angr 9.2.165__cp310-abi3-macosx_10_12_x86_64.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of angr might be problematic. Click here for more details.
- angr/__init__.py +366 -0
- angr/__main__.py +152 -0
- angr/ailment/__init__.py +81 -0
- angr/ailment/block.py +81 -0
- angr/ailment/block_walker.py +845 -0
- angr/ailment/constant.py +3 -0
- angr/ailment/converter_common.py +11 -0
- angr/ailment/converter_pcode.py +623 -0
- angr/ailment/converter_vex.py +798 -0
- angr/ailment/expression.py +1655 -0
- angr/ailment/manager.py +33 -0
- angr/ailment/statement.py +978 -0
- angr/ailment/tagged_object.py +61 -0
- angr/ailment/utils.py +114 -0
- angr/analyses/__init__.py +113 -0
- angr/analyses/analysis.py +429 -0
- angr/analyses/backward_slice.py +686 -0
- angr/analyses/binary_optimizer.py +670 -0
- angr/analyses/bindiff.py +1512 -0
- angr/analyses/boyscout.py +76 -0
- angr/analyses/callee_cleanup_finder.py +74 -0
- angr/analyses/calling_convention/__init__.py +6 -0
- angr/analyses/calling_convention/calling_convention.py +1096 -0
- angr/analyses/calling_convention/fact_collector.py +636 -0
- angr/analyses/calling_convention/utils.py +60 -0
- angr/analyses/cdg.py +189 -0
- angr/analyses/cfg/__init__.py +23 -0
- angr/analyses/cfg/cfb.py +428 -0
- angr/analyses/cfg/cfg.py +74 -0
- angr/analyses/cfg/cfg_arch_options.py +95 -0
- angr/analyses/cfg/cfg_base.py +2909 -0
- angr/analyses/cfg/cfg_emulated.py +3451 -0
- angr/analyses/cfg/cfg_fast.py +5316 -0
- angr/analyses/cfg/cfg_fast_soot.py +662 -0
- angr/analyses/cfg/cfg_job_base.py +203 -0
- angr/analyses/cfg/indirect_jump_resolvers/__init__.py +28 -0
- angr/analyses/cfg/indirect_jump_resolvers/amd64_elf_got.py +62 -0
- angr/analyses/cfg/indirect_jump_resolvers/amd64_pe_iat.py +51 -0
- angr/analyses/cfg/indirect_jump_resolvers/arm_elf_fast.py +159 -0
- angr/analyses/cfg/indirect_jump_resolvers/const_resolver.py +339 -0
- angr/analyses/cfg/indirect_jump_resolvers/constant_value_manager.py +107 -0
- angr/analyses/cfg/indirect_jump_resolvers/default_resolvers.py +76 -0
- angr/analyses/cfg/indirect_jump_resolvers/jumptable.py +2367 -0
- angr/analyses/cfg/indirect_jump_resolvers/memload_resolver.py +81 -0
- angr/analyses/cfg/indirect_jump_resolvers/mips_elf_fast.py +286 -0
- angr/analyses/cfg/indirect_jump_resolvers/mips_elf_got.py +148 -0
- angr/analyses/cfg/indirect_jump_resolvers/propagator_utils.py +46 -0
- angr/analyses/cfg/indirect_jump_resolvers/resolver.py +74 -0
- angr/analyses/cfg/indirect_jump_resolvers/syscall_resolver.py +92 -0
- angr/analyses/cfg/indirect_jump_resolvers/x86_elf_pic_plt.py +88 -0
- angr/analyses/cfg/indirect_jump_resolvers/x86_pe_iat.py +47 -0
- angr/analyses/cfg_slice_to_sink/__init__.py +11 -0
- angr/analyses/cfg_slice_to_sink/cfg_slice_to_sink.py +117 -0
- angr/analyses/cfg_slice_to_sink/graph.py +87 -0
- angr/analyses/cfg_slice_to_sink/transitions.py +27 -0
- angr/analyses/class_identifier.py +63 -0
- angr/analyses/code_tagging.py +123 -0
- angr/analyses/codecave.py +77 -0
- angr/analyses/complete_calling_conventions.py +461 -0
- angr/analyses/congruency_check.py +377 -0
- angr/analyses/data_dep/__init__.py +16 -0
- angr/analyses/data_dep/data_dependency_analysis.py +595 -0
- angr/analyses/data_dep/dep_nodes.py +171 -0
- angr/analyses/data_dep/sim_act_location.py +49 -0
- angr/analyses/datagraph_meta.py +105 -0
- angr/analyses/ddg.py +1670 -0
- angr/analyses/decompiler/__init__.py +41 -0
- angr/analyses/decompiler/ail_simplifier.py +2085 -0
- angr/analyses/decompiler/ailgraph_walker.py +49 -0
- angr/analyses/decompiler/block_io_finder.py +302 -0
- angr/analyses/decompiler/block_similarity.py +196 -0
- angr/analyses/decompiler/block_simplifier.py +376 -0
- angr/analyses/decompiler/callsite_maker.py +571 -0
- angr/analyses/decompiler/ccall_rewriters/__init__.py +9 -0
- angr/analyses/decompiler/ccall_rewriters/amd64_ccalls.py +580 -0
- angr/analyses/decompiler/ccall_rewriters/rewriter_base.py +20 -0
- angr/analyses/decompiler/ccall_rewriters/x86_ccalls.py +313 -0
- angr/analyses/decompiler/clinic.py +3308 -0
- angr/analyses/decompiler/condition_processor.py +1281 -0
- angr/analyses/decompiler/counters/__init__.py +16 -0
- angr/analyses/decompiler/counters/boolean_counter.py +27 -0
- angr/analyses/decompiler/counters/call_counter.py +57 -0
- angr/analyses/decompiler/counters/expression_counters.py +77 -0
- angr/analyses/decompiler/counters/seq_cf_structure_counter.py +63 -0
- angr/analyses/decompiler/decompilation_cache.py +46 -0
- angr/analyses/decompiler/decompilation_options.py +275 -0
- angr/analyses/decompiler/decompiler.py +710 -0
- angr/analyses/decompiler/dephication/__init__.py +6 -0
- angr/analyses/decompiler/dephication/dephication_base.py +100 -0
- angr/analyses/decompiler/dephication/graph_dephication.py +70 -0
- angr/analyses/decompiler/dephication/graph_rewriting.py +112 -0
- angr/analyses/decompiler/dephication/graph_vvar_mapping.py +363 -0
- angr/analyses/decompiler/dephication/rewriting_engine.py +527 -0
- angr/analyses/decompiler/dephication/seqnode_dephication.py +156 -0
- angr/analyses/decompiler/empty_node_remover.py +212 -0
- angr/analyses/decompiler/expression_narrower.py +287 -0
- angr/analyses/decompiler/goto_manager.py +112 -0
- angr/analyses/decompiler/graph_region.py +426 -0
- angr/analyses/decompiler/jump_target_collector.py +37 -0
- angr/analyses/decompiler/jumptable_entry_condition_rewriter.py +67 -0
- angr/analyses/decompiler/label_collector.py +32 -0
- angr/analyses/decompiler/optimization_passes/__init__.py +151 -0
- angr/analyses/decompiler/optimization_passes/base_ptr_save_simplifier.py +157 -0
- angr/analyses/decompiler/optimization_passes/call_stmt_rewriter.py +46 -0
- angr/analyses/decompiler/optimization_passes/code_motion.py +362 -0
- angr/analyses/decompiler/optimization_passes/condition_constprop.py +219 -0
- angr/analyses/decompiler/optimization_passes/const_derefs.py +266 -0
- angr/analyses/decompiler/optimization_passes/const_prop_reverter.py +365 -0
- angr/analyses/decompiler/optimization_passes/cross_jump_reverter.py +106 -0
- angr/analyses/decompiler/optimization_passes/deadblock_remover.py +82 -0
- angr/analyses/decompiler/optimization_passes/determine_load_sizes.py +64 -0
- angr/analyses/decompiler/optimization_passes/div_simplifier.py +425 -0
- angr/analyses/decompiler/optimization_passes/duplication_reverter/__init__.py +5 -0
- angr/analyses/decompiler/optimization_passes/duplication_reverter/ail_merge_graph.py +503 -0
- angr/analyses/decompiler/optimization_passes/duplication_reverter/duplication_reverter.py +1218 -0
- angr/analyses/decompiler/optimization_passes/duplication_reverter/errors.py +16 -0
- angr/analyses/decompiler/optimization_passes/duplication_reverter/similarity.py +126 -0
- angr/analyses/decompiler/optimization_passes/duplication_reverter/utils.py +167 -0
- angr/analyses/decompiler/optimization_passes/eager_std_string_concatenation.py +165 -0
- angr/analyses/decompiler/optimization_passes/engine_base.py +500 -0
- angr/analyses/decompiler/optimization_passes/expr_op_swapper.py +135 -0
- angr/analyses/decompiler/optimization_passes/flip_boolean_cmp.py +113 -0
- angr/analyses/decompiler/optimization_passes/inlined_string_transformation_simplifier.py +615 -0
- angr/analyses/decompiler/optimization_passes/ite_expr_converter.py +224 -0
- angr/analyses/decompiler/optimization_passes/ite_region_converter.py +335 -0
- angr/analyses/decompiler/optimization_passes/lowered_switch_simplifier.py +923 -0
- angr/analyses/decompiler/optimization_passes/mod_simplifier.py +99 -0
- angr/analyses/decompiler/optimization_passes/optimization_pass.py +703 -0
- angr/analyses/decompiler/optimization_passes/register_save_area_simplifier.py +221 -0
- angr/analyses/decompiler/optimization_passes/ret_addr_save_simplifier.py +171 -0
- angr/analyses/decompiler/optimization_passes/ret_deduplicator.py +222 -0
- angr/analyses/decompiler/optimization_passes/return_duplicator_base.py +640 -0
- angr/analyses/decompiler/optimization_passes/return_duplicator_high.py +61 -0
- angr/analyses/decompiler/optimization_passes/return_duplicator_low.py +237 -0
- angr/analyses/decompiler/optimization_passes/stack_canary_simplifier.py +333 -0
- angr/analyses/decompiler/optimization_passes/switch_default_case_duplicator.py +149 -0
- angr/analyses/decompiler/optimization_passes/switch_reused_entry_rewriter.py +102 -0
- angr/analyses/decompiler/optimization_passes/tag_slicer.py +41 -0
- angr/analyses/decompiler/optimization_passes/win_stack_canary_simplifier.py +421 -0
- angr/analyses/decompiler/optimization_passes/x86_gcc_getpc_simplifier.py +88 -0
- angr/analyses/decompiler/peephole_optimizations/__init__.py +129 -0
- angr/analyses/decompiler/peephole_optimizations/a_div_const_add_a_mul_n_div_const.py +42 -0
- angr/analyses/decompiler/peephole_optimizations/a_mul_const_div_shr_const.py +38 -0
- angr/analyses/decompiler/peephole_optimizations/a_mul_const_sub_a.py +34 -0
- angr/analyses/decompiler/peephole_optimizations/a_shl_const_sub_a.py +34 -0
- angr/analyses/decompiler/peephole_optimizations/a_sub_a_div.py +25 -0
- angr/analyses/decompiler/peephole_optimizations/a_sub_a_shr_const_shr_const.py +37 -0
- angr/analyses/decompiler/peephole_optimizations/a_sub_a_sub_n.py +23 -0
- angr/analyses/decompiler/peephole_optimizations/arm_cmpf.py +236 -0
- angr/analyses/decompiler/peephole_optimizations/base.py +157 -0
- angr/analyses/decompiler/peephole_optimizations/basepointeroffset_add_n.py +34 -0
- angr/analyses/decompiler/peephole_optimizations/basepointeroffset_and_mask.py +36 -0
- angr/analyses/decompiler/peephole_optimizations/bitwise_or_to_logical_or.py +34 -0
- angr/analyses/decompiler/peephole_optimizations/bool_expr_xor_1.py +27 -0
- angr/analyses/decompiler/peephole_optimizations/bswap.py +142 -0
- angr/analyses/decompiler/peephole_optimizations/cas_intrinsics.py +115 -0
- angr/analyses/decompiler/peephole_optimizations/cmpord_rewriter.py +71 -0
- angr/analyses/decompiler/peephole_optimizations/coalesce_adjacent_shrs.py +39 -0
- angr/analyses/decompiler/peephole_optimizations/coalesce_same_cascading_ifs.py +28 -0
- angr/analyses/decompiler/peephole_optimizations/constant_derefs.py +44 -0
- angr/analyses/decompiler/peephole_optimizations/conv_a_sub0_shr_and.py +69 -0
- angr/analyses/decompiler/peephole_optimizations/conv_shl_shr.py +52 -0
- angr/analyses/decompiler/peephole_optimizations/eager_eval.py +447 -0
- angr/analyses/decompiler/peephole_optimizations/extended_byte_and_mask.py +56 -0
- angr/analyses/decompiler/peephole_optimizations/inlined_memcpy.py +78 -0
- angr/analyses/decompiler/peephole_optimizations/inlined_strcpy.py +217 -0
- angr/analyses/decompiler/peephole_optimizations/inlined_strcpy_consolidation.py +106 -0
- angr/analyses/decompiler/peephole_optimizations/inlined_wstrcpy.py +170 -0
- angr/analyses/decompiler/peephole_optimizations/invert_negated_logical_conjuction_disjunction.py +50 -0
- angr/analyses/decompiler/peephole_optimizations/modulo_simplifier.py +89 -0
- angr/analyses/decompiler/peephole_optimizations/one_sub_bool.py +33 -0
- angr/analyses/decompiler/peephole_optimizations/optimized_div_simplifier.py +356 -0
- angr/analyses/decompiler/peephole_optimizations/remove_cascading_conversions.py +45 -0
- angr/analyses/decompiler/peephole_optimizations/remove_cxx_destructor_calls.py +32 -0
- angr/analyses/decompiler/peephole_optimizations/remove_empty_if_body.py +46 -0
- angr/analyses/decompiler/peephole_optimizations/remove_noop_conversions.py +47 -0
- angr/analyses/decompiler/peephole_optimizations/remove_redundant_bitmasks.py +125 -0
- angr/analyses/decompiler/peephole_optimizations/remove_redundant_conversions.py +273 -0
- angr/analyses/decompiler/peephole_optimizations/remove_redundant_ite_branch.py +30 -0
- angr/analyses/decompiler/peephole_optimizations/remove_redundant_ite_comparisons.py +54 -0
- angr/analyses/decompiler/peephole_optimizations/remove_redundant_nots.py +36 -0
- angr/analyses/decompiler/peephole_optimizations/remove_redundant_reinterprets.py +44 -0
- angr/analyses/decompiler/peephole_optimizations/remove_redundant_shifts.py +95 -0
- angr/analyses/decompiler/peephole_optimizations/remove_redundant_shifts_around_comparators.py +44 -0
- angr/analyses/decompiler/peephole_optimizations/rewrite_bit_extractions.py +85 -0
- angr/analyses/decompiler/peephole_optimizations/rewrite_conv_mul.py +40 -0
- angr/analyses/decompiler/peephole_optimizations/rewrite_cxx_operator_calls.py +90 -0
- angr/analyses/decompiler/peephole_optimizations/rewrite_mips_gp_loads.py +49 -0
- angr/analyses/decompiler/peephole_optimizations/rol_ror.py +130 -0
- angr/analyses/decompiler/peephole_optimizations/sar_to_signed_div.py +143 -0
- angr/analyses/decompiler/peephole_optimizations/shl_to_mul.py +25 -0
- angr/analyses/decompiler/peephole_optimizations/simplify_pc_relative_loads.py +51 -0
- angr/analyses/decompiler/peephole_optimizations/single_bit_cond_to_boolexpr.py +82 -0
- angr/analyses/decompiler/peephole_optimizations/single_bit_xor.py +29 -0
- angr/analyses/decompiler/peephole_optimizations/tidy_stack_addr.py +131 -0
- angr/analyses/decompiler/peephole_optimizations/utils.py +18 -0
- angr/analyses/decompiler/presets/__init__.py +20 -0
- angr/analyses/decompiler/presets/basic.py +32 -0
- angr/analyses/decompiler/presets/fast.py +58 -0
- angr/analyses/decompiler/presets/full.py +68 -0
- angr/analyses/decompiler/presets/preset.py +37 -0
- angr/analyses/decompiler/redundant_label_remover.py +134 -0
- angr/analyses/decompiler/region_identifier.py +1239 -0
- angr/analyses/decompiler/region_simplifiers/__init__.py +5 -0
- angr/analyses/decompiler/region_simplifiers/cascading_cond_transformer.py +95 -0
- angr/analyses/decompiler/region_simplifiers/cascading_ifs.py +82 -0
- angr/analyses/decompiler/region_simplifiers/expr_folding.py +818 -0
- angr/analyses/decompiler/region_simplifiers/goto.py +178 -0
- angr/analyses/decompiler/region_simplifiers/if_.py +135 -0
- angr/analyses/decompiler/region_simplifiers/ifelse.py +91 -0
- angr/analyses/decompiler/region_simplifiers/loop.py +143 -0
- angr/analyses/decompiler/region_simplifiers/node_address_finder.py +24 -0
- angr/analyses/decompiler/region_simplifiers/region_simplifier.py +246 -0
- angr/analyses/decompiler/region_simplifiers/switch_cluster_simplifier.py +654 -0
- angr/analyses/decompiler/region_simplifiers/switch_expr_simplifier.py +87 -0
- angr/analyses/decompiler/region_walker.py +24 -0
- angr/analyses/decompiler/return_maker.py +72 -0
- angr/analyses/decompiler/seq_to_blocks.py +20 -0
- angr/analyses/decompiler/sequence_walker.py +257 -0
- angr/analyses/decompiler/ssailification/__init__.py +4 -0
- angr/analyses/decompiler/ssailification/rewriting.py +379 -0
- angr/analyses/decompiler/ssailification/rewriting_engine.py +1053 -0
- angr/analyses/decompiler/ssailification/rewriting_state.py +61 -0
- angr/analyses/decompiler/ssailification/ssailification.py +276 -0
- angr/analyses/decompiler/ssailification/traversal.py +124 -0
- angr/analyses/decompiler/ssailification/traversal_engine.py +306 -0
- angr/analyses/decompiler/ssailification/traversal_state.py +48 -0
- angr/analyses/decompiler/stack_item.py +36 -0
- angr/analyses/decompiler/structured_codegen/__init__.py +25 -0
- angr/analyses/decompiler/structured_codegen/base.py +132 -0
- angr/analyses/decompiler/structured_codegen/c.py +4082 -0
- angr/analyses/decompiler/structured_codegen/dummy.py +15 -0
- angr/analyses/decompiler/structured_codegen/dwarf_import.py +190 -0
- angr/analyses/decompiler/structuring/__init__.py +30 -0
- angr/analyses/decompiler/structuring/dream.py +1217 -0
- angr/analyses/decompiler/structuring/phoenix.py +3090 -0
- angr/analyses/decompiler/structuring/recursive_structurer.py +187 -0
- angr/analyses/decompiler/structuring/sailr.py +120 -0
- angr/analyses/decompiler/structuring/structurer_base.py +1066 -0
- angr/analyses/decompiler/structuring/structurer_nodes.py +440 -0
- angr/analyses/decompiler/utils.py +1118 -0
- angr/analyses/deobfuscator/__init__.py +18 -0
- angr/analyses/deobfuscator/api_obf_finder.py +325 -0
- angr/analyses/deobfuscator/api_obf_peephole_optimizer.py +51 -0
- angr/analyses/deobfuscator/api_obf_type2_finder.py +166 -0
- angr/analyses/deobfuscator/irsb_reg_collector.py +54 -0
- angr/analyses/deobfuscator/string_obf_finder.py +959 -0
- angr/analyses/deobfuscator/string_obf_opt_passes.py +133 -0
- angr/analyses/deobfuscator/string_obf_peephole_optimizer.py +47 -0
- angr/analyses/disassembly.py +1295 -0
- angr/analyses/disassembly_utils.py +101 -0
- angr/analyses/dominance_frontier.py +57 -0
- angr/analyses/fcp/__init__.py +4 -0
- angr/analyses/fcp/fcp.py +427 -0
- angr/analyses/find_objects_static.py +205 -0
- angr/analyses/flirt/__init__.py +47 -0
- angr/analyses/flirt/consts.py +160 -0
- angr/analyses/flirt/flirt.py +244 -0
- angr/analyses/flirt/flirt_function.py +20 -0
- angr/analyses/flirt/flirt_matcher.py +351 -0
- angr/analyses/flirt/flirt_module.py +32 -0
- angr/analyses/flirt/flirt_node.py +23 -0
- angr/analyses/flirt/flirt_sig.py +359 -0
- angr/analyses/flirt/flirt_utils.py +31 -0
- angr/analyses/forward_analysis/__init__.py +12 -0
- angr/analyses/forward_analysis/forward_analysis.py +530 -0
- angr/analyses/forward_analysis/job_info.py +64 -0
- angr/analyses/forward_analysis/visitors/__init__.py +14 -0
- angr/analyses/forward_analysis/visitors/call_graph.py +29 -0
- angr/analyses/forward_analysis/visitors/function_graph.py +86 -0
- angr/analyses/forward_analysis/visitors/graph.py +242 -0
- angr/analyses/forward_analysis/visitors/loop.py +29 -0
- angr/analyses/forward_analysis/visitors/single_node_graph.py +38 -0
- angr/analyses/identifier/__init__.py +5 -0
- angr/analyses/identifier/custom_callable.py +137 -0
- angr/analyses/identifier/errors.py +10 -0
- angr/analyses/identifier/func.py +60 -0
- angr/analyses/identifier/functions/__init__.py +37 -0
- angr/analyses/identifier/functions/atoi.py +73 -0
- angr/analyses/identifier/functions/based_atoi.py +125 -0
- angr/analyses/identifier/functions/fdprintf.py +123 -0
- angr/analyses/identifier/functions/free.py +64 -0
- angr/analyses/identifier/functions/int2str.py +287 -0
- angr/analyses/identifier/functions/malloc.py +111 -0
- angr/analyses/identifier/functions/memcmp.py +67 -0
- angr/analyses/identifier/functions/memcpy.py +89 -0
- angr/analyses/identifier/functions/memset.py +43 -0
- angr/analyses/identifier/functions/printf.py +123 -0
- angr/analyses/identifier/functions/recv_until.py +312 -0
- angr/analyses/identifier/functions/skip_calloc.py +73 -0
- angr/analyses/identifier/functions/skip_realloc.py +97 -0
- angr/analyses/identifier/functions/skip_recv_n.py +105 -0
- angr/analyses/identifier/functions/snprintf.py +112 -0
- angr/analyses/identifier/functions/sprintf.py +116 -0
- angr/analyses/identifier/functions/strcasecmp.py +33 -0
- angr/analyses/identifier/functions/strcmp.py +113 -0
- angr/analyses/identifier/functions/strcpy.py +43 -0
- angr/analyses/identifier/functions/strlen.py +27 -0
- angr/analyses/identifier/functions/strncmp.py +104 -0
- angr/analyses/identifier/functions/strncpy.py +65 -0
- angr/analyses/identifier/functions/strtol.py +89 -0
- angr/analyses/identifier/identify.py +825 -0
- angr/analyses/identifier/runner.py +360 -0
- angr/analyses/init_finder.py +289 -0
- angr/analyses/loop_analysis.py +349 -0
- angr/analyses/loopfinder.py +171 -0
- angr/analyses/patchfinder.py +137 -0
- angr/analyses/pathfinder.py +282 -0
- angr/analyses/propagator/__init__.py +5 -0
- angr/analyses/propagator/engine_base.py +62 -0
- angr/analyses/propagator/engine_vex.py +297 -0
- angr/analyses/propagator/propagator.py +361 -0
- angr/analyses/propagator/top_checker_mixin.py +218 -0
- angr/analyses/propagator/values.py +117 -0
- angr/analyses/propagator/vex_vars.py +68 -0
- angr/analyses/proximity_graph.py +444 -0
- angr/analyses/reaching_definitions/__init__.py +67 -0
- angr/analyses/reaching_definitions/call_trace.py +73 -0
- angr/analyses/reaching_definitions/dep_graph.py +433 -0
- angr/analyses/reaching_definitions/engine_ail.py +1130 -0
- angr/analyses/reaching_definitions/engine_vex.py +1127 -0
- angr/analyses/reaching_definitions/external_codeloc.py +0 -0
- angr/analyses/reaching_definitions/function_handler.py +638 -0
- angr/analyses/reaching_definitions/function_handler_library/__init__.py +12 -0
- angr/analyses/reaching_definitions/function_handler_library/stdio.py +269 -0
- angr/analyses/reaching_definitions/function_handler_library/stdlib.py +195 -0
- angr/analyses/reaching_definitions/function_handler_library/string.py +158 -0
- angr/analyses/reaching_definitions/function_handler_library/unistd.py +51 -0
- angr/analyses/reaching_definitions/heap_allocator.py +70 -0
- angr/analyses/reaching_definitions/rd_initializer.py +237 -0
- angr/analyses/reaching_definitions/rd_state.py +579 -0
- angr/analyses/reaching_definitions/reaching_definitions.py +581 -0
- angr/analyses/reaching_definitions/subject.py +65 -0
- angr/analyses/reassembler.py +2900 -0
- angr/analyses/s_liveness.py +203 -0
- angr/analyses/s_propagator.py +542 -0
- angr/analyses/s_reaching_definitions/__init__.py +12 -0
- angr/analyses/s_reaching_definitions/s_rda_model.py +136 -0
- angr/analyses/s_reaching_definitions/s_rda_view.py +316 -0
- angr/analyses/s_reaching_definitions/s_reaching_definitions.py +177 -0
- angr/analyses/smc.py +161 -0
- angr/analyses/soot_class_hierarchy.py +273 -0
- angr/analyses/stack_pointer_tracker.py +953 -0
- angr/analyses/static_hooker.py +53 -0
- angr/analyses/typehoon/__init__.py +5 -0
- angr/analyses/typehoon/dfa.py +118 -0
- angr/analyses/typehoon/lifter.py +122 -0
- angr/analyses/typehoon/simple_solver.py +1666 -0
- angr/analyses/typehoon/translator.py +279 -0
- angr/analyses/typehoon/typeconsts.py +338 -0
- angr/analyses/typehoon/typehoon.py +319 -0
- angr/analyses/typehoon/typevars.py +622 -0
- angr/analyses/typehoon/variance.py +11 -0
- angr/analyses/unpacker/__init__.py +6 -0
- angr/analyses/unpacker/obfuscation_detector.py +103 -0
- angr/analyses/unpacker/packing_detector.py +138 -0
- angr/analyses/variable_recovery/__init__.py +9 -0
- angr/analyses/variable_recovery/annotations.py +58 -0
- angr/analyses/variable_recovery/engine_ail.py +885 -0
- angr/analyses/variable_recovery/engine_base.py +1197 -0
- angr/analyses/variable_recovery/engine_vex.py +593 -0
- angr/analyses/variable_recovery/irsb_scanner.py +143 -0
- angr/analyses/variable_recovery/variable_recovery.py +574 -0
- angr/analyses/variable_recovery/variable_recovery_base.py +489 -0
- angr/analyses/variable_recovery/variable_recovery_fast.py +661 -0
- angr/analyses/veritesting.py +626 -0
- angr/analyses/vfg.py +1898 -0
- angr/analyses/vsa_ddg.py +420 -0
- angr/analyses/vtable.py +92 -0
- angr/analyses/xrefs.py +286 -0
- angr/angrdb/__init__.py +14 -0
- angr/angrdb/db.py +206 -0
- angr/angrdb/models.py +184 -0
- angr/angrdb/serializers/__init__.py +10 -0
- angr/angrdb/serializers/cfg_model.py +41 -0
- angr/angrdb/serializers/comments.py +60 -0
- angr/angrdb/serializers/funcs.py +61 -0
- angr/angrdb/serializers/kb.py +111 -0
- angr/angrdb/serializers/labels.py +59 -0
- angr/angrdb/serializers/loader.py +165 -0
- angr/angrdb/serializers/structured_code.py +125 -0
- angr/angrdb/serializers/variables.py +58 -0
- angr/angrdb/serializers/xrefs.py +48 -0
- angr/annocfg.py +317 -0
- angr/blade.py +431 -0
- angr/block.py +509 -0
- angr/callable.py +168 -0
- angr/calling_conventions.py +2580 -0
- angr/code_location.py +163 -0
- angr/codenode.py +145 -0
- angr/concretization_strategies/__init__.py +32 -0
- angr/concretization_strategies/any.py +17 -0
- angr/concretization_strategies/any_named.py +35 -0
- angr/concretization_strategies/base.py +81 -0
- angr/concretization_strategies/controlled_data.py +58 -0
- angr/concretization_strategies/eval.py +19 -0
- angr/concretization_strategies/logging.py +35 -0
- angr/concretization_strategies/max.py +25 -0
- angr/concretization_strategies/nonzero.py +16 -0
- angr/concretization_strategies/nonzero_range.py +22 -0
- angr/concretization_strategies/norepeats.py +37 -0
- angr/concretization_strategies/norepeats_range.py +37 -0
- angr/concretization_strategies/range.py +19 -0
- angr/concretization_strategies/signed_add.py +31 -0
- angr/concretization_strategies/single.py +15 -0
- angr/concretization_strategies/solutions.py +20 -0
- angr/concretization_strategies/unlimited_range.py +17 -0
- angr/distributed/__init__.py +9 -0
- angr/distributed/server.py +197 -0
- angr/distributed/worker.py +185 -0
- angr/emulator.py +143 -0
- angr/engines/__init__.py +67 -0
- angr/engines/concrete.py +66 -0
- angr/engines/engine.py +29 -0
- angr/engines/failure.py +27 -0
- angr/engines/hook.py +68 -0
- angr/engines/icicle.py +278 -0
- angr/engines/light/__init__.py +23 -0
- angr/engines/light/data.py +681 -0
- angr/engines/light/engine.py +1285 -0
- angr/engines/pcode/__init__.py +9 -0
- angr/engines/pcode/behavior.py +994 -0
- angr/engines/pcode/cc.py +128 -0
- angr/engines/pcode/emulate.py +440 -0
- angr/engines/pcode/engine.py +242 -0
- angr/engines/pcode/lifter.py +1420 -0
- angr/engines/procedure.py +70 -0
- angr/engines/soot/__init__.py +5 -0
- angr/engines/soot/engine.py +410 -0
- angr/engines/soot/exceptions.py +17 -0
- angr/engines/soot/expressions/__init__.py +87 -0
- angr/engines/soot/expressions/arrayref.py +22 -0
- angr/engines/soot/expressions/base.py +21 -0
- angr/engines/soot/expressions/binop.py +28 -0
- angr/engines/soot/expressions/cast.py +22 -0
- angr/engines/soot/expressions/condition.py +35 -0
- angr/engines/soot/expressions/constants.py +47 -0
- angr/engines/soot/expressions/instanceOf.py +15 -0
- angr/engines/soot/expressions/instancefieldref.py +8 -0
- angr/engines/soot/expressions/invoke.py +114 -0
- angr/engines/soot/expressions/length.py +8 -0
- angr/engines/soot/expressions/local.py +8 -0
- angr/engines/soot/expressions/new.py +16 -0
- angr/engines/soot/expressions/newArray.py +54 -0
- angr/engines/soot/expressions/newMultiArray.py +86 -0
- angr/engines/soot/expressions/paramref.py +8 -0
- angr/engines/soot/expressions/phi.py +30 -0
- angr/engines/soot/expressions/staticfieldref.py +8 -0
- angr/engines/soot/expressions/thisref.py +7 -0
- angr/engines/soot/expressions/unsupported.py +7 -0
- angr/engines/soot/field_dispatcher.py +46 -0
- angr/engines/soot/method_dispatcher.py +46 -0
- angr/engines/soot/statements/__init__.py +44 -0
- angr/engines/soot/statements/assign.py +30 -0
- angr/engines/soot/statements/base.py +79 -0
- angr/engines/soot/statements/goto.py +14 -0
- angr/engines/soot/statements/identity.py +15 -0
- angr/engines/soot/statements/if_.py +19 -0
- angr/engines/soot/statements/invoke.py +12 -0
- angr/engines/soot/statements/return_.py +20 -0
- angr/engines/soot/statements/switch.py +41 -0
- angr/engines/soot/statements/throw.py +15 -0
- angr/engines/soot/values/__init__.py +38 -0
- angr/engines/soot/values/arrayref.py +122 -0
- angr/engines/soot/values/base.py +7 -0
- angr/engines/soot/values/constants.py +18 -0
- angr/engines/soot/values/instancefieldref.py +44 -0
- angr/engines/soot/values/local.py +18 -0
- angr/engines/soot/values/paramref.py +18 -0
- angr/engines/soot/values/staticfieldref.py +38 -0
- angr/engines/soot/values/strref.py +38 -0
- angr/engines/soot/values/thisref.py +149 -0
- angr/engines/successors.py +654 -0
- angr/engines/syscall.py +51 -0
- angr/engines/unicorn.py +490 -0
- angr/engines/vex/__init__.py +20 -0
- angr/engines/vex/claripy/__init__.py +5 -0
- angr/engines/vex/claripy/ccall.py +2097 -0
- angr/engines/vex/claripy/datalayer.py +141 -0
- angr/engines/vex/claripy/irop.py +1276 -0
- angr/engines/vex/heavy/__init__.py +16 -0
- angr/engines/vex/heavy/actions.py +231 -0
- angr/engines/vex/heavy/concretizers.py +403 -0
- angr/engines/vex/heavy/dirty.py +466 -0
- angr/engines/vex/heavy/heavy.py +370 -0
- angr/engines/vex/heavy/inspect.py +52 -0
- angr/engines/vex/heavy/resilience.py +85 -0
- angr/engines/vex/heavy/super_fastpath.py +34 -0
- angr/engines/vex/lifter.py +420 -0
- angr/engines/vex/light/__init__.py +11 -0
- angr/engines/vex/light/light.py +551 -0
- angr/engines/vex/light/resilience.py +74 -0
- angr/engines/vex/light/slicing.py +52 -0
- angr/errors.py +609 -0
- angr/exploration_techniques/__init__.py +53 -0
- angr/exploration_techniques/base.py +126 -0
- angr/exploration_techniques/bucketizer.py +94 -0
- angr/exploration_techniques/common.py +56 -0
- angr/exploration_techniques/dfs.py +37 -0
- angr/exploration_techniques/director.py +520 -0
- angr/exploration_techniques/driller_core.py +100 -0
- angr/exploration_techniques/explorer.py +152 -0
- angr/exploration_techniques/lengthlimiter.py +22 -0
- angr/exploration_techniques/local_loop_seer.py +65 -0
- angr/exploration_techniques/loop_seer.py +236 -0
- angr/exploration_techniques/manual_mergepoint.py +82 -0
- angr/exploration_techniques/memory_watcher.py +43 -0
- angr/exploration_techniques/oppologist.py +92 -0
- angr/exploration_techniques/slicecutor.py +118 -0
- angr/exploration_techniques/spiller.py +280 -0
- angr/exploration_techniques/spiller_db.py +27 -0
- angr/exploration_techniques/stochastic.py +56 -0
- angr/exploration_techniques/stub_stasher.py +19 -0
- angr/exploration_techniques/suggestions.py +159 -0
- angr/exploration_techniques/tech_builder.py +49 -0
- angr/exploration_techniques/threading.py +69 -0
- angr/exploration_techniques/timeout.py +34 -0
- angr/exploration_techniques/tracer.py +1098 -0
- angr/exploration_techniques/unique.py +106 -0
- angr/exploration_techniques/veritesting.py +37 -0
- angr/factory.py +404 -0
- angr/flirt/__init__.py +97 -0
- angr/flirt/build_sig.py +305 -0
- angr/graph_utils.py +0 -0
- angr/keyed_region.py +525 -0
- angr/knowledge_base.py +143 -0
- angr/knowledge_plugins/__init__.py +43 -0
- angr/knowledge_plugins/callsite_prototypes.py +53 -0
- angr/knowledge_plugins/cfg/__init__.py +18 -0
- angr/knowledge_plugins/cfg/cfg_manager.py +95 -0
- angr/knowledge_plugins/cfg/cfg_model.py +1045 -0
- angr/knowledge_plugins/cfg/cfg_node.py +536 -0
- angr/knowledge_plugins/cfg/indirect_jump.py +65 -0
- angr/knowledge_plugins/cfg/memory_data.py +156 -0
- angr/knowledge_plugins/comments.py +16 -0
- angr/knowledge_plugins/custom_strings.py +38 -0
- angr/knowledge_plugins/data.py +22 -0
- angr/knowledge_plugins/debug_variables.py +216 -0
- angr/knowledge_plugins/functions/__init__.py +9 -0
- angr/knowledge_plugins/functions/function.py +1780 -0
- angr/knowledge_plugins/functions/function_manager.py +588 -0
- angr/knowledge_plugins/functions/function_parser.py +299 -0
- angr/knowledge_plugins/functions/soot_function.py +128 -0
- angr/knowledge_plugins/indirect_jumps.py +35 -0
- angr/knowledge_plugins/key_definitions/__init__.py +17 -0
- angr/knowledge_plugins/key_definitions/atoms.py +374 -0
- angr/knowledge_plugins/key_definitions/constants.py +29 -0
- angr/knowledge_plugins/key_definitions/definition.py +214 -0
- angr/knowledge_plugins/key_definitions/environment.py +96 -0
- angr/knowledge_plugins/key_definitions/heap_address.py +33 -0
- angr/knowledge_plugins/key_definitions/key_definition_manager.py +82 -0
- angr/knowledge_plugins/key_definitions/live_definitions.py +1010 -0
- angr/knowledge_plugins/key_definitions/liveness.py +165 -0
- angr/knowledge_plugins/key_definitions/rd_model.py +171 -0
- angr/knowledge_plugins/key_definitions/tag.py +78 -0
- angr/knowledge_plugins/key_definitions/undefined.py +70 -0
- angr/knowledge_plugins/key_definitions/unknown_size.py +86 -0
- angr/knowledge_plugins/key_definitions/uses.py +178 -0
- angr/knowledge_plugins/labels.py +110 -0
- angr/knowledge_plugins/obfuscations.py +37 -0
- angr/knowledge_plugins/patches.py +126 -0
- angr/knowledge_plugins/plugin.py +24 -0
- angr/knowledge_plugins/propagations/__init__.py +10 -0
- angr/knowledge_plugins/propagations/prop_value.py +191 -0
- angr/knowledge_plugins/propagations/propagation_manager.py +60 -0
- angr/knowledge_plugins/propagations/propagation_model.py +80 -0
- angr/knowledge_plugins/propagations/states.py +552 -0
- angr/knowledge_plugins/structured_code.py +63 -0
- angr/knowledge_plugins/types.py +88 -0
- angr/knowledge_plugins/variables/__init__.py +8 -0
- angr/knowledge_plugins/variables/variable_access.py +113 -0
- angr/knowledge_plugins/variables/variable_manager.py +1380 -0
- angr/knowledge_plugins/xrefs/__init__.py +12 -0
- angr/knowledge_plugins/xrefs/xref.py +150 -0
- angr/knowledge_plugins/xrefs/xref_manager.py +127 -0
- angr/knowledge_plugins/xrefs/xref_types.py +16 -0
- angr/misc/__init__.py +19 -0
- angr/misc/ansi.py +47 -0
- angr/misc/autoimport.py +90 -0
- angr/misc/bug_report.py +117 -0
- angr/misc/hookset.py +106 -0
- angr/misc/loggers.py +130 -0
- angr/misc/picklable_lock.py +46 -0
- angr/misc/plugins.py +289 -0
- angr/misc/telemetry.py +54 -0
- angr/misc/testing.py +24 -0
- angr/misc/ux.py +31 -0
- angr/procedures/__init__.py +12 -0
- angr/procedures/advapi32/__init__.py +0 -0
- angr/procedures/cgc/__init__.py +3 -0
- angr/procedures/cgc/_terminate.py +11 -0
- angr/procedures/cgc/allocate.py +75 -0
- angr/procedures/cgc/deallocate.py +67 -0
- angr/procedures/cgc/fdwait.py +65 -0
- angr/procedures/cgc/random.py +67 -0
- angr/procedures/cgc/receive.py +93 -0
- angr/procedures/cgc/transmit.py +65 -0
- angr/procedures/definitions/__init__.py +779 -0
- angr/procedures/definitions/cgc.py +20 -0
- angr/procedures/definitions/glibc.py +8372 -0
- angr/procedures/definitions/gnulib.py +32 -0
- angr/procedures/definitions/libstdcpp.py +21 -0
- angr/procedures/definitions/linux_kernel.py +6171 -0
- angr/procedures/definitions/linux_loader.py +7 -0
- angr/procedures/definitions/msvcr.py +16 -0
- angr/procedures/definitions/parse_syscalls_from_local_system.py +50 -0
- angr/procedures/definitions/parse_win32json.py +2553 -0
- angr/procedures/definitions/types_stl.py +22 -0
- angr/procedures/definitions/types_win32.py +34482 -0
- angr/procedures/definitions/wdk_api-ms-win-dx-d3dkmt-l1-1-4.py +30 -0
- angr/procedures/definitions/wdk_api-ms-win-dx-d3dkmt-l1-1-6.py +26 -0
- angr/procedures/definitions/wdk_clfs.py +140 -0
- angr/procedures/definitions/wdk_fltmgr.py +556 -0
- angr/procedures/definitions/wdk_fwpkclnt.py +30 -0
- angr/procedures/definitions/wdk_fwpuclnt.py +316 -0
- angr/procedures/definitions/wdk_gdi32.py +366 -0
- angr/procedures/definitions/wdk_hal.py +78 -0
- angr/procedures/definitions/wdk_ksecdd.py +62 -0
- angr/procedures/definitions/wdk_ndis.py +238 -0
- angr/procedures/definitions/wdk_ntoskrnl.py +3451 -0
- angr/procedures/definitions/wdk_offreg.py +72 -0
- angr/procedures/definitions/wdk_pshed.py +36 -0
- angr/procedures/definitions/wdk_secur32.py +40 -0
- angr/procedures/definitions/wdk_vhfum.py +34 -0
- angr/procedures/definitions/win32_aclui.py +30 -0
- angr/procedures/definitions/win32_activeds.py +68 -0
- angr/procedures/definitions/win32_advapi32.py +1684 -0
- angr/procedures/definitions/win32_advpack.py +124 -0
- angr/procedures/definitions/win32_amsi.py +38 -0
- angr/procedures/definitions/win32_api-ms-win-appmodel-runtime-l1-1-1.py +44 -0
- angr/procedures/definitions/win32_api-ms-win-appmodel-runtime-l1-1-3.py +34 -0
- angr/procedures/definitions/win32_api-ms-win-appmodel-runtime-l1-1-6.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-core-apiquery-l2-1-0.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-core-backgroundtask-l1-1-0.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-core-comm-l1-1-1.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-core-comm-l1-1-2.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-core-enclave-l1-1-1.py +30 -0
- angr/procedures/definitions/win32_api-ms-win-core-errorhandling-l1-1-3.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-core-featurestaging-l1-1-0.py +34 -0
- angr/procedures/definitions/win32_api-ms-win-core-featurestaging-l1-1-1.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-core-file-fromapp-l1-1-0.py +46 -0
- angr/procedures/definitions/win32_api-ms-win-core-handle-l1-1-0.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-core-ioring-l1-1-0.py +48 -0
- angr/procedures/definitions/win32_api-ms-win-core-marshal-l1-1-0.py +32 -0
- angr/procedures/definitions/win32_api-ms-win-core-memory-l1-1-3.py +32 -0
- angr/procedures/definitions/win32_api-ms-win-core-memory-l1-1-4.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-core-memory-l1-1-5.py +30 -0
- angr/procedures/definitions/win32_api-ms-win-core-memory-l1-1-6.py +32 -0
- angr/procedures/definitions/win32_api-ms-win-core-memory-l1-1-7.py +28 -0
- angr/procedures/definitions/win32_api-ms-win-core-memory-l1-1-8.py +30 -0
- angr/procedures/definitions/win32_api-ms-win-core-path-l1-1-0.py +68 -0
- angr/procedures/definitions/win32_api-ms-win-core-psm-appnotify-l1-1-0.py +28 -0
- angr/procedures/definitions/win32_api-ms-win-core-psm-appnotify-l1-1-1.py +28 -0
- angr/procedures/definitions/win32_api-ms-win-core-realtime-l1-1-1.py +30 -0
- angr/procedures/definitions/win32_api-ms-win-core-realtime-l1-1-2.py +30 -0
- angr/procedures/definitions/win32_api-ms-win-core-slapi-l1-1-0.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-core-state-helpers-l1-1-0.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-core-synch-l1-2-0.py +30 -0
- angr/procedures/definitions/win32_api-ms-win-core-sysinfo-l1-2-0.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-core-sysinfo-l1-2-3.py +28 -0
- angr/procedures/definitions/win32_api-ms-win-core-sysinfo-l1-2-4.py +28 -0
- angr/procedures/definitions/win32_api-ms-win-core-sysinfo-l1-2-6.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-core-util-l1-1-1.py +28 -0
- angr/procedures/definitions/win32_api-ms-win-core-winrt-error-l1-1-0.py +44 -0
- angr/procedures/definitions/win32_api-ms-win-core-winrt-error-l1-1-1.py +38 -0
- angr/procedures/definitions/win32_api-ms-win-core-winrt-l1-1-0.py +40 -0
- angr/procedures/definitions/win32_api-ms-win-core-winrt-registration-l1-1-0.py +24 -0
- angr/procedures/definitions/win32_api-ms-win-core-winrt-robuffer-l1-1-0.py +24 -0
- angr/procedures/definitions/win32_api-ms-win-core-winrt-roparameterizediid-l1-1-0.py +28 -0
- angr/procedures/definitions/win32_api-ms-win-core-winrt-string-l1-1-0.py +76 -0
- angr/procedures/definitions/win32_api-ms-win-core-winrt-string-l1-1-1.py +24 -0
- angr/procedures/definitions/win32_api-ms-win-core-wow64-l1-1-1.py +30 -0
- angr/procedures/definitions/win32_api-ms-win-devices-query-l1-1-0.py +42 -0
- angr/procedures/definitions/win32_api-ms-win-devices-query-l1-1-1.py +34 -0
- angr/procedures/definitions/win32_api-ms-win-dx-d3dkmt-l1-1-0.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-gaming-deviceinformation-l1-1-0.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-gaming-expandedresources-l1-1-0.py +30 -0
- angr/procedures/definitions/win32_api-ms-win-gaming-tcui-l1-1-0.py +38 -0
- angr/procedures/definitions/win32_api-ms-win-gaming-tcui-l1-1-1.py +28 -0
- angr/procedures/definitions/win32_api-ms-win-gaming-tcui-l1-1-2.py +38 -0
- angr/procedures/definitions/win32_api-ms-win-gaming-tcui-l1-1-3.py +28 -0
- angr/procedures/definitions/win32_api-ms-win-gaming-tcui-l1-1-4.py +40 -0
- angr/procedures/definitions/win32_api-ms-win-mm-misc-l1-1-1.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-net-isolation-l1-1-0.py +40 -0
- angr/procedures/definitions/win32_api-ms-win-security-base-l1-2-2.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-security-isolatedcontainer-l1-1-0.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-security-isolatedcontainer-l1-1-1.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-service-core-l1-1-3.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-service-core-l1-1-4.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-service-core-l1-1-5.py +28 -0
- angr/procedures/definitions/win32_api-ms-win-shcore-scaling-l1-1-0.py +30 -0
- angr/procedures/definitions/win32_api-ms-win-shcore-scaling-l1-1-1.py +36 -0
- angr/procedures/definitions/win32_api-ms-win-shcore-scaling-l1-1-2.py +26 -0
- angr/procedures/definitions/win32_api-ms-win-shcore-stream-winrt-l1-1-0.py +28 -0
- angr/procedures/definitions/win32_api-ms-win-wsl-api-l1-1-0.py +38 -0
- angr/procedures/definitions/win32_apphelp.py +26 -0
- angr/procedures/definitions/win32_authz.py +90 -0
- angr/procedures/definitions/win32_avicap32.py +32 -0
- angr/procedures/definitions/win32_avifil32.py +144 -0
- angr/procedures/definitions/win32_avrt.py +52 -0
- angr/procedures/definitions/win32_bcp47mrm.py +28 -0
- angr/procedures/definitions/win32_bcrypt.py +130 -0
- angr/procedures/definitions/win32_bcryptprimitives.py +28 -0
- angr/procedures/definitions/win32_bluetoothapis.py +106 -0
- angr/procedures/definitions/win32_bthprops.py +34 -0
- angr/procedures/definitions/win32_bthprops_cpl.py +36 -0
- angr/procedures/definitions/win32_cabinet.py +68 -0
- angr/procedures/definitions/win32_certadm.py +60 -0
- angr/procedures/definitions/win32_certpoleng.py +40 -0
- angr/procedures/definitions/win32_cfgmgr32.py +502 -0
- angr/procedures/definitions/win32_chakra.py +198 -0
- angr/procedures/definitions/win32_cldapi.py +96 -0
- angr/procedures/definitions/win32_clfsw32.py +142 -0
- angr/procedures/definitions/win32_clusapi.py +584 -0
- angr/procedures/definitions/win32_comctl32.py +254 -0
- angr/procedures/definitions/win32_comdlg32.py +66 -0
- angr/procedures/definitions/win32_compstui.py +32 -0
- angr/procedures/definitions/win32_computecore.py +132 -0
- angr/procedures/definitions/win32_computenetwork.py +110 -0
- angr/procedures/definitions/win32_computestorage.py +48 -0
- angr/procedures/definitions/win32_comsvcs.py +38 -0
- angr/procedures/definitions/win32_coremessaging.py +24 -0
- angr/procedures/definitions/win32_credui.py +62 -0
- angr/procedures/definitions/win32_crypt32.py +482 -0
- angr/procedures/definitions/win32_cryptnet.py +34 -0
- angr/procedures/definitions/win32_cryptui.py +44 -0
- angr/procedures/definitions/win32_cryptxml.py +62 -0
- angr/procedures/definitions/win32_cscapi.py +32 -0
- angr/procedures/definitions/win32_d2d1.py +50 -0
- angr/procedures/definitions/win32_d3d10.py +78 -0
- angr/procedures/definitions/win32_d3d10_1.py +28 -0
- angr/procedures/definitions/win32_d3d11.py +30 -0
- angr/procedures/definitions/win32_d3d12.py +40 -0
- angr/procedures/definitions/win32_d3d9.py +46 -0
- angr/procedures/definitions/win32_d3dcompiler_47.py +76 -0
- angr/procedures/definitions/win32_d3dcsx.py +42 -0
- angr/procedures/definitions/win32_davclnt.py +60 -0
- angr/procedures/definitions/win32_dbgeng.py +32 -0
- angr/procedures/definitions/win32_dbghelp.py +462 -0
- angr/procedures/definitions/win32_dbgmodel.py +26 -0
- angr/procedures/definitions/win32_dciman32.py +64 -0
- angr/procedures/definitions/win32_dcomp.py +48 -0
- angr/procedures/definitions/win32_ddraw.py +38 -0
- angr/procedures/definitions/win32_deviceaccess.py +26 -0
- angr/procedures/definitions/win32_dflayout.py +26 -0
- angr/procedures/definitions/win32_dhcpcsvc.py +54 -0
- angr/procedures/definitions/win32_dhcpcsvc6.py +36 -0
- angr/procedures/definitions/win32_dhcpsapi.py +416 -0
- angr/procedures/definitions/win32_diagnosticdataquery.py +94 -0
- angr/procedures/definitions/win32_dinput8.py +26 -0
- angr/procedures/definitions/win32_directml.py +28 -0
- angr/procedures/definitions/win32_dmprocessxmlfiltered.py +26 -0
- angr/procedures/definitions/win32_dnsapi.py +152 -0
- angr/procedures/definitions/win32_drt.py +56 -0
- angr/procedures/definitions/win32_drtprov.py +42 -0
- angr/procedures/definitions/win32_drttransport.py +28 -0
- angr/procedures/definitions/win32_dsound.py +44 -0
- angr/procedures/definitions/win32_dsparse.py +62 -0
- angr/procedures/definitions/win32_dsprop.py +38 -0
- angr/procedures/definitions/win32_dssec.py +32 -0
- angr/procedures/definitions/win32_dsuiext.py +32 -0
- angr/procedures/definitions/win32_dwmapi.py +86 -0
- angr/procedures/definitions/win32_dwrite.py +26 -0
- angr/procedures/definitions/win32_dxcompiler.py +28 -0
- angr/procedures/definitions/win32_dxcore.py +26 -0
- angr/procedures/definitions/win32_dxgi.py +36 -0
- angr/procedures/definitions/win32_dxva2.py +100 -0
- angr/procedures/definitions/win32_eappcfg.py +52 -0
- angr/procedures/definitions/win32_eappprxy.py +60 -0
- angr/procedures/definitions/win32_efswrt.py +28 -0
- angr/procedures/definitions/win32_elscore.py +34 -0
- angr/procedures/definitions/win32_esent.py +482 -0
- angr/procedures/definitions/win32_evr.py +38 -0
- angr/procedures/definitions/win32_faultrep.py +32 -0
- angr/procedures/definitions/win32_fhsvcctl.py +38 -0
- angr/procedures/definitions/win32_firewallapi.py +30 -0
- angr/procedures/definitions/win32_fltlib.py +80 -0
- angr/procedures/definitions/win32_fontsub.py +28 -0
- angr/procedures/definitions/win32_forceinline.py +30 -0
- angr/procedures/definitions/win32_fwpuclnt.py +408 -0
- angr/procedures/definitions/win32_fxsutility.py +28 -0
- angr/procedures/definitions/win32_gdi32.py +886 -0
- angr/procedures/definitions/win32_gdiplus.py +1282 -0
- angr/procedures/definitions/win32_glu32.py +128 -0
- angr/procedures/definitions/win32_gpedit.py +36 -0
- angr/procedures/definitions/win32_hhctrl_ocx.py +28 -0
- angr/procedures/definitions/win32_hid.py +114 -0
- angr/procedures/definitions/win32_hlink.py +80 -0
- angr/procedures/definitions/win32_hrtfapo.py +26 -0
- angr/procedures/definitions/win32_httpapi.py +110 -0
- angr/procedures/definitions/win32_icm32.py +66 -0
- angr/procedures/definitions/win32_icmui.py +28 -0
- angr/procedures/definitions/win32_icu.py +2074 -0
- angr/procedures/definitions/win32_ieframe.py +82 -0
- angr/procedures/definitions/win32_imagehlp.py +76 -0
- angr/procedures/definitions/win32_imgutil.py +42 -0
- angr/procedures/definitions/win32_imm32.py +188 -0
- angr/procedures/definitions/win32_infocardapi.py +58 -0
- angr/procedures/definitions/win32_inkobjcore.py +78 -0
- angr/procedures/definitions/win32_iphlpapi.py +426 -0
- angr/procedures/definitions/win32_iscsidsc.py +182 -0
- angr/procedures/definitions/win32_isolatedwindowsenvironmentutils.py +28 -0
- angr/procedures/definitions/win32_kernel32.py +3185 -0
- angr/procedures/definitions/win32_kernelbase.py +36 -0
- angr/procedures/definitions/win32_keycredmgr.py +32 -0
- angr/procedures/definitions/win32_ksproxy_ax.py +36 -0
- angr/procedures/definitions/win32_ksuser.py +40 -0
- angr/procedures/definitions/win32_ktmw32.py +102 -0
- angr/procedures/definitions/win32_licenseprotection.py +28 -0
- angr/procedures/definitions/win32_loadperf.py +48 -0
- angr/procedures/definitions/win32_magnification.py +62 -0
- angr/procedures/definitions/win32_mapi32.py +156 -0
- angr/procedures/definitions/win32_mdmlocalmanagement.py +30 -0
- angr/procedures/definitions/win32_mdmregistration.py +54 -0
- angr/procedures/definitions/win32_mf.py +148 -0
- angr/procedures/definitions/win32_mfcore.py +28 -0
- angr/procedures/definitions/win32_mfplat.py +314 -0
- angr/procedures/definitions/win32_mfplay.py +26 -0
- angr/procedures/definitions/win32_mfreadwrite.py +34 -0
- angr/procedures/definitions/win32_mfsensorgroup.py +44 -0
- angr/procedures/definitions/win32_mfsrcsnk.py +28 -0
- angr/procedures/definitions/win32_mgmtapi.py +42 -0
- angr/procedures/definitions/win32_mi.py +26 -0
- angr/procedures/definitions/win32_mmdevapi.py +26 -0
- angr/procedures/definitions/win32_mpr.py +118 -0
- angr/procedures/definitions/win32_mprapi.py +248 -0
- angr/procedures/definitions/win32_mqrt.py +92 -0
- angr/procedures/definitions/win32_mrmsupport.py +78 -0
- angr/procedures/definitions/win32_msacm32.py +108 -0
- angr/procedures/definitions/win32_msajapi.py +1118 -0
- angr/procedures/definitions/win32_mscms.py +182 -0
- angr/procedures/definitions/win32_mscoree.py +78 -0
- angr/procedures/definitions/win32_msctfmonitor.py +30 -0
- angr/procedures/definitions/win32_msdelta.py +56 -0
- angr/procedures/definitions/win32_msdmo.py +46 -0
- angr/procedures/definitions/win32_msdrm.py +192 -0
- angr/procedures/definitions/win32_msi.py +552 -0
- angr/procedures/definitions/win32_msimg32.py +30 -0
- angr/procedures/definitions/win32_mspatcha.py +56 -0
- angr/procedures/definitions/win32_mspatchc.py +42 -0
- angr/procedures/definitions/win32_msports.py +38 -0
- angr/procedures/definitions/win32_msrating.py +62 -0
- angr/procedures/definitions/win32_mssign32.py +44 -0
- angr/procedures/definitions/win32_mstask.py +28 -0
- angr/procedures/definitions/win32_msvfw32.py +110 -0
- angr/procedures/definitions/win32_mswsock.py +56 -0
- angr/procedures/definitions/win32_mtxdm.py +26 -0
- angr/procedures/definitions/win32_ncrypt.py +102 -0
- angr/procedures/definitions/win32_ndfapi.py +56 -0
- angr/procedures/definitions/win32_netapi32.py +436 -0
- angr/procedures/definitions/win32_netsh.py +40 -0
- angr/procedures/definitions/win32_netshell.py +28 -0
- angr/procedures/definitions/win32_newdev.py +46 -0
- angr/procedures/definitions/win32_ninput.py +84 -0
- angr/procedures/definitions/win32_normaliz.py +28 -0
- angr/procedures/definitions/win32_ntdll.py +171 -0
- angr/procedures/definitions/win32_ntdllk.py +26 -0
- angr/procedures/definitions/win32_ntdsapi.py +186 -0
- angr/procedures/definitions/win32_ntlanman.py +44 -0
- angr/procedures/definitions/win32_odbc32.py +392 -0
- angr/procedures/definitions/win32_odbcbcp.py +78 -0
- angr/procedures/definitions/win32_ole32.py +658 -0
- angr/procedures/definitions/win32_oleacc.py +58 -0
- angr/procedures/definitions/win32_oleaut32.py +834 -0
- angr/procedures/definitions/win32_oledlg.py +70 -0
- angr/procedures/definitions/win32_ondemandconnroutehelper.py +34 -0
- angr/procedures/definitions/win32_opengl32.py +734 -0
- angr/procedures/definitions/win32_opmxbox.py +30 -0
- angr/procedures/definitions/win32_p2p.py +240 -0
- angr/procedures/definitions/win32_p2pgraph.py +98 -0
- angr/procedures/definitions/win32_pdh.py +220 -0
- angr/procedures/definitions/win32_peerdist.py +80 -0
- angr/procedures/definitions/win32_powrprof.py +192 -0
- angr/procedures/definitions/win32_prntvpt.py +46 -0
- angr/procedures/definitions/win32_projectedfslib.py +62 -0
- angr/procedures/definitions/win32_propsys.py +460 -0
- angr/procedures/definitions/win32_psapi.py +78 -0
- angr/procedures/definitions/win32_quartz.py +28 -0
- angr/procedures/definitions/win32_query.py +32 -0
- angr/procedures/definitions/win32_qwave.py +46 -0
- angr/procedures/definitions/win32_rasapi32.py +192 -0
- angr/procedures/definitions/win32_rasdlg.py +36 -0
- angr/procedures/definitions/win32_resutils.py +264 -0
- angr/procedures/definitions/win32_rometadata.py +24 -0
- angr/procedures/definitions/win32_rpcns4.py +146 -0
- angr/procedures/definitions/win32_rpcproxy.py +32 -0
- angr/procedures/definitions/win32_rpcrt4.py +918 -0
- angr/procedures/definitions/win32_rstrtmgr.py +46 -0
- angr/procedures/definitions/win32_rtm.py +176 -0
- angr/procedures/definitions/win32_rtutils.py +106 -0
- angr/procedures/definitions/win32_rtworkq.py +90 -0
- angr/procedures/definitions/win32_sas.py +26 -0
- angr/procedures/definitions/win32_scarddlg.py +34 -0
- angr/procedures/definitions/win32_schannel.py +42 -0
- angr/procedures/definitions/win32_sechost.py +28 -0
- angr/procedures/definitions/win32_secur32.py +202 -0
- angr/procedures/definitions/win32_sensapi.py +30 -0
- angr/procedures/definitions/win32_sensorsutilsv2.py +104 -0
- angr/procedures/definitions/win32_setupapi.py +692 -0
- angr/procedures/definitions/win32_sfc.py +36 -0
- angr/procedures/definitions/win32_shdocvw.py +30 -0
- angr/procedures/definitions/win32_shell32.py +512 -0
- angr/procedures/definitions/win32_shlwapi.py +744 -0
- angr/procedures/definitions/win32_slc.py +88 -0
- angr/procedures/definitions/win32_slcext.py +32 -0
- angr/procedures/definitions/win32_slwga.py +26 -0
- angr/procedures/definitions/win32_snmpapi.py +76 -0
- angr/procedures/definitions/win32_spoolss.py +76 -0
- angr/procedures/definitions/win32_srclient.py +26 -0
- angr/procedures/definitions/win32_srpapi.py +46 -0
- angr/procedures/definitions/win32_sspicli.py +38 -0
- angr/procedures/definitions/win32_sti.py +26 -0
- angr/procedures/definitions/win32_t2embed.py +52 -0
- angr/procedures/definitions/win32_tapi32.py +522 -0
- angr/procedures/definitions/win32_tbs.py +52 -0
- angr/procedures/definitions/win32_tdh.py +78 -0
- angr/procedures/definitions/win32_tokenbinding.py +44 -0
- angr/procedures/definitions/win32_traffic.py +64 -0
- angr/procedures/definitions/win32_txfw32.py +42 -0
- angr/procedures/definitions/win32_ualapi.py +32 -0
- angr/procedures/definitions/win32_uiautomationcore.py +220 -0
- angr/procedures/definitions/win32_urlmon.py +178 -0
- angr/procedures/definitions/win32_user32.py +1551 -0
- angr/procedures/definitions/win32_userenv.py +112 -0
- angr/procedures/definitions/win32_usp10.py +104 -0
- angr/procedures/definitions/win32_uxtheme.py +178 -0
- angr/procedures/definitions/win32_verifier.py +26 -0
- angr/procedures/definitions/win32_version.py +52 -0
- angr/procedures/definitions/win32_vertdll.py +38 -0
- angr/procedures/definitions/win32_virtdisk.py +82 -0
- angr/procedures/definitions/win32_vmdevicehost.py +50 -0
- angr/procedures/definitions/win32_vmsavedstatedumpprovider.py +110 -0
- angr/procedures/definitions/win32_vssapi.py +26 -0
- angr/procedures/definitions/win32_wcmapi.py +34 -0
- angr/procedures/definitions/win32_wdsbp.py +38 -0
- angr/procedures/definitions/win32_wdsclientapi.py +98 -0
- angr/procedures/definitions/win32_wdsmc.py +36 -0
- angr/procedures/definitions/win32_wdspxe.py +86 -0
- angr/procedures/definitions/win32_wdstptc.py +50 -0
- angr/procedures/definitions/win32_webauthn.py +50 -0
- angr/procedures/definitions/win32_webservices.py +410 -0
- angr/procedures/definitions/win32_websocket.py +50 -0
- angr/procedures/definitions/win32_wecapi.py +54 -0
- angr/procedures/definitions/win32_wer.py +66 -0
- angr/procedures/definitions/win32_wevtapi.py +94 -0
- angr/procedures/definitions/win32_winbio.py +132 -0
- angr/procedures/definitions/win32_windows_ai_machinelearning.py +26 -0
- angr/procedures/definitions/win32_windows_data_pdf.py +24 -0
- angr/procedures/definitions/win32_windows_media_mediacontrol.py +40 -0
- angr/procedures/definitions/win32_windows_networking.py +26 -0
- angr/procedures/definitions/win32_windows_ui_xaml.py +28 -0
- angr/procedures/definitions/win32_windowscodecs.py +42 -0
- angr/procedures/definitions/win32_winfax.py +136 -0
- angr/procedures/definitions/win32_winhttp.py +136 -0
- angr/procedures/definitions/win32_winhvemulation.py +32 -0
- angr/procedures/definitions/win32_winhvplatform.py +156 -0
- angr/procedures/definitions/win32_wininet.py +616 -0
- angr/procedures/definitions/win32_winml.py +26 -0
- angr/procedures/definitions/win32_winmm.py +376 -0
- angr/procedures/definitions/win32_winscard.py +164 -0
- angr/procedures/definitions/win32_winspool.py +364 -0
- angr/procedures/definitions/win32_winspool_drv.py +368 -0
- angr/procedures/definitions/win32_wintrust.py +144 -0
- angr/procedures/definitions/win32_winusb.py +92 -0
- angr/procedures/definitions/win32_wlanapi.py +144 -0
- angr/procedures/definitions/win32_wlanui.py +26 -0
- angr/procedures/definitions/win32_wldap32.py +510 -0
- angr/procedures/definitions/win32_wldp.py +42 -0
- angr/procedures/definitions/win32_wmvcore.py +46 -0
- angr/procedures/definitions/win32_wnvapi.py +28 -0
- angr/procedures/definitions/win32_wofutil.py +46 -0
- angr/procedures/definitions/win32_ws2_32.py +344 -0
- angr/procedures/definitions/win32_wscapi.py +36 -0
- angr/procedures/definitions/win32_wsclient.py +30 -0
- angr/procedures/definitions/win32_wsdapi.py +88 -0
- angr/procedures/definitions/win32_wsmsvc.py +90 -0
- angr/procedures/definitions/win32_wsnmp32.py +122 -0
- angr/procedures/definitions/win32_wtsapi32.py +150 -0
- angr/procedures/definitions/win32_xaudio2_8.py +32 -0
- angr/procedures/definitions/win32_xinput1_4.py +38 -0
- angr/procedures/definitions/win32_xinputuap.py +36 -0
- angr/procedures/definitions/win32_xmllite.py +36 -0
- angr/procedures/definitions/win32_xolehlp.py +32 -0
- angr/procedures/definitions/win32_xpsprint.py +28 -0
- angr/procedures/glibc/__ctype_b_loc.py +21 -0
- angr/procedures/glibc/__ctype_tolower_loc.py +21 -0
- angr/procedures/glibc/__ctype_toupper_loc.py +21 -0
- angr/procedures/glibc/__errno_location.py +7 -0
- angr/procedures/glibc/__init__.py +3 -0
- angr/procedures/glibc/__libc_init.py +37 -0
- angr/procedures/glibc/__libc_start_main.py +301 -0
- angr/procedures/glibc/dynamic_loading.py +20 -0
- angr/procedures/glibc/scanf.py +11 -0
- angr/procedures/glibc/sscanf.py +6 -0
- angr/procedures/gnulib/__init__.py +3 -0
- angr/procedures/gnulib/xalloc_die.py +14 -0
- angr/procedures/gnulib/xstrtol_fatal.py +14 -0
- angr/procedures/java/__init__.py +42 -0
- angr/procedures/java/unconstrained.py +65 -0
- angr/procedures/java_io/__init__.py +0 -0
- angr/procedures/java_io/read.py +12 -0
- angr/procedures/java_io/write.py +17 -0
- angr/procedures/java_jni/__init__.py +482 -0
- angr/procedures/java_jni/array_operations.py +312 -0
- angr/procedures/java_jni/class_and_interface_operations.py +31 -0
- angr/procedures/java_jni/field_access.py +173 -0
- angr/procedures/java_jni/global_and_local_refs.py +57 -0
- angr/procedures/java_jni/method_calls.py +365 -0
- angr/procedures/java_jni/not_implemented.py +26 -0
- angr/procedures/java_jni/object_operations.py +94 -0
- angr/procedures/java_jni/string_operations.py +87 -0
- angr/procedures/java_jni/version_information.py +12 -0
- angr/procedures/java_lang/__init__.py +0 -0
- angr/procedures/java_lang/character.py +30 -0
- angr/procedures/java_lang/double.py +24 -0
- angr/procedures/java_lang/exit.py +13 -0
- angr/procedures/java_lang/getsimplename.py +18 -0
- angr/procedures/java_lang/integer.py +43 -0
- angr/procedures/java_lang/load_library.py +9 -0
- angr/procedures/java_lang/math.py +15 -0
- angr/procedures/java_lang/string.py +78 -0
- angr/procedures/java_lang/stringbuilder.py +44 -0
- angr/procedures/java_lang/system.py +18 -0
- angr/procedures/java_util/__init__.py +0 -0
- angr/procedures/java_util/collection.py +35 -0
- angr/procedures/java_util/iterator.py +46 -0
- angr/procedures/java_util/list.py +99 -0
- angr/procedures/java_util/map.py +131 -0
- angr/procedures/java_util/random.py +14 -0
- angr/procedures/java_util/scanner_nextline.py +23 -0
- angr/procedures/libc/__init__.py +3 -0
- angr/procedures/libc/abort.py +9 -0
- angr/procedures/libc/access.py +13 -0
- angr/procedures/libc/atoi.py +14 -0
- angr/procedures/libc/atol.py +13 -0
- angr/procedures/libc/calloc.py +8 -0
- angr/procedures/libc/closelog.py +10 -0
- angr/procedures/libc/err.py +14 -0
- angr/procedures/libc/error.py +54 -0
- angr/procedures/libc/exit.py +11 -0
- angr/procedures/libc/fclose.py +19 -0
- angr/procedures/libc/feof.py +21 -0
- angr/procedures/libc/fflush.py +16 -0
- angr/procedures/libc/fgetc.py +27 -0
- angr/procedures/libc/fgets.py +68 -0
- angr/procedures/libc/fopen.py +63 -0
- angr/procedures/libc/fprintf.py +25 -0
- angr/procedures/libc/fputc.py +23 -0
- angr/procedures/libc/fputs.py +24 -0
- angr/procedures/libc/fread.py +24 -0
- angr/procedures/libc/free.py +9 -0
- angr/procedures/libc/fscanf.py +20 -0
- angr/procedures/libc/fseek.py +34 -0
- angr/procedures/libc/ftell.py +22 -0
- angr/procedures/libc/fwrite.py +19 -0
- angr/procedures/libc/getchar.py +13 -0
- angr/procedures/libc/getdelim.py +99 -0
- angr/procedures/libc/getegid.py +8 -0
- angr/procedures/libc/geteuid.py +8 -0
- angr/procedures/libc/getgid.py +8 -0
- angr/procedures/libc/gets.py +68 -0
- angr/procedures/libc/getuid.py +8 -0
- angr/procedures/libc/malloc.py +12 -0
- angr/procedures/libc/memcmp.py +69 -0
- angr/procedures/libc/memcpy.py +38 -0
- angr/procedures/libc/memset.py +72 -0
- angr/procedures/libc/openlog.py +10 -0
- angr/procedures/libc/perror.py +13 -0
- angr/procedures/libc/printf.py +34 -0
- angr/procedures/libc/putchar.py +13 -0
- angr/procedures/libc/puts.py +19 -0
- angr/procedures/libc/rand.py +8 -0
- angr/procedures/libc/realloc.py +8 -0
- angr/procedures/libc/rewind.py +12 -0
- angr/procedures/libc/scanf.py +20 -0
- angr/procedures/libc/setbuf.py +9 -0
- angr/procedures/libc/setvbuf.py +7 -0
- angr/procedures/libc/snprintf.py +36 -0
- angr/procedures/libc/sprintf.py +25 -0
- angr/procedures/libc/srand.py +7 -0
- angr/procedures/libc/sscanf.py +13 -0
- angr/procedures/libc/stpcpy.py +18 -0
- angr/procedures/libc/strcat.py +14 -0
- angr/procedures/libc/strchr.py +48 -0
- angr/procedures/libc/strcmp.py +31 -0
- angr/procedures/libc/strcpy.py +13 -0
- angr/procedures/libc/strlen.py +114 -0
- angr/procedures/libc/strncat.py +19 -0
- angr/procedures/libc/strncmp.py +183 -0
- angr/procedures/libc/strncpy.py +22 -0
- angr/procedures/libc/strnlen.py +13 -0
- angr/procedures/libc/strstr.py +101 -0
- angr/procedures/libc/strtol.py +261 -0
- angr/procedures/libc/strtoul.py +9 -0
- angr/procedures/libc/system.py +13 -0
- angr/procedures/libc/time.py +9 -0
- angr/procedures/libc/tmpnam.py +20 -0
- angr/procedures/libc/tolower.py +10 -0
- angr/procedures/libc/toupper.py +10 -0
- angr/procedures/libc/ungetc.py +20 -0
- angr/procedures/libc/vsnprintf.py +17 -0
- angr/procedures/libc/wchar.py +16 -0
- angr/procedures/libstdcpp/__init__.py +0 -0
- angr/procedures/libstdcpp/_unwind_resume.py +11 -0
- angr/procedures/libstdcpp/std____throw_bad_alloc.py +13 -0
- angr/procedures/libstdcpp/std____throw_bad_cast.py +13 -0
- angr/procedures/libstdcpp/std____throw_length_error.py +13 -0
- angr/procedures/libstdcpp/std____throw_logic_error.py +13 -0
- angr/procedures/libstdcpp/std__terminate.py +13 -0
- angr/procedures/linux_kernel/__init__.py +3 -0
- angr/procedures/linux_kernel/access.py +18 -0
- angr/procedures/linux_kernel/arch_prctl.py +34 -0
- angr/procedures/linux_kernel/arm_user_helpers.py +59 -0
- angr/procedures/linux_kernel/brk.py +18 -0
- angr/procedures/linux_kernel/cwd.py +28 -0
- angr/procedures/linux_kernel/fstat.py +138 -0
- angr/procedures/linux_kernel/fstat64.py +170 -0
- angr/procedures/linux_kernel/futex.py +17 -0
- angr/procedures/linux_kernel/getegid.py +17 -0
- angr/procedures/linux_kernel/geteuid.py +17 -0
- angr/procedures/linux_kernel/getgid.py +17 -0
- angr/procedures/linux_kernel/getpid.py +14 -0
- angr/procedures/linux_kernel/getrlimit.py +24 -0
- angr/procedures/linux_kernel/gettid.py +9 -0
- angr/procedures/linux_kernel/getuid.py +17 -0
- angr/procedures/linux_kernel/iovec.py +47 -0
- angr/procedures/linux_kernel/lseek.py +42 -0
- angr/procedures/linux_kernel/mmap.py +16 -0
- angr/procedures/linux_kernel/mprotect.py +42 -0
- angr/procedures/linux_kernel/munmap.py +8 -0
- angr/procedures/linux_kernel/openat.py +26 -0
- angr/procedures/linux_kernel/set_tid_address.py +8 -0
- angr/procedures/linux_kernel/sigaction.py +19 -0
- angr/procedures/linux_kernel/sigprocmask.py +23 -0
- angr/procedures/linux_kernel/stat.py +23 -0
- angr/procedures/linux_kernel/sysinfo.py +59 -0
- angr/procedures/linux_kernel/tgkill.py +10 -0
- angr/procedures/linux_kernel/time.py +34 -0
- angr/procedures/linux_kernel/uid.py +30 -0
- angr/procedures/linux_kernel/uname.py +29 -0
- angr/procedures/linux_kernel/unlink.py +22 -0
- angr/procedures/linux_kernel/vsyscall.py +16 -0
- angr/procedures/linux_loader/__init__.py +3 -0
- angr/procedures/linux_loader/_dl_initial_error_catch_tsd.py +7 -0
- angr/procedures/linux_loader/_dl_rtld_lock.py +15 -0
- angr/procedures/linux_loader/sim_loader.py +54 -0
- angr/procedures/linux_loader/tls.py +40 -0
- angr/procedures/msvcr/__getmainargs.py +16 -0
- angr/procedures/msvcr/__init__.py +4 -0
- angr/procedures/msvcr/_initterm.py +38 -0
- angr/procedures/msvcr/fmode.py +31 -0
- angr/procedures/ntdll/__init__.py +0 -0
- angr/procedures/ntdll/exceptions.py +60 -0
- angr/procedures/posix/__init__.py +3 -0
- angr/procedures/posix/accept.py +29 -0
- angr/procedures/posix/bind.py +13 -0
- angr/procedures/posix/bzero.py +9 -0
- angr/procedures/posix/chroot.py +27 -0
- angr/procedures/posix/close.py +9 -0
- angr/procedures/posix/closedir.py +7 -0
- angr/procedures/posix/dup.py +56 -0
- angr/procedures/posix/fcntl.py +10 -0
- angr/procedures/posix/fdopen.py +76 -0
- angr/procedures/posix/fileno.py +18 -0
- angr/procedures/posix/fork.py +13 -0
- angr/procedures/posix/getenv.py +35 -0
- angr/procedures/posix/gethostbyname.py +43 -0
- angr/procedures/posix/getpass.py +19 -0
- angr/procedures/posix/getsockopt.py +11 -0
- angr/procedures/posix/htonl.py +11 -0
- angr/procedures/posix/htons.py +11 -0
- angr/procedures/posix/inet_ntoa.py +59 -0
- angr/procedures/posix/listen.py +13 -0
- angr/procedures/posix/mmap.py +144 -0
- angr/procedures/posix/open.py +18 -0
- angr/procedures/posix/opendir.py +10 -0
- angr/procedures/posix/poll.py +55 -0
- angr/procedures/posix/pread64.py +46 -0
- angr/procedures/posix/pthread.py +87 -0
- angr/procedures/posix/pwrite64.py +46 -0
- angr/procedures/posix/read.py +13 -0
- angr/procedures/posix/readdir.py +62 -0
- angr/procedures/posix/recv.py +13 -0
- angr/procedures/posix/recvfrom.py +13 -0
- angr/procedures/posix/select.py +48 -0
- angr/procedures/posix/send.py +23 -0
- angr/procedures/posix/setsockopt.py +9 -0
- angr/procedures/posix/sigaction.py +23 -0
- angr/procedures/posix/sim_time.py +48 -0
- angr/procedures/posix/sleep.py +8 -0
- angr/procedures/posix/socket.py +18 -0
- angr/procedures/posix/strcasecmp.py +26 -0
- angr/procedures/posix/strdup.py +18 -0
- angr/procedures/posix/strtok_r.py +64 -0
- angr/procedures/posix/syslog.py +15 -0
- angr/procedures/posix/tz.py +9 -0
- angr/procedures/posix/unlink.py +11 -0
- angr/procedures/posix/usleep.py +8 -0
- angr/procedures/posix/write.py +13 -0
- angr/procedures/procedure_dict.py +50 -0
- angr/procedures/stubs/CallReturn.py +13 -0
- angr/procedures/stubs/NoReturnUnconstrained.py +13 -0
- angr/procedures/stubs/Nop.py +7 -0
- angr/procedures/stubs/PathTerminator.py +9 -0
- angr/procedures/stubs/Redirect.py +18 -0
- angr/procedures/stubs/ReturnChar.py +11 -0
- angr/procedures/stubs/ReturnUnconstrained.py +24 -0
- angr/procedures/stubs/UnresolvableCallTarget.py +9 -0
- angr/procedures/stubs/UnresolvableJumpTarget.py +9 -0
- angr/procedures/stubs/UserHook.py +18 -0
- angr/procedures/stubs/__init__.py +3 -0
- angr/procedures/stubs/b64_decode.py +15 -0
- angr/procedures/stubs/caller.py +14 -0
- angr/procedures/stubs/crazy_scanf.py +20 -0
- angr/procedures/stubs/format_parser.py +669 -0
- angr/procedures/stubs/syscall_stub.py +24 -0
- angr/procedures/testing/__init__.py +3 -0
- angr/procedures/testing/manyargs.py +9 -0
- angr/procedures/testing/retreg.py +8 -0
- angr/procedures/tracer/__init__.py +4 -0
- angr/procedures/tracer/random.py +9 -0
- angr/procedures/tracer/receive.py +23 -0
- angr/procedures/tracer/transmit.py +26 -0
- angr/procedures/uclibc/__init__.py +3 -0
- angr/procedures/uclibc/__uClibc_main.py +10 -0
- angr/procedures/win32/EncodePointer.py +7 -0
- angr/procedures/win32/ExitProcess.py +9 -0
- angr/procedures/win32/GetCommandLine.py +12 -0
- angr/procedures/win32/GetCurrentProcessId.py +7 -0
- angr/procedures/win32/GetCurrentThreadId.py +7 -0
- angr/procedures/win32/GetLastInputInfo.py +40 -0
- angr/procedures/win32/GetModuleHandle.py +29 -0
- angr/procedures/win32/GetProcessAffinityMask.py +37 -0
- angr/procedures/win32/InterlockedExchange.py +15 -0
- angr/procedures/win32/IsProcessorFeaturePresent.py +7 -0
- angr/procedures/win32/VirtualAlloc.py +114 -0
- angr/procedures/win32/VirtualProtect.py +60 -0
- angr/procedures/win32/__init__.py +3 -0
- angr/procedures/win32/critical_section.py +12 -0
- angr/procedures/win32/dynamic_loading.py +104 -0
- angr/procedures/win32/file_handles.py +47 -0
- angr/procedures/win32/gethostbyname.py +12 -0
- angr/procedures/win32/heap.py +45 -0
- angr/procedures/win32/is_bad_ptr.py +26 -0
- angr/procedures/win32/local_storage.py +88 -0
- angr/procedures/win32/mutex.py +11 -0
- angr/procedures/win32/sim_time.py +135 -0
- angr/procedures/win32/system_paths.py +35 -0
- angr/procedures/win32_kernel/ExAllocatePool.py +13 -0
- angr/procedures/win32_kernel/ExFreePoolWithTag.py +8 -0
- angr/procedures/win32_kernel/__fastfail.py +15 -0
- angr/procedures/win32_kernel/__init__.py +3 -0
- angr/procedures/win_user32/__init__.py +0 -0
- angr/procedures/win_user32/chars.py +15 -0
- angr/procedures/win_user32/keyboard.py +14 -0
- angr/procedures/win_user32/messagebox.py +49 -0
- angr/project.py +847 -0
- angr/protos/__init__.py +19 -0
- angr/protos/cfg_pb2.py +31 -0
- angr/protos/function_pb2.py +27 -0
- angr/protos/primitives_pb2.py +52 -0
- angr/protos/variables_pb2.py +44 -0
- angr/protos/xrefs_pb2.py +25 -0
- angr/py.typed +1 -0
- angr/rustylib.abi3.so +0 -0
- angr/serializable.py +66 -0
- angr/sim_manager.py +971 -0
- angr/sim_options.py +438 -0
- angr/sim_procedure.py +606 -0
- angr/sim_state.py +901 -0
- angr/sim_state_options.py +403 -0
- angr/sim_type.py +3702 -0
- angr/sim_variable.py +465 -0
- angr/simos/__init__.py +47 -0
- angr/simos/cgc.py +153 -0
- angr/simos/javavm.py +458 -0
- angr/simos/linux.py +509 -0
- angr/simos/simos.py +444 -0
- angr/simos/snimmuc_nxp.py +149 -0
- angr/simos/userland.py +163 -0
- angr/simos/windows.py +601 -0
- angr/simos/xbox.py +32 -0
- angr/slicer.py +352 -0
- angr/state_hierarchy.py +262 -0
- angr/state_plugins/__init__.py +84 -0
- angr/state_plugins/callstack.py +398 -0
- angr/state_plugins/cgc.py +155 -0
- angr/state_plugins/debug_variables.py +192 -0
- angr/state_plugins/filesystem.py +463 -0
- angr/state_plugins/gdb.py +148 -0
- angr/state_plugins/globals.py +65 -0
- angr/state_plugins/heap/__init__.py +15 -0
- angr/state_plugins/heap/heap_base.py +128 -0
- angr/state_plugins/heap/heap_brk.py +136 -0
- angr/state_plugins/heap/heap_freelist.py +213 -0
- angr/state_plugins/heap/heap_libc.py +46 -0
- angr/state_plugins/heap/heap_ptmalloc.py +620 -0
- angr/state_plugins/heap/utils.py +22 -0
- angr/state_plugins/history.py +564 -0
- angr/state_plugins/inspect.py +375 -0
- angr/state_plugins/javavm_classloader.py +134 -0
- angr/state_plugins/jni_references.py +95 -0
- angr/state_plugins/libc.py +1263 -0
- angr/state_plugins/light_registers.py +168 -0
- angr/state_plugins/log.py +84 -0
- angr/state_plugins/loop_data.py +92 -0
- angr/state_plugins/plugin.py +170 -0
- angr/state_plugins/posix.py +703 -0
- angr/state_plugins/preconstrainer.py +196 -0
- angr/state_plugins/scratch.py +173 -0
- angr/state_plugins/sim_action.py +326 -0
- angr/state_plugins/sim_action_object.py +271 -0
- angr/state_plugins/sim_event.py +59 -0
- angr/state_plugins/solver.py +1127 -0
- angr/state_plugins/symbolizer.py +291 -0
- angr/state_plugins/trace_additions.py +738 -0
- angr/state_plugins/uc_manager.py +94 -0
- angr/state_plugins/unicorn_engine.py +1886 -0
- angr/state_plugins/view.py +340 -0
- angr/storage/__init__.py +15 -0
- angr/storage/file.py +1210 -0
- angr/storage/memory_mixins/__init__.py +317 -0
- angr/storage/memory_mixins/actions_mixin.py +72 -0
- angr/storage/memory_mixins/address_concretization_mixin.py +384 -0
- angr/storage/memory_mixins/bvv_conversion_mixin.py +73 -0
- angr/storage/memory_mixins/clouseau_mixin.py +137 -0
- angr/storage/memory_mixins/conditional_store_mixin.py +25 -0
- angr/storage/memory_mixins/convenient_mappings_mixin.py +256 -0
- angr/storage/memory_mixins/default_filler_mixin.py +144 -0
- angr/storage/memory_mixins/dirty_addrs_mixin.py +11 -0
- angr/storage/memory_mixins/hex_dumper_mixin.py +82 -0
- angr/storage/memory_mixins/javavm_memory_mixin.py +392 -0
- angr/storage/memory_mixins/keyvalue_memory_mixin.py +42 -0
- angr/storage/memory_mixins/label_merger_mixin.py +31 -0
- angr/storage/memory_mixins/memory_mixin.py +174 -0
- angr/storage/memory_mixins/multi_value_merger_mixin.py +79 -0
- angr/storage/memory_mixins/name_resolution_mixin.py +67 -0
- angr/storage/memory_mixins/paged_memory/__init__.py +0 -0
- angr/storage/memory_mixins/paged_memory/page_backer_mixins.py +266 -0
- angr/storage/memory_mixins/paged_memory/paged_memory_mixin.py +743 -0
- angr/storage/memory_mixins/paged_memory/paged_memory_multivalue_mixin.py +65 -0
- angr/storage/memory_mixins/paged_memory/pages/__init__.py +26 -0
- angr/storage/memory_mixins/paged_memory/pages/base.py +31 -0
- angr/storage/memory_mixins/paged_memory/pages/cooperation.py +341 -0
- angr/storage/memory_mixins/paged_memory/pages/history_tracking_mixin.py +92 -0
- angr/storage/memory_mixins/paged_memory/pages/ispo_mixin.py +55 -0
- angr/storage/memory_mixins/paged_memory/pages/list_page.py +338 -0
- angr/storage/memory_mixins/paged_memory/pages/multi_values.py +324 -0
- angr/storage/memory_mixins/paged_memory/pages/mv_list_page.py +419 -0
- angr/storage/memory_mixins/paged_memory/pages/permissions_mixin.py +36 -0
- angr/storage/memory_mixins/paged_memory/pages/refcount_mixin.py +52 -0
- angr/storage/memory_mixins/paged_memory/pages/ultra_page.py +503 -0
- angr/storage/memory_mixins/paged_memory/privileged_mixin.py +36 -0
- angr/storage/memory_mixins/paged_memory/stack_allocation_mixin.py +74 -0
- angr/storage/memory_mixins/regioned_memory/__init__.py +17 -0
- angr/storage/memory_mixins/regioned_memory/abstract_address_descriptor.py +36 -0
- angr/storage/memory_mixins/regioned_memory/abstract_merger_mixin.py +31 -0
- angr/storage/memory_mixins/regioned_memory/region_category_mixin.py +9 -0
- angr/storage/memory_mixins/regioned_memory/region_data.py +246 -0
- angr/storage/memory_mixins/regioned_memory/region_meta_mixin.py +241 -0
- angr/storage/memory_mixins/regioned_memory/regioned_address_concretization_mixin.py +119 -0
- angr/storage/memory_mixins/regioned_memory/regioned_memory_mixin.py +441 -0
- angr/storage/memory_mixins/regioned_memory/static_find_mixin.py +69 -0
- angr/storage/memory_mixins/simple_interface_mixin.py +71 -0
- angr/storage/memory_mixins/simplification_mixin.py +15 -0
- angr/storage/memory_mixins/size_resolution_mixin.py +143 -0
- angr/storage/memory_mixins/slotted_memory.py +140 -0
- angr/storage/memory_mixins/smart_find_mixin.py +161 -0
- angr/storage/memory_mixins/symbolic_merger_mixin.py +16 -0
- angr/storage/memory_mixins/top_merger_mixin.py +25 -0
- angr/storage/memory_mixins/underconstrained_mixin.py +67 -0
- angr/storage/memory_mixins/unwrapper_mixin.py +26 -0
- angr/storage/memory_object.py +195 -0
- angr/tablespecs.py +91 -0
- angr/unicornlib.dylib +0 -0
- angr/utils/__init__.py +46 -0
- angr/utils/ail.py +70 -0
- angr/utils/algo.py +34 -0
- angr/utils/bits.py +46 -0
- angr/utils/constants.py +9 -0
- angr/utils/cowdict.py +63 -0
- angr/utils/cpp.py +17 -0
- angr/utils/doms.py +149 -0
- angr/utils/dynamic_dictlist.py +89 -0
- angr/utils/endness.py +18 -0
- angr/utils/enums_conv.py +97 -0
- angr/utils/env.py +12 -0
- angr/utils/formatting.py +128 -0
- angr/utils/funcid.py +159 -0
- angr/utils/graph.py +933 -0
- angr/utils/lazy_import.py +13 -0
- angr/utils/library.py +212 -0
- angr/utils/loader.py +55 -0
- angr/utils/mp.py +66 -0
- angr/utils/orderedset.py +74 -0
- angr/utils/ssa/__init__.py +457 -0
- angr/utils/ssa/tmp_uses_collector.py +23 -0
- angr/utils/ssa/vvar_uses_collector.py +37 -0
- angr/utils/tagged_interval_map.py +112 -0
- angr/utils/timing.py +74 -0
- angr/utils/types.py +151 -0
- angr/utils/vex.py +11 -0
- angr/vaults.py +367 -0
- angr-9.2.165.dist-info/METADATA +110 -0
- angr-9.2.165.dist-info/RECORD +1409 -0
- angr-9.2.165.dist-info/WHEEL +6 -0
- angr-9.2.165.dist-info/entry_points.txt +2 -0
- angr-9.2.165.dist-info/licenses/LICENSE +27 -0
- angr-9.2.165.dist-info/top_level.txt +1 -0
|
@@ -0,0 +1,1127 @@
|
|
|
1
|
+
from __future__ import annotations
|
|
2
|
+
from itertools import chain
|
|
3
|
+
from typing import TYPE_CHECKING
|
|
4
|
+
from collections.abc import Iterable
|
|
5
|
+
import logging
|
|
6
|
+
|
|
7
|
+
import pyvex
|
|
8
|
+
import claripy
|
|
9
|
+
|
|
10
|
+
from angr.storage.memory_mixins.paged_memory.pages.multi_values import MultiValues, mv_is_bv
|
|
11
|
+
from angr.engines.light import SimEngineNostmtVEX, SpOffset
|
|
12
|
+
from angr.engines.vex.claripy.datalayer import value as claripy_value
|
|
13
|
+
from angr.errors import SimEngineError, SimMemoryMissingError
|
|
14
|
+
from angr.utils.constants import DEFAULT_STATEMENT
|
|
15
|
+
from angr.knowledge_plugins.key_definitions.definition import Definition
|
|
16
|
+
from angr.knowledge_plugins.key_definitions.live_definitions import LiveDefinitions
|
|
17
|
+
from angr.knowledge_plugins.key_definitions.tag import LocalVariableTag, ParameterTag, Tag
|
|
18
|
+
from angr.knowledge_plugins.key_definitions.atoms import Atom, Register, MemoryLocation, Tmp
|
|
19
|
+
from angr.knowledge_plugins.key_definitions.constants import OP_BEFORE, OP_AFTER
|
|
20
|
+
from angr.knowledge_plugins.key_definitions.heap_address import HeapAddress
|
|
21
|
+
from angr.code_location import CodeLocation, ExternalCodeLocation
|
|
22
|
+
from .rd_state import ReachingDefinitionsState
|
|
23
|
+
from .function_handler import FunctionCallData
|
|
24
|
+
|
|
25
|
+
if TYPE_CHECKING:
|
|
26
|
+
from angr.knowledge_plugins import FunctionManager
|
|
27
|
+
from .function_handler import FunctionHandler
|
|
28
|
+
|
|
29
|
+
|
|
30
|
+
l = logging.getLogger(name=__name__)
|
|
31
|
+
|
|
32
|
+
unop_handler = SimEngineNostmtVEX[
|
|
33
|
+
ReachingDefinitionsState, MultiValues[claripy.ast.BV | claripy.ast.FP], ReachingDefinitionsState
|
|
34
|
+
].unop_handler
|
|
35
|
+
binop_handler = SimEngineNostmtVEX[
|
|
36
|
+
ReachingDefinitionsState, MultiValues[claripy.ast.BV | claripy.ast.FP], ReachingDefinitionsState
|
|
37
|
+
].binop_handler
|
|
38
|
+
|
|
39
|
+
|
|
40
|
+
class SimEngineRDVEX(
|
|
41
|
+
SimEngineNostmtVEX[
|
|
42
|
+
ReachingDefinitionsState, MultiValues[claripy.ast.BV | claripy.ast.FP], ReachingDefinitionsState
|
|
43
|
+
],
|
|
44
|
+
): # pylint:disable=abstract-method
|
|
45
|
+
"""
|
|
46
|
+
Implements the VEX execution engine for reaching definition analysis.
|
|
47
|
+
"""
|
|
48
|
+
|
|
49
|
+
def __init__(self, project, function_handler: FunctionHandler, functions: FunctionManager):
|
|
50
|
+
super().__init__(project)
|
|
51
|
+
self.functions = functions
|
|
52
|
+
self._function_handler = function_handler
|
|
53
|
+
self._visited_blocks = None
|
|
54
|
+
self._dep_graph = None
|
|
55
|
+
|
|
56
|
+
self.state: ReachingDefinitionsState
|
|
57
|
+
|
|
58
|
+
def process(
|
|
59
|
+
self, state, *, block=None, fail_fast=False, visited_blocks=None, dep_graph=None, whitelist=None, **kwargs
|
|
60
|
+
):
|
|
61
|
+
self._visited_blocks = visited_blocks
|
|
62
|
+
self._dep_graph = dep_graph
|
|
63
|
+
# we are using a completely different state. Therefore, we directly call our _process() method before
|
|
64
|
+
# SimEngine becomes flexible enough.
|
|
65
|
+
try:
|
|
66
|
+
return super().process(
|
|
67
|
+
state,
|
|
68
|
+
whitelist=whitelist,
|
|
69
|
+
block=block,
|
|
70
|
+
)
|
|
71
|
+
except SimEngineError as e:
|
|
72
|
+
if fail_fast is True:
|
|
73
|
+
raise e
|
|
74
|
+
l.error(e)
|
|
75
|
+
return self.state
|
|
76
|
+
|
|
77
|
+
def _process_block_end(self, stmt_result, whitelist):
|
|
78
|
+
self.stmt_idx = DEFAULT_STATEMENT
|
|
79
|
+
self._set_codeloc()
|
|
80
|
+
|
|
81
|
+
function_handled = False
|
|
82
|
+
if self.block.vex.jumpkind == "Ijk_Call":
|
|
83
|
+
# it has to be a function
|
|
84
|
+
block_next = self.block.vex.next
|
|
85
|
+
assert isinstance(block_next, pyvex.expr.IRExpr)
|
|
86
|
+
addr = self._expr_bv(block_next)
|
|
87
|
+
self._handle_function(addr)
|
|
88
|
+
function_handled = True
|
|
89
|
+
elif self.block.vex.jumpkind == "Ijk_Boring":
|
|
90
|
+
# test if the target addr is a function or not
|
|
91
|
+
block_next = self.block.vex.next
|
|
92
|
+
assert isinstance(block_next, pyvex.expr.IRExpr)
|
|
93
|
+
addr = self._expr_bv(block_next)
|
|
94
|
+
addr_v = addr.one_value()
|
|
95
|
+
if addr_v is not None and addr_v.concrete:
|
|
96
|
+
addr_int = addr_v.concrete_value
|
|
97
|
+
if addr_int in self.functions:
|
|
98
|
+
# yes it's a jump to a function
|
|
99
|
+
self._handle_function(addr)
|
|
100
|
+
function_handled = True
|
|
101
|
+
|
|
102
|
+
# take care of OP_AFTER during statement processing for function calls in a block
|
|
103
|
+
if self.state.analysis and function_handled:
|
|
104
|
+
self.state.analysis.stmt_observe(
|
|
105
|
+
self.stmt_idx, self.block.vex.statements[-1], self.block, self.state, OP_AFTER
|
|
106
|
+
)
|
|
107
|
+
self.state.analysis.insn_observe(
|
|
108
|
+
self.ins_addr, self.block.vex.statements[-1], self.block, self.state, OP_AFTER
|
|
109
|
+
)
|
|
110
|
+
|
|
111
|
+
return self.state
|
|
112
|
+
|
|
113
|
+
#
|
|
114
|
+
# Private methods
|
|
115
|
+
#
|
|
116
|
+
|
|
117
|
+
def _expr_bv(self, expr: pyvex.expr.IRExpr) -> MultiValues[claripy.ast.BV]:
|
|
118
|
+
result = self._expr(expr)
|
|
119
|
+
assert mv_is_bv(result)
|
|
120
|
+
return result
|
|
121
|
+
|
|
122
|
+
def _expr_pair(
|
|
123
|
+
self, arg0: pyvex.expr.IRExpr, arg1: pyvex.expr.IRExpr
|
|
124
|
+
) -> (
|
|
125
|
+
tuple[MultiValues[claripy.ast.BV], MultiValues[claripy.ast.BV]]
|
|
126
|
+
| tuple[MultiValues[claripy.ast.FP], MultiValues[claripy.ast.FP]]
|
|
127
|
+
):
|
|
128
|
+
r0 = self._expr(arg0)
|
|
129
|
+
r1 = self._expr(arg1)
|
|
130
|
+
assert type(r0) is type(r1)
|
|
131
|
+
return r0, r1 # type: ignore
|
|
132
|
+
|
|
133
|
+
def _external_codeloc(self):
|
|
134
|
+
return ExternalCodeLocation(self.state.codeloc.context)
|
|
135
|
+
|
|
136
|
+
def _set_codeloc(self):
|
|
137
|
+
# TODO do we want a better mechanism to specify context updates?
|
|
138
|
+
new_codeloc = CodeLocation(
|
|
139
|
+
self.block.addr, self.stmt_idx, ins_addr=self.ins_addr, context=self.state.codeloc.context
|
|
140
|
+
)
|
|
141
|
+
self.state.move_codelocs(new_codeloc)
|
|
142
|
+
self.state.analysis.model.at_new_stmt(new_codeloc)
|
|
143
|
+
|
|
144
|
+
def _is_top(self, expr):
|
|
145
|
+
"""
|
|
146
|
+
MultiValues are not really "top" in the stricter sense. They are just a collection of values,
|
|
147
|
+
some of which might be top
|
|
148
|
+
"""
|
|
149
|
+
return False
|
|
150
|
+
|
|
151
|
+
def _top(self, bits) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
|
|
152
|
+
return MultiValues(self.state.top(bits))
|
|
153
|
+
|
|
154
|
+
#
|
|
155
|
+
# VEX statement handlers
|
|
156
|
+
#
|
|
157
|
+
|
|
158
|
+
def _stmt(self, stmt):
|
|
159
|
+
if self.state.analysis:
|
|
160
|
+
self.state.analysis.stmt_observe(self.stmt_idx, stmt, self.block, self.state, OP_BEFORE)
|
|
161
|
+
self.state.analysis.insn_observe(self.ins_addr, stmt, self.block, self.state, OP_BEFORE)
|
|
162
|
+
|
|
163
|
+
self._set_codeloc()
|
|
164
|
+
result = super()._stmt(stmt)
|
|
165
|
+
|
|
166
|
+
if self.state.analysis:
|
|
167
|
+
self.state.analysis.stmt_observe(self.stmt_idx, stmt, self.block, self.state, OP_AFTER)
|
|
168
|
+
self.state.analysis.insn_observe(self.ins_addr, stmt, self.block, self.state, OP_AFTER)
|
|
169
|
+
|
|
170
|
+
return result
|
|
171
|
+
|
|
172
|
+
def _handle_stmt_WrTmp(self, stmt):
|
|
173
|
+
data = self._expr(stmt.data)
|
|
174
|
+
|
|
175
|
+
tmp_atom = Tmp(stmt.tmp, self.tyenv.sizeof(stmt.tmp) // self.arch.byte_width)
|
|
176
|
+
# if len(data.values) == 1 and 0 in data.values:
|
|
177
|
+
# data_v = data.one_value()
|
|
178
|
+
# if data_v is not None:
|
|
179
|
+
# # annotate data with its definition
|
|
180
|
+
# data = MultiValues(offset_to_values={
|
|
181
|
+
# 0: {self.state.annotate_with_def(data_v, Definition(tmp_atom, self._codeloc()))
|
|
182
|
+
# }
|
|
183
|
+
# })
|
|
184
|
+
self.tmps[stmt.tmp] = data
|
|
185
|
+
|
|
186
|
+
self.state.kill_and_add_definition(
|
|
187
|
+
tmp_atom,
|
|
188
|
+
data,
|
|
189
|
+
)
|
|
190
|
+
|
|
191
|
+
# e.g. PUT(rsp) = t2, t2 might include multiple values
|
|
192
|
+
def _handle_stmt_Put(self, stmt):
|
|
193
|
+
size: int = stmt.data.result_size(self.tyenv) // 8
|
|
194
|
+
reg = Register(stmt.offset, size, self.arch)
|
|
195
|
+
data = self._expr(stmt.data)
|
|
196
|
+
|
|
197
|
+
# special handling for references to heap or stack variables
|
|
198
|
+
if data.count() == 1:
|
|
199
|
+
for d in next(iter(data.values())):
|
|
200
|
+
if self.state.is_heap_address(d):
|
|
201
|
+
heap_offset = self.state.get_heap_offset(d)
|
|
202
|
+
if heap_offset is not None:
|
|
203
|
+
self.state.add_heap_use(heap_offset, 1)
|
|
204
|
+
elif self.state.is_stack_address(d):
|
|
205
|
+
stack_offset = self.state.get_stack_offset(d)
|
|
206
|
+
if stack_offset is not None:
|
|
207
|
+
self.state.add_stack_use(stack_offset, 1)
|
|
208
|
+
|
|
209
|
+
if self.state.exit_observed and stmt.offset == self.arch.sp_offset:
|
|
210
|
+
return
|
|
211
|
+
self.state.kill_and_add_definition(reg, data)
|
|
212
|
+
|
|
213
|
+
def _handle_stmt_PutI(self, stmt):
|
|
214
|
+
pass
|
|
215
|
+
|
|
216
|
+
# e.g. STle(t6) = t21, t6 and/or t21 might include multiple values
|
|
217
|
+
def _handle_stmt_Store(self, stmt):
|
|
218
|
+
addr = self._expr_bv(stmt.addr)
|
|
219
|
+
size = stmt.data.result_size(self.tyenv) // 8
|
|
220
|
+
data = self._expr(stmt.data)
|
|
221
|
+
|
|
222
|
+
if addr.count() == 1:
|
|
223
|
+
addrs = next(iter(addr.values()))
|
|
224
|
+
self._store_core(addrs, size, data, endness=stmt.endness)
|
|
225
|
+
|
|
226
|
+
def _handle_stmt_StoreG(self, stmt):
|
|
227
|
+
guard = self._expr_bv(stmt.guard)
|
|
228
|
+
guard_v = guard.one_value()
|
|
229
|
+
|
|
230
|
+
if guard_v is not None and claripy.is_true(guard_v != 0):
|
|
231
|
+
addr = self._expr_bv(stmt.addr)
|
|
232
|
+
if addr.count() == 1:
|
|
233
|
+
addrs = next(iter(addr.values()))
|
|
234
|
+
size = stmt.data.result_size(self.tyenv) // 8
|
|
235
|
+
data = self._expr(stmt.data)
|
|
236
|
+
self._store_core(addrs, size, data)
|
|
237
|
+
elif guard_v is not None and claripy.is_false(guard_v != 0):
|
|
238
|
+
pass
|
|
239
|
+
else:
|
|
240
|
+
# guard.data == {True, False}
|
|
241
|
+
# get current data
|
|
242
|
+
addr = self._expr_bv(stmt.addr)
|
|
243
|
+
if addr.count() == 1:
|
|
244
|
+
addrs = next(iter(addr.values()))
|
|
245
|
+
size = stmt.data.result_size(self.tyenv) // 8
|
|
246
|
+
data_old = self._load_core(addrs, size, stmt.endness)
|
|
247
|
+
data = self._expr(stmt.data)
|
|
248
|
+
|
|
249
|
+
self._store_core(addrs, size, data, data_old=data_old)
|
|
250
|
+
|
|
251
|
+
def _store_core(
|
|
252
|
+
self,
|
|
253
|
+
addr: Iterable[int | claripy.ast.bv.BV],
|
|
254
|
+
size: int,
|
|
255
|
+
data: MultiValues,
|
|
256
|
+
data_old: MultiValues | None = None,
|
|
257
|
+
endness=None,
|
|
258
|
+
):
|
|
259
|
+
if data_old is not None:
|
|
260
|
+
data = data.merge(data_old)
|
|
261
|
+
|
|
262
|
+
for a in addr:
|
|
263
|
+
if self.state.is_top(a):
|
|
264
|
+
l.debug("Memory address undefined, ins_addr = %#x.", self.ins_addr)
|
|
265
|
+
else:
|
|
266
|
+
tags: set[Tag] | None
|
|
267
|
+
if isinstance(a, int):
|
|
268
|
+
atom = MemoryLocation(a, size)
|
|
269
|
+
tags = None
|
|
270
|
+
elif self.state.is_stack_address(a):
|
|
271
|
+
offset = self.state.get_stack_offset(a)
|
|
272
|
+
if offset is None:
|
|
273
|
+
continue
|
|
274
|
+
atom = MemoryLocation(SpOffset(self.arch.bits, offset), size)
|
|
275
|
+
function_address = None # we cannot get the function address in the middle of a store if a CFG
|
|
276
|
+
# does not exist. you should backpatch the function address later using
|
|
277
|
+
# the 'ins_addr' metadata entry.
|
|
278
|
+
tags = {
|
|
279
|
+
LocalVariableTag(
|
|
280
|
+
function=function_address,
|
|
281
|
+
metadata={"tagged_by": "SimEngineRDVEX._store_core", "ins_addr": self.ins_addr},
|
|
282
|
+
)
|
|
283
|
+
}
|
|
284
|
+
|
|
285
|
+
elif self.state.is_heap_address(a):
|
|
286
|
+
offset = self.state.get_heap_offset(a)
|
|
287
|
+
if offset is not None:
|
|
288
|
+
atom = MemoryLocation(HeapAddress(offset), size)
|
|
289
|
+
tags = None
|
|
290
|
+
else:
|
|
291
|
+
continue
|
|
292
|
+
|
|
293
|
+
elif isinstance(a, claripy.ast.BV):
|
|
294
|
+
addr_v = a.concrete_value
|
|
295
|
+
atom = MemoryLocation(addr_v, size)
|
|
296
|
+
tags = None
|
|
297
|
+
|
|
298
|
+
else:
|
|
299
|
+
continue
|
|
300
|
+
|
|
301
|
+
# different addresses are not killed by a subsequent iteration, because kill only removes entries
|
|
302
|
+
# with same index and same size
|
|
303
|
+
self.state.kill_and_add_definition(atom, data, tags=tags, endness=endness)
|
|
304
|
+
|
|
305
|
+
def _handle_stmt_LoadG(self, stmt):
|
|
306
|
+
guard = self._expr_bv(stmt.guard)
|
|
307
|
+
guard_v = guard.one_value()
|
|
308
|
+
|
|
309
|
+
if guard_v is not None and claripy.is_true(guard_v != 0):
|
|
310
|
+
# FIXME: full conversion support
|
|
311
|
+
if stmt.cvt.find("Ident") < 0:
|
|
312
|
+
l.warning("Unsupported conversion %s in LoadG.", stmt.cvt)
|
|
313
|
+
load_expr = pyvex.expr.Load(stmt.end, stmt.cvt_types[1], stmt.addr)
|
|
314
|
+
wr_tmp_stmt = pyvex.stmt.WrTmp(stmt.dst, load_expr)
|
|
315
|
+
self._handle_stmt_WrTmp(wr_tmp_stmt)
|
|
316
|
+
elif guard_v is not None and claripy.is_false(guard_v != 0):
|
|
317
|
+
wr_tmp_stmt = pyvex.stmt.WrTmp(stmt.dst, stmt.alt)
|
|
318
|
+
self._handle_stmt_WrTmp(wr_tmp_stmt)
|
|
319
|
+
else:
|
|
320
|
+
if stmt.cvt.find("Ident") < 0:
|
|
321
|
+
l.warning("Unsupported conversion %s in LoadG.", stmt.cvt)
|
|
322
|
+
load_expr = pyvex.expr.Load(stmt.end, stmt.cvt_types[1], stmt.addr)
|
|
323
|
+
|
|
324
|
+
load_expr_v = self._expr(load_expr)
|
|
325
|
+
alt_v = self._expr(stmt.alt)
|
|
326
|
+
|
|
327
|
+
data = load_expr_v.merge(alt_v)
|
|
328
|
+
self.state.kill_and_add_definition(Tmp(stmt.dst, self.tyenv.sizeof(stmt.dst)), data)
|
|
329
|
+
|
|
330
|
+
def _handle_stmt_Exit(self, stmt):
|
|
331
|
+
_ = self._expr(stmt.guard)
|
|
332
|
+
target = stmt.dst.value
|
|
333
|
+
self.state.mark_guard(target)
|
|
334
|
+
if self.state.analysis is not None:
|
|
335
|
+
self.state.analysis.exit_observe(
|
|
336
|
+
self.block.addr,
|
|
337
|
+
self.stmt_idx,
|
|
338
|
+
self.block,
|
|
339
|
+
self.state,
|
|
340
|
+
)
|
|
341
|
+
if (
|
|
342
|
+
self.block.instruction_addrs
|
|
343
|
+
and self.ins_addr in self.block.instruction_addrs
|
|
344
|
+
and self.block.instruction_addrs.index(self.ins_addr) == self.block.instructions - 1
|
|
345
|
+
):
|
|
346
|
+
self.state.exit_observed = True
|
|
347
|
+
|
|
348
|
+
def _handle_stmt_IMark(self, stmt):
|
|
349
|
+
pass
|
|
350
|
+
|
|
351
|
+
def _handle_stmt_AbiHint(self, stmt):
|
|
352
|
+
pass
|
|
353
|
+
|
|
354
|
+
def _handle_stmt_LLSC(self, stmt):
|
|
355
|
+
if stmt.storedata is None:
|
|
356
|
+
# load-link
|
|
357
|
+
addr = self._expr_bv(stmt.addr)
|
|
358
|
+
if addr.count() == 1:
|
|
359
|
+
addrs = next(iter(addr.values()))
|
|
360
|
+
size = self.tyenv.sizeof(stmt.result) // self.arch.byte_width
|
|
361
|
+
load_result = self._load_core(addrs, size, stmt.endness)
|
|
362
|
+
self.tmps[stmt.result] = load_result
|
|
363
|
+
self.state.kill_and_add_definition(
|
|
364
|
+
Tmp(stmt.result, self.tyenv.sizeof(stmt.result) // self.arch.byte_width),
|
|
365
|
+
load_result,
|
|
366
|
+
)
|
|
367
|
+
else:
|
|
368
|
+
# store-conditional
|
|
369
|
+
storedata = self._expr(stmt.storedata)
|
|
370
|
+
addr = self._expr_bv(stmt.addr)
|
|
371
|
+
if addr.count() == 1:
|
|
372
|
+
addrs = next(iter(addr.values()))
|
|
373
|
+
if isinstance(stmt.storedata, pyvex.expr.Const):
|
|
374
|
+
size = stmt.storedata.con.size // self.arch.byte_width
|
|
375
|
+
else:
|
|
376
|
+
assert isinstance(stmt.storedata, pyvex.expr.RdTmp)
|
|
377
|
+
size = self.tyenv.sizeof(stmt.storedata.tmp) // self.arch.byte_width
|
|
378
|
+
|
|
379
|
+
self._store_core(addrs, size, storedata)
|
|
380
|
+
self.tmps[stmt.result] = MultiValues(claripy.BVV(1, 1))
|
|
381
|
+
self.state.kill_and_add_definition(
|
|
382
|
+
Tmp(stmt.result, self.tyenv.sizeof(stmt.result) // self.arch.byte_width),
|
|
383
|
+
self.tmps[stmt.result],
|
|
384
|
+
)
|
|
385
|
+
|
|
386
|
+
#
|
|
387
|
+
# VEX expression handlers
|
|
388
|
+
#
|
|
389
|
+
|
|
390
|
+
def _handle_expr_RdTmp(self, expr: pyvex.expr.RdTmp):
|
|
391
|
+
self.state.add_tmp_use(expr.tmp)
|
|
392
|
+
|
|
393
|
+
if expr.tmp in self.tmps:
|
|
394
|
+
return self.tmps[expr.tmp]
|
|
395
|
+
return self._top(pyvex.get_type_size(self.tyenv.lookup(expr.tmp)))
|
|
396
|
+
|
|
397
|
+
# e.g. t0 = GET:I64(rsp), rsp might be defined multiple times
|
|
398
|
+
def _handle_expr_Get(self, expr: pyvex.expr.Get):
|
|
399
|
+
bits: int = expr.result_size(self.tyenv)
|
|
400
|
+
size: int = bits // self.arch.byte_width
|
|
401
|
+
|
|
402
|
+
reg_atom = Register(expr.offset, size, self.arch)
|
|
403
|
+
try:
|
|
404
|
+
values: MultiValues = self.state.registers.load(expr.offset, size=size)
|
|
405
|
+
except SimMemoryMissingError:
|
|
406
|
+
top = self.state.top(size * self.arch.byte_width)
|
|
407
|
+
# annotate it
|
|
408
|
+
top = self.state.annotate_with_def(top, Definition(reg_atom, self._external_codeloc()))
|
|
409
|
+
values = MultiValues(top)
|
|
410
|
+
# write it to registers
|
|
411
|
+
self.state.kill_and_add_definition(reg_atom, values, override_codeloc=self._external_codeloc())
|
|
412
|
+
|
|
413
|
+
current_defs: Iterable[Definition[Atom]] | None = None
|
|
414
|
+
for vs in values.values():
|
|
415
|
+
for v in vs:
|
|
416
|
+
if current_defs is None:
|
|
417
|
+
current_defs = self.state.extract_defs(v)
|
|
418
|
+
else:
|
|
419
|
+
current_defs = chain(current_defs, self.state.extract_defs(v))
|
|
420
|
+
|
|
421
|
+
assert current_defs is not None
|
|
422
|
+
self.state.add_register_use_by_defs(current_defs)
|
|
423
|
+
|
|
424
|
+
return values
|
|
425
|
+
|
|
426
|
+
def _handle_expr_GetI(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
|
|
427
|
+
return MultiValues(self.state.top(expr.result_size(self.tyenv)))
|
|
428
|
+
|
|
429
|
+
# e.g. t27 = LDle:I64(t9), t9 might include multiple values
|
|
430
|
+
# caution: Is also called from StoreG
|
|
431
|
+
def _handle_expr_Load(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
|
|
432
|
+
addr = self._expr_bv(expr.addr)
|
|
433
|
+
bits = expr.result_size(self.tyenv)
|
|
434
|
+
size = bits // self.arch.byte_width
|
|
435
|
+
|
|
436
|
+
# convert addr from MultiValues to a list of valid addresses
|
|
437
|
+
if (one_addr := addr.one_value()) is not None:
|
|
438
|
+
return self._load_core([one_addr], size, expr.endness)
|
|
439
|
+
|
|
440
|
+
top = self.state.top(bits)
|
|
441
|
+
# annotate it
|
|
442
|
+
dummy_atom = MemoryLocation(0, size)
|
|
443
|
+
def_ = Definition(dummy_atom, self._external_codeloc())
|
|
444
|
+
top = self.state.annotate_with_def(top, def_)
|
|
445
|
+
# add use
|
|
446
|
+
self.state.add_memory_use_by_def(def_)
|
|
447
|
+
return MultiValues(top)
|
|
448
|
+
|
|
449
|
+
def _load_core(
|
|
450
|
+
self, addrs: Iterable[claripy.ast.BV], size: int, endness: str
|
|
451
|
+
) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
|
|
452
|
+
result: MultiValues | None = None
|
|
453
|
+
# we may get more than one stack addrs with the same value but different annotations (because they are defined
|
|
454
|
+
# at different locations). only load them once.
|
|
455
|
+
loaded_stack_offsets = set()
|
|
456
|
+
|
|
457
|
+
for addr in addrs:
|
|
458
|
+
if self.state.is_top(addr):
|
|
459
|
+
l.debug("Memory address undefined, ins_addr = %#x.", self.ins_addr)
|
|
460
|
+
elif self.state.is_stack_address(addr):
|
|
461
|
+
# Load data from a local variable
|
|
462
|
+
stack_offset = self.state.get_stack_offset(addr)
|
|
463
|
+
if stack_offset is not None and stack_offset not in loaded_stack_offsets:
|
|
464
|
+
loaded_stack_offsets.add(stack_offset)
|
|
465
|
+
stack_addr = self.state.live_definitions.stack_offset_to_stack_addr(stack_offset)
|
|
466
|
+
try:
|
|
467
|
+
vs: MultiValues = self.state.stack.load(stack_addr, size=size, endness=endness)
|
|
468
|
+
# extract definitions
|
|
469
|
+
defs = set(LiveDefinitions.extract_defs_from_mv(vs))
|
|
470
|
+
except SimMemoryMissingError:
|
|
471
|
+
continue
|
|
472
|
+
|
|
473
|
+
self.state.add_stack_use_by_defs(defs)
|
|
474
|
+
result = result.merge(vs) if result is not None else vs
|
|
475
|
+
|
|
476
|
+
elif self.state.is_heap_address(addr):
|
|
477
|
+
# Load data from the heap
|
|
478
|
+
heap_offset = self.state.get_heap_offset(addr)
|
|
479
|
+
if heap_offset is not None:
|
|
480
|
+
try:
|
|
481
|
+
vs: MultiValues = self.state.heap.load(heap_offset, size=size, endness=endness)
|
|
482
|
+
defs = set(LiveDefinitions.extract_defs_from_mv(vs))
|
|
483
|
+
except SimMemoryMissingError:
|
|
484
|
+
continue
|
|
485
|
+
|
|
486
|
+
self.state.add_heap_use_by_defs(defs)
|
|
487
|
+
result = result.merge(vs) if result is not None else vs
|
|
488
|
+
|
|
489
|
+
else:
|
|
490
|
+
addr_v = addr.concrete_value
|
|
491
|
+
|
|
492
|
+
# Load data from a global region
|
|
493
|
+
try:
|
|
494
|
+
vs: MultiValues = self.state.memory.load(addr_v, size=size, endness=endness)
|
|
495
|
+
defs = set(LiveDefinitions.extract_defs_from_mv(vs))
|
|
496
|
+
except SimMemoryMissingError:
|
|
497
|
+
try:
|
|
498
|
+
val = self.project.loader.memory.unpack_word(addr_v, size=size)
|
|
499
|
+
section = self.project.loader.find_section_containing(addr_v)
|
|
500
|
+
missing_atom = MemoryLocation(addr_v, size)
|
|
501
|
+
missing_def = Definition(missing_atom, self._external_codeloc())
|
|
502
|
+
if val == 0 and (not section or section.is_writable):
|
|
503
|
+
top = self.state.top(size * self.arch.byte_width)
|
|
504
|
+
v = self.state.annotate_with_def(top, missing_def)
|
|
505
|
+
else:
|
|
506
|
+
v = self.state.annotate_with_def(claripy.BVV(val, size * self.arch.byte_width), missing_def)
|
|
507
|
+
vs = MultiValues(v)
|
|
508
|
+
if not section or section.is_writable:
|
|
509
|
+
self.state.memory.store(addr_v, vs, size=size, endness=endness)
|
|
510
|
+
self.state.all_definitions.add(missing_def)
|
|
511
|
+
defs = {missing_def}
|
|
512
|
+
except KeyError:
|
|
513
|
+
continue
|
|
514
|
+
|
|
515
|
+
self.state.add_memory_use_by_defs(defs)
|
|
516
|
+
result = result.merge(vs) if result is not None else vs
|
|
517
|
+
|
|
518
|
+
if result is None:
|
|
519
|
+
result = MultiValues(self.state.top(size * self.arch.byte_width))
|
|
520
|
+
|
|
521
|
+
return result
|
|
522
|
+
|
|
523
|
+
# CAUTION: experimental
|
|
524
|
+
def _handle_expr_ITE(self, expr):
|
|
525
|
+
cond = self._expr(expr.cond)
|
|
526
|
+
cond_v = cond.one_value()
|
|
527
|
+
iftrue = self._expr(expr.iftrue)
|
|
528
|
+
iffalse = self._expr(expr.iffalse)
|
|
529
|
+
|
|
530
|
+
if claripy.is_true(cond_v):
|
|
531
|
+
return iftrue
|
|
532
|
+
if claripy.is_false(cond_v):
|
|
533
|
+
return iffalse
|
|
534
|
+
return iftrue.merge(iffalse)
|
|
535
|
+
|
|
536
|
+
#
|
|
537
|
+
# Unary operation handlers
|
|
538
|
+
#
|
|
539
|
+
|
|
540
|
+
def _handle_expr_Const(self, expr):
|
|
541
|
+
clrp = claripy_value(expr.con.type, expr.con.value)
|
|
542
|
+
self.state.mark_const(expr.con.value, len(clrp) // 8)
|
|
543
|
+
return MultiValues(clrp)
|
|
544
|
+
|
|
545
|
+
def _handle_conversion(self, from_size, to_size, signed, operand) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
|
|
546
|
+
arg_0 = self._expr_bv(operand)
|
|
547
|
+
|
|
548
|
+
# if there are multiple values with only one offset, we apply conversion to each one of them
|
|
549
|
+
# otherwise, we return a TOP
|
|
550
|
+
|
|
551
|
+
if arg_0.count() == 1:
|
|
552
|
+
# extension, extract, or doing nothing
|
|
553
|
+
data: set[claripy.ast.BV | claripy.ast.FP] = set()
|
|
554
|
+
for v in next(iter(arg_0.values())):
|
|
555
|
+
assert v.size() == from_size
|
|
556
|
+
if to_size > from_size:
|
|
557
|
+
if signed:
|
|
558
|
+
data.add(v.sign_extend(to_size - from_size))
|
|
559
|
+
else:
|
|
560
|
+
data.add(v.zero_extend(to_size - from_size))
|
|
561
|
+
else:
|
|
562
|
+
data.add(v[to_size - 1 : 0])
|
|
563
|
+
r = MultiValues({next(iter(arg_0.keys())): data})
|
|
564
|
+
|
|
565
|
+
else:
|
|
566
|
+
r = self._top(to_size)
|
|
567
|
+
|
|
568
|
+
return r
|
|
569
|
+
|
|
570
|
+
@unop_handler
|
|
571
|
+
def _handle_unop_Not(self, expr: pyvex.expr.Unop) -> MultiValues:
|
|
572
|
+
arg0 = expr.args[0]
|
|
573
|
+
expr_0 = self._expr_bv(arg0)
|
|
574
|
+
bits = expr.result_size(self.tyenv)
|
|
575
|
+
|
|
576
|
+
e0 = expr_0.one_value()
|
|
577
|
+
|
|
578
|
+
if e0 is not None and not e0.symbolic:
|
|
579
|
+
return MultiValues(~e0) # pylint:disable=invalid-unary-operand-type
|
|
580
|
+
|
|
581
|
+
return MultiValues(self.state.top(bits))
|
|
582
|
+
|
|
583
|
+
@unop_handler
|
|
584
|
+
def _handle_unop_Clz(self, expr: pyvex.expr.Unop) -> MultiValues:
|
|
585
|
+
arg0 = expr.args[0]
|
|
586
|
+
_ = self._expr(arg0)
|
|
587
|
+
bits = expr.result_size(self.tyenv)
|
|
588
|
+
# Need to actually implement this later
|
|
589
|
+
return MultiValues(self.state.top(bits))
|
|
590
|
+
|
|
591
|
+
@unop_handler
|
|
592
|
+
def _handle_unop_Ctz(self, expr: pyvex.expr.Unop) -> MultiValues:
|
|
593
|
+
arg0 = expr.args[0]
|
|
594
|
+
_ = self._expr(arg0)
|
|
595
|
+
bits = expr.result_size(self.tyenv)
|
|
596
|
+
# Need to actually implement this later
|
|
597
|
+
return MultiValues(self.state.top(bits))
|
|
598
|
+
|
|
599
|
+
#
|
|
600
|
+
# Binary operation handlers
|
|
601
|
+
#
|
|
602
|
+
@binop_handler
|
|
603
|
+
def _handle_binop_ExpCmpNE64(self, expr: pyvex.expr.Binop) -> MultiValues:
|
|
604
|
+
_, _ = self._expr(expr.args[0]), self._expr(expr.args[1])
|
|
605
|
+
bits = expr.result_size(self.tyenv)
|
|
606
|
+
# Need to actually implement this later
|
|
607
|
+
return MultiValues(self.state.top(bits))
|
|
608
|
+
|
|
609
|
+
@binop_handler
|
|
610
|
+
def _handle_binop_16HLto32(self, expr: pyvex.expr.Binop) -> MultiValues:
|
|
611
|
+
expr0, expr1 = self._expr_bv(expr.args[0]), self._expr_bv(expr.args[1])
|
|
612
|
+
return expr0.concat(expr1)
|
|
613
|
+
|
|
614
|
+
@binop_handler
|
|
615
|
+
def _handle_binop_Add(self, expr: pyvex.expr.Binop) -> MultiValues:
|
|
616
|
+
expr0, expr1 = self._expr_bv(expr.args[0]), self._expr_bv(expr.args[1])
|
|
617
|
+
bits = expr.result_size(self.tyenv)
|
|
618
|
+
|
|
619
|
+
r = None
|
|
620
|
+
expr0_v = expr0.one_value()
|
|
621
|
+
expr1_v = expr1.one_value()
|
|
622
|
+
|
|
623
|
+
if expr0_v is not None and expr1_v is not None:
|
|
624
|
+
# adding two single values together
|
|
625
|
+
r = MultiValues(expr0_v + expr1_v)
|
|
626
|
+
elif expr0_v is None and expr1_v is not None:
|
|
627
|
+
# adding a single value to a multivalue
|
|
628
|
+
if expr0.count() == 1 and 0 in expr0:
|
|
629
|
+
vs = {v.sign_extend(expr1_v.size() - v.size()) + expr1_v for v in expr0[0]}
|
|
630
|
+
r = MultiValues(offset_to_values={0: vs})
|
|
631
|
+
elif expr0_v is not None and expr1_v is None:
|
|
632
|
+
# adding a single value to a multivalue
|
|
633
|
+
if expr1.count() == 1 and 0 in expr1:
|
|
634
|
+
vs = {expr0_v + v.sign_extend(expr0_v.size() - v.size()) for v in expr1[0]}
|
|
635
|
+
r = MultiValues(offset_to_values={0: vs})
|
|
636
|
+
else:
|
|
637
|
+
# we do not support addition between two real multivalues
|
|
638
|
+
r = MultiValues(self.state.top(bits))
|
|
639
|
+
|
|
640
|
+
if r is None:
|
|
641
|
+
r = MultiValues(self.state.top(bits))
|
|
642
|
+
|
|
643
|
+
return r
|
|
644
|
+
|
|
645
|
+
@binop_handler
|
|
646
|
+
def _handle_binop_Sub(self, expr: pyvex.expr.Binop) -> MultiValues:
|
|
647
|
+
expr0, expr1 = self._expr_bv(expr.args[0]), self._expr_bv(expr.args[1])
|
|
648
|
+
bits = expr.result_size(self.tyenv)
|
|
649
|
+
|
|
650
|
+
r = None
|
|
651
|
+
expr0_v = expr0.one_value()
|
|
652
|
+
expr1_v = expr1.one_value()
|
|
653
|
+
|
|
654
|
+
if expr0_v is not None and expr1_v is not None:
|
|
655
|
+
# subtracting a single value from another single value
|
|
656
|
+
r = MultiValues(expr0_v - expr1_v)
|
|
657
|
+
elif expr0_v is None and expr1_v is not None:
|
|
658
|
+
# subtracting a single value from a multivalue
|
|
659
|
+
if expr0.count() == 1 and 0 in expr0:
|
|
660
|
+
vs = {v - expr1_v for v in expr0[0]}
|
|
661
|
+
r = MultiValues(offset_to_values={0: vs})
|
|
662
|
+
elif expr0_v is not None and expr1_v is None:
|
|
663
|
+
# subtracting a single value from a multivalue
|
|
664
|
+
if expr1.count() == 1 and 0 in expr1:
|
|
665
|
+
vs = {expr0_v - v for v in expr1[0]}
|
|
666
|
+
r = MultiValues(offset_to_values={0: vs})
|
|
667
|
+
else:
|
|
668
|
+
# we do not support addition between two real multivalues
|
|
669
|
+
r = MultiValues(self.state.top(bits))
|
|
670
|
+
|
|
671
|
+
if r is None:
|
|
672
|
+
r = MultiValues(self.state.top(bits))
|
|
673
|
+
|
|
674
|
+
return r
|
|
675
|
+
|
|
676
|
+
@binop_handler
|
|
677
|
+
def _handle_binop_Mul(self, expr: pyvex.expr.Binop) -> MultiValues:
|
|
678
|
+
expr0, expr1 = self._expr_pair(expr.args[0], expr.args[1])
|
|
679
|
+
bits = expr.result_size(self.tyenv)
|
|
680
|
+
|
|
681
|
+
r = None
|
|
682
|
+
expr0_v = expr0.one_value()
|
|
683
|
+
expr1_v = expr1.one_value()
|
|
684
|
+
|
|
685
|
+
if expr0_v is None and expr1_v is None:
|
|
686
|
+
# we do not support multiplication between two real multivalues
|
|
687
|
+
r = MultiValues(self.state.top(bits))
|
|
688
|
+
elif expr0_v is None and expr1_v is not None:
|
|
689
|
+
# multiplying a single value to a multivalue
|
|
690
|
+
if expr0.count() == 1 and 0 in expr0:
|
|
691
|
+
vs = {v * expr1_v for v in expr0[0]} # type: ignore
|
|
692
|
+
r = MultiValues(offset_to_values={0: vs})
|
|
693
|
+
elif expr0_v is not None and expr1_v is None:
|
|
694
|
+
# multiplying a single value to a multivalue
|
|
695
|
+
if expr1.count() == 1 and 0 in expr1:
|
|
696
|
+
vs = {v * expr0_v for v in expr1[0]} # type: ignore
|
|
697
|
+
r = MultiValues(offset_to_values={0: vs})
|
|
698
|
+
else:
|
|
699
|
+
# multiplying two single values together
|
|
700
|
+
r = MultiValues(expr0_v * expr1_v) # type: ignore
|
|
701
|
+
|
|
702
|
+
if r is None:
|
|
703
|
+
r = MultiValues(self.state.top(bits))
|
|
704
|
+
|
|
705
|
+
return r
|
|
706
|
+
|
|
707
|
+
@binop_handler
|
|
708
|
+
def _handle_binop_Mull(self, expr: pyvex.expr.Binop) -> MultiValues:
|
|
709
|
+
_, _ = self._expr(expr.args[0]), self._expr(expr.args[1])
|
|
710
|
+
bits = expr.result_size(self.tyenv)
|
|
711
|
+
return MultiValues(self.state.top(bits))
|
|
712
|
+
|
|
713
|
+
@binop_handler
|
|
714
|
+
def _handle_binop_Div(self, expr: pyvex.expr.Binop) -> MultiValues:
|
|
715
|
+
expr0, expr1 = self._expr_pair(expr.args[0], expr.args[1])
|
|
716
|
+
bits = expr.result_size(self.tyenv)
|
|
717
|
+
|
|
718
|
+
r = None
|
|
719
|
+
expr0_v = expr0.one_value()
|
|
720
|
+
expr1_v = expr1.one_value()
|
|
721
|
+
|
|
722
|
+
if expr0_v is not None and expr1_v is not None:
|
|
723
|
+
if expr0_v.concrete and expr1_v.concrete:
|
|
724
|
+
# dividing two single values
|
|
725
|
+
r = (
|
|
726
|
+
MultiValues(self.state.top(bits)) if expr1_v.concrete_value == 0 else MultiValues(expr0_v / expr1_v)
|
|
727
|
+
) # type: ignore
|
|
728
|
+
elif expr0_v is None and expr1_v is not None:
|
|
729
|
+
if expr1_v.concrete and expr1_v.concrete_value == 0:
|
|
730
|
+
r = MultiValues(self.state.top(bits))
|
|
731
|
+
elif expr0.count() == 1 and 0 in expr0:
|
|
732
|
+
vs = {v / expr1_v for v in expr0[0]} # type: ignore
|
|
733
|
+
r = MultiValues(offset_to_values={0: vs})
|
|
734
|
+
elif expr0_v is not None and expr1_v is None:
|
|
735
|
+
if expr1.count() == 1 and 0 in expr1:
|
|
736
|
+
vs = {expr0_v / v for v in expr1[0] if (not v.concrete) or v.concrete_value != 0} # type: ignore
|
|
737
|
+
r = MultiValues(offset_to_values={0: vs})
|
|
738
|
+
else:
|
|
739
|
+
# we do not support division between two real multivalues
|
|
740
|
+
r = MultiValues(self.state.top(bits))
|
|
741
|
+
|
|
742
|
+
if r is None:
|
|
743
|
+
r = MultiValues(self.state.top(bits))
|
|
744
|
+
|
|
745
|
+
return r
|
|
746
|
+
|
|
747
|
+
@binop_handler
|
|
748
|
+
def _handle_binop_DivMod(self, expr: pyvex.expr.Binop) -> MultiValues:
|
|
749
|
+
_, _ = self._expr(expr.args[0]), self._expr(expr.args[1])
|
|
750
|
+
bits = expr.result_size(self.tyenv)
|
|
751
|
+
|
|
752
|
+
return MultiValues(self.state.top(bits))
|
|
753
|
+
|
|
754
|
+
@binop_handler
|
|
755
|
+
def _handle_Mod(self, expr: pyvex.expr.Binop) -> MultiValues:
|
|
756
|
+
_, _ = self._expr(expr.args[0]), self._expr(expr.args[1])
|
|
757
|
+
bits = expr.result_size(self.tyenv)
|
|
758
|
+
return MultiValues(self.state.top(bits))
|
|
759
|
+
|
|
760
|
+
@binop_handler
|
|
761
|
+
def _handle_binop_And(self, expr: pyvex.expr.Binop) -> MultiValues:
|
|
762
|
+
expr0, expr1 = self._expr_bv(expr.args[0]), self._expr_bv(expr.args[1])
|
|
763
|
+
bits = expr.result_size(self.tyenv)
|
|
764
|
+
|
|
765
|
+
r = None
|
|
766
|
+
expr0_v = expr0.one_value()
|
|
767
|
+
expr1_v = expr1.one_value()
|
|
768
|
+
|
|
769
|
+
if expr0_v is not None and expr1_v is not None:
|
|
770
|
+
# bitwise-and two single values together
|
|
771
|
+
r = MultiValues(expr0_v & expr1_v)
|
|
772
|
+
elif expr0_v is None and expr1_v is not None:
|
|
773
|
+
# bitwise-and a single value with a multivalue
|
|
774
|
+
if expr0.count() == 1 and 0 in expr0:
|
|
775
|
+
vs = {v & expr1_v for v in expr0[0]}
|
|
776
|
+
r = MultiValues(offset_to_values={0: vs})
|
|
777
|
+
elif expr0_v is not None and expr1_v is None:
|
|
778
|
+
# bitwise-and a single value to a multivalue
|
|
779
|
+
if expr1.count() == 1 and 0 in expr1:
|
|
780
|
+
vs = {v & expr0_v for v in expr1[0]}
|
|
781
|
+
r = MultiValues(offset_to_values={0: vs})
|
|
782
|
+
else:
|
|
783
|
+
# we do not support addition between two real multivalues
|
|
784
|
+
r = MultiValues(self.state.top(bits))
|
|
785
|
+
|
|
786
|
+
if r is None:
|
|
787
|
+
r = MultiValues(self.state.top(bits))
|
|
788
|
+
|
|
789
|
+
return r
|
|
790
|
+
|
|
791
|
+
@binop_handler
|
|
792
|
+
def _handle_binop_Xor(self, expr: pyvex.expr.Binop) -> MultiValues:
|
|
793
|
+
expr0, expr1 = self._expr_bv(expr.args[0]), self._expr_bv(expr.args[1])
|
|
794
|
+
bits = expr.result_size(self.tyenv)
|
|
795
|
+
|
|
796
|
+
r = None
|
|
797
|
+
expr0_v = expr0.one_value()
|
|
798
|
+
expr1_v = expr1.one_value()
|
|
799
|
+
|
|
800
|
+
if expr0_v is not None and expr1_v is not None:
|
|
801
|
+
if expr0_v.concrete and expr1_v.concrete:
|
|
802
|
+
# bitwise-xor two single values together
|
|
803
|
+
r = MultiValues(expr0_v ^ expr1_v)
|
|
804
|
+
elif expr0_v is None and expr1_v is not None:
|
|
805
|
+
# bitwise-xor a single value with a multivalue
|
|
806
|
+
if expr0.count() == 1 and 0 in expr0:
|
|
807
|
+
vs = {v.sign_extend(expr1_v.size() - v.size()) ^ expr1_v for v in expr0[0]}
|
|
808
|
+
r = MultiValues(offset_to_values={0: vs})
|
|
809
|
+
elif expr0_v is not None and expr1_v is None:
|
|
810
|
+
# bitwise-xor a single value to a multivalue
|
|
811
|
+
if expr1.count() == 1 and 0 in expr1:
|
|
812
|
+
vs = {v.sign_extend(expr0_v.size() - v.size()) ^ expr0_v for v in expr1[0]}
|
|
813
|
+
r = MultiValues(offset_to_values={0: vs})
|
|
814
|
+
else:
|
|
815
|
+
# we do not support xor between two real multivalues
|
|
816
|
+
r = MultiValues(self.state.top(bits))
|
|
817
|
+
|
|
818
|
+
if r is None:
|
|
819
|
+
r = MultiValues(self.state.top(bits))
|
|
820
|
+
|
|
821
|
+
return r
|
|
822
|
+
|
|
823
|
+
@binop_handler
|
|
824
|
+
def _handle_binop_Or(self, expr: pyvex.expr.Binop) -> MultiValues:
|
|
825
|
+
expr0, expr1 = self._expr_bv(expr.args[0]), self._expr_bv(expr.args[1])
|
|
826
|
+
bits = expr.result_size(self.tyenv)
|
|
827
|
+
|
|
828
|
+
r = None
|
|
829
|
+
expr0_v = expr0.one_value()
|
|
830
|
+
expr1_v = expr1.one_value()
|
|
831
|
+
|
|
832
|
+
if expr0_v is not None and expr1_v is not None:
|
|
833
|
+
# bitwise-and two single values together
|
|
834
|
+
r = MultiValues(expr0_v | expr1_v)
|
|
835
|
+
elif expr0_v is None and expr1_v is not None:
|
|
836
|
+
# bitwise-or a single value with a multivalue
|
|
837
|
+
if expr0.count() == 1 and 0 in expr0:
|
|
838
|
+
vs = {v | expr1_v for v in expr0[0]}
|
|
839
|
+
r = MultiValues(offset_to_values={0: vs})
|
|
840
|
+
elif expr0_v is not None and expr1_v is None:
|
|
841
|
+
# bitwise-or a single value to a multivalue
|
|
842
|
+
if expr1.count() == 1 and 0 in expr1:
|
|
843
|
+
vs = {v | expr0_v for v in expr1[0]}
|
|
844
|
+
r = MultiValues(offset_to_values={0: vs})
|
|
845
|
+
else:
|
|
846
|
+
# we do not support or between two real multivalues
|
|
847
|
+
r = MultiValues(self.state.top(bits))
|
|
848
|
+
|
|
849
|
+
if r is None:
|
|
850
|
+
r = MultiValues(self.state.top(bits))
|
|
851
|
+
|
|
852
|
+
return r
|
|
853
|
+
|
|
854
|
+
@binop_handler
|
|
855
|
+
def _handle_binop_Sar(self, expr: pyvex.expr.Binop) -> MultiValues:
|
|
856
|
+
expr0, expr1 = self._expr_bv(expr.args[0]), self._expr_bv(expr.args[1])
|
|
857
|
+
bits = expr.result_size(self.tyenv)
|
|
858
|
+
|
|
859
|
+
r = None
|
|
860
|
+
expr0_v = expr0.one_value()
|
|
861
|
+
expr1_v = expr1.one_value()
|
|
862
|
+
|
|
863
|
+
def _shift_sar(e0: claripy.ast.BV, e1: claripy.ast.BV):
|
|
864
|
+
# convert e1 to an integer to prevent claripy from complaining "args' lengths must all be equal"
|
|
865
|
+
if e1.symbolic:
|
|
866
|
+
return self.state.top(bits)
|
|
867
|
+
e1_int = e1.concrete_value
|
|
868
|
+
|
|
869
|
+
if e1_int > bits:
|
|
870
|
+
return claripy.BVV(0, bits)
|
|
871
|
+
|
|
872
|
+
head = claripy.BVV(0, bits) if claripy.is_true(e0 >> bits - 1 == 0) else (1 << e1_int) - 1 << bits - e1_int
|
|
873
|
+
return head | (e0 >> e1_int)
|
|
874
|
+
|
|
875
|
+
if expr0_v is not None and expr1_v is not None:
|
|
876
|
+
# subtracting a single value from another single value
|
|
877
|
+
r = MultiValues(_shift_sar(expr0_v, expr1_v))
|
|
878
|
+
elif expr0_v is None and expr1_v is not None:
|
|
879
|
+
# shifting a single value by a multivalue
|
|
880
|
+
if expr0.count() == 1 and 0 in expr0:
|
|
881
|
+
vs = {_shift_sar(v, expr1_v) for v in expr0[0]}
|
|
882
|
+
r = MultiValues(offset_to_values={0: vs})
|
|
883
|
+
elif expr0_v is not None and expr1_v is None:
|
|
884
|
+
# shifting a multivalue by a single value
|
|
885
|
+
if expr1.count() == 1 and 0 in expr1:
|
|
886
|
+
vs = {_shift_sar(expr0_v, v) for v in expr1[0]}
|
|
887
|
+
r = MultiValues(offset_to_values={0: vs})
|
|
888
|
+
else:
|
|
889
|
+
# we do not support shifting between two real multivalues
|
|
890
|
+
r = MultiValues(self.state.top(bits))
|
|
891
|
+
|
|
892
|
+
if r is None:
|
|
893
|
+
r = MultiValues(self.state.top(bits))
|
|
894
|
+
|
|
895
|
+
return r
|
|
896
|
+
|
|
897
|
+
@binop_handler
|
|
898
|
+
def _handle_binop_Shr(self, expr: pyvex.expr.Binop) -> MultiValues:
|
|
899
|
+
expr0, expr1 = self._expr_bv(expr.args[0]), self._expr_bv(expr.args[1])
|
|
900
|
+
bits = expr.result_size(self.tyenv)
|
|
901
|
+
|
|
902
|
+
r = None
|
|
903
|
+
expr0_v = expr0.one_value()
|
|
904
|
+
expr1_v = expr1.one_value()
|
|
905
|
+
|
|
906
|
+
def _shift_shr(e0, e1):
|
|
907
|
+
if e1.symbolic:
|
|
908
|
+
return self.state.top(bits)
|
|
909
|
+
if e1.size() < e0.size():
|
|
910
|
+
e1 = e1.sign_extend(e0.size() - e1.size())
|
|
911
|
+
else:
|
|
912
|
+
e0 = e0.sign_extend(e1.size() - e0.size())
|
|
913
|
+
|
|
914
|
+
return claripy.LShR(e0, e1)
|
|
915
|
+
|
|
916
|
+
if expr0_v is None and expr1_v is None:
|
|
917
|
+
# we do not support shifting between two real multivalues
|
|
918
|
+
r = MultiValues(self.state.top(bits))
|
|
919
|
+
elif expr0_v is None and expr1_v is not None:
|
|
920
|
+
# shifting a single value by a multivalue
|
|
921
|
+
if expr0.count() == 1 and 0 in expr0:
|
|
922
|
+
vs = {_shift_shr(v, expr1_v) for v in expr0[0]}
|
|
923
|
+
r = MultiValues(offset_to_values={0: vs})
|
|
924
|
+
elif expr0_v is not None and expr1_v is None:
|
|
925
|
+
# shifting a multivalue by a single value
|
|
926
|
+
if expr1.count() == 1 and 0 in expr1:
|
|
927
|
+
vs = {_shift_shr(expr0_v, v) for v in expr1[0]}
|
|
928
|
+
r = MultiValues(offset_to_values={0: vs})
|
|
929
|
+
else:
|
|
930
|
+
# shifting a single value from another single value
|
|
931
|
+
r = MultiValues(_shift_shr(expr0_v, expr1_v))
|
|
932
|
+
|
|
933
|
+
if r is None:
|
|
934
|
+
r = MultiValues(self.state.top(bits))
|
|
935
|
+
|
|
936
|
+
return r
|
|
937
|
+
|
|
938
|
+
@binop_handler
|
|
939
|
+
def _handle_binop_Shl(self, expr: pyvex.expr.Binop) -> MultiValues:
|
|
940
|
+
expr0, expr1 = self._expr(expr.args[0]), self._expr(expr.args[1])
|
|
941
|
+
bits = expr.result_size(self.tyenv)
|
|
942
|
+
|
|
943
|
+
r = None
|
|
944
|
+
expr0_v = expr0.one_value()
|
|
945
|
+
expr1_v = expr1.one_value()
|
|
946
|
+
|
|
947
|
+
def _shift_shl(e0, e1):
|
|
948
|
+
# convert e1 to an integer to prevent claripy from complaining "args' lengths must all be equal"
|
|
949
|
+
if e1.symbolic:
|
|
950
|
+
return self.state.top(bits)
|
|
951
|
+
e1 = e1.concrete_value
|
|
952
|
+
return e0 << e1
|
|
953
|
+
|
|
954
|
+
if expr0_v is None and expr1_v is None:
|
|
955
|
+
# we do not support shifting between two real multivalues
|
|
956
|
+
r = MultiValues(self.state.top(bits))
|
|
957
|
+
elif expr0_v is None and expr1_v is not None:
|
|
958
|
+
# shifting left a single value by a multivalue
|
|
959
|
+
if expr0.count() == 1 and 0 in expr0:
|
|
960
|
+
vs = {_shift_shl(v, expr1_v) for v in expr0[0]}
|
|
961
|
+
r = MultiValues(offset_to_values={0: vs})
|
|
962
|
+
elif expr0_v is not None and expr1_v is None:
|
|
963
|
+
# shifting left a multivalue by a single value
|
|
964
|
+
if expr1.count() == 1 and 0 in expr1:
|
|
965
|
+
vs = {_shift_shl(expr0_v, v) for v in expr1[0]}
|
|
966
|
+
r = MultiValues(offset_to_values={0: vs})
|
|
967
|
+
else:
|
|
968
|
+
# subtracting a single value from another single value
|
|
969
|
+
r = MultiValues(_shift_shl(expr0_v, expr1_v))
|
|
970
|
+
|
|
971
|
+
if r is None:
|
|
972
|
+
r = MultiValues(self.state.top(bits))
|
|
973
|
+
|
|
974
|
+
return r
|
|
975
|
+
|
|
976
|
+
@binop_handler
|
|
977
|
+
def _handle_binop_CmpEQ(self, expr: pyvex.expr.Binop) -> MultiValues:
|
|
978
|
+
arg0, arg1 = expr.args
|
|
979
|
+
expr_0 = self._expr(arg0)
|
|
980
|
+
expr_1 = self._expr(arg1)
|
|
981
|
+
|
|
982
|
+
e0 = expr_0.one_value()
|
|
983
|
+
e1 = expr_1.one_value()
|
|
984
|
+
|
|
985
|
+
if e0 is not None and e1 is not None:
|
|
986
|
+
if not e0.symbolic and not e1.symbolic:
|
|
987
|
+
return MultiValues(claripy.BVV(1, 1) if e0.concrete_value == e1.concrete_value else claripy.BVV(0, 1))
|
|
988
|
+
if e0 is e1:
|
|
989
|
+
return MultiValues(claripy.BVV(1, 1))
|
|
990
|
+
return MultiValues(self.state.top(1))
|
|
991
|
+
|
|
992
|
+
return MultiValues(self.state.top(1))
|
|
993
|
+
|
|
994
|
+
@binop_handler
|
|
995
|
+
def _handle_binop_CmpNE(self, expr: pyvex.expr.Binop) -> MultiValues:
|
|
996
|
+
arg0, arg1 = expr.args
|
|
997
|
+
expr_0 = self._expr(arg0)
|
|
998
|
+
expr_1 = self._expr(arg1)
|
|
999
|
+
|
|
1000
|
+
e0 = expr_0.one_value()
|
|
1001
|
+
e1 = expr_1.one_value()
|
|
1002
|
+
if e0 is not None and e1 is not None:
|
|
1003
|
+
if not e0.symbolic and not e1.symbolic:
|
|
1004
|
+
return MultiValues(claripy.BVV(1, 1) if e0.concrete_value != e1.concrete_value else claripy.BVV(0, 1))
|
|
1005
|
+
if e0 is e1:
|
|
1006
|
+
return MultiValues(claripy.BVV(0, 1))
|
|
1007
|
+
return MultiValues(self.state.top(1))
|
|
1008
|
+
|
|
1009
|
+
@binop_handler
|
|
1010
|
+
def _handle_binop_CmpLT(self, expr: pyvex.expr.Binop) -> MultiValues:
|
|
1011
|
+
arg0, arg1 = expr.args
|
|
1012
|
+
expr_0, expr_1 = self._expr_pair(arg0, arg1)
|
|
1013
|
+
|
|
1014
|
+
e0 = expr_0.one_value()
|
|
1015
|
+
e1 = expr_1.one_value()
|
|
1016
|
+
if e0 is not None and e1 is not None:
|
|
1017
|
+
if not e0.symbolic and not e1.symbolic:
|
|
1018
|
+
cmp = e0.concrete_value < e1.concrete_value # type: ignore
|
|
1019
|
+
return MultiValues(claripy.BVV(1, 1) if cmp else claripy.BVV(0, 1))
|
|
1020
|
+
if e0 is e1:
|
|
1021
|
+
return MultiValues(claripy.BVV(0, 1))
|
|
1022
|
+
return MultiValues(self.state.top(1))
|
|
1023
|
+
|
|
1024
|
+
@binop_handler
|
|
1025
|
+
def _handle_binop_CmpLE(self, expr: pyvex.expr.Binop) -> MultiValues:
|
|
1026
|
+
arg0, arg1 = expr.args
|
|
1027
|
+
expr_0, expr_1 = self._expr_pair(arg0, arg1)
|
|
1028
|
+
|
|
1029
|
+
e0 = expr_0.one_value()
|
|
1030
|
+
e1 = expr_1.one_value()
|
|
1031
|
+
if e0 is not None and e1 is not None:
|
|
1032
|
+
if not e0.symbolic and not e1.symbolic:
|
|
1033
|
+
cmp = e0.concrete_value <= e1.concrete_value # type: ignore
|
|
1034
|
+
return MultiValues(claripy.BVV(1, 1) if cmp else claripy.BVV(0, 1))
|
|
1035
|
+
if e0 is e1:
|
|
1036
|
+
return MultiValues(claripy.BVV(0, 1))
|
|
1037
|
+
return MultiValues(self.state.top(1))
|
|
1038
|
+
|
|
1039
|
+
@binop_handler
|
|
1040
|
+
def _handle_binop_CmpGT(self, expr: pyvex.expr.Binop) -> MultiValues:
|
|
1041
|
+
arg0, arg1 = expr.args
|
|
1042
|
+
expr_0, expr_1 = self._expr_pair(arg0, arg1)
|
|
1043
|
+
|
|
1044
|
+
e0 = expr_0.one_value()
|
|
1045
|
+
e1 = expr_1.one_value()
|
|
1046
|
+
if e0 is not None and e1 is not None:
|
|
1047
|
+
if not e0.symbolic and not e1.symbolic:
|
|
1048
|
+
cmp = e0.concrete_value > e1.concrete_value # type: ignore
|
|
1049
|
+
return MultiValues(claripy.BVV(1, 1) if cmp else claripy.BVV(0, 1))
|
|
1050
|
+
if e0 is e1:
|
|
1051
|
+
return MultiValues(claripy.BVV(0, 1))
|
|
1052
|
+
return MultiValues(self.state.top(1))
|
|
1053
|
+
|
|
1054
|
+
@binop_handler
|
|
1055
|
+
def _handle_binop_CmpGE(self, expr: pyvex.expr.Binop) -> MultiValues:
|
|
1056
|
+
arg0, arg1 = expr.args
|
|
1057
|
+
expr_0, expr_1 = self._expr_pair(arg0, arg1)
|
|
1058
|
+
|
|
1059
|
+
e0 = expr_0.one_value()
|
|
1060
|
+
e1 = expr_1.one_value()
|
|
1061
|
+
if e0 is not None and e1 is not None:
|
|
1062
|
+
if not e0.symbolic and not e1.symbolic:
|
|
1063
|
+
cmp = e0.concrete_value >= e1.concrete_value # type: ignore
|
|
1064
|
+
return MultiValues(claripy.BVV(1, 1) if cmp else claripy.BVV(0, 1))
|
|
1065
|
+
if e0 is e1:
|
|
1066
|
+
return MultiValues(claripy.BVV(0, 1))
|
|
1067
|
+
return MultiValues(self.state.top(1))
|
|
1068
|
+
|
|
1069
|
+
# ppc only
|
|
1070
|
+
@binop_handler
|
|
1071
|
+
def _handle_binop_CmpORD(self, expr: pyvex.expr.Binop) -> MultiValues:
|
|
1072
|
+
arg0, arg1 = expr.args
|
|
1073
|
+
expr_0, expr_1 = self._expr_pair(arg0, arg1)
|
|
1074
|
+
|
|
1075
|
+
e0 = expr_0.one_value()
|
|
1076
|
+
e1 = expr_1.one_value()
|
|
1077
|
+
bits = expr.result_size(self.tyenv)
|
|
1078
|
+
|
|
1079
|
+
if e0 is not None and e1 is not None:
|
|
1080
|
+
if not e0.symbolic and not e1.symbolic:
|
|
1081
|
+
e0 = e0.concrete_value
|
|
1082
|
+
e1 = e1.concrete_value
|
|
1083
|
+
if e0 < e1: # type: ignore
|
|
1084
|
+
return MultiValues(claripy.BVV(0x8, bits))
|
|
1085
|
+
if e0 > e1: # type: ignore
|
|
1086
|
+
return MultiValues(claripy.BVV(0x4, bits))
|
|
1087
|
+
return MultiValues(claripy.BVV(0x2, bits))
|
|
1088
|
+
if e0 is e1:
|
|
1089
|
+
return MultiValues(claripy.BVV(0x2, bits))
|
|
1090
|
+
|
|
1091
|
+
return MultiValues(self.state.top(1))
|
|
1092
|
+
|
|
1093
|
+
def _handle_expr_CCall(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
|
|
1094
|
+
bits = expr.result_size(self.tyenv)
|
|
1095
|
+
for arg_expr in expr.args:
|
|
1096
|
+
self._expr(arg_expr)
|
|
1097
|
+
return MultiValues(self.state.top(bits))
|
|
1098
|
+
|
|
1099
|
+
def _handle_expr_GSPTR(self, expr):
|
|
1100
|
+
return self._top(expr.result_size(self.tyenv))
|
|
1101
|
+
|
|
1102
|
+
def _handle_expr_VECRET(self, expr):
|
|
1103
|
+
return self._top(expr.result_size(self.tyenv))
|
|
1104
|
+
|
|
1105
|
+
#
|
|
1106
|
+
# User defined high level statement handlers
|
|
1107
|
+
#
|
|
1108
|
+
|
|
1109
|
+
def _handle_function(self, func_addr: MultiValues[claripy.ast.BV] | None):
|
|
1110
|
+
if func_addr is None:
|
|
1111
|
+
func_addr = MultiValues(self.state.top(self.state.arch.bits))
|
|
1112
|
+
|
|
1113
|
+
callsite = self.state.codeloc
|
|
1114
|
+
data = FunctionCallData(
|
|
1115
|
+
callsite,
|
|
1116
|
+
self._function_handler.make_function_codeloc(func_addr, callsite, self.state.analysis.model.func_addr),
|
|
1117
|
+
func_addr,
|
|
1118
|
+
visited_blocks=set(),
|
|
1119
|
+
)
|
|
1120
|
+
self._function_handler.handle_function(self.state, data)
|
|
1121
|
+
self._visited_blocks = data.visited_blocks
|
|
1122
|
+
|
|
1123
|
+
def _tag_definitions_of_atom(self, atom: Atom, func_addr: int):
|
|
1124
|
+
definitions = self.state.get_definitions(atom)
|
|
1125
|
+
tag = ParameterTag(function=func_addr, metadata={"tagged_by": "SimEngineRDVEX._handle_function_cc"})
|
|
1126
|
+
for definition in definitions:
|
|
1127
|
+
definition.tags |= {tag}
|