, depth_limit=8, variables_limit=8):
+
+        import sympy  # pylint:disable=import-outside-toplevel
+
         memo = {}
         if cond.depth > depth_limit or len(cond.variables) > variables_limit:
             return cond

angr/analyses/decompiler/peephole_optimizations/__init__.py

@@ -43,6 +43,7 @@ from .sar_to_signed_div import SarToSignedDiv
 from .tidy_stack_addr import TidyStackAddr
 from .invert_negated_logical_conjuction_disjunction import InvertNegatedLogicalConjunctionsAndDisjunctions
 from .rol_ror import RolRorRewriter
+from .inlined_memcpy import InlinedMemcpy
 from .inlined_strcpy import InlinedStrcpy
 from .inlined_strcpy_consolidation import InlinedStrcpyConsolidation
 from .inlined_wstrcpy import InlinedWstrcpy
@@ -99,6 +100,7 @@ ALL_PEEPHOLE_OPTS: list[type[PeepholeOptimizationExprBase]] = [
     TidyStackAddr,
     InvertNegatedLogicalConjunctionsAndDisjunctions,
     RolRorRewriter,
+    InlinedMemcpy,
     InlinedStrcpy,
     InlinedStrcpyConsolidation,
     InlinedWstrcpy,

angr/analyses/decompiler/peephole_optimizations/inlined_memcpy.py

@@ -0,0 +1,78 @@
+# pylint:disable=arguments-differ
+from __future__ import annotations
+
+from angr.ailment.expression import Const, StackBaseOffset, VirtualVariable, Load, UnaryOp
+from angr.ailment.statement import Call, Assignment, Store
+from angr import SIM_LIBRARIES
+from .base import PeepholeOptimizationStmtBase
+
+
+class InlinedMemcpy(PeepholeOptimizationStmtBase):
+    """
+    Simplifies inlined data copying logic into calls to memcpy.
+    """
+
+    __slots__ = ()
+
+    NAME = "Simplifying inlined strcpy"
+    stmt_classes = (Assignment, Store)
+
+    def optimize(self, stmt: Assignment | Store, stmt_idx: int | None = None, block=None, **kwargs):
+        should_replace = False
+        dst_offset, src_offset, store_size = None, None, None
+        if (
+            isinstance(stmt, Assignment)
+            and isinstance(stmt.dst, VirtualVariable)
+            and stmt.dst.was_stack
+            and stmt.dst.size == 16
+            and isinstance(stmt.src, Load)
+        ):
+            dst_offset = stmt.dst.stack_offset
+            store_size = stmt.dst.size
+            if (
+                isinstance(stmt.src.addr, UnaryOp)
+                and stmt.src.addr.op == "Reference"
+                and isinstance(stmt.src.addr.operand, VirtualVariable)
+            ):
+                should_replace = True
+                src_offset = stmt.src.addr.operand.stack_offset
+            elif isinstance(stmt.src.addr, StackBaseOffset):
+                should_replace = True
+                src_offset = stmt.src.addr.offset
+
+        if (
+            isinstance(stmt, Store)
+            and isinstance(stmt.addr, StackBaseOffset)
+            and stmt.size == 16
+            and isinstance(stmt.data, Load)
+        ):
+            dst_offset = stmt.addr.offset
+            store_size = stmt.size
+            if (
+                isinstance(stmt.data.addr, UnaryOp)
+                and stmt.data.addr.op == "Reference"
+                and isinstance(stmt.data.addr.operand, VirtualVariable)
+            ):
+                should_replace = True
+                src_offset = stmt.data.addr.operand.stack_offset
+            elif isinstance(stmt.data.addr, StackBaseOffset):
+                should_replace = True
+                src_offset = stmt.data.addr.offset
+
+        if should_replace:
+            assert dst_offset is not None and src_offset is not None and store_size is not None
+            # replace it with a call to memcpy
+            assert self.project is not None
+            return Call(
+                stmt.idx,
+                "memcpy",
+                args=[
+                    StackBaseOffset(None, self.project.arch.bits, dst_offset),
+                    StackBaseOffset(None, self.project.arch.bits, src_offset),
+                    Const(None, None, store_size, self.project.arch.bits),
+                ],
+                prototype=SIM_LIBRARIES["libc.so"][0].get_prototype("memcpy"),
+                **stmt.tags,
+            )
+
+        return None

angr/analyses/decompiler/peephole_optimizations/inlined_strcpy.py

@@ -1,11 +1,11 @@
-# pylint:disable=arguments-differ
+# pylint:disable=arguments-differ,too-many-boolean-expressions
 from __future__ import annotations
 import string
 
 from archinfo import Endness
 
-from angr.ailment.expression import Const, StackBaseOffset, VirtualVariable
-from angr.ailment.statement import Call, Assignment
+from angr.ailment.expression import Const, StackBaseOffset, VirtualVariable, UnaryOp
+from angr.ailment.statement import Call, Assignment, Store, Statement
 
 from angr import SIM_LIBRARIES
 from angr.utils.endness import ail_const_to_be
@@ -24,24 +24,54 @@ class InlinedStrcpy(PeepholeOptimizationStmtBase):
     __slots__ = ()
 
     NAME = "Simplifying inlined strcpy"
-    stmt_classes = (Assignment,)
+    stmt_classes = (Assignment, Store)
+
+    def optimize(self, stmt: Assignment | Store, stmt_idx: int | None = None, block=None, **kwargs):
+        inlined_strcpy_candidate = False
+        src: Const | None = None
+        strcpy_dst: StackBaseOffset | UnaryOp | None = None
+
+        assert self.project is not None
 
-    def optimize(self, stmt: Assignment, stmt_idx: int | None = None, block=None, **kwargs):
         if (
-            isinstance(stmt.dst, VirtualVariable)
+            isinstance(stmt, Assignment)
+            and isinstance(stmt.dst, VirtualVariable)
             and stmt.dst.was_stack
             and isinstance(stmt.src, Const)
             and isinstance(stmt.src.value, int)
         ):
-            r, s = self.is_integer_likely_a_string(stmt.src.value, stmt.src.size, self.project.arch.memory_endness)
+            inlined_strcpy_candidate = True
+            src = stmt.src
+            strcpy_dst = StackBaseOffset(None, self.project.arch.bits, stmt.dst.stack_offset)
+        elif (
+            isinstance(stmt, Store)
+            and isinstance(stmt.addr, UnaryOp)
+            and stmt.addr.op == "Reference"
+            and isinstance(stmt.addr.operand, VirtualVariable)
+            and stmt.addr.operand.was_stack
+            and isinstance(stmt.data, Const)
+            and isinstance(stmt.data.value, int)
+        ):
+            inlined_strcpy_candidate = True
+            src = stmt.data
+            strcpy_dst = stmt.addr
+
+        if inlined_strcpy_candidate:
+            assert src is not None and strcpy_dst is not None
+            assert isinstance(src.value, int)
+            assert self.kb is not None
+
+            r, s = self.is_integer_likely_a_string(src.value, src.size, self.project.arch.memory_endness)
             if r:
+                assert s is not None
+
                 # replace it with a call to strncpy
                 str_id = self.kb.custom_strings.allocate(s.encode("ascii"))
                 return Call(
                     stmt.idx,
                     "strncpy",
                     args=[
-                        StackBaseOffset(None, self.project.arch.bits, stmt.dst.stack_offset),
+                        strcpy_dst,
                         Const(None, None, str_id, self.project.arch.bits, custom_string=True),
                         Const(None, None, len(s), self.project.arch.bits),
                     ],
@@ -68,9 +98,21 @@ class InlinedStrcpy(PeepholeOptimizationStmtBase):
                             next_offset = None
                             stride = []
 
+                    if not stride:
+                        return None
+                    min_stride_stmt_idx = min(stmt_idx_ for _, stmt_idx_, _ in stride)
+                    if min_stride_stmt_idx > stmt_idx:
+                        # the current statement is not involved in the stride. we can't simplify here, otherwise we
+                        # will incorrectly remove the current statement
+                        return None
+
                     integer, size = self.stride_to_int(stride)
-                    r, s = self.is_integer_likely_a_string(integer, size, Endness.BE)
+                    prev_stmt = None if stmt_idx == 0 else block.statements[stmt_idx - 1]
+                    min_str_length = 1 if prev_stmt is not None and self.is_inlined_strcpy(prev_stmt) else 4
+                    r, s = self.is_integer_likely_a_string(integer, size, Endness.BE, min_length=min_str_length)
                     if r:
+                        assert s is not None
+
                         # we remove all involved statements whose statement IDs are greater than the current one
                         for _, stmt_idx_, _ in reversed(stride):
                             if stmt_idx_ <= stmt_idx:
@@ -83,7 +125,7 @@ class InlinedStrcpy(PeepholeOptimizationStmtBase):
                             stmt.idx,
                             "strncpy",
                             args=[
-                                StackBaseOffset(None, self.project.arch.bits, stmt.dst.stack_offset),
+                                strcpy_dst,
                                 Const(None, None, str_id, self.project.arch.bits, custom_string=True),
                                 Const(None, None, len(s), self.project.arch.bits),
                             ],
@@ -101,10 +143,13 @@ class InlinedStrcpy(PeepholeOptimizationStmtBase):
         for _, _, v in stride:
             size += v.size
             n <<= v.bits
+            assert isinstance(v.value, int)
             n |= v.value
         return n, size
 
     def collect_constant_stores(self, block, starting_stmt_idx: int) -> dict[int, tuple[int, Const | None]]:
+        assert self.project is not None
+
         r = {}
         for idx, stmt in enumerate(block.statements):
             if idx < starting_stmt_idx:
@@ -158,3 +203,15 @@ class InlinedStrcpy(PeepholeOptimizationStmtBase):
                 return False, None
             return True, "".join(chars)
         return False, None
+
+    @staticmethod
+    def is_inlined_strcpy(stmt: Statement) -> bool:
+        return (
+            isinstance(stmt, Call)
+            and isinstance(stmt.target, str)
+            and stmt.target == "strncpy"
+            and stmt.args is not None
+            and len(stmt.args) == 3
+            and isinstance(stmt.args[1], Const)
+            and hasattr(stmt.args[1], "custom_string")
+        )

angr/analyses/decompiler/peephole_optimizations/inlined_strcpy_consolidation.py

@@ -1,7 +1,7 @@
 # pylint:disable=arguments-differ
 from __future__ import annotations
 
-from angr.ailment.expression import Expression, BinaryOp, Const, Register, StackBaseOffset
+from angr.ailment.expression import Expression, BinaryOp, Const, Register, StackBaseOffset, UnaryOp, VirtualVariable
 from angr.ailment.statement import Call, Store
 
 from angr import SIM_LIBRARIES
@@ -21,12 +21,12 @@ class InlinedStrcpyConsolidation(PeepholeOptimizationMultiStmtBase):
 
     def optimize(self, stmts: list[Call], **kwargs):
         last_stmt, stmt = stmts
-        if InlinedStrcpyConsolidation._is_inlined_strcpy(last_stmt):
+        if InlinedStrcpy.is_inlined_strcpy(last_stmt):
             s_last: bytes = self.kb.custom_strings[last_stmt.args[1].value]
             addr_last = last_stmt.args[0]
             new_str = None  # will be set if consolidation should happen
 
-            if isinstance(stmt, Call) and InlinedStrcpyConsolidation._is_inlined_strcpy(stmt):
+            if isinstance(stmt, Call) and InlinedStrcpy.is_inlined_strcpy(stmt):
                 # consolidating two calls
                 s_curr: bytes = self.kb.custom_strings[stmt.args[1].value]
                 addr_curr = stmt.args[0]
@@ -74,22 +74,19 @@ class InlinedStrcpyConsolidation(PeepholeOptimizationMultiStmtBase):
 
         return None
 
-    @staticmethod
-    def _is_inlined_strcpy(stmt: Call):
-        return (
-            isinstance(stmt.target, str)
-            and stmt.target == "strncpy"
-            and len(stmt.args) == 3
-            and isinstance(stmt.args[1], Const)
-            and hasattr(stmt.args[1], "custom_string")
-        )
-
     @staticmethod
     def _parse_addr(addr: Expression) -> tuple[Expression, int]:
         if isinstance(addr, Register):
             return addr, 0
         if isinstance(addr, StackBaseOffset):
             return StackBaseOffset(None, addr.bits, 0), addr.offset
+        if (
+            isinstance(addr, UnaryOp)
+            and addr.op == "Reference"
+            and isinstance(addr.operand, VirtualVariable)
+            and addr.operand.was_stack
+        ):
+            return StackBaseOffset(None, addr.bits, 0), addr.operand.stack_offset
         if isinstance(addr, BinaryOp):
             if addr.op == "Add" and isinstance(addr.operands[1], Const):
                 base_0, offset_0 = InlinedStrcpyConsolidation._parse_addr(addr.operands[0])

angr/analyses/deobfuscator/string_obf_finder.py

@@ -27,6 +27,42 @@ STEP_LIMIT_FIND = 500
 STEP_LIMIT_ANALYSIS = 5000
 
 
+ALL_X64_XMM_REGS = {
+    capstone.x86.X86_REG_XMM0,
+    capstone.x86.X86_REG_XMM1,
+    capstone.x86.X86_REG_XMM2,
+    capstone.x86.X86_REG_XMM3,
+    capstone.x86.X86_REG_XMM4,
+    capstone.x86.X86_REG_XMM5,
+    capstone.x86.X86_REG_XMM6,
+    capstone.x86.X86_REG_XMM7,
+    capstone.x86.X86_REG_XMM8,
+    capstone.x86.X86_REG_XMM9,
+    capstone.x86.X86_REG_XMM10,
+    capstone.x86.X86_REG_XMM11,
+    capstone.x86.X86_REG_XMM12,
+    capstone.x86.X86_REG_XMM13,
+    capstone.x86.X86_REG_XMM14,
+    capstone.x86.X86_REG_XMM15,
+    capstone.x86.X86_REG_XMM16,
+    capstone.x86.X86_REG_XMM17,
+    capstone.x86.X86_REG_XMM18,
+    capstone.x86.X86_REG_XMM19,
+    capstone.x86.X86_REG_XMM20,
+    capstone.x86.X86_REG_XMM21,
+    capstone.x86.X86_REG_XMM22,
+    capstone.x86.X86_REG_XMM23,
+    capstone.x86.X86_REG_XMM24,
+    capstone.x86.X86_REG_XMM25,
+    capstone.x86.X86_REG_XMM26,
+    capstone.x86.X86_REG_XMM27,
+    capstone.x86.X86_REG_XMM28,
+    capstone.x86.X86_REG_XMM29,
+    capstone.x86.X86_REG_XMM30,
+    capstone.x86.X86_REG_XMM31,
+}
+
+
 class StringDeobFuncDescriptor:
     """
     Describes a string deobfuscation function.
@@ -478,10 +514,12 @@ class StringObfuscationFinder(Analysis):
                     actual_addrs = action.actual_addrs
                 if action.type == "mem":
                     if action.action == "read":
+                        assert action.size is not None
                         for a in actual_addrs:
                             for size in range(action.size.ast // 8):
                                 all_global_reads.append(a + size)
                     elif action.action == "write":
+                        assert action.size is not None
                         for a in actual_addrs:
                             for size in range(action.size.ast // 8):
                                 all_global_writes.append(a + size)
@@ -598,16 +636,16 @@ class StringObfuscationFinder(Analysis):
         type3_functions = []
 
         for func in function_candidates:
-            if not 8 <= len(func.block_addrs_set) < 14:
+            if not 1 <= len(func.block_addrs_set) < 14:
                 continue
 
             # if it has a prototype recovered, it must have four arguments
-            if func.prototype is not None and len(func.prototype.args) != 4:
+            if func.prototype is not None and len(func.prototype.args) not in {3, 4}:
                 continue
 
             # the function must call some other functions
-            if callgraph_digraph.out_degree[func.addr] == 0:
-                continue
+            # if callgraph_digraph.out_degree[func.addr] == 0:
+            #     continue
 
             # take a look at its call sites
             func_node = cfg.get_any_node(func.addr)
@@ -635,30 +673,34 @@ class StringObfuscationFinder(Analysis):
                 continue
             if dec.codegen is None or not dec.codegen.text:
                 continue
+
             if not self._like_type3_deobfuscation_function(dec.codegen.text):
                 continue
 
             # examine the first 100 call sites and see if any of them returns a valid string
             valid = False
+            guessed_size = False
             for i in range(min(100, len(call_sites))):
                 call_site_block = self.project.factory.block(call_sites[i].addr)
                 if not self._is_block_setting_constants_to_stack(call_site_block):
                     continue
 
                 # simulate an execution to see if it really works
-                data = self._type3_prepare_and_execute(
-                    func.addr, call_sites[i].addr, call_sites[i].function_address, cfg
+                data, guessed_size = self._type3_prepare_and_execute(
+                    func.addr, call_sites[i].addr, call_sites[i].function_address, cfg  # type:ignore
                 )
                 if data is None:
                     continue
-                if len(data) > 3 and all(chr(x) in string.printable for x in data):
-                    valid = True
-                    break
+                if len(data) > 3:
+                    consecutive_printable_strs = self._consecutive_printable_substrings(data, min_length=4)
+                    if consecutive_printable_strs:
+                        valid = True
+                        break
 
             if valid:
                 desc = StringDeobFuncDescriptor()
                 desc.string_output_arg_idx = 0
-                desc.string_length_arg_idx = 1
+                desc.string_length_arg_idx = 1 if not guessed_size else None
                 desc.string_null_terminating = False
                 type3_functions.append((func.addr, desc))
 
@@ -687,11 +729,15 @@ class StringObfuscationFinder(Analysis):
         if cfg is None:
             raise AngrAnalysisError("StringObfuscationFinder needs a CFG for the analysis")
 
-        call_sites = cfg.get_predecessors(cfg.get_any_node(func_addr))
+        cfg_node = cfg.get_any_node(func_addr)
+        if cfg_node is None:
+            raise AngrAnalysisError(f"Cannot find the CFG node for function {func_addr:#x}")
+        call_sites = cfg.get_predecessors(cfg_node)
         callinsn2content = {}
         for idx, call_site in enumerate(call_sites):
             _l.debug("Analyzing type 3 candidate call site %#x (%d/%d)...", call_site.addr, idx + 1, len(call_sites))
-            data = self._type3_prepare_and_execute(func_addr, call_site.addr, call_site.function_address, cfg)
+            assert call_site.function_address is not None
+            data, _ = self._type3_prepare_and_execute(func_addr, call_site.addr, call_site.function_address, cfg)
             if data:
                 callinsn2content[call_site.instruction_addrs[-1]] = data
             # print(hex(call_site.addr), data)
@@ -722,12 +768,14 @@ class StringObfuscationFinder(Analysis):
 
     @staticmethod
     def _like_type3_deobfuscation_function(code: str) -> bool:
-        return bool(
-            ("^" in code or ">>" in code or "<<" in code or "~" in code)
-            and ("do" in code or "while" in code or "for" in code)
-        )
-
-    def _type3_prepare_and_execute(self, func_addr: int, call_site_addr: int, call_site_func_addr: int, cfg):
+        has_bitwise_ops = "^" in code or ">>" in code or "<<" in code or "~" in code
+        has_loops = "do" in code or "while" in code or "for" in code
+        has_many_bitwise_ops = code.count("^") + code.count(">>") + code.count("<<") + code.count("~") > 5
+        return has_bitwise_ops and (has_loops or has_many_bitwise_ops)
+
+    def _type3_prepare_and_execute(
+        self, func_addr: int, call_site_addr: int, call_site_func_addr: int, cfg
+    ) -> tuple[bytes | None, bool]:
         blocks_at_callsite = [call_site_addr]
 
         # backtrack from call site to include all previous consecutive blocks
@@ -773,6 +821,7 @@ class StringObfuscationFinder(Analysis):
         # setup sp and bp, just in case
         state.regs._sp = 0x7FFF0000
         bp_set = False
+        assert prop.model.input_states is not None
         prop_state = prop.model.input_states.get(call_site_addr, None)
         if prop_state is not None:
             for reg_offset, reg_width in reg_reads:
@@ -798,7 +847,7 @@ class StringObfuscationFinder(Analysis):
             else:
                 simgr.step()
             if not simgr.active:
-                return None
+                return None, False
 
         in_state = simgr.active[0]
 
@@ -821,33 +870,63 @@ class StringObfuscationFinder(Analysis):
         try:
             ret_value = callable_0()
         except (AngrCallableMultistateError, AngrCallableError):
-            return None
+            return None, False
 
         out_state = callable_0.result_state
 
         # figure out what was written
+        assert out_state is not None
         ptr = out_state.memory.load(ret_value, size=self.project.arch.bytes, endness=self.project.arch.memory_endness)
+        if out_state.memory.load(ptr, size=4).concrete_value == 0:
+            # fall back to using the return value as the pointer
+            ptr = ret_value
+        if out_state.memory.load(ptr, size=4).concrete_value == 0:
+            # can't find a valid pointer
+            return None, False
+
         size = out_state.memory.load(ret_value + 8, size=4, endness=self.project.arch.memory_endness)
+        guessed_size = False
+        if size.symbolic or size.concrete_value == 0 or size.concrete_value >= 1024:
+            size = 64
+            guessed_size = True
         # TODO: Support lists with varied-length elements
         data = out_state.memory.load(ptr, size=size, endness="Iend_BE")
         if data.symbolic:
-            return None
+            return None, False
 
-        return out_state.solver.eval(data, cast_to=bytes)
+        return out_state.solver.eval(data, cast_to=bytes), guessed_size
 
     @staticmethod
     def _is_block_setting_constants_to_stack(block, threshold: int = 5) -> bool:
-        insn_setting_consts = 0
+        insn_setting_const_bytes = 0
+        xmm_has_const = False
         for insn in block.capstone.insns:
-            if (
-                insn.mnemonic.startswith("mov")
-                and len(insn.operands) == 2
-                and insn.operands[0].type == capstone.x86.X86_OP_MEM
-                and insn.operands[0].mem.base in {capstone.x86.X86_REG_RSP, capstone.x86.X86_REG_RBP}
-                and insn.operands[1].type == capstone.x86.X86_OP_IMM
-            ):
-                insn_setting_consts += 1
-        return insn_setting_consts >= threshold
+            if insn.mnemonic.startswith("mov") and len(insn.operands) == 2:
+                if (
+                    insn.operands[0].type == capstone.x86.X86_OP_MEM
+                    and insn.operands[0].mem.base in {capstone.x86.X86_REG_RSP, capstone.x86.X86_REG_RBP}
+                    and insn.operands[1].type == capstone.x86.X86_OP_IMM
+                ):
+                    # mov [rsp|rbp + offset], imm
+                    insn_setting_const_bytes += 1  # FIXME: How to get the size of the mov in capstone?
+                if (
+                    insn.operands[0].type == capstone.x86.X86_OP_REG
+                    and insn.operands[0].reg in ALL_X64_XMM_REGS
+                    and insn.operands[1].type == capstone.x86.X86_OP_MEM
+                    and insn.operands[1].mem.base == capstone.x86.X86_REG_RIP
+                ):
+                    xmm_has_const = True
+                if (
+                    xmm_has_const
+                    and insn.operands[0].type == capstone.x86.X86_OP_MEM
+                    and insn.operands[0].mem.base in {capstone.x86.X86_REG_RSP, capstone.x86.X86_REG_RBP}
+                    and insn.operands[1].type == capstone.x86.X86_OP_REG
+                    and insn.operands[1].reg in ALL_X64_XMM_REGS
+                ):
+                    # mov [rsp|rbp + offset], xmm0 - 31
+                    insn_setting_const_bytes += 16
+
+        return insn_setting_const_bytes >= threshold
 
     @staticmethod
     def _is_string_reasonable(s: bytes) -> bool:
@@ -857,5 +936,24 @@ class StringObfuscationFinder(Analysis):
         s = s.replace(b"\x00", b"")
         return all(chr(ch) in string.printable for ch in s)
 
+    @staticmethod
+    def _consecutive_printable_substrings(s: bytes, min_length: int = 3) -> list[bytes]:
+        """
+        Find all consecutive printable substrings in a string.
+        """
+        substrings = []
+        current_substring = b""
+        for ch in s:
+            if chr(ch) in string.printable:
+                current_substring += bytes([ch])
+            else:
+                if current_substring:
+                    if len(current_substring) >= min_length:
+                        substrings.append(current_substring)
+                    current_substring = b""
+        if current_substring:
+            substrings.append(current_substring)
+        return substrings
+
 
 AnalysesHub.register_default("StringObfuscationFinder", StringObfuscationFinder)

angr/engines/icicle.py

@@ -123,7 +123,7 @@ class IcicleEngine(ConcreteEngine):
         if proj is None:
             raise ValueError("IcicleEngine requires a project to be set")
 
-        emu = Icicle(icicle_arch, PROCESSORS_DIR, True)
+        emu = Icicle(icicle_arch, PROCESSORS_DIR, True, True)
 
         copied_registers = set()
 
@@ -174,6 +174,11 @@ class IcicleEngine(ConcreteEngine):
             initial_cpu_icount=emu.cpu_icount,
         )
 
+        # 3. Copy edge hitmap
+        edge_hitmap = state.history.last_edge_hitmap
+        if edge_hitmap is not None:
+            emu.edge_hitmap = edge_hitmap
+
         return (emu, translation_data)
 
     @staticmethod
@@ -221,9 +226,12 @@ class IcicleEngine(ConcreteEngine):
         # Skip the last block, because it will be added by Successors
         state.history.recent_bbl_addrs.extend([b[0] for b in emu.recent_blocks][:-1])
 
-        # 4. Set history.recent_instruction_count
+        # 3.3. Set history.recent_instruction_count
         state.history.recent_instruction_count = emu.cpu_icount - translation_data.initial_cpu_icount
 
+        # 3.4. Set edge hitmap
+        state.history.edge_hitmap = emu.edge_hitmap
+
         return state
 
     @override

angr/state_plugins/history.py

@@ -59,6 +59,9 @@ class SimStateHistory(SimStatePlugin):
         self.recent_syscall_count = 0 if clone is None else clone.recent_syscall_count
         self.recent_instruction_count = -1 if clone is None else clone.recent_instruction_count
 
+        # afl-style hitmap
+        self.edge_hitmap: bytes | None = None if clone is None else clone.edge_hitmap
+
         # satness stuff
         self._all_constraints = ()
         self._satisfiable = None
@@ -402,6 +405,19 @@ class SimStateHistory(SimStatePlugin):
     def stack_actions(self):
         return LambdaIterIter(self, operator.attrgetter("recent_stack_actions"))
 
+    @property
+    def last_edge_hitmap(self) -> bytes | None:
+        """
+        Returns the last edge hitmap in the history chain, or None if there is no edge hitmap.
+        """
+        history = self
+        while history is not None:
+            if history.edge_hitmap is not None:
+                return history.edge_hitmap
+            # Traverse to the previous state in the history chain
+            history = history.parent
+        return None
+
     #
     # Merging support
     #

{angr-9.2.164.dist-info → angr-9.2.165.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: angr
-Version: 9.2.164
+Version: 9.2.165
 Summary: A multi-architecture binary analysis toolkit, with the ability to perform dynamic symbolic execution and various static analyses on binaries
 License: BSD-2-Clause
 Project-URL: Homepage, https://angr.io/
@@ -16,12 +16,12 @@ Description-Content-Type: text/markdown
 License-File: LICENSE
 Requires-Dist: cxxheaderparser
 Requires-Dist: GitPython
-Requires-Dist: archinfo==9.2.164
+Requires-Dist: archinfo==9.2.165
 Requires-Dist: cachetools
 Requires-Dist: capstone==5.0.3
 Requires-Dist: cffi>=1.14.0
-Requires-Dist: claripy==9.2.164
-Requires-Dist: cle==9.2.164
+Requires-Dist: claripy==9.2.165
+Requires-Dist: cle==9.2.165
 Requires-Dist: mulpyplexer
 Requires-Dist: networkx!=2.8.1,>=2.0
 Requires-Dist: protobuf>=5.28.2
@@ -30,7 +30,7 @@ Requires-Dist: pycparser>=2.18
 Requires-Dist: pydemumble
 Requires-Dist: pyformlang
 Requires-Dist: pypcode<4.0,>=3.2.1
-Requires-Dist: pyvex==9.2.164
+Requires-Dist: pyvex==9.2.165
 Requires-Dist: rich>=13.1.0
 Requires-Dist: sortedcontainers
 Requires-Dist: sympy

{angr-9.2.164.dist-info → angr-9.2.165.dist-info}/RECORD

@@ -1,4 +1,4 @@
-angr/__init__.py,sha256=CH6F91EXwthOZbyupfpEWLQ6AuJ8SZ290aETtucu03k,9246
+angr/__init__.py,sha256=Jzf5SkZpGKPPRzfua6STXqvMfUyT2S0lcUDuVZKeRGk,9246
 angr/__main__.py,sha256=AK9V6uPZ58UuTKmmiH_Kgn5pG9AvjnmJCPOku69A-WU,4993
 angr/annocfg.py,sha256=0NIvcuCskwz45hbBzigUTAuCrYutjDMwEXtMJf0y0S0,10742
 angr/blade.py,sha256=OGGW-oggqI9_LvgZhiQuh9Ktkvf3vhRBmH0XviNyZ6o,15801
@@ -15,7 +15,7 @@ angr/keyed_region.py,sha256=Cx6dadqFgEvRmEHTbCJpg9mXkBtKGc_BKckHc6bk1IU,17992
 angr/knowledge_base.py,sha256=hRoSLuLaOXmddTSF9FN5TVs7liftpBGq_IICz5AaYBk,4533
 angr/project.py,sha256=AJmBgv3U8iv-hGEfnpmESVVjK16NiBAemmahLuqz7yk,38096
 angr/py.typed,sha256=la67KBlbjXN-_-DfGNcdOcjYumVpKG_Tkw-8n5dnGB4,8
-angr/rustylib.pyd,sha256=Q0rywAE67yvPoRHTaylffp24v-IsXCcmNGM5MWcCd6U,4441088
+angr/rustylib.pyd,sha256=IRycDjBKxFY8O2UK9VnuWqDhf16cNEPcgwyvGWQxGWM,4456960
 angr/serializable.py,sha256=l908phj_KcqopEEL_oCufbP_H6cm3Wc9v-5xdux1-6g,1533
 angr/sim_manager.py,sha256=w7yTfWR-P9yoN5x85eeiNpj9dTrnjpJ3o5aoFpDAPnc,39396
 angr/sim_options.py,sha256=tfl57MFECmA7uvMMtQrRRbpG8g_A9jKOzwY6nApTW6Y,17782
@@ -27,7 +27,7 @@ angr/sim_variable.py,sha256=3DssmMw5G7m_-MYToJ3LBP-ooy2UQEuI2YgxIuX3d4Y,13177
 angr/slicer.py,sha256=DND0BERanYKafasRH9MDFAng0rSjdjmzXj2-phCD6CQ,10634
 angr/state_hierarchy.py,sha256=qDQCUGXmQm3vOxE3CSoiqTH4OAFFOWZZt9BLhNpeOhA,8484
 angr/tablespecs.py,sha256=Kx1e87FxTx3_ZN7cAHWZSRpdInT4Vfj5gExAWtLkLTw,3259
-angr/unicornlib.dll,sha256=2mVrMM8WfkFzi0IyfxPXZLjNBOFqUN3Q3OUTBiQ2Z4g,813568
+angr/unicornlib.dll,sha256=x615-V8z6ATaO7xNGK-H1OYtFJxBJnueHMd0UfA3PNQ,813568
 angr/vaults.py,sha256=D_gkDegCyPlZMKGC5E8zINYAaZfSXNWbmhX0rXCYpvM,9718
 angr/ailment/__init__.py,sha256=X1LTS6MuTovGtbXBjZendUVOzRk-ib-bP0imuqJDOYI,2039
 angr/ailment/block.py,sha256=rkmimsNPhrUabVVbRd2IgCaW0hA2_isvAsKlYtHZhgY,2428
@@ -42,7 +42,7 @@ angr/ailment/statement.py,sha256=3JEhg-JDRrNjaeHFgO-liEIrZRW6v5sIsOqcGHiuM3A,304
 angr/ailment/tagged_object.py,sha256=48xIMC5WKebEpA12Zq6dQz3evvKxT3ULEu2cPdw9w-Y,1566
 angr/ailment/utils.py,sha256=YprhO7yJcd5jUKDbCXFMmPdCd8BIOhqXti-zb3mtxRQ,2830
 angr/analyses/__init__.py,sha256=KFu0Otm7bqAcjX8dsnQzphJmkUVxMLssjFIJJOci32U,3479
-angr/analyses/analysis.py,sha256=9FRa8ojMPhfzfLm7qsuBrrJeMKq2gTXF6pGfdA8o4yQ,14890
+angr/analyses/analysis.py,sha256=2ABUppMZr97ZEAmxOQuXo-eyw5aF0ZASAii8SuuncNo,15685
 angr/analyses/backward_slice.py,sha256=fdE1GbppXjGufLzfOQkeuIzGX0yx9ISHJlOGqS6m1lg,27218
 angr/analyses/binary_optimizer.py,sha256=xFDv8c1s5nQUKY_EWYRCuVroSXFkMiSLl5LngPiysDA,26145
 angr/analyses/bindiff.py,sha256=ysphJ9cg7yxnW7HxOSLYEohrTdq9ZK-8cVvKQ0U9u9M,64020
@@ -88,7 +88,7 @@ angr/analyses/cfg/cfg.py,sha256=dc9M91CaLeEKduYfMwpsT_01x6XyYuoNvgvcDKtbN-I,3177
 angr/analyses/cfg/cfg_arch_options.py,sha256=_XRewFZ51SeNaxChadb6_ER7-8LW8KXeTIpoP8_iRj0,3506
 angr/analyses/cfg/cfg_base.py,sha256=eleUmM_znfsl6KV7T2tUmSEy2iLmPsrT3dNB2BYudd4,124964
 angr/analyses/cfg/cfg_emulated.py,sha256=4lKrmGVfCGt8l3Nz9zH6EcUcAVLwyOM7p81DlxUVNGA,148351
-angr/analyses/cfg/cfg_fast.py,sha256=J1nhaV9yC6SjQ_TWOJ7e0wfiCPa11pfxjTlns9IErlg,232462
+angr/analyses/cfg/cfg_fast.py,sha256=e0rl_AIM1ne-GZK7yuDPNkceyNSZIYY77sg0-jvjsyo,232943
 angr/analyses/cfg/cfg_fast_soot.py,sha256=8YgMtY_8w4nAMcHR6n-q_eFvKwsvNz0anUH7EzIL1B4,25924
 angr/analyses/cfg/cfg_job_base.py,sha256=Zshze972MakTsd-licQz77lac17igQaaTsAteHeHhYQ,5974
 angr/analyses/cfg/indirect_jump_resolvers/__init__.py,sha256=qWiTSIAQgXWmaYa9YYaiKsSTwUVClymaXv9sCX-bY-k,835
@@ -123,7 +123,7 @@ angr/analyses/decompiler/block_similarity.py,sha256=S1lTlXFyOmJlQa7I3y7xgLsENLS4
 angr/analyses/decompiler/block_simplifier.py,sha256=XcX9wsBM4AL_WWqmFrtSUDeSv0a125cC1-Q1NhmTrNE,14777
 angr/analyses/decompiler/callsite_maker.py,sha256=O7vjwNTmCLijzjKgSCaoX3IX4_sC-u-OqoKhE7lahlc,23427
 angr/analyses/decompiler/clinic.py,sha256=1TnX_kIvZ4kFoK818Tyq98ONATP82T9n7fB4akx9yHg,150921
-angr/analyses/decompiler/condition_processor.py,sha256=g8sknCiCoBx3rXsHy2nx0VKDymSoSyLpq5zMpvFUhWg,54441
+angr/analyses/decompiler/condition_processor.py,sha256=ECv0HHJt48tOGjzKUQezZ1lUS3_Qqu2a8E-6W5SMerI,54425
 angr/analyses/decompiler/decompilation_cache.py,sha256=gAZtyXs-eoFj3680bTrJVAZcIoaPsFK0kayu30NYLb4,1509
 angr/analyses/decompiler/decompilation_options.py,sha256=NDB67DI1L-stvJ4b1eQkfV26HgDJ_rG9-6PEv08G9-8,8195
 angr/analyses/decompiler/decompiler.py,sha256=3TsG9Tz4OQInSXcHhoASqxY7VhRsaK8xw-ZV9-Y-zhc,30533
@@ -197,7 +197,7 @@ angr/analyses/decompiler/optimization_passes/duplication_reverter/duplication_re
 angr/analyses/decompiler/optimization_passes/duplication_reverter/errors.py,sha256=dJq1F3jbGBFWi0zIUmDu8bwUAKPt-JyAh5iegY9rYuU,527
 angr/analyses/decompiler/optimization_passes/duplication_reverter/similarity.py,sha256=H9FGTyxHm-KbqgxuTe2qjMotboRbUyOTeiPVcD_8DSk,4411
 angr/analyses/decompiler/optimization_passes/duplication_reverter/utils.py,sha256=_WiRuxiMaxRAYtU5LiHGQ383PiI0sCt-KgG2QFG0KX4,5176
-angr/analyses/decompiler/peephole_optimizations/__init__.py,sha256=pqd1vDt1GO_6n1wbRtis0iq0nTkMh3bwwA17MaiUuIs,4869
+angr/analyses/decompiler/peephole_optimizations/__init__.py,sha256=TSpLThx8U5YK05r779be8SozeTya0zbziPOZDKCGa6M,4930
 angr/analyses/decompiler/peephole_optimizations/a_div_const_add_a_mul_n_div_const.py,sha256=HY6EQkThiyMaahz3bodJUqLBKWY2n4aKGbKyspMXN50,1641
 angr/analyses/decompiler/peephole_optimizations/a_mul_const_div_shr_const.py,sha256=-V60wMaBKz1Ld1NcaQ8Dl0T4Xo9Qq6nfAQpXJ-MNsDI,1379
 angr/analyses/decompiler/peephole_optimizations/a_mul_const_sub_a.py,sha256=5Gsq3DSQEWt3tZSkrxnbAEePkKC_dmpoQHZ2PVNlSfs,1158
@@ -221,8 +221,9 @@ angr/analyses/decompiler/peephole_optimizations/conv_a_sub0_shr_and.py,sha256=4f
 angr/analyses/decompiler/peephole_optimizations/conv_shl_shr.py,sha256=STmu5FE0EHOkCdxFJt44DhMAjbAagnuics5VV6aNmnM,2110
 angr/analyses/decompiler/peephole_optimizations/eager_eval.py,sha256=t1Kn5ffzwio7AUO3EDtAbGvBFiR2gaRLIXBpOZ9LSIU,20612
 angr/analyses/decompiler/peephole_optimizations/extended_byte_and_mask.py,sha256=NU1D1xqyQi4SaCUrJ9bk51-hjcFNseQgqD0wgQkh558,2049
-angr/analyses/decompiler/peephole_optimizations/inlined_strcpy.py,sha256=HPXGn8PWsMGyi4EfgMIwho82H_RthwPKvlq2cdxFF2I,6462
-angr/analyses/decompiler/peephole_optimizations/inlined_strcpy_consolidation.py,sha256=1s7_nlpyJKuJGwCrZESlYw2dPL49VgKPQT8wVbmCeYs,4912
+angr/analyses/decompiler/peephole_optimizations/inlined_memcpy.py,sha256=5OAgdFMTRlTggLQSUbVcUdgUmkJN7_p4wYkqt1A4AYQ,2944
+angr/analyses/decompiler/peephole_optimizations/inlined_strcpy.py,sha256=q2IVsIFhfo0TGY3PfeOmCZqdpzUI2B3Tjv_p3_jpwl4,8668
+angr/analyses/decompiler/peephole_optimizations/inlined_strcpy_consolidation.py,sha256=d-O_rIm0OrwK88P0zYBZcOY0ewTdCp4bnkJZDdWUUVw,4883
 angr/analyses/decompiler/peephole_optimizations/inlined_wstrcpy.py,sha256=irbBK2HB75f27L2EnHPuwDHumz1GBYqVwB96zoe-SFM,6787
 angr/analyses/decompiler/peephole_optimizations/invert_negated_logical_conjuction_disjunction.py,sha256=hRx0tuK_s47AEgPfaWYbzh5lPfBhx_anGDTVoIxHYkg,1990
 angr/analyses/decompiler/peephole_optimizations/modulo_simplifier.py,sha256=M09Whprj6tOJdFI5n9a7b-82YZOgnm3QvIbISJ9Lvaw,3724
@@ -294,7 +295,7 @@ angr/analyses/deobfuscator/api_obf_finder.py,sha256=044ZCXK6D5BZjVyPfe0isAFDzDDD
 angr/analyses/deobfuscator/api_obf_peephole_optimizer.py,sha256=jtUxKYTdmGu0c_8zmP8V3JUYzTcac0j1CNctic3e7QA,2215
 angr/analyses/deobfuscator/api_obf_type2_finder.py,sha256=tPUfe_2jJV1uZB5cetgglf3T75E_UQZYVUFAfMACV9g,6389
 angr/analyses/deobfuscator/irsb_reg_collector.py,sha256=q91IYpepptTQWcF0MJLHVCuvUsUuzPcL2XbbcIDV4eo,1290
-angr/analyses/deobfuscator/string_obf_finder.py,sha256=bCd5Weos3Xn5nQUdoQfq2MioouTP-DdN0LUmxxmMK3s,36440
+angr/analyses/deobfuscator/string_obf_finder.py,sha256=cbwako92izix5V6tct95PpqK6nUE7YEUyNU8EAcyTes,40528
 angr/analyses/deobfuscator/string_obf_opt_passes.py,sha256=YzrsEKsUaUPshB8LqfwDso8aK7m0ySmR3i50T5ZiwNo,5360
 angr/analyses/deobfuscator/string_obf_peephole_optimizer.py,sha256=_VQv2E2yOAZDAi53smQL5KcSLNe5FMqNUYC8jNSYXGs,1957
 angr/analyses/fcp/__init__.py,sha256=E9dxFckDM9DijfU4RRg9SGL6xDKCz7yBBP-XSkS-S9U,115
@@ -434,7 +435,7 @@ angr/engines/concrete.py,sha256=kEt6Dyp8QAIaOP3oW5lRcDs_2UMP2vbiNzylGiqvf7g,2143
 angr/engines/engine.py,sha256=2kwOT-sbxKXAVX2PmsPTr8Ax36Vxq6hkRdDKaITBQNc,657
 angr/engines/failure.py,sha256=redqmkSuJoIc828hpmX3CTk4EqQ-PeEn7MK2uIqSAc0,1040
 angr/engines/hook.py,sha256=lAEYYAXQY_GDOpsz3JZ7IswxrBccZnZ6EaQwyNBb4W8,2590
-angr/engines/icicle.py,sha256=SzqHmA0bo4ThrfR1k5FNpYwmLg07LW8kUMu2ZaHQgkc,10079
+angr/engines/icicle.py,sha256=8mAL_YEumoP95C3p0r7yoGdi68Xq2sz9-qpGjAu5ffE,10333
 angr/engines/procedure.py,sha256=8kgFH56nkqSWm0p1apuGBaFngl-4BnAzE0bXhq9mc6Y,2561
 angr/engines/successors.py,sha256=oQCW7Knxb4zz7EP6Mi6RrRNrwuhbv5fnX8UL76nn0sY,29501
 angr/engines/syscall.py,sha256=7wYTriURsDTTi3PEBj4u3ZWDi7RHBV-gRrxTRxwMAVk,2166
@@ -1291,7 +1292,7 @@ angr/state_plugins/debug_variables.py,sha256=LR-lsjnn6FVrEr8RCVkhA_gyeeh1jiHC92u
 angr/state_plugins/filesystem.py,sha256=qkM2zCfcrSBjt-g3RO1VYbjHPNRSdvsNRQR_M47pqFU,15765
 angr/state_plugins/gdb.py,sha256=CrilA-FPDNm7Fk5fWx9wOn_gVb4SRJyFyNPcef7oOr0,5175
 angr/state_plugins/globals.py,sha256=pU8_VPSjLLsW2x7vr_f2uFRMEIobqDjXQJUp5YDbkNU,1593
-angr/state_plugins/history.py,sha256=TY266XyRZA8LkSXf5TX3yfGTRJnvVByySZcCsDTkG2A,19214
+angr/state_plugins/history.py,sha256=f_d3QxcN0TYe2tZxCz1ojBKmb2oNjIAuKWYNZFEfL8I,19782
 angr/state_plugins/inspect.py,sha256=9hXBRAL9C8rGqGdS9joydSsBsIrgu_pVLNmZeO_fqFs,11350
 angr/state_plugins/javavm_classloader.py,sha256=QOkvHSVnoiaEKX6HK520viBemFpxXBcaXeC_csLSmhY,5589
 angr/state_plugins/jni_references.py,sha256=ufNi66U9-O2c7bzOv1cAxykcEu3uj6PvbIOy_CV2Z2I,3451
@@ -1400,9 +1401,9 @@ angr/utils/vex.py,sha256=epcrCexi_NjKnPGM2gfpiRsUea_Scd-71UMuF32ZAQo,306
 angr/utils/ssa/__init__.py,sha256=xbuVllFoPane9lHACdRQP5OO99Mca-4sqpFrtoAvnxo,17464
 angr/utils/ssa/tmp_uses_collector.py,sha256=digAUQpYoFR1VYfwoXlF3T1pYdDi6Pdq_ck54SjMabQ,813
 angr/utils/ssa/vvar_uses_collector.py,sha256=HewqUQluNE9EsaiLeFo7LaBvws_DDBDYNt9RBExy464,1367
-angr-9.2.164.dist-info/licenses/LICENSE,sha256=PmWf0IlSz6Jjp9n7nyyBQA79Q5C2ma68LRykY1V3GF0,1456
-angr-9.2.164.dist-info/METADATA,sha256=abdzxTnPw1r7XfknxLeYnLHgglSPpltkv6xbkHw3pxg,4453
-angr-9.2.164.dist-info/WHEEL,sha256=OJ2zpOfp3Fst0GC5jHtFuY8tAf46LLgZ9O920dE4b3c,100
-angr-9.2.164.dist-info/entry_points.txt,sha256=Vjh1C8PMyr5dZFMnik5WkEP01Uwr2T73I3a6N32sgQU,44
-angr-9.2.164.dist-info/top_level.txt,sha256=dKw0KWTbwLXytFvv15oAAG4sUs3ey47tt6DorJG9-hw,5
-angr-9.2.164.dist-info/RECORD,,
+angr-9.2.165.dist-info/licenses/LICENSE,sha256=PmWf0IlSz6Jjp9n7nyyBQA79Q5C2ma68LRykY1V3GF0,1456
+angr-9.2.165.dist-info/METADATA,sha256=RgxSY1QhXwxPTOYdu6EUkhQuZyh3g5HvWk15uifPayU,4453
+angr-9.2.165.dist-info/WHEEL,sha256=OJ2zpOfp3Fst0GC5jHtFuY8tAf46LLgZ9O920dE4b3c,100
+angr-9.2.165.dist-info/entry_points.txt,sha256=Vjh1C8PMyr5dZFMnik5WkEP01Uwr2T73I3a6N32sgQU,44
+angr-9.2.165.dist-info/top_level.txt,sha256=dKw0KWTbwLXytFvv15oAAG4sUs3ey47tt6DorJG9-hw,5
+angr-9.2.165.dist-info/RECORD,,