PyPI - angr - Versions diffs - 9.2.166__cp310-abi3-manylinux_2_28_x86_64.whl - Mend

angr 9.2.166__cp310-abi3-manylinux_2_28_x86_64.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of angr might be problematic. Click here for more details.

Files changed (1409) hide show

angr/__init__.py +366 -0
angr/__main__.py +152 -0
angr/ailment/__init__.py +81 -0
angr/ailment/block.py +81 -0
angr/ailment/block_walker.py +845 -0
angr/ailment/constant.py +3 -0
angr/ailment/converter_common.py +11 -0
angr/ailment/converter_pcode.py +623 -0
angr/ailment/converter_vex.py +798 -0
angr/ailment/expression.py +1655 -0
angr/ailment/manager.py +33 -0
angr/ailment/statement.py +978 -0
angr/ailment/tagged_object.py +61 -0
angr/ailment/utils.py +114 -0
angr/analyses/__init__.py +113 -0
angr/analyses/analysis.py +429 -0
angr/analyses/backward_slice.py +686 -0
angr/analyses/binary_optimizer.py +670 -0
angr/analyses/bindiff.py +1512 -0
angr/analyses/boyscout.py +76 -0
angr/analyses/callee_cleanup_finder.py +74 -0
angr/analyses/calling_convention/__init__.py +6 -0
angr/analyses/calling_convention/calling_convention.py +1096 -0
angr/analyses/calling_convention/fact_collector.py +636 -0
angr/analyses/calling_convention/utils.py +60 -0
angr/analyses/cdg.py +189 -0
angr/analyses/cfg/__init__.py +23 -0
angr/analyses/cfg/cfb.py +428 -0
angr/analyses/cfg/cfg.py +74 -0
angr/analyses/cfg/cfg_arch_options.py +95 -0
angr/analyses/cfg/cfg_base.py +2909 -0
angr/analyses/cfg/cfg_emulated.py +3451 -0
angr/analyses/cfg/cfg_fast.py +5316 -0
angr/analyses/cfg/cfg_fast_soot.py +662 -0
angr/analyses/cfg/cfg_job_base.py +203 -0
angr/analyses/cfg/indirect_jump_resolvers/__init__.py +28 -0
angr/analyses/cfg/indirect_jump_resolvers/amd64_elf_got.py +62 -0
angr/analyses/cfg/indirect_jump_resolvers/amd64_pe_iat.py +51 -0
angr/analyses/cfg/indirect_jump_resolvers/arm_elf_fast.py +159 -0
angr/analyses/cfg/indirect_jump_resolvers/const_resolver.py +339 -0
angr/analyses/cfg/indirect_jump_resolvers/constant_value_manager.py +107 -0
angr/analyses/cfg/indirect_jump_resolvers/default_resolvers.py +76 -0
angr/analyses/cfg/indirect_jump_resolvers/jumptable.py +2367 -0
angr/analyses/cfg/indirect_jump_resolvers/memload_resolver.py +81 -0
angr/analyses/cfg/indirect_jump_resolvers/mips_elf_fast.py +286 -0
angr/analyses/cfg/indirect_jump_resolvers/mips_elf_got.py +148 -0
angr/analyses/cfg/indirect_jump_resolvers/propagator_utils.py +46 -0
angr/analyses/cfg/indirect_jump_resolvers/resolver.py +74 -0
angr/analyses/cfg/indirect_jump_resolvers/syscall_resolver.py +92 -0
angr/analyses/cfg/indirect_jump_resolvers/x86_elf_pic_plt.py +88 -0
angr/analyses/cfg/indirect_jump_resolvers/x86_pe_iat.py +47 -0
angr/analyses/cfg_slice_to_sink/__init__.py +11 -0
angr/analyses/cfg_slice_to_sink/cfg_slice_to_sink.py +117 -0
angr/analyses/cfg_slice_to_sink/graph.py +87 -0
angr/analyses/cfg_slice_to_sink/transitions.py +27 -0
angr/analyses/class_identifier.py +63 -0
angr/analyses/code_tagging.py +123 -0
angr/analyses/codecave.py +77 -0
angr/analyses/complete_calling_conventions.py +461 -0
angr/analyses/congruency_check.py +377 -0
angr/analyses/data_dep/__init__.py +16 -0
angr/analyses/data_dep/data_dependency_analysis.py +595 -0
angr/analyses/data_dep/dep_nodes.py +171 -0
angr/analyses/data_dep/sim_act_location.py +49 -0
angr/analyses/datagraph_meta.py +105 -0
angr/analyses/ddg.py +1670 -0
angr/analyses/decompiler/__init__.py +41 -0
angr/analyses/decompiler/ail_simplifier.py +2085 -0
angr/analyses/decompiler/ailgraph_walker.py +49 -0
angr/analyses/decompiler/block_io_finder.py +302 -0
angr/analyses/decompiler/block_similarity.py +196 -0
angr/analyses/decompiler/block_simplifier.py +376 -0
angr/analyses/decompiler/callsite_maker.py +571 -0
angr/analyses/decompiler/ccall_rewriters/__init__.py +9 -0
angr/analyses/decompiler/ccall_rewriters/amd64_ccalls.py +580 -0
angr/analyses/decompiler/ccall_rewriters/rewriter_base.py +20 -0
angr/analyses/decompiler/ccall_rewriters/x86_ccalls.py +313 -0
angr/analyses/decompiler/clinic.py +3308 -0
angr/analyses/decompiler/condition_processor.py +1281 -0
angr/analyses/decompiler/counters/__init__.py +16 -0
angr/analyses/decompiler/counters/boolean_counter.py +27 -0
angr/analyses/decompiler/counters/call_counter.py +57 -0
angr/analyses/decompiler/counters/expression_counters.py +77 -0
angr/analyses/decompiler/counters/seq_cf_structure_counter.py +63 -0
angr/analyses/decompiler/decompilation_cache.py +46 -0
angr/analyses/decompiler/decompilation_options.py +275 -0
angr/analyses/decompiler/decompiler.py +710 -0
angr/analyses/decompiler/dephication/__init__.py +6 -0
angr/analyses/decompiler/dephication/dephication_base.py +100 -0
angr/analyses/decompiler/dephication/graph_dephication.py +70 -0
angr/analyses/decompiler/dephication/graph_rewriting.py +112 -0
angr/analyses/decompiler/dephication/graph_vvar_mapping.py +363 -0
angr/analyses/decompiler/dephication/rewriting_engine.py +527 -0
angr/analyses/decompiler/dephication/seqnode_dephication.py +156 -0
angr/analyses/decompiler/empty_node_remover.py +212 -0
angr/analyses/decompiler/expression_narrower.py +287 -0
angr/analyses/decompiler/goto_manager.py +112 -0
angr/analyses/decompiler/graph_region.py +426 -0
angr/analyses/decompiler/jump_target_collector.py +37 -0
angr/analyses/decompiler/jumptable_entry_condition_rewriter.py +67 -0
angr/analyses/decompiler/label_collector.py +32 -0
angr/analyses/decompiler/optimization_passes/__init__.py +151 -0
angr/analyses/decompiler/optimization_passes/base_ptr_save_simplifier.py +157 -0
angr/analyses/decompiler/optimization_passes/call_stmt_rewriter.py +46 -0
angr/analyses/decompiler/optimization_passes/code_motion.py +362 -0
angr/analyses/decompiler/optimization_passes/condition_constprop.py +219 -0
angr/analyses/decompiler/optimization_passes/const_derefs.py +266 -0
angr/analyses/decompiler/optimization_passes/const_prop_reverter.py +365 -0
angr/analyses/decompiler/optimization_passes/cross_jump_reverter.py +106 -0
angr/analyses/decompiler/optimization_passes/deadblock_remover.py +82 -0
angr/analyses/decompiler/optimization_passes/determine_load_sizes.py +64 -0
angr/analyses/decompiler/optimization_passes/div_simplifier.py +425 -0
angr/analyses/decompiler/optimization_passes/duplication_reverter/__init__.py +5 -0
angr/analyses/decompiler/optimization_passes/duplication_reverter/ail_merge_graph.py +503 -0
angr/analyses/decompiler/optimization_passes/duplication_reverter/duplication_reverter.py +1218 -0
angr/analyses/decompiler/optimization_passes/duplication_reverter/errors.py +16 -0
angr/analyses/decompiler/optimization_passes/duplication_reverter/similarity.py +126 -0
angr/analyses/decompiler/optimization_passes/duplication_reverter/utils.py +167 -0
angr/analyses/decompiler/optimization_passes/eager_std_string_concatenation.py +165 -0
angr/analyses/decompiler/optimization_passes/engine_base.py +500 -0
angr/analyses/decompiler/optimization_passes/expr_op_swapper.py +135 -0
angr/analyses/decompiler/optimization_passes/flip_boolean_cmp.py +113 -0
angr/analyses/decompiler/optimization_passes/inlined_string_transformation_simplifier.py +615 -0
angr/analyses/decompiler/optimization_passes/ite_expr_converter.py +224 -0
angr/analyses/decompiler/optimization_passes/ite_region_converter.py +335 -0
angr/analyses/decompiler/optimization_passes/lowered_switch_simplifier.py +923 -0
angr/analyses/decompiler/optimization_passes/mod_simplifier.py +99 -0
angr/analyses/decompiler/optimization_passes/optimization_pass.py +703 -0
angr/analyses/decompiler/optimization_passes/register_save_area_simplifier.py +221 -0
angr/analyses/decompiler/optimization_passes/ret_addr_save_simplifier.py +171 -0
angr/analyses/decompiler/optimization_passes/ret_deduplicator.py +222 -0
angr/analyses/decompiler/optimization_passes/return_duplicator_base.py +640 -0
angr/analyses/decompiler/optimization_passes/return_duplicator_high.py +61 -0
angr/analyses/decompiler/optimization_passes/return_duplicator_low.py +237 -0
angr/analyses/decompiler/optimization_passes/stack_canary_simplifier.py +333 -0
angr/analyses/decompiler/optimization_passes/switch_default_case_duplicator.py +149 -0
angr/analyses/decompiler/optimization_passes/switch_reused_entry_rewriter.py +102 -0
angr/analyses/decompiler/optimization_passes/tag_slicer.py +41 -0
angr/analyses/decompiler/optimization_passes/win_stack_canary_simplifier.py +421 -0
angr/analyses/decompiler/optimization_passes/x86_gcc_getpc_simplifier.py +88 -0
angr/analyses/decompiler/peephole_optimizations/__init__.py +129 -0
angr/analyses/decompiler/peephole_optimizations/a_div_const_add_a_mul_n_div_const.py +42 -0
angr/analyses/decompiler/peephole_optimizations/a_mul_const_div_shr_const.py +38 -0
angr/analyses/decompiler/peephole_optimizations/a_mul_const_sub_a.py +34 -0
angr/analyses/decompiler/peephole_optimizations/a_shl_const_sub_a.py +34 -0
angr/analyses/decompiler/peephole_optimizations/a_sub_a_div.py +25 -0
angr/analyses/decompiler/peephole_optimizations/a_sub_a_shr_const_shr_const.py +37 -0
angr/analyses/decompiler/peephole_optimizations/a_sub_a_sub_n.py +23 -0
angr/analyses/decompiler/peephole_optimizations/arm_cmpf.py +236 -0
angr/analyses/decompiler/peephole_optimizations/base.py +157 -0
angr/analyses/decompiler/peephole_optimizations/basepointeroffset_add_n.py +34 -0
angr/analyses/decompiler/peephole_optimizations/basepointeroffset_and_mask.py +36 -0
angr/analyses/decompiler/peephole_optimizations/bitwise_or_to_logical_or.py +34 -0
angr/analyses/decompiler/peephole_optimizations/bool_expr_xor_1.py +27 -0
angr/analyses/decompiler/peephole_optimizations/bswap.py +142 -0
angr/analyses/decompiler/peephole_optimizations/cas_intrinsics.py +115 -0
angr/analyses/decompiler/peephole_optimizations/cmpord_rewriter.py +71 -0
angr/analyses/decompiler/peephole_optimizations/coalesce_adjacent_shrs.py +39 -0
angr/analyses/decompiler/peephole_optimizations/coalesce_same_cascading_ifs.py +28 -0
angr/analyses/decompiler/peephole_optimizations/constant_derefs.py +44 -0
angr/analyses/decompiler/peephole_optimizations/conv_a_sub0_shr_and.py +69 -0
angr/analyses/decompiler/peephole_optimizations/conv_shl_shr.py +52 -0
angr/analyses/decompiler/peephole_optimizations/eager_eval.py +447 -0
angr/analyses/decompiler/peephole_optimizations/extended_byte_and_mask.py +56 -0
angr/analyses/decompiler/peephole_optimizations/inlined_memcpy.py +78 -0
angr/analyses/decompiler/peephole_optimizations/inlined_strcpy.py +217 -0
angr/analyses/decompiler/peephole_optimizations/inlined_strcpy_consolidation.py +106 -0
angr/analyses/decompiler/peephole_optimizations/inlined_wstrcpy.py +170 -0
angr/analyses/decompiler/peephole_optimizations/invert_negated_logical_conjuction_disjunction.py +50 -0
angr/analyses/decompiler/peephole_optimizations/modulo_simplifier.py +89 -0
angr/analyses/decompiler/peephole_optimizations/one_sub_bool.py +33 -0
angr/analyses/decompiler/peephole_optimizations/optimized_div_simplifier.py +356 -0
angr/analyses/decompiler/peephole_optimizations/remove_cascading_conversions.py +45 -0
angr/analyses/decompiler/peephole_optimizations/remove_cxx_destructor_calls.py +32 -0
angr/analyses/decompiler/peephole_optimizations/remove_empty_if_body.py +46 -0
angr/analyses/decompiler/peephole_optimizations/remove_noop_conversions.py +47 -0
angr/analyses/decompiler/peephole_optimizations/remove_redundant_bitmasks.py +125 -0
angr/analyses/decompiler/peephole_optimizations/remove_redundant_conversions.py +273 -0
angr/analyses/decompiler/peephole_optimizations/remove_redundant_ite_branch.py +30 -0
angr/analyses/decompiler/peephole_optimizations/remove_redundant_ite_comparisons.py +54 -0
angr/analyses/decompiler/peephole_optimizations/remove_redundant_nots.py +36 -0
angr/analyses/decompiler/peephole_optimizations/remove_redundant_reinterprets.py +44 -0
angr/analyses/decompiler/peephole_optimizations/remove_redundant_shifts.py +95 -0
angr/analyses/decompiler/peephole_optimizations/remove_redundant_shifts_around_comparators.py +44 -0
angr/analyses/decompiler/peephole_optimizations/rewrite_bit_extractions.py +85 -0
angr/analyses/decompiler/peephole_optimizations/rewrite_conv_mul.py +40 -0
angr/analyses/decompiler/peephole_optimizations/rewrite_cxx_operator_calls.py +90 -0
angr/analyses/decompiler/peephole_optimizations/rewrite_mips_gp_loads.py +49 -0
angr/analyses/decompiler/peephole_optimizations/rol_ror.py +130 -0
angr/analyses/decompiler/peephole_optimizations/sar_to_signed_div.py +143 -0
angr/analyses/decompiler/peephole_optimizations/shl_to_mul.py +25 -0
angr/analyses/decompiler/peephole_optimizations/simplify_pc_relative_loads.py +51 -0
angr/analyses/decompiler/peephole_optimizations/single_bit_cond_to_boolexpr.py +82 -0
angr/analyses/decompiler/peephole_optimizations/single_bit_xor.py +29 -0
angr/analyses/decompiler/peephole_optimizations/tidy_stack_addr.py +131 -0
angr/analyses/decompiler/peephole_optimizations/utils.py +18 -0
angr/analyses/decompiler/presets/__init__.py +20 -0
angr/analyses/decompiler/presets/basic.py +32 -0
angr/analyses/decompiler/presets/fast.py +58 -0
angr/analyses/decompiler/presets/full.py +68 -0
angr/analyses/decompiler/presets/preset.py +37 -0
angr/analyses/decompiler/redundant_label_remover.py +134 -0
angr/analyses/decompiler/region_identifier.py +1239 -0
angr/analyses/decompiler/region_simplifiers/__init__.py +5 -0
angr/analyses/decompiler/region_simplifiers/cascading_cond_transformer.py +95 -0
angr/analyses/decompiler/region_simplifiers/cascading_ifs.py +82 -0
angr/analyses/decompiler/region_simplifiers/expr_folding.py +818 -0
angr/analyses/decompiler/region_simplifiers/goto.py +178 -0
angr/analyses/decompiler/region_simplifiers/if_.py +135 -0
angr/analyses/decompiler/region_simplifiers/ifelse.py +91 -0
angr/analyses/decompiler/region_simplifiers/loop.py +143 -0
angr/analyses/decompiler/region_simplifiers/node_address_finder.py +24 -0
angr/analyses/decompiler/region_simplifiers/region_simplifier.py +246 -0
angr/analyses/decompiler/region_simplifiers/switch_cluster_simplifier.py +654 -0
angr/analyses/decompiler/region_simplifiers/switch_expr_simplifier.py +87 -0
angr/analyses/decompiler/region_walker.py +24 -0
angr/analyses/decompiler/return_maker.py +72 -0
angr/analyses/decompiler/seq_to_blocks.py +20 -0
angr/analyses/decompiler/sequence_walker.py +257 -0
angr/analyses/decompiler/ssailification/__init__.py +4 -0
angr/analyses/decompiler/ssailification/rewriting.py +379 -0
angr/analyses/decompiler/ssailification/rewriting_engine.py +1053 -0
angr/analyses/decompiler/ssailification/rewriting_state.py +61 -0
angr/analyses/decompiler/ssailification/ssailification.py +276 -0
angr/analyses/decompiler/ssailification/traversal.py +124 -0
angr/analyses/decompiler/ssailification/traversal_engine.py +306 -0
angr/analyses/decompiler/ssailification/traversal_state.py +48 -0
angr/analyses/decompiler/stack_item.py +36 -0
angr/analyses/decompiler/structured_codegen/__init__.py +25 -0
angr/analyses/decompiler/structured_codegen/base.py +132 -0
angr/analyses/decompiler/structured_codegen/c.py +4082 -0
angr/analyses/decompiler/structured_codegen/dummy.py +15 -0
angr/analyses/decompiler/structured_codegen/dwarf_import.py +190 -0
angr/analyses/decompiler/structuring/__init__.py +30 -0
angr/analyses/decompiler/structuring/dream.py +1217 -0
angr/analyses/decompiler/structuring/phoenix.py +3090 -0
angr/analyses/decompiler/structuring/recursive_structurer.py +187 -0
angr/analyses/decompiler/structuring/sailr.py +120 -0
angr/analyses/decompiler/structuring/structurer_base.py +1066 -0
angr/analyses/decompiler/structuring/structurer_nodes.py +440 -0
angr/analyses/decompiler/utils.py +1118 -0
angr/analyses/deobfuscator/__init__.py +18 -0
angr/analyses/deobfuscator/api_obf_finder.py +325 -0
angr/analyses/deobfuscator/api_obf_peephole_optimizer.py +51 -0
angr/analyses/deobfuscator/api_obf_type2_finder.py +166 -0
angr/analyses/deobfuscator/irsb_reg_collector.py +54 -0
angr/analyses/deobfuscator/string_obf_finder.py +959 -0
angr/analyses/deobfuscator/string_obf_opt_passes.py +133 -0
angr/analyses/deobfuscator/string_obf_peephole_optimizer.py +47 -0
angr/analyses/disassembly.py +1295 -0
angr/analyses/disassembly_utils.py +101 -0
angr/analyses/dominance_frontier.py +57 -0
angr/analyses/fcp/__init__.py +4 -0
angr/analyses/fcp/fcp.py +427 -0
angr/analyses/find_objects_static.py +205 -0
angr/analyses/flirt/__init__.py +47 -0
angr/analyses/flirt/consts.py +160 -0
angr/analyses/flirt/flirt.py +244 -0
angr/analyses/flirt/flirt_function.py +20 -0
angr/analyses/flirt/flirt_matcher.py +351 -0
angr/analyses/flirt/flirt_module.py +32 -0
angr/analyses/flirt/flirt_node.py +23 -0
angr/analyses/flirt/flirt_sig.py +359 -0
angr/analyses/flirt/flirt_utils.py +31 -0
angr/analyses/forward_analysis/__init__.py +12 -0
angr/analyses/forward_analysis/forward_analysis.py +530 -0
angr/analyses/forward_analysis/job_info.py +64 -0
angr/analyses/forward_analysis/visitors/__init__.py +14 -0
angr/analyses/forward_analysis/visitors/call_graph.py +29 -0
angr/analyses/forward_analysis/visitors/function_graph.py +86 -0
angr/analyses/forward_analysis/visitors/graph.py +242 -0
angr/analyses/forward_analysis/visitors/loop.py +29 -0
angr/analyses/forward_analysis/visitors/single_node_graph.py +38 -0
angr/analyses/identifier/__init__.py +5 -0
angr/analyses/identifier/custom_callable.py +137 -0
angr/analyses/identifier/errors.py +10 -0
angr/analyses/identifier/func.py +60 -0
angr/analyses/identifier/functions/__init__.py +37 -0
angr/analyses/identifier/functions/atoi.py +73 -0
angr/analyses/identifier/functions/based_atoi.py +125 -0
angr/analyses/identifier/functions/fdprintf.py +123 -0
angr/analyses/identifier/functions/free.py +64 -0
angr/analyses/identifier/functions/int2str.py +287 -0
angr/analyses/identifier/functions/malloc.py +111 -0
angr/analyses/identifier/functions/memcmp.py +67 -0
angr/analyses/identifier/functions/memcpy.py +89 -0
angr/analyses/identifier/functions/memset.py +43 -0
angr/analyses/identifier/functions/printf.py +123 -0
angr/analyses/identifier/functions/recv_until.py +312 -0
angr/analyses/identifier/functions/skip_calloc.py +73 -0
angr/analyses/identifier/functions/skip_realloc.py +97 -0
angr/analyses/identifier/functions/skip_recv_n.py +105 -0
angr/analyses/identifier/functions/snprintf.py +112 -0
angr/analyses/identifier/functions/sprintf.py +116 -0
angr/analyses/identifier/functions/strcasecmp.py +33 -0
angr/analyses/identifier/functions/strcmp.py +113 -0
angr/analyses/identifier/functions/strcpy.py +43 -0
angr/analyses/identifier/functions/strlen.py +27 -0
angr/analyses/identifier/functions/strncmp.py +104 -0
angr/analyses/identifier/functions/strncpy.py +65 -0
angr/analyses/identifier/functions/strtol.py +89 -0
angr/analyses/identifier/identify.py +825 -0
angr/analyses/identifier/runner.py +360 -0
angr/analyses/init_finder.py +289 -0
angr/analyses/loop_analysis.py +349 -0
angr/analyses/loopfinder.py +171 -0
angr/analyses/patchfinder.py +137 -0
angr/analyses/pathfinder.py +282 -0
angr/analyses/propagator/__init__.py +5 -0
angr/analyses/propagator/engine_base.py +62 -0
angr/analyses/propagator/engine_vex.py +297 -0
angr/analyses/propagator/propagator.py +361 -0
angr/analyses/propagator/top_checker_mixin.py +218 -0
angr/analyses/propagator/values.py +117 -0
angr/analyses/propagator/vex_vars.py +68 -0
angr/analyses/proximity_graph.py +444 -0
angr/analyses/reaching_definitions/__init__.py +67 -0
angr/analyses/reaching_definitions/call_trace.py +73 -0
angr/analyses/reaching_definitions/dep_graph.py +433 -0
angr/analyses/reaching_definitions/engine_ail.py +1130 -0
angr/analyses/reaching_definitions/engine_vex.py +1127 -0
angr/analyses/reaching_definitions/external_codeloc.py +0 -0
angr/analyses/reaching_definitions/function_handler.py +638 -0
angr/analyses/reaching_definitions/function_handler_library/__init__.py +12 -0
angr/analyses/reaching_definitions/function_handler_library/stdio.py +269 -0
angr/analyses/reaching_definitions/function_handler_library/stdlib.py +195 -0
angr/analyses/reaching_definitions/function_handler_library/string.py +158 -0
angr/analyses/reaching_definitions/function_handler_library/unistd.py +51 -0
angr/analyses/reaching_definitions/heap_allocator.py +70 -0
angr/analyses/reaching_definitions/rd_initializer.py +237 -0
angr/analyses/reaching_definitions/rd_state.py +579 -0
angr/analyses/reaching_definitions/reaching_definitions.py +581 -0
angr/analyses/reaching_definitions/subject.py +65 -0
angr/analyses/reassembler.py +2900 -0
angr/analyses/s_liveness.py +203 -0
angr/analyses/s_propagator.py +542 -0
angr/analyses/s_reaching_definitions/__init__.py +12 -0
angr/analyses/s_reaching_definitions/s_rda_model.py +136 -0
angr/analyses/s_reaching_definitions/s_rda_view.py +316 -0
angr/analyses/s_reaching_definitions/s_reaching_definitions.py +177 -0
angr/analyses/smc.py +161 -0
angr/analyses/soot_class_hierarchy.py +273 -0
angr/analyses/stack_pointer_tracker.py +953 -0
angr/analyses/static_hooker.py +53 -0
angr/analyses/typehoon/__init__.py +5 -0
angr/analyses/typehoon/dfa.py +118 -0
angr/analyses/typehoon/lifter.py +122 -0
angr/analyses/typehoon/simple_solver.py +1666 -0
angr/analyses/typehoon/translator.py +279 -0
angr/analyses/typehoon/typeconsts.py +338 -0
angr/analyses/typehoon/typehoon.py +319 -0
angr/analyses/typehoon/typevars.py +622 -0
angr/analyses/typehoon/variance.py +11 -0
angr/analyses/unpacker/__init__.py +6 -0
angr/analyses/unpacker/obfuscation_detector.py +103 -0
angr/analyses/unpacker/packing_detector.py +138 -0
angr/analyses/variable_recovery/__init__.py +9 -0
angr/analyses/variable_recovery/annotations.py +58 -0
angr/analyses/variable_recovery/engine_ail.py +885 -0
angr/analyses/variable_recovery/engine_base.py +1197 -0
angr/analyses/variable_recovery/engine_vex.py +593 -0
angr/analyses/variable_recovery/irsb_scanner.py +143 -0
angr/analyses/variable_recovery/variable_recovery.py +574 -0
angr/analyses/variable_recovery/variable_recovery_base.py +489 -0
angr/analyses/variable_recovery/variable_recovery_fast.py +661 -0
angr/analyses/veritesting.py +626 -0
angr/analyses/vfg.py +1898 -0
angr/analyses/vsa_ddg.py +420 -0
angr/analyses/vtable.py +92 -0
angr/analyses/xrefs.py +286 -0
angr/angrdb/__init__.py +14 -0
angr/angrdb/db.py +206 -0
angr/angrdb/models.py +184 -0
angr/angrdb/serializers/__init__.py +10 -0
angr/angrdb/serializers/cfg_model.py +41 -0
angr/angrdb/serializers/comments.py +60 -0
angr/angrdb/serializers/funcs.py +61 -0
angr/angrdb/serializers/kb.py +111 -0
angr/angrdb/serializers/labels.py +59 -0
angr/angrdb/serializers/loader.py +165 -0
angr/angrdb/serializers/structured_code.py +125 -0
angr/angrdb/serializers/variables.py +58 -0
angr/angrdb/serializers/xrefs.py +48 -0
angr/annocfg.py +317 -0
angr/blade.py +431 -0
angr/block.py +509 -0
angr/callable.py +168 -0
angr/calling_conventions.py +2580 -0
angr/code_location.py +163 -0
angr/codenode.py +145 -0
angr/concretization_strategies/__init__.py +32 -0
angr/concretization_strategies/any.py +17 -0
angr/concretization_strategies/any_named.py +35 -0
angr/concretization_strategies/base.py +81 -0
angr/concretization_strategies/controlled_data.py +58 -0
angr/concretization_strategies/eval.py +19 -0
angr/concretization_strategies/logging.py +35 -0
angr/concretization_strategies/max.py +25 -0
angr/concretization_strategies/nonzero.py +16 -0
angr/concretization_strategies/nonzero_range.py +22 -0
angr/concretization_strategies/norepeats.py +37 -0
angr/concretization_strategies/norepeats_range.py +37 -0
angr/concretization_strategies/range.py +19 -0
angr/concretization_strategies/signed_add.py +31 -0
angr/concretization_strategies/single.py +15 -0
angr/concretization_strategies/solutions.py +20 -0
angr/concretization_strategies/unlimited_range.py +17 -0
angr/distributed/__init__.py +9 -0
angr/distributed/server.py +197 -0
angr/distributed/worker.py +185 -0
angr/emulator.py +143 -0
angr/engines/__init__.py +67 -0
angr/engines/concrete.py +66 -0
angr/engines/engine.py +29 -0
angr/engines/failure.py +27 -0
angr/engines/hook.py +68 -0
angr/engines/icicle.py +278 -0
angr/engines/light/__init__.py +23 -0
angr/engines/light/data.py +681 -0
angr/engines/light/engine.py +1285 -0
angr/engines/pcode/__init__.py +9 -0
angr/engines/pcode/behavior.py +994 -0
angr/engines/pcode/cc.py +128 -0
angr/engines/pcode/emulate.py +440 -0
angr/engines/pcode/engine.py +242 -0
angr/engines/pcode/lifter.py +1420 -0
angr/engines/procedure.py +70 -0
angr/engines/soot/__init__.py +5 -0
angr/engines/soot/engine.py +410 -0
angr/engines/soot/exceptions.py +17 -0
angr/engines/soot/expressions/__init__.py +87 -0
angr/engines/soot/expressions/arrayref.py +22 -0
angr/engines/soot/expressions/base.py +21 -0
angr/engines/soot/expressions/binop.py +28 -0
angr/engines/soot/expressions/cast.py +22 -0
angr/engines/soot/expressions/condition.py +35 -0
angr/engines/soot/expressions/constants.py +47 -0
angr/engines/soot/expressions/instanceOf.py +15 -0
angr/engines/soot/expressions/instancefieldref.py +8 -0
angr/engines/soot/expressions/invoke.py +114 -0
angr/engines/soot/expressions/length.py +8 -0
angr/engines/soot/expressions/local.py +8 -0
angr/engines/soot/expressions/new.py +16 -0
angr/engines/soot/expressions/newArray.py +54 -0
angr/engines/soot/expressions/newMultiArray.py +86 -0
angr/engines/soot/expressions/paramref.py +8 -0
angr/engines/soot/expressions/phi.py +30 -0
angr/engines/soot/expressions/staticfieldref.py +8 -0
angr/engines/soot/expressions/thisref.py +7 -0
angr/engines/soot/expressions/unsupported.py +7 -0
angr/engines/soot/field_dispatcher.py +46 -0
angr/engines/soot/method_dispatcher.py +46 -0
angr/engines/soot/statements/__init__.py +44 -0
angr/engines/soot/statements/assign.py +30 -0
angr/engines/soot/statements/base.py +79 -0
angr/engines/soot/statements/goto.py +14 -0
angr/engines/soot/statements/identity.py +15 -0
angr/engines/soot/statements/if_.py +19 -0
angr/engines/soot/statements/invoke.py +12 -0
angr/engines/soot/statements/return_.py +20 -0
angr/engines/soot/statements/switch.py +41 -0
angr/engines/soot/statements/throw.py +15 -0
angr/engines/soot/values/__init__.py +38 -0
angr/engines/soot/values/arrayref.py +122 -0
angr/engines/soot/values/base.py +7 -0
angr/engines/soot/values/constants.py +18 -0
angr/engines/soot/values/instancefieldref.py +44 -0
angr/engines/soot/values/local.py +18 -0
angr/engines/soot/values/paramref.py +18 -0
angr/engines/soot/values/staticfieldref.py +38 -0
angr/engines/soot/values/strref.py +38 -0
angr/engines/soot/values/thisref.py +149 -0
angr/engines/successors.py +654 -0
angr/engines/syscall.py +51 -0
angr/engines/unicorn.py +490 -0
angr/engines/vex/__init__.py +20 -0
angr/engines/vex/claripy/__init__.py +5 -0
angr/engines/vex/claripy/ccall.py +2097 -0
angr/engines/vex/claripy/datalayer.py +141 -0
angr/engines/vex/claripy/irop.py +1276 -0
angr/engines/vex/heavy/__init__.py +16 -0
angr/engines/vex/heavy/actions.py +231 -0
angr/engines/vex/heavy/concretizers.py +403 -0
angr/engines/vex/heavy/dirty.py +466 -0
angr/engines/vex/heavy/heavy.py +370 -0
angr/engines/vex/heavy/inspect.py +52 -0
angr/engines/vex/heavy/resilience.py +85 -0
angr/engines/vex/heavy/super_fastpath.py +34 -0
angr/engines/vex/lifter.py +420 -0
angr/engines/vex/light/__init__.py +11 -0
angr/engines/vex/light/light.py +551 -0
angr/engines/vex/light/resilience.py +74 -0
angr/engines/vex/light/slicing.py +52 -0
angr/errors.py +609 -0
angr/exploration_techniques/__init__.py +53 -0
angr/exploration_techniques/base.py +126 -0
angr/exploration_techniques/bucketizer.py +94 -0
angr/exploration_techniques/common.py +56 -0
angr/exploration_techniques/dfs.py +37 -0
angr/exploration_techniques/director.py +520 -0
angr/exploration_techniques/driller_core.py +100 -0
angr/exploration_techniques/explorer.py +152 -0
angr/exploration_techniques/lengthlimiter.py +22 -0
angr/exploration_techniques/local_loop_seer.py +65 -0
angr/exploration_techniques/loop_seer.py +236 -0
angr/exploration_techniques/manual_mergepoint.py +82 -0
angr/exploration_techniques/memory_watcher.py +43 -0
angr/exploration_techniques/oppologist.py +92 -0
angr/exploration_techniques/slicecutor.py +118 -0
angr/exploration_techniques/spiller.py +280 -0
angr/exploration_techniques/spiller_db.py +27 -0
angr/exploration_techniques/stochastic.py +56 -0
angr/exploration_techniques/stub_stasher.py +19 -0
angr/exploration_techniques/suggestions.py +159 -0
angr/exploration_techniques/tech_builder.py +49 -0
angr/exploration_techniques/threading.py +69 -0
angr/exploration_techniques/timeout.py +34 -0
angr/exploration_techniques/tracer.py +1098 -0
angr/exploration_techniques/unique.py +106 -0
angr/exploration_techniques/veritesting.py +37 -0
angr/factory.py +404 -0
angr/flirt/__init__.py +97 -0
angr/flirt/build_sig.py +305 -0
angr/graph_utils.py +0 -0
angr/keyed_region.py +525 -0
angr/knowledge_base.py +143 -0
angr/knowledge_plugins/__init__.py +43 -0
angr/knowledge_plugins/callsite_prototypes.py +53 -0
angr/knowledge_plugins/cfg/__init__.py +18 -0
angr/knowledge_plugins/cfg/cfg_manager.py +95 -0
angr/knowledge_plugins/cfg/cfg_model.py +1045 -0
angr/knowledge_plugins/cfg/cfg_node.py +536 -0
angr/knowledge_plugins/cfg/indirect_jump.py +65 -0
angr/knowledge_plugins/cfg/memory_data.py +156 -0
angr/knowledge_plugins/comments.py +16 -0
angr/knowledge_plugins/custom_strings.py +38 -0
angr/knowledge_plugins/data.py +22 -0
angr/knowledge_plugins/debug_variables.py +216 -0
angr/knowledge_plugins/functions/__init__.py +9 -0
angr/knowledge_plugins/functions/function.py +1780 -0
angr/knowledge_plugins/functions/function_manager.py +588 -0
angr/knowledge_plugins/functions/function_parser.py +299 -0
angr/knowledge_plugins/functions/soot_function.py +128 -0
angr/knowledge_plugins/indirect_jumps.py +35 -0
angr/knowledge_plugins/key_definitions/__init__.py +17 -0
angr/knowledge_plugins/key_definitions/atoms.py +374 -0
angr/knowledge_plugins/key_definitions/constants.py +29 -0
angr/knowledge_plugins/key_definitions/definition.py +214 -0
angr/knowledge_plugins/key_definitions/environment.py +96 -0
angr/knowledge_plugins/key_definitions/heap_address.py +33 -0
angr/knowledge_plugins/key_definitions/key_definition_manager.py +82 -0
angr/knowledge_plugins/key_definitions/live_definitions.py +1010 -0
angr/knowledge_plugins/key_definitions/liveness.py +165 -0
angr/knowledge_plugins/key_definitions/rd_model.py +171 -0
angr/knowledge_plugins/key_definitions/tag.py +78 -0
angr/knowledge_plugins/key_definitions/undefined.py +70 -0
angr/knowledge_plugins/key_definitions/unknown_size.py +86 -0
angr/knowledge_plugins/key_definitions/uses.py +178 -0
angr/knowledge_plugins/labels.py +110 -0
angr/knowledge_plugins/obfuscations.py +37 -0
angr/knowledge_plugins/patches.py +126 -0
angr/knowledge_plugins/plugin.py +24 -0
angr/knowledge_plugins/propagations/__init__.py +10 -0
angr/knowledge_plugins/propagations/prop_value.py +191 -0
angr/knowledge_plugins/propagations/propagation_manager.py +60 -0
angr/knowledge_plugins/propagations/propagation_model.py +80 -0
angr/knowledge_plugins/propagations/states.py +552 -0
angr/knowledge_plugins/structured_code.py +63 -0
angr/knowledge_plugins/types.py +88 -0
angr/knowledge_plugins/variables/__init__.py +8 -0
angr/knowledge_plugins/variables/variable_access.py +113 -0
angr/knowledge_plugins/variables/variable_manager.py +1380 -0
angr/knowledge_plugins/xrefs/__init__.py +12 -0
angr/knowledge_plugins/xrefs/xref.py +150 -0
angr/knowledge_plugins/xrefs/xref_manager.py +127 -0
angr/knowledge_plugins/xrefs/xref_types.py +16 -0
angr/misc/__init__.py +19 -0
angr/misc/ansi.py +47 -0
angr/misc/autoimport.py +90 -0
angr/misc/bug_report.py +117 -0
angr/misc/hookset.py +106 -0
angr/misc/loggers.py +130 -0
angr/misc/picklable_lock.py +46 -0
angr/misc/plugins.py +289 -0
angr/misc/telemetry.py +54 -0
angr/misc/testing.py +24 -0
angr/misc/ux.py +31 -0
angr/procedures/__init__.py +12 -0
angr/procedures/advapi32/__init__.py +0 -0
angr/procedures/cgc/__init__.py +3 -0
angr/procedures/cgc/_terminate.py +11 -0
angr/procedures/cgc/allocate.py +75 -0
angr/procedures/cgc/deallocate.py +67 -0
angr/procedures/cgc/fdwait.py +65 -0
angr/procedures/cgc/random.py +67 -0
angr/procedures/cgc/receive.py +93 -0
angr/procedures/cgc/transmit.py +65 -0
angr/procedures/definitions/__init__.py +779 -0
angr/procedures/definitions/cgc.py +20 -0
angr/procedures/definitions/glibc.py +8372 -0
angr/procedures/definitions/gnulib.py +32 -0
angr/procedures/definitions/libstdcpp.py +21 -0
angr/procedures/definitions/linux_kernel.py +6171 -0
angr/procedures/definitions/linux_loader.py +7 -0
angr/procedures/definitions/msvcr.py +16 -0
angr/procedures/definitions/parse_syscalls_from_local_system.py +50 -0
angr/procedures/definitions/parse_win32json.py +2553 -0
angr/procedures/definitions/types_stl.py +22 -0
angr/procedures/definitions/types_win32.py +34482 -0
angr/procedures/definitions/wdk_api-ms-win-dx-d3dkmt-l1-1-4.py +30 -0
angr/procedures/definitions/wdk_api-ms-win-dx-d3dkmt-l1-1-6.py +26 -0
angr/procedures/definitions/wdk_clfs.py +140 -0
angr/procedures/definitions/wdk_fltmgr.py +556 -0
angr/procedures/definitions/wdk_fwpkclnt.py +30 -0
angr/procedures/definitions/wdk_fwpuclnt.py +316 -0
angr/procedures/definitions/wdk_gdi32.py +366 -0
angr/procedures/definitions/wdk_hal.py +78 -0
angr/procedures/definitions/wdk_ksecdd.py +62 -0
angr/procedures/definitions/wdk_ndis.py +238 -0
angr/procedures/definitions/wdk_ntoskrnl.py +3451 -0
angr/procedures/definitions/wdk_offreg.py +72 -0
angr/procedures/definitions/wdk_pshed.py +36 -0
angr/procedures/definitions/wdk_secur32.py +40 -0
angr/procedures/definitions/wdk_vhfum.py +34 -0
angr/procedures/definitions/win32_aclui.py +30 -0
angr/procedures/definitions/win32_activeds.py +68 -0
angr/procedures/definitions/win32_advapi32.py +1684 -0
angr/procedures/definitions/win32_advpack.py +124 -0
angr/procedures/definitions/win32_amsi.py +38 -0
angr/procedures/definitions/win32_api-ms-win-appmodel-runtime-l1-1-1.py +44 -0
angr/procedures/definitions/win32_api-ms-win-appmodel-runtime-l1-1-3.py +34 -0
angr/procedures/definitions/win32_api-ms-win-appmodel-runtime-l1-1-6.py +26 -0
angr/procedures/definitions/win32_api-ms-win-core-apiquery-l2-1-0.py +26 -0
angr/procedures/definitions/win32_api-ms-win-core-backgroundtask-l1-1-0.py +26 -0
angr/procedures/definitions/win32_api-ms-win-core-comm-l1-1-1.py +26 -0
angr/procedures/definitions/win32_api-ms-win-core-comm-l1-1-2.py +26 -0
angr/procedures/definitions/win32_api-ms-win-core-enclave-l1-1-1.py +30 -0
angr/procedures/definitions/win32_api-ms-win-core-errorhandling-l1-1-3.py +26 -0
angr/procedures/definitions/win32_api-ms-win-core-featurestaging-l1-1-0.py +34 -0
angr/procedures/definitions/win32_api-ms-win-core-featurestaging-l1-1-1.py +26 -0
angr/procedures/definitions/win32_api-ms-win-core-file-fromapp-l1-1-0.py +46 -0
angr/procedures/definitions/win32_api-ms-win-core-handle-l1-1-0.py +26 -0
angr/procedures/definitions/win32_api-ms-win-core-ioring-l1-1-0.py +48 -0
angr/procedures/definitions/win32_api-ms-win-core-marshal-l1-1-0.py +32 -0
angr/procedures/definitions/win32_api-ms-win-core-memory-l1-1-3.py +32 -0
angr/procedures/definitions/win32_api-ms-win-core-memory-l1-1-4.py +26 -0
angr/procedures/definitions/win32_api-ms-win-core-memory-l1-1-5.py +30 -0
angr/procedures/definitions/win32_api-ms-win-core-memory-l1-1-6.py +32 -0
angr/procedures/definitions/win32_api-ms-win-core-memory-l1-1-7.py +28 -0
angr/procedures/definitions/win32_api-ms-win-core-memory-l1-1-8.py +30 -0
angr/procedures/definitions/win32_api-ms-win-core-path-l1-1-0.py +68 -0
angr/procedures/definitions/win32_api-ms-win-core-psm-appnotify-l1-1-0.py +28 -0
angr/procedures/definitions/win32_api-ms-win-core-psm-appnotify-l1-1-1.py +28 -0
angr/procedures/definitions/win32_api-ms-win-core-realtime-l1-1-1.py +30 -0
angr/procedures/definitions/win32_api-ms-win-core-realtime-l1-1-2.py +30 -0
angr/procedures/definitions/win32_api-ms-win-core-slapi-l1-1-0.py +26 -0
angr/procedures/definitions/win32_api-ms-win-core-state-helpers-l1-1-0.py +26 -0
angr/procedures/definitions/win32_api-ms-win-core-synch-l1-2-0.py +30 -0
angr/procedures/definitions/win32_api-ms-win-core-sysinfo-l1-2-0.py +26 -0
angr/procedures/definitions/win32_api-ms-win-core-sysinfo-l1-2-3.py +28 -0
angr/procedures/definitions/win32_api-ms-win-core-sysinfo-l1-2-4.py +28 -0
angr/procedures/definitions/win32_api-ms-win-core-sysinfo-l1-2-6.py +26 -0
angr/procedures/definitions/win32_api-ms-win-core-util-l1-1-1.py +28 -0
angr/procedures/definitions/win32_api-ms-win-core-winrt-error-l1-1-0.py +44 -0
angr/procedures/definitions/win32_api-ms-win-core-winrt-error-l1-1-1.py +38 -0
angr/procedures/definitions/win32_api-ms-win-core-winrt-l1-1-0.py +40 -0
angr/procedures/definitions/win32_api-ms-win-core-winrt-registration-l1-1-0.py +24 -0
angr/procedures/definitions/win32_api-ms-win-core-winrt-robuffer-l1-1-0.py +24 -0
angr/procedures/definitions/win32_api-ms-win-core-winrt-roparameterizediid-l1-1-0.py +28 -0
angr/procedures/definitions/win32_api-ms-win-core-winrt-string-l1-1-0.py +76 -0
angr/procedures/definitions/win32_api-ms-win-core-winrt-string-l1-1-1.py +24 -0
angr/procedures/definitions/win32_api-ms-win-core-wow64-l1-1-1.py +30 -0
angr/procedures/definitions/win32_api-ms-win-devices-query-l1-1-0.py +42 -0
angr/procedures/definitions/win32_api-ms-win-devices-query-l1-1-1.py +34 -0
angr/procedures/definitions/win32_api-ms-win-dx-d3dkmt-l1-1-0.py +26 -0
angr/procedures/definitions/win32_api-ms-win-gaming-deviceinformation-l1-1-0.py +26 -0
angr/procedures/definitions/win32_api-ms-win-gaming-expandedresources-l1-1-0.py +30 -0
angr/procedures/definitions/win32_api-ms-win-gaming-tcui-l1-1-0.py +38 -0
angr/procedures/definitions/win32_api-ms-win-gaming-tcui-l1-1-1.py +28 -0
angr/procedures/definitions/win32_api-ms-win-gaming-tcui-l1-1-2.py +38 -0
angr/procedures/definitions/win32_api-ms-win-gaming-tcui-l1-1-3.py +28 -0
angr/procedures/definitions/win32_api-ms-win-gaming-tcui-l1-1-4.py +40 -0
angr/procedures/definitions/win32_api-ms-win-mm-misc-l1-1-1.py +26 -0
angr/procedures/definitions/win32_api-ms-win-net-isolation-l1-1-0.py +40 -0
angr/procedures/definitions/win32_api-ms-win-security-base-l1-2-2.py +26 -0
angr/procedures/definitions/win32_api-ms-win-security-isolatedcontainer-l1-1-0.py +26 -0
angr/procedures/definitions/win32_api-ms-win-security-isolatedcontainer-l1-1-1.py +26 -0
angr/procedures/definitions/win32_api-ms-win-service-core-l1-1-3.py +26 -0
angr/procedures/definitions/win32_api-ms-win-service-core-l1-1-4.py +26 -0
angr/procedures/definitions/win32_api-ms-win-service-core-l1-1-5.py +28 -0
angr/procedures/definitions/win32_api-ms-win-shcore-scaling-l1-1-0.py +30 -0
angr/procedures/definitions/win32_api-ms-win-shcore-scaling-l1-1-1.py +36 -0
angr/procedures/definitions/win32_api-ms-win-shcore-scaling-l1-1-2.py +26 -0
angr/procedures/definitions/win32_api-ms-win-shcore-stream-winrt-l1-1-0.py +28 -0
angr/procedures/definitions/win32_api-ms-win-wsl-api-l1-1-0.py +38 -0
angr/procedures/definitions/win32_apphelp.py +26 -0
angr/procedures/definitions/win32_authz.py +90 -0
angr/procedures/definitions/win32_avicap32.py +32 -0
angr/procedures/definitions/win32_avifil32.py +144 -0
angr/procedures/definitions/win32_avrt.py +52 -0
angr/procedures/definitions/win32_bcp47mrm.py +28 -0
angr/procedures/definitions/win32_bcrypt.py +130 -0
angr/procedures/definitions/win32_bcryptprimitives.py +28 -0
angr/procedures/definitions/win32_bluetoothapis.py +106 -0
angr/procedures/definitions/win32_bthprops.py +34 -0
angr/procedures/definitions/win32_bthprops_cpl.py +36 -0
angr/procedures/definitions/win32_cabinet.py +68 -0
angr/procedures/definitions/win32_certadm.py +60 -0
angr/procedures/definitions/win32_certpoleng.py +40 -0
angr/procedures/definitions/win32_cfgmgr32.py +502 -0
angr/procedures/definitions/win32_chakra.py +198 -0
angr/procedures/definitions/win32_cldapi.py +96 -0
angr/procedures/definitions/win32_clfsw32.py +142 -0
angr/procedures/definitions/win32_clusapi.py +584 -0
angr/procedures/definitions/win32_comctl32.py +254 -0
angr/procedures/definitions/win32_comdlg32.py +66 -0
angr/procedures/definitions/win32_compstui.py +32 -0
angr/procedures/definitions/win32_computecore.py +132 -0
angr/procedures/definitions/win32_computenetwork.py +110 -0
angr/procedures/definitions/win32_computestorage.py +48 -0
angr/procedures/definitions/win32_comsvcs.py +38 -0
angr/procedures/definitions/win32_coremessaging.py +24 -0
angr/procedures/definitions/win32_credui.py +62 -0
angr/procedures/definitions/win32_crypt32.py +482 -0
angr/procedures/definitions/win32_cryptnet.py +34 -0
angr/procedures/definitions/win32_cryptui.py +44 -0
angr/procedures/definitions/win32_cryptxml.py +62 -0
angr/procedures/definitions/win32_cscapi.py +32 -0
angr/procedures/definitions/win32_d2d1.py +50 -0
angr/procedures/definitions/win32_d3d10.py +78 -0
angr/procedures/definitions/win32_d3d10_1.py +28 -0
angr/procedures/definitions/win32_d3d11.py +30 -0
angr/procedures/definitions/win32_d3d12.py +40 -0
angr/procedures/definitions/win32_d3d9.py +46 -0
angr/procedures/definitions/win32_d3dcompiler_47.py +76 -0
angr/procedures/definitions/win32_d3dcsx.py +42 -0
angr/procedures/definitions/win32_davclnt.py +60 -0
angr/procedures/definitions/win32_dbgeng.py +32 -0
angr/procedures/definitions/win32_dbghelp.py +462 -0
angr/procedures/definitions/win32_dbgmodel.py +26 -0
angr/procedures/definitions/win32_dciman32.py +64 -0
angr/procedures/definitions/win32_dcomp.py +48 -0
angr/procedures/definitions/win32_ddraw.py +38 -0
angr/procedures/definitions/win32_deviceaccess.py +26 -0
angr/procedures/definitions/win32_dflayout.py +26 -0
angr/procedures/definitions/win32_dhcpcsvc.py +54 -0
angr/procedures/definitions/win32_dhcpcsvc6.py +36 -0
angr/procedures/definitions/win32_dhcpsapi.py +416 -0
angr/procedures/definitions/win32_diagnosticdataquery.py +94 -0
angr/procedures/definitions/win32_dinput8.py +26 -0
angr/procedures/definitions/win32_directml.py +28 -0
angr/procedures/definitions/win32_dmprocessxmlfiltered.py +26 -0
angr/procedures/definitions/win32_dnsapi.py +152 -0
angr/procedures/definitions/win32_drt.py +56 -0
angr/procedures/definitions/win32_drtprov.py +42 -0
angr/procedures/definitions/win32_drttransport.py +28 -0
angr/procedures/definitions/win32_dsound.py +44 -0
angr/procedures/definitions/win32_dsparse.py +62 -0
angr/procedures/definitions/win32_dsprop.py +38 -0
angr/procedures/definitions/win32_dssec.py +32 -0
angr/procedures/definitions/win32_dsuiext.py +32 -0
angr/procedures/definitions/win32_dwmapi.py +86 -0
angr/procedures/definitions/win32_dwrite.py +26 -0
angr/procedures/definitions/win32_dxcompiler.py +28 -0
angr/procedures/definitions/win32_dxcore.py +26 -0
angr/procedures/definitions/win32_dxgi.py +36 -0
angr/procedures/definitions/win32_dxva2.py +100 -0
angr/procedures/definitions/win32_eappcfg.py +52 -0
angr/procedures/definitions/win32_eappprxy.py +60 -0
angr/procedures/definitions/win32_efswrt.py +28 -0
angr/procedures/definitions/win32_elscore.py +34 -0
angr/procedures/definitions/win32_esent.py +482 -0
angr/procedures/definitions/win32_evr.py +38 -0
angr/procedures/definitions/win32_faultrep.py +32 -0
angr/procedures/definitions/win32_fhsvcctl.py +38 -0
angr/procedures/definitions/win32_firewallapi.py +30 -0
angr/procedures/definitions/win32_fltlib.py +80 -0
angr/procedures/definitions/win32_fontsub.py +28 -0
angr/procedures/definitions/win32_forceinline.py +30 -0
angr/procedures/definitions/win32_fwpuclnt.py +408 -0
angr/procedures/definitions/win32_fxsutility.py +28 -0
angr/procedures/definitions/win32_gdi32.py +886 -0
angr/procedures/definitions/win32_gdiplus.py +1282 -0
angr/procedures/definitions/win32_glu32.py +128 -0
angr/procedures/definitions/win32_gpedit.py +36 -0
angr/procedures/definitions/win32_hhctrl_ocx.py +28 -0
angr/procedures/definitions/win32_hid.py +114 -0
angr/procedures/definitions/win32_hlink.py +80 -0
angr/procedures/definitions/win32_hrtfapo.py +26 -0
angr/procedures/definitions/win32_httpapi.py +110 -0
angr/procedures/definitions/win32_icm32.py +66 -0
angr/procedures/definitions/win32_icmui.py +28 -0
angr/procedures/definitions/win32_icu.py +2074 -0
angr/procedures/definitions/win32_ieframe.py +82 -0
angr/procedures/definitions/win32_imagehlp.py +76 -0
angr/procedures/definitions/win32_imgutil.py +42 -0
angr/procedures/definitions/win32_imm32.py +188 -0
angr/procedures/definitions/win32_infocardapi.py +58 -0
angr/procedures/definitions/win32_inkobjcore.py +78 -0
angr/procedures/definitions/win32_iphlpapi.py +426 -0
angr/procedures/definitions/win32_iscsidsc.py +182 -0
angr/procedures/definitions/win32_isolatedwindowsenvironmentutils.py +28 -0
angr/procedures/definitions/win32_kernel32.py +3185 -0
angr/procedures/definitions/win32_kernelbase.py +36 -0
angr/procedures/definitions/win32_keycredmgr.py +32 -0
angr/procedures/definitions/win32_ksproxy_ax.py +36 -0
angr/procedures/definitions/win32_ksuser.py +40 -0
angr/procedures/definitions/win32_ktmw32.py +102 -0
angr/procedures/definitions/win32_licenseprotection.py +28 -0
angr/procedures/definitions/win32_loadperf.py +48 -0
angr/procedures/definitions/win32_magnification.py +62 -0
angr/procedures/definitions/win32_mapi32.py +156 -0
angr/procedures/definitions/win32_mdmlocalmanagement.py +30 -0
angr/procedures/definitions/win32_mdmregistration.py +54 -0
angr/procedures/definitions/win32_mf.py +148 -0
angr/procedures/definitions/win32_mfcore.py +28 -0
angr/procedures/definitions/win32_mfplat.py +314 -0
angr/procedures/definitions/win32_mfplay.py +26 -0
angr/procedures/definitions/win32_mfreadwrite.py +34 -0
angr/procedures/definitions/win32_mfsensorgroup.py +44 -0
angr/procedures/definitions/win32_mfsrcsnk.py +28 -0
angr/procedures/definitions/win32_mgmtapi.py +42 -0
angr/procedures/definitions/win32_mi.py +26 -0
angr/procedures/definitions/win32_mmdevapi.py +26 -0
angr/procedures/definitions/win32_mpr.py +118 -0
angr/procedures/definitions/win32_mprapi.py +248 -0
angr/procedures/definitions/win32_mqrt.py +92 -0
angr/procedures/definitions/win32_mrmsupport.py +78 -0
angr/procedures/definitions/win32_msacm32.py +108 -0
angr/procedures/definitions/win32_msajapi.py +1118 -0
angr/procedures/definitions/win32_mscms.py +182 -0
angr/procedures/definitions/win32_mscoree.py +78 -0
angr/procedures/definitions/win32_msctfmonitor.py +30 -0
angr/procedures/definitions/win32_msdelta.py +56 -0
angr/procedures/definitions/win32_msdmo.py +46 -0
angr/procedures/definitions/win32_msdrm.py +192 -0
angr/procedures/definitions/win32_msi.py +552 -0
angr/procedures/definitions/win32_msimg32.py +30 -0
angr/procedures/definitions/win32_mspatcha.py +56 -0
angr/procedures/definitions/win32_mspatchc.py +42 -0
angr/procedures/definitions/win32_msports.py +38 -0
angr/procedures/definitions/win32_msrating.py +62 -0
angr/procedures/definitions/win32_mssign32.py +44 -0
angr/procedures/definitions/win32_mstask.py +28 -0
angr/procedures/definitions/win32_msvfw32.py +110 -0
angr/procedures/definitions/win32_mswsock.py +56 -0
angr/procedures/definitions/win32_mtxdm.py +26 -0
angr/procedures/definitions/win32_ncrypt.py +102 -0
angr/procedures/definitions/win32_ndfapi.py +56 -0
angr/procedures/definitions/win32_netapi32.py +436 -0
angr/procedures/definitions/win32_netsh.py +40 -0
angr/procedures/definitions/win32_netshell.py +28 -0
angr/procedures/definitions/win32_newdev.py +46 -0
angr/procedures/definitions/win32_ninput.py +84 -0
angr/procedures/definitions/win32_normaliz.py +28 -0
angr/procedures/definitions/win32_ntdll.py +171 -0
angr/procedures/definitions/win32_ntdllk.py +26 -0
angr/procedures/definitions/win32_ntdsapi.py +186 -0
angr/procedures/definitions/win32_ntlanman.py +44 -0
angr/procedures/definitions/win32_odbc32.py +392 -0
angr/procedures/definitions/win32_odbcbcp.py +78 -0
angr/procedures/definitions/win32_ole32.py +658 -0
angr/procedures/definitions/win32_oleacc.py +58 -0
angr/procedures/definitions/win32_oleaut32.py +834 -0
angr/procedures/definitions/win32_oledlg.py +70 -0
angr/procedures/definitions/win32_ondemandconnroutehelper.py +34 -0
angr/procedures/definitions/win32_opengl32.py +734 -0
angr/procedures/definitions/win32_opmxbox.py +30 -0
angr/procedures/definitions/win32_p2p.py +240 -0
angr/procedures/definitions/win32_p2pgraph.py +98 -0
angr/procedures/definitions/win32_pdh.py +220 -0
angr/procedures/definitions/win32_peerdist.py +80 -0
angr/procedures/definitions/win32_powrprof.py +192 -0
angr/procedures/definitions/win32_prntvpt.py +46 -0
angr/procedures/definitions/win32_projectedfslib.py +62 -0
angr/procedures/definitions/win32_propsys.py +460 -0
angr/procedures/definitions/win32_psapi.py +78 -0
angr/procedures/definitions/win32_quartz.py +28 -0
angr/procedures/definitions/win32_query.py +32 -0
angr/procedures/definitions/win32_qwave.py +46 -0
angr/procedures/definitions/win32_rasapi32.py +192 -0
angr/procedures/definitions/win32_rasdlg.py +36 -0
angr/procedures/definitions/win32_resutils.py +264 -0
angr/procedures/definitions/win32_rometadata.py +24 -0
angr/procedures/definitions/win32_rpcns4.py +146 -0
angr/procedures/definitions/win32_rpcproxy.py +32 -0
angr/procedures/definitions/win32_rpcrt4.py +918 -0
angr/procedures/definitions/win32_rstrtmgr.py +46 -0
angr/procedures/definitions/win32_rtm.py +176 -0
angr/procedures/definitions/win32_rtutils.py +106 -0
angr/procedures/definitions/win32_rtworkq.py +90 -0
angr/procedures/definitions/win32_sas.py +26 -0
angr/procedures/definitions/win32_scarddlg.py +34 -0
angr/procedures/definitions/win32_schannel.py +42 -0
angr/procedures/definitions/win32_sechost.py +28 -0
angr/procedures/definitions/win32_secur32.py +202 -0
angr/procedures/definitions/win32_sensapi.py +30 -0
angr/procedures/definitions/win32_sensorsutilsv2.py +104 -0
angr/procedures/definitions/win32_setupapi.py +692 -0
angr/procedures/definitions/win32_sfc.py +36 -0
angr/procedures/definitions/win32_shdocvw.py +30 -0
angr/procedures/definitions/win32_shell32.py +512 -0
angr/procedures/definitions/win32_shlwapi.py +744 -0
angr/procedures/definitions/win32_slc.py +88 -0
angr/procedures/definitions/win32_slcext.py +32 -0
angr/procedures/definitions/win32_slwga.py +26 -0
angr/procedures/definitions/win32_snmpapi.py +76 -0
angr/procedures/definitions/win32_spoolss.py +76 -0
angr/procedures/definitions/win32_srclient.py +26 -0
angr/procedures/definitions/win32_srpapi.py +46 -0
angr/procedures/definitions/win32_sspicli.py +38 -0
angr/procedures/definitions/win32_sti.py +26 -0
angr/procedures/definitions/win32_t2embed.py +52 -0
angr/procedures/definitions/win32_tapi32.py +522 -0
angr/procedures/definitions/win32_tbs.py +52 -0
angr/procedures/definitions/win32_tdh.py +78 -0
angr/procedures/definitions/win32_tokenbinding.py +44 -0
angr/procedures/definitions/win32_traffic.py +64 -0
angr/procedures/definitions/win32_txfw32.py +42 -0
angr/procedures/definitions/win32_ualapi.py +32 -0
angr/procedures/definitions/win32_uiautomationcore.py +220 -0
angr/procedures/definitions/win32_urlmon.py +178 -0
angr/procedures/definitions/win32_user32.py +1551 -0
angr/procedures/definitions/win32_userenv.py +112 -0
angr/procedures/definitions/win32_usp10.py +104 -0
angr/procedures/definitions/win32_uxtheme.py +178 -0
angr/procedures/definitions/win32_verifier.py +26 -0
angr/procedures/definitions/win32_version.py +52 -0
angr/procedures/definitions/win32_vertdll.py +38 -0
angr/procedures/definitions/win32_virtdisk.py +82 -0
angr/procedures/definitions/win32_vmdevicehost.py +50 -0
angr/procedures/definitions/win32_vmsavedstatedumpprovider.py +110 -0
angr/procedures/definitions/win32_vssapi.py +26 -0
angr/procedures/definitions/win32_wcmapi.py +34 -0
angr/procedures/definitions/win32_wdsbp.py +38 -0
angr/procedures/definitions/win32_wdsclientapi.py +98 -0
angr/procedures/definitions/win32_wdsmc.py +36 -0
angr/procedures/definitions/win32_wdspxe.py +86 -0
angr/procedures/definitions/win32_wdstptc.py +50 -0
angr/procedures/definitions/win32_webauthn.py +50 -0
angr/procedures/definitions/win32_webservices.py +410 -0
angr/procedures/definitions/win32_websocket.py +50 -0
angr/procedures/definitions/win32_wecapi.py +54 -0
angr/procedures/definitions/win32_wer.py +66 -0
angr/procedures/definitions/win32_wevtapi.py +94 -0
angr/procedures/definitions/win32_winbio.py +132 -0
angr/procedures/definitions/win32_windows_ai_machinelearning.py +26 -0
angr/procedures/definitions/win32_windows_data_pdf.py +24 -0
angr/procedures/definitions/win32_windows_media_mediacontrol.py +40 -0
angr/procedures/definitions/win32_windows_networking.py +26 -0
angr/procedures/definitions/win32_windows_ui_xaml.py +28 -0
angr/procedures/definitions/win32_windowscodecs.py +42 -0
angr/procedures/definitions/win32_winfax.py +136 -0
angr/procedures/definitions/win32_winhttp.py +136 -0
angr/procedures/definitions/win32_winhvemulation.py +32 -0
angr/procedures/definitions/win32_winhvplatform.py +156 -0
angr/procedures/definitions/win32_wininet.py +616 -0
angr/procedures/definitions/win32_winml.py +26 -0
angr/procedures/definitions/win32_winmm.py +376 -0
angr/procedures/definitions/win32_winscard.py +164 -0
angr/procedures/definitions/win32_winspool.py +364 -0
angr/procedures/definitions/win32_winspool_drv.py +368 -0
angr/procedures/definitions/win32_wintrust.py +144 -0
angr/procedures/definitions/win32_winusb.py +92 -0
angr/procedures/definitions/win32_wlanapi.py +144 -0
angr/procedures/definitions/win32_wlanui.py +26 -0
angr/procedures/definitions/win32_wldap32.py +510 -0
angr/procedures/definitions/win32_wldp.py +42 -0
angr/procedures/definitions/win32_wmvcore.py +46 -0
angr/procedures/definitions/win32_wnvapi.py +28 -0
angr/procedures/definitions/win32_wofutil.py +46 -0
angr/procedures/definitions/win32_ws2_32.py +344 -0
angr/procedures/definitions/win32_wscapi.py +36 -0
angr/procedures/definitions/win32_wsclient.py +30 -0
angr/procedures/definitions/win32_wsdapi.py +88 -0
angr/procedures/definitions/win32_wsmsvc.py +90 -0
angr/procedures/definitions/win32_wsnmp32.py +122 -0
angr/procedures/definitions/win32_wtsapi32.py +150 -0
angr/procedures/definitions/win32_xaudio2_8.py +32 -0
angr/procedures/definitions/win32_xinput1_4.py +38 -0
angr/procedures/definitions/win32_xinputuap.py +36 -0
angr/procedures/definitions/win32_xmllite.py +36 -0
angr/procedures/definitions/win32_xolehlp.py +32 -0
angr/procedures/definitions/win32_xpsprint.py +28 -0
angr/procedures/glibc/__ctype_b_loc.py +21 -0
angr/procedures/glibc/__ctype_tolower_loc.py +21 -0
angr/procedures/glibc/__ctype_toupper_loc.py +21 -0
angr/procedures/glibc/__errno_location.py +7 -0
angr/procedures/glibc/__init__.py +3 -0
angr/procedures/glibc/__libc_init.py +37 -0
angr/procedures/glibc/__libc_start_main.py +301 -0
angr/procedures/glibc/dynamic_loading.py +20 -0
angr/procedures/glibc/scanf.py +11 -0
angr/procedures/glibc/sscanf.py +6 -0
angr/procedures/gnulib/__init__.py +3 -0
angr/procedures/gnulib/xalloc_die.py +14 -0
angr/procedures/gnulib/xstrtol_fatal.py +14 -0
angr/procedures/java/__init__.py +42 -0
angr/procedures/java/unconstrained.py +65 -0
angr/procedures/java_io/__init__.py +0 -0
angr/procedures/java_io/read.py +12 -0
angr/procedures/java_io/write.py +17 -0
angr/procedures/java_jni/__init__.py +482 -0
angr/procedures/java_jni/array_operations.py +312 -0
angr/procedures/java_jni/class_and_interface_operations.py +31 -0
angr/procedures/java_jni/field_access.py +173 -0
angr/procedures/java_jni/global_and_local_refs.py +57 -0
angr/procedures/java_jni/method_calls.py +365 -0
angr/procedures/java_jni/not_implemented.py +26 -0
angr/procedures/java_jni/object_operations.py +94 -0
angr/procedures/java_jni/string_operations.py +87 -0
angr/procedures/java_jni/version_information.py +12 -0
angr/procedures/java_lang/__init__.py +0 -0
angr/procedures/java_lang/character.py +30 -0
angr/procedures/java_lang/double.py +24 -0
angr/procedures/java_lang/exit.py +13 -0
angr/procedures/java_lang/getsimplename.py +18 -0
angr/procedures/java_lang/integer.py +43 -0
angr/procedures/java_lang/load_library.py +9 -0
angr/procedures/java_lang/math.py +15 -0
angr/procedures/java_lang/string.py +78 -0
angr/procedures/java_lang/stringbuilder.py +44 -0
angr/procedures/java_lang/system.py +18 -0
angr/procedures/java_util/__init__.py +0 -0
angr/procedures/java_util/collection.py +35 -0
angr/procedures/java_util/iterator.py +46 -0
angr/procedures/java_util/list.py +99 -0
angr/procedures/java_util/map.py +131 -0
angr/procedures/java_util/random.py +14 -0
angr/procedures/java_util/scanner_nextline.py +23 -0
angr/procedures/libc/__init__.py +3 -0
angr/procedures/libc/abort.py +9 -0
angr/procedures/libc/access.py +13 -0
angr/procedures/libc/atoi.py +14 -0
angr/procedures/libc/atol.py +13 -0
angr/procedures/libc/calloc.py +8 -0
angr/procedures/libc/closelog.py +10 -0
angr/procedures/libc/err.py +14 -0
angr/procedures/libc/error.py +54 -0
angr/procedures/libc/exit.py +11 -0
angr/procedures/libc/fclose.py +19 -0
angr/procedures/libc/feof.py +21 -0
angr/procedures/libc/fflush.py +16 -0
angr/procedures/libc/fgetc.py +27 -0
angr/procedures/libc/fgets.py +68 -0
angr/procedures/libc/fopen.py +63 -0
angr/procedures/libc/fprintf.py +25 -0
angr/procedures/libc/fputc.py +23 -0
angr/procedures/libc/fputs.py +24 -0
angr/procedures/libc/fread.py +24 -0
angr/procedures/libc/free.py +9 -0
angr/procedures/libc/fscanf.py +20 -0
angr/procedures/libc/fseek.py +34 -0
angr/procedures/libc/ftell.py +22 -0
angr/procedures/libc/fwrite.py +19 -0
angr/procedures/libc/getchar.py +13 -0
angr/procedures/libc/getdelim.py +99 -0
angr/procedures/libc/getegid.py +8 -0
angr/procedures/libc/geteuid.py +8 -0
angr/procedures/libc/getgid.py +8 -0
angr/procedures/libc/gets.py +68 -0
angr/procedures/libc/getuid.py +8 -0
angr/procedures/libc/malloc.py +12 -0
angr/procedures/libc/memcmp.py +69 -0
angr/procedures/libc/memcpy.py +38 -0
angr/procedures/libc/memset.py +72 -0
angr/procedures/libc/openlog.py +10 -0
angr/procedures/libc/perror.py +13 -0
angr/procedures/libc/printf.py +34 -0
angr/procedures/libc/putchar.py +13 -0
angr/procedures/libc/puts.py +19 -0
angr/procedures/libc/rand.py +8 -0
angr/procedures/libc/realloc.py +8 -0
angr/procedures/libc/rewind.py +12 -0
angr/procedures/libc/scanf.py +20 -0
angr/procedures/libc/setbuf.py +9 -0
angr/procedures/libc/setvbuf.py +7 -0
angr/procedures/libc/snprintf.py +36 -0
angr/procedures/libc/sprintf.py +25 -0
angr/procedures/libc/srand.py +7 -0
angr/procedures/libc/sscanf.py +13 -0
angr/procedures/libc/stpcpy.py +18 -0
angr/procedures/libc/strcat.py +14 -0
angr/procedures/libc/strchr.py +48 -0
angr/procedures/libc/strcmp.py +31 -0
angr/procedures/libc/strcpy.py +13 -0
angr/procedures/libc/strlen.py +114 -0
angr/procedures/libc/strncat.py +19 -0
angr/procedures/libc/strncmp.py +183 -0
angr/procedures/libc/strncpy.py +22 -0
angr/procedures/libc/strnlen.py +13 -0
angr/procedures/libc/strstr.py +101 -0
angr/procedures/libc/strtol.py +261 -0
angr/procedures/libc/strtoul.py +9 -0
angr/procedures/libc/system.py +13 -0
angr/procedures/libc/time.py +9 -0
angr/procedures/libc/tmpnam.py +20 -0
angr/procedures/libc/tolower.py +10 -0
angr/procedures/libc/toupper.py +10 -0
angr/procedures/libc/ungetc.py +20 -0
angr/procedures/libc/vsnprintf.py +17 -0
angr/procedures/libc/wchar.py +16 -0
angr/procedures/libstdcpp/__init__.py +0 -0
angr/procedures/libstdcpp/_unwind_resume.py +11 -0
angr/procedures/libstdcpp/std____throw_bad_alloc.py +13 -0
angr/procedures/libstdcpp/std____throw_bad_cast.py +13 -0
angr/procedures/libstdcpp/std____throw_length_error.py +13 -0
angr/procedures/libstdcpp/std____throw_logic_error.py +13 -0
angr/procedures/libstdcpp/std__terminate.py +13 -0
angr/procedures/linux_kernel/__init__.py +3 -0
angr/procedures/linux_kernel/access.py +18 -0
angr/procedures/linux_kernel/arch_prctl.py +34 -0
angr/procedures/linux_kernel/arm_user_helpers.py +59 -0
angr/procedures/linux_kernel/brk.py +18 -0
angr/procedures/linux_kernel/cwd.py +28 -0
angr/procedures/linux_kernel/fstat.py +138 -0
angr/procedures/linux_kernel/fstat64.py +170 -0
angr/procedures/linux_kernel/futex.py +17 -0
angr/procedures/linux_kernel/getegid.py +17 -0
angr/procedures/linux_kernel/geteuid.py +17 -0
angr/procedures/linux_kernel/getgid.py +17 -0
angr/procedures/linux_kernel/getpid.py +14 -0
angr/procedures/linux_kernel/getrlimit.py +24 -0
angr/procedures/linux_kernel/gettid.py +9 -0
angr/procedures/linux_kernel/getuid.py +17 -0
angr/procedures/linux_kernel/iovec.py +47 -0
angr/procedures/linux_kernel/lseek.py +42 -0
angr/procedures/linux_kernel/mmap.py +16 -0
angr/procedures/linux_kernel/mprotect.py +42 -0
angr/procedures/linux_kernel/munmap.py +8 -0
angr/procedures/linux_kernel/openat.py +26 -0
angr/procedures/linux_kernel/set_tid_address.py +8 -0
angr/procedures/linux_kernel/sigaction.py +19 -0
angr/procedures/linux_kernel/sigprocmask.py +23 -0
angr/procedures/linux_kernel/stat.py +23 -0
angr/procedures/linux_kernel/sysinfo.py +59 -0
angr/procedures/linux_kernel/tgkill.py +10 -0
angr/procedures/linux_kernel/time.py +34 -0
angr/procedures/linux_kernel/uid.py +30 -0
angr/procedures/linux_kernel/uname.py +29 -0
angr/procedures/linux_kernel/unlink.py +22 -0
angr/procedures/linux_kernel/vsyscall.py +16 -0
angr/procedures/linux_loader/__init__.py +3 -0
angr/procedures/linux_loader/_dl_initial_error_catch_tsd.py +7 -0
angr/procedures/linux_loader/_dl_rtld_lock.py +15 -0
angr/procedures/linux_loader/sim_loader.py +54 -0
angr/procedures/linux_loader/tls.py +40 -0
angr/procedures/msvcr/__getmainargs.py +16 -0
angr/procedures/msvcr/__init__.py +4 -0
angr/procedures/msvcr/_initterm.py +38 -0
angr/procedures/msvcr/fmode.py +31 -0
angr/procedures/ntdll/__init__.py +0 -0
angr/procedures/ntdll/exceptions.py +60 -0
angr/procedures/posix/__init__.py +3 -0
angr/procedures/posix/accept.py +29 -0
angr/procedures/posix/bind.py +13 -0
angr/procedures/posix/bzero.py +9 -0
angr/procedures/posix/chroot.py +27 -0
angr/procedures/posix/close.py +9 -0
angr/procedures/posix/closedir.py +7 -0
angr/procedures/posix/dup.py +56 -0
angr/procedures/posix/fcntl.py +10 -0
angr/procedures/posix/fdopen.py +76 -0
angr/procedures/posix/fileno.py +18 -0
angr/procedures/posix/fork.py +13 -0
angr/procedures/posix/getenv.py +35 -0
angr/procedures/posix/gethostbyname.py +43 -0
angr/procedures/posix/getpass.py +19 -0
angr/procedures/posix/getsockopt.py +11 -0
angr/procedures/posix/htonl.py +11 -0
angr/procedures/posix/htons.py +11 -0
angr/procedures/posix/inet_ntoa.py +59 -0
angr/procedures/posix/listen.py +13 -0
angr/procedures/posix/mmap.py +144 -0
angr/procedures/posix/open.py +18 -0
angr/procedures/posix/opendir.py +10 -0
angr/procedures/posix/poll.py +55 -0
angr/procedures/posix/pread64.py +46 -0
angr/procedures/posix/pthread.py +87 -0
angr/procedures/posix/pwrite64.py +46 -0
angr/procedures/posix/read.py +13 -0
angr/procedures/posix/readdir.py +62 -0
angr/procedures/posix/recv.py +13 -0
angr/procedures/posix/recvfrom.py +13 -0
angr/procedures/posix/select.py +48 -0
angr/procedures/posix/send.py +23 -0
angr/procedures/posix/setsockopt.py +9 -0
angr/procedures/posix/sigaction.py +23 -0
angr/procedures/posix/sim_time.py +48 -0
angr/procedures/posix/sleep.py +8 -0
angr/procedures/posix/socket.py +18 -0
angr/procedures/posix/strcasecmp.py +26 -0
angr/procedures/posix/strdup.py +18 -0
angr/procedures/posix/strtok_r.py +64 -0
angr/procedures/posix/syslog.py +15 -0
angr/procedures/posix/tz.py +9 -0
angr/procedures/posix/unlink.py +11 -0
angr/procedures/posix/usleep.py +8 -0
angr/procedures/posix/write.py +13 -0
angr/procedures/procedure_dict.py +50 -0
angr/procedures/stubs/CallReturn.py +13 -0
angr/procedures/stubs/NoReturnUnconstrained.py +13 -0
angr/procedures/stubs/Nop.py +7 -0
angr/procedures/stubs/PathTerminator.py +9 -0
angr/procedures/stubs/Redirect.py +18 -0
angr/procedures/stubs/ReturnChar.py +11 -0
angr/procedures/stubs/ReturnUnconstrained.py +24 -0
angr/procedures/stubs/UnresolvableCallTarget.py +9 -0
angr/procedures/stubs/UnresolvableJumpTarget.py +9 -0
angr/procedures/stubs/UserHook.py +18 -0
angr/procedures/stubs/__init__.py +3 -0
angr/procedures/stubs/b64_decode.py +15 -0
angr/procedures/stubs/caller.py +14 -0
angr/procedures/stubs/crazy_scanf.py +20 -0
angr/procedures/stubs/format_parser.py +669 -0
angr/procedures/stubs/syscall_stub.py +24 -0
angr/procedures/testing/__init__.py +3 -0
angr/procedures/testing/manyargs.py +9 -0
angr/procedures/testing/retreg.py +8 -0
angr/procedures/tracer/__init__.py +4 -0
angr/procedures/tracer/random.py +9 -0
angr/procedures/tracer/receive.py +23 -0
angr/procedures/tracer/transmit.py +26 -0
angr/procedures/uclibc/__init__.py +3 -0
angr/procedures/uclibc/__uClibc_main.py +10 -0
angr/procedures/win32/EncodePointer.py +7 -0
angr/procedures/win32/ExitProcess.py +9 -0
angr/procedures/win32/GetCommandLine.py +12 -0
angr/procedures/win32/GetCurrentProcessId.py +7 -0
angr/procedures/win32/GetCurrentThreadId.py +7 -0
angr/procedures/win32/GetLastInputInfo.py +40 -0
angr/procedures/win32/GetModuleHandle.py +29 -0
angr/procedures/win32/GetProcessAffinityMask.py +37 -0
angr/procedures/win32/InterlockedExchange.py +15 -0
angr/procedures/win32/IsProcessorFeaturePresent.py +7 -0
angr/procedures/win32/VirtualAlloc.py +114 -0
angr/procedures/win32/VirtualProtect.py +60 -0
angr/procedures/win32/__init__.py +3 -0
angr/procedures/win32/critical_section.py +12 -0
angr/procedures/win32/dynamic_loading.py +104 -0
angr/procedures/win32/file_handles.py +47 -0
angr/procedures/win32/gethostbyname.py +12 -0
angr/procedures/win32/heap.py +45 -0
angr/procedures/win32/is_bad_ptr.py +26 -0
angr/procedures/win32/local_storage.py +88 -0
angr/procedures/win32/mutex.py +11 -0
angr/procedures/win32/sim_time.py +135 -0
angr/procedures/win32/system_paths.py +35 -0
angr/procedures/win32_kernel/ExAllocatePool.py +13 -0
angr/procedures/win32_kernel/ExFreePoolWithTag.py +8 -0
angr/procedures/win32_kernel/__fastfail.py +15 -0
angr/procedures/win32_kernel/__init__.py +3 -0
angr/procedures/win_user32/__init__.py +0 -0
angr/procedures/win_user32/chars.py +15 -0
angr/procedures/win_user32/keyboard.py +14 -0
angr/procedures/win_user32/messagebox.py +49 -0
angr/project.py +847 -0
angr/protos/__init__.py +19 -0
angr/protos/cfg_pb2.py +31 -0
angr/protos/function_pb2.py +27 -0
angr/protos/primitives_pb2.py +52 -0
angr/protos/variables_pb2.py +44 -0
angr/protos/xrefs_pb2.py +25 -0
angr/py.typed +1 -0
angr/rustylib.abi3.so +0 -0
angr/serializable.py +66 -0
angr/sim_manager.py +971 -0
angr/sim_options.py +438 -0
angr/sim_procedure.py +606 -0
angr/sim_state.py +901 -0
angr/sim_state_options.py +403 -0
angr/sim_type.py +3702 -0
angr/sim_variable.py +465 -0
angr/simos/__init__.py +47 -0
angr/simos/cgc.py +153 -0
angr/simos/javavm.py +458 -0
angr/simos/linux.py +509 -0
angr/simos/simos.py +444 -0
angr/simos/snimmuc_nxp.py +149 -0
angr/simos/userland.py +163 -0
angr/simos/windows.py +601 -0
angr/simos/xbox.py +32 -0
angr/slicer.py +352 -0
angr/state_hierarchy.py +262 -0
angr/state_plugins/__init__.py +84 -0
angr/state_plugins/callstack.py +398 -0
angr/state_plugins/cgc.py +155 -0
angr/state_plugins/debug_variables.py +192 -0
angr/state_plugins/filesystem.py +463 -0
angr/state_plugins/gdb.py +148 -0
angr/state_plugins/globals.py +65 -0
angr/state_plugins/heap/__init__.py +15 -0
angr/state_plugins/heap/heap_base.py +128 -0
angr/state_plugins/heap/heap_brk.py +136 -0
angr/state_plugins/heap/heap_freelist.py +213 -0
angr/state_plugins/heap/heap_libc.py +46 -0
angr/state_plugins/heap/heap_ptmalloc.py +620 -0
angr/state_plugins/heap/utils.py +22 -0
angr/state_plugins/history.py +564 -0
angr/state_plugins/inspect.py +375 -0
angr/state_plugins/javavm_classloader.py +134 -0
angr/state_plugins/jni_references.py +95 -0
angr/state_plugins/libc.py +1263 -0
angr/state_plugins/light_registers.py +168 -0
angr/state_plugins/log.py +84 -0
angr/state_plugins/loop_data.py +92 -0
angr/state_plugins/plugin.py +170 -0
angr/state_plugins/posix.py +703 -0
angr/state_plugins/preconstrainer.py +196 -0
angr/state_plugins/scratch.py +173 -0
angr/state_plugins/sim_action.py +326 -0
angr/state_plugins/sim_action_object.py +271 -0
angr/state_plugins/sim_event.py +59 -0
angr/state_plugins/solver.py +1127 -0
angr/state_plugins/symbolizer.py +291 -0
angr/state_plugins/trace_additions.py +738 -0
angr/state_plugins/uc_manager.py +94 -0
angr/state_plugins/unicorn_engine.py +1886 -0
angr/state_plugins/view.py +340 -0
angr/storage/__init__.py +15 -0
angr/storage/file.py +1210 -0
angr/storage/memory_mixins/__init__.py +317 -0
angr/storage/memory_mixins/actions_mixin.py +72 -0
angr/storage/memory_mixins/address_concretization_mixin.py +384 -0
angr/storage/memory_mixins/bvv_conversion_mixin.py +73 -0
angr/storage/memory_mixins/clouseau_mixin.py +137 -0
angr/storage/memory_mixins/conditional_store_mixin.py +25 -0
angr/storage/memory_mixins/convenient_mappings_mixin.py +256 -0
angr/storage/memory_mixins/default_filler_mixin.py +144 -0
angr/storage/memory_mixins/dirty_addrs_mixin.py +11 -0
angr/storage/memory_mixins/hex_dumper_mixin.py +82 -0
angr/storage/memory_mixins/javavm_memory_mixin.py +392 -0
angr/storage/memory_mixins/keyvalue_memory_mixin.py +42 -0
angr/storage/memory_mixins/label_merger_mixin.py +31 -0
angr/storage/memory_mixins/memory_mixin.py +174 -0
angr/storage/memory_mixins/multi_value_merger_mixin.py +79 -0
angr/storage/memory_mixins/name_resolution_mixin.py +67 -0
angr/storage/memory_mixins/paged_memory/__init__.py +0 -0
angr/storage/memory_mixins/paged_memory/page_backer_mixins.py +266 -0
angr/storage/memory_mixins/paged_memory/paged_memory_mixin.py +743 -0
angr/storage/memory_mixins/paged_memory/paged_memory_multivalue_mixin.py +65 -0
angr/storage/memory_mixins/paged_memory/pages/__init__.py +26 -0
angr/storage/memory_mixins/paged_memory/pages/base.py +31 -0
angr/storage/memory_mixins/paged_memory/pages/cooperation.py +341 -0
angr/storage/memory_mixins/paged_memory/pages/history_tracking_mixin.py +92 -0
angr/storage/memory_mixins/paged_memory/pages/ispo_mixin.py +55 -0
angr/storage/memory_mixins/paged_memory/pages/list_page.py +338 -0
angr/storage/memory_mixins/paged_memory/pages/multi_values.py +324 -0
angr/storage/memory_mixins/paged_memory/pages/mv_list_page.py +419 -0
angr/storage/memory_mixins/paged_memory/pages/permissions_mixin.py +36 -0
angr/storage/memory_mixins/paged_memory/pages/refcount_mixin.py +52 -0
angr/storage/memory_mixins/paged_memory/pages/ultra_page.py +503 -0
angr/storage/memory_mixins/paged_memory/privileged_mixin.py +36 -0
angr/storage/memory_mixins/paged_memory/stack_allocation_mixin.py +74 -0
angr/storage/memory_mixins/regioned_memory/__init__.py +17 -0
angr/storage/memory_mixins/regioned_memory/abstract_address_descriptor.py +36 -0
angr/storage/memory_mixins/regioned_memory/abstract_merger_mixin.py +31 -0
angr/storage/memory_mixins/regioned_memory/region_category_mixin.py +9 -0
angr/storage/memory_mixins/regioned_memory/region_data.py +246 -0
angr/storage/memory_mixins/regioned_memory/region_meta_mixin.py +241 -0
angr/storage/memory_mixins/regioned_memory/regioned_address_concretization_mixin.py +119 -0
angr/storage/memory_mixins/regioned_memory/regioned_memory_mixin.py +441 -0
angr/storage/memory_mixins/regioned_memory/static_find_mixin.py +69 -0
angr/storage/memory_mixins/simple_interface_mixin.py +71 -0
angr/storage/memory_mixins/simplification_mixin.py +15 -0
angr/storage/memory_mixins/size_resolution_mixin.py +143 -0
angr/storage/memory_mixins/slotted_memory.py +140 -0
angr/storage/memory_mixins/smart_find_mixin.py +161 -0
angr/storage/memory_mixins/symbolic_merger_mixin.py +16 -0
angr/storage/memory_mixins/top_merger_mixin.py +25 -0
angr/storage/memory_mixins/underconstrained_mixin.py +67 -0
angr/storage/memory_mixins/unwrapper_mixin.py +26 -0
angr/storage/memory_object.py +195 -0
angr/tablespecs.py +91 -0
angr/unicornlib.so +0 -0
angr/utils/__init__.py +46 -0
angr/utils/ail.py +70 -0
angr/utils/algo.py +34 -0
angr/utils/bits.py +46 -0
angr/utils/constants.py +9 -0
angr/utils/cowdict.py +63 -0
angr/utils/cpp.py +17 -0
angr/utils/doms.py +149 -0
angr/utils/dynamic_dictlist.py +89 -0
angr/utils/endness.py +18 -0
angr/utils/enums_conv.py +97 -0
angr/utils/env.py +12 -0
angr/utils/formatting.py +128 -0
angr/utils/funcid.py +159 -0
angr/utils/graph.py +933 -0
angr/utils/lazy_import.py +13 -0
angr/utils/library.py +212 -0
angr/utils/loader.py +55 -0
angr/utils/mp.py +66 -0
angr/utils/orderedset.py +74 -0
angr/utils/ssa/__init__.py +457 -0
angr/utils/ssa/tmp_uses_collector.py +23 -0
angr/utils/ssa/vvar_uses_collector.py +37 -0
angr/utils/tagged_interval_map.py +112 -0
angr/utils/timing.py +74 -0
angr/utils/types.py +151 -0
angr/utils/vex.py +11 -0
angr/vaults.py +367 -0
angr-9.2.166.dist-info/METADATA +110 -0
angr-9.2.166.dist-info/RECORD +1409 -0
angr-9.2.166.dist-info/WHEEL +5 -0
angr-9.2.166.dist-info/entry_points.txt +2 -0
angr-9.2.166.dist-info/licenses/LICENSE +27 -0
angr-9.2.166.dist-info/top_level.txt +1 -0

angr/analyses/decompiler/region_identifier.py ADDED Viewed

@@ -0,0 +1,1239 @@
+from __future__ import annotations
+from typing import Any
+from itertools import count
+from collections import defaultdict
+import logging
+import networkx
+import angr.ailment as ailment
+from angr.ailment import Block
+from angr.ailment.statement import ConditionalJump, Jump
+from angr.ailment.expression import Const
+from angr.utils.graph import GraphUtils
+from angr.utils.graph import dfs_back_edges, subgraph_between_nodes, dominates
+from angr.utils.doms import IncrementalDominators
+from angr.errors import AngrRuntimeError
+from angr.analyses import Analysis, register_analysis
+from .structuring.structurer_nodes import MultiNode, ConditionNode, IncompleteSwitchCaseHeadStatement
+from .graph_region import GraphRegion
+from .condition_processor import ConditionProcessor
+from .utils import replace_last_statement, first_nonlabel_nonphi_statement, copy_graph
+l = logging.getLogger(name=__name__)
+# an ever-incrementing counter
+CONDITIONNODE_ADDR = count(0xFF000000)
+class RegionIdentifier(Analysis):
+    """
+    Identifies regions within a function graph and creates a recursive GraphRegion object.
+    Note, that the analysis may modify the graph in-place. If you want to keep the original graph,
+    set the `update_graph` parameter to False.
+    """
+    def __init__(
+        self,
+        func,
+        cond_proc=None,
+        graph=None,
+        update_graph=True,
+        largest_successor_tree_outside_loop=True,
+        force_loop_single_exit=True,
+        complete_successors=False,
+        entry_node_addr: tuple[int, int | None] | None = None,
+    ):
+        self.function = func
+        self.entry_node_addr: tuple[int, int | None] | None = (
+            entry_node_addr if entry_node_addr is not None else (func.addr, None) if func is not None else None
+        )
+        self.cond_proc = (
+            cond_proc
+            if cond_proc is not None
+            else ConditionProcessor(
+                self.project.arch
+                if getattr(self, "project", None) is not None
+                else None  # it's only None in test cases
+            )
+        )
+        self._graph = graph if graph is not None else self.function.graph
+        if not update_graph:
+            # copy the graph so updates don't affect the original graph
+            self._graph = copy_graph(self._graph)
+        self.region = None
+        self._start_node = None
+        self._loop_headers: list | None = None
+        self.regions_by_block_addrs = []
+        self._largest_successor_tree_outside_loop = largest_successor_tree_outside_loop
+        self._force_loop_single_exit = force_loop_single_exit
+        self._complete_successors = complete_successors
+        # we keep a dictionary of node and their traversal order in a quasi-topological traversal and update this
+        # dictionary as we update the graph
+        self._node_order: dict[Any, tuple[int, int]] = {}
+        self._analyze()
+    @staticmethod
+    def slice_graph(graph, node, frontier, include_frontier=False):
+        """
+        Generate a slice of the graph from the head node to the given frontier.
+        :param networkx.DiGraph graph: The graph to work on.
+        :param node: The starting node in the graph.
+        :param frontier: A list of frontier nodes.
+        :param bool include_frontier: Whether the frontier nodes are included in the slice or not.
+        :return: A subgraph.
+        :rtype: networkx.DiGraph
+        """
+        subgraph = subgraph_between_nodes(graph, node, frontier, include_frontier=include_frontier)
+        # HACK: FIXME: for infinite loop nodes, this would return an empty set, so we include the loop body itself
+        # Make sure this makes sense (EDG thinks it does)
+        if not list(subgraph.nodes) and (node, node) in graph.edges:
+            subgraph.add_edge(node, node)
+        return subgraph
+    def _analyze(self):
+        # make a copy of the graph
+        graph = self._pick_one_connected_component(self._graph, as_copy=True)
+        # preprocess: make it a super graph
+        self._make_supergraph(graph)
+        self._start_node = self._get_start_node(graph)
+        self._node_order = self._compute_node_order(graph)
+        self.region = self._make_regions(graph)
+        # make regions into block address lists
+        self.regions_by_block_addrs = self._make_regions_by_block_addrs()
+    def _pick_one_connected_component(self, digraph: networkx.DiGraph, as_copy: bool = False) -> networkx.DiGraph:
+        g = networkx.Graph(digraph)
+        components = list(networkx.connected_components(g))
+        if len(components) <= 1:
+            return networkx.DiGraph(digraph) if as_copy else digraph
+        the_component = None
+        largest_component = None
+        for component in components:
+            if largest_component is None or len(component) > len(largest_component):
+                largest_component = component
+            if any((block.addr, block.idx) == self.entry_node_addr for block in component):
+                the_component = component
+                break
+        if the_component is None:
+            the_component = largest_component
+        assert the_component is not None
+        return digraph.subgraph(the_component).to_directed()
+    @staticmethod
+    def _compute_node_order(graph: networkx.DiGraph) -> dict[Any, tuple[int, int]]:
+        sorted_nodes = GraphUtils.quasi_topological_sort_nodes(graph)
+        node_order = {}
+        for i, n in enumerate(sorted_nodes):
+            node_order[n] = i, 0
+        return node_order
+    def _sort_nodes(self, nodes: list | set) -> list:
+        """
+        Sorts the nodes in the order specified in self._node_order.
+        :param nodes:   A list or set of nodes to be sorted.
+        :return:        A sorted list of nodes.
+        """
+        return sorted(nodes, key=lambda n: self._node_order[n])
+    def _make_regions_by_block_addrs(self) -> list[list[tuple[int, int | None]]]:
+        """
+        Creates a list of addr lists representing each region without recursion. A single region is defined
+        as a set of only blocks, no Graphs containing nested regions. The list contains the address of each
+        block in the region, including the heads of each recursive region.
+        @return: List of addr lists
+        """
+        work_list: list[GraphRegion] = [self.region]  #  type: ignore
+        block_only_regions = []
+        seen_regions = set()
+        while work_list:
+            children_regions: list[GraphRegion] = []
+            for region in work_list:
+                children_blocks = []
+                for node in region.graph.nodes:
+                    if isinstance(node, Block):
+                        children_blocks.append((node.addr, node.idx))
+                    elif isinstance(node, MultiNode):
+                        children_blocks += [(n.addr, node.idx) for n in node.nodes]
+                    elif isinstance(node, GraphRegion):
+                        if node not in seen_regions:
+                            children_regions.append(node)
+                            children_blocks.append(
+                                (node.head.addr, node.head.idx if hasattr(node.head, "idx") else None)
+                            )
+                            seen_regions.add(node)
+                    else:
+                        continue
+                if children_blocks:
+                    block_only_regions.append(children_blocks)
+            work_list = children_regions
+        return block_only_regions
+    def _get_start_node(self, graph: networkx.DiGraph):
+        try:
+            return next(n for n in graph.nodes() if graph.in_degree(n) == 0)
+        except StopIteration:
+            pass
+        if self.entry_node_addr is not None:
+            try:
+                return next(
+                    n
+                    for n in graph.nodes()
+                    if (
+                        (n.addr, n.idx) == self.entry_node_addr
+                        if isinstance(n, Block)
+                        else n.addr == self.entry_node_addr[0]
+                    )
+                )
+            except StopIteration as ex:
+                raise AngrRuntimeError("Cannot find the start node from the graph!") from ex
+        raise AngrRuntimeError("Cannot find the start node from the graph!")
+    def _get_entry_node(self, graph: networkx.DiGraph):
+        if self.entry_node_addr is None:
+            return None
+        return next(
+            (
+                n
+                for n in graph.nodes()
+                if (
+                    (n.addr, n.idx) == self.entry_node_addr
+                    if isinstance(n, Block)
+                    else n.addr == self.entry_node_addr[0]
+                )
+            ),
+            None,
+        )
+    def _make_supergraph(self, graph: networkx.DiGraph):
+        entry_node = None
+        if self.entry_node_addr is not None:
+            entry_node = next(iter(nn for nn in graph if nn.addr == self.entry_node_addr[0]), None)
+        while True:
+            for src, dst, data in graph.edges(data=True):
+                if entry_node is not None and dst is entry_node:
+                    # the entry node must be kept instead of merged with its predecessor (which can happen in real
+                    # binaries! e.g., 444a401b900eb825f216e95111dcb6ef94b01a81fc7b88a48599867db8c50365, function
+                    # 0x1802BEA28, block 0x1802BEA05 and 0x1802BEA28)
+                    continue
+                type_ = data.get("type", None)
+                if type_ == "fake_return":
+                    if len(list(graph.successors(src))) == 1 and len(list(graph.predecessors(dst))) == 1:
+                        merged_node = self._merge_nodes(graph, src, dst, force_multinode=True)
+                        # update the entry_node if necessary
+                        if entry_node is not None and entry_node is src:
+                            entry_node = merged_node
+                        break
+                elif type_ == "call":
+                    graph.remove_node(dst)
+                    break
+            else:
+                break
+    def _find_loop_headers(self, graph: networkx.DiGraph) -> list:
+        heads = list({t for _, t in dfs_back_edges(graph, self._start_node)})
+        return self._sort_nodes(heads)
+    def _find_initial_loop_nodes(self, graph: networkx.DiGraph, head):
+        # TODO optimize
+        latching_nodes = {s for s, t in dfs_back_edges(graph, self._start_node) if t == head}
+        loop_subgraph = self.slice_graph(graph, head, latching_nodes, include_frontier=True)
+        # special case: any node with more than two non-self successors are probably the head of a switch-case. we
+        # should include all successors into the loop subgraph.
+        while True:
+            updated = False
+            for node in list(loop_subgraph):
+                nonself_successors = [succ for succ in graph.successors(node) if succ is not node]
+                if len(nonself_successors) > 2:
+                    for succ in nonself_successors:
+                        if not loop_subgraph.has_edge(node, succ):
+                            updated = True
+                            loop_subgraph.add_edge(node, succ)
+            if not updated:
+                break
+        return set(loop_subgraph)
+    def _refine_loop(self, graph: networkx.DiGraph, head, initial_loop_nodes, initial_exit_nodes):
+        if len(initial_exit_nodes) <= 1:
+            return initial_loop_nodes, initial_exit_nodes
+        refined_loop_nodes = initial_loop_nodes.copy()
+        refined_exit_nodes = initial_exit_nodes.copy()
+        # simple optimization: include all single-in-degree successors of existing loop nodes
+        while True:
+            added = set()
+            for exit_node in list(refined_exit_nodes):
+                if graph.in_degree[exit_node] == 1 and graph.out_degree[exit_node] <= 1:
+                    added.add(exit_node)
+                    refined_loop_nodes.add(exit_node)
+                    refined_exit_nodes |= {
+                        succ for succ in graph.successors(exit_node) if succ not in refined_loop_nodes
+                    }
+                    refined_exit_nodes.remove(exit_node)
+            if not added:
+                break
+        if len(refined_exit_nodes) <= 1:
+            return refined_loop_nodes, refined_exit_nodes
+        idom = networkx.immediate_dominators(graph, head)
+        new_exit_nodes = refined_exit_nodes
+        # a graph with only initial exit nodes and new loop nodes that are reachable from at least one initial exit
+        # node.
+        subgraph = networkx.DiGraph()
+        sorted_refined_exit_nodes = self._sort_nodes(refined_exit_nodes)
+        while len(sorted_refined_exit_nodes) > 1 and new_exit_nodes:
+            # visit each node in refined_exit_nodes once and determine which nodes to consider as loop nodes
+            candidate_nodes = {}
+            for n in list(sorted_refined_exit_nodes):
+                if all((pred is n or pred in refined_loop_nodes) for pred in graph.predecessors(n)) and dominates(
+                    idom, head, n
+                ):
+                    to_add = set(graph.successors(n)) - refined_loop_nodes
+                    candidate_nodes[n] = to_add
+            # visit all candidate nodes and only consider candidates that will not be added as exit nodes
+            all_new_exit_candidates = set()
+            for new_exit_candidates in candidate_nodes.values():
+                all_new_exit_candidates |= new_exit_candidates
+            # to guarantee progressing, we must ensure all_new_exit_candidates cannot contain all candidate nodes
+            if all(n in all_new_exit_candidates for n in candidate_nodes):
+                all_new_exit_candidates = set()
+            # do the actual work
+            new_exit_nodes = set()
+            for n in candidate_nodes:
+                if n in all_new_exit_candidates:
+                    continue
+                refined_loop_nodes.add(n)
+                sorted_refined_exit_nodes.remove(n)
+                to_add = set(graph.successors(n)) - refined_loop_nodes
+                new_exit_nodes |= to_add
+                for succ in to_add:
+                    subgraph.add_edge(n, succ)
+            sorted_refined_exit_nodes += list(new_exit_nodes)
+            sorted_refined_exit_nodes = list(set(sorted_refined_exit_nodes))
+            sorted_refined_exit_nodes = self._sort_nodes(sorted_refined_exit_nodes)
+        refined_exit_nodes = set(sorted_refined_exit_nodes)
+        refined_loop_nodes = refined_loop_nodes - refined_exit_nodes
+        if self._largest_successor_tree_outside_loop and not refined_exit_nodes:
+            # figure out the new successor tree with the highest number of nodes
+            initial_exit_to_newnodes = defaultdict(set)
+            newnode_to_initial_exits = defaultdict(set)
+            for initial_exit in initial_exit_nodes:
+                if initial_exit in subgraph:
+                    for _, succs in networkx.bfs_successors(subgraph, initial_exit):
+                        initial_exit_to_newnodes[initial_exit] |= set(succs)
+                        for succ in succs:
+                            newnode_to_initial_exits[succ].add(initial_exit)
+            for newnode, exits in newnode_to_initial_exits.items():
+                for exit_ in exits:
+                    initial_exit_to_newnodes[exit_].add(newnode)
+            # filter initial_exit_to_newnodes and remove the subtrees with nodes that are reachable from nodes that are
+            # outside the current subtree
+            for initial_exit, subtree in list(initial_exit_to_newnodes.items()):
+                subtree_preds = set()
+                for node in subtree:
+                    preds = set(graph.predecessors(node))
+                    subtree_preds |= {pred for pred in preds if pred not in subtree}
+                    if len(subtree_preds) > 1:
+                        # early break
+                        break
+                if len(subtree_preds) > 1:
+                    # there is more than one out-of-tree predecessor. remove this subtree
+                    del initial_exit_to_newnodes[initial_exit]
+            if initial_exit_to_newnodes:
+                tree_sizes = {exit_: len(initial_exit_to_newnodes[exit_]) for exit_ in initial_exit_to_newnodes}
+                max_tree_size = max(tree_sizes.values())
+                if list(tree_sizes.values()).count(max_tree_size) == 1:
+                    tree_size_to_exit = {v: k for k, v in tree_sizes.items()}
+                    max_size_exit = tree_size_to_exit[max_tree_size]
+                    if all(len(newnode_to_initial_exits[nn]) == 1 for nn in initial_exit_to_newnodes[max_size_exit]):
+                        refined_loop_nodes = (
+                            refined_loop_nodes - initial_exit_to_newnodes[max_size_exit] - {max_size_exit}
+                        )
+                        refined_exit_nodes.add(max_size_exit)
+        return refined_loop_nodes, refined_exit_nodes
+    def _make_regions(self, graph: networkx.DiGraph):
+        structured_loop_headers = set()
+        new_regions = []
+        # FIXME: _get_start_node() will fail if the graph is just a loop
+        # iteratively find and make loop regions
+        while True:
+            # find loop headers
+            self._loop_headers = self._find_loop_headers(graph)
+            if not self._loop_headers:
+                break
+            # Find all loops
+            while True:
+                restart = False
+                self._start_node = self._get_start_node(graph)
+                # re-find loop headers
+                self._loop_headers = self._find_loop_headers(graph)
+                if not self._loop_headers:
+                    break
+                # Start from loops
+                for node in list(reversed(self._loop_headers)):
+                    if node in structured_loop_headers:
+                        continue
+                    if node not in graph:
+                        continue
+                    region = self._make_cyclic_region(node, graph)
+                    if region is None:
+                        # failed to struct the loop region - remove the header node from loop headers
+                        l.debug(
+                            "Failed to structure a loop region starting at %#x. Remove it from loop headers.", node.addr
+                        )
+                        self._loop_headers.remove(node)
+                    else:
+                        l.debug("Structured a loop region %r.", region)
+                        new_regions.append(region)
+                        structured_loop_headers.add(node)
+                        restart = True
+                        break
+                if restart:
+                    continue
+                break
+        new_regions.append(GraphRegion(self._get_start_node(graph), graph, None, None, False, None))
+        l.debug("Identified %d loop regions.", len(structured_loop_headers))
+        l.debug("No more loops left. Start structuring acyclic regions.")
+        # No more loops left. Structure acyclic regions.
+        while new_regions:
+            region = new_regions.pop(0)
+            head = region.head
+            subgraph = region.graph
+            failed_region_attempts = set()
+            while self._make_acyclic_region(
+                head, subgraph, region.graph_with_successors, failed_region_attempts, region.cyclic
+            ):
+                if head not in subgraph:
+                    # update head
+                    head = next(iter(n for n in subgraph.nodes() if n.addr == head.addr))
+            head = next(iter(n for n in subgraph.nodes() if n.addr == head.addr))
+            region.head = head
+        if len(graph) == 1 and isinstance(next(iter(graph.nodes())), GraphRegion):
+            return next(iter(graph.nodes()))
+        # create a large graph region
+        new_head = self._get_start_node(graph)
+        return GraphRegion(new_head, graph, None, None, False, None)
+    #
+    # Cyclic regions
+    #
+    def _make_cyclic_region(self, head, graph: networkx.DiGraph):
+        original_entry = self._get_entry_node(graph)
+        l.debug("Found cyclic region at %#08x", head.addr)
+        initial_loop_nodes = self._find_initial_loop_nodes(graph, head)
+        l.debug("Initial loop nodes %s", self._dbg_block_list(initial_loop_nodes))
+        # Make sure no other loops are contained in the current loop
+        assert self._loop_headers is not None
+        if {n for n in initial_loop_nodes if n.addr != head.addr}.intersection(self._loop_headers):
+            return None
+        normal_entries = {n for n in graph.predecessors(head) if n not in initial_loop_nodes}
+        abnormal_entries = set()
+        for n in initial_loop_nodes:
+            if n == head:
+                continue
+            preds = set(graph.predecessors(n))
+            abnormal_entries |= preds - initial_loop_nodes
+        l.debug("Normal entries %s", self._dbg_block_list(normal_entries))
+        l.debug("Abnormal entries %s", self._dbg_block_list(abnormal_entries))
+        initial_exit_nodes = set()
+        for n in initial_loop_nodes:
+            succs = set(graph.successors(n))
+            initial_exit_nodes |= succs - initial_loop_nodes
+        l.debug("Initial exit nodes %s", self._dbg_block_list(initial_exit_nodes))
+        refined_loop_nodes, refined_exit_nodes = self._refine_loop(graph, head, initial_loop_nodes, initial_exit_nodes)
+        l.debug("Refined loop nodes %s", self._dbg_block_list(refined_loop_nodes))
+        l.debug("Refined exit nodes %s", self._dbg_block_list(refined_exit_nodes))
+        # make sure there is a jump statement to the outside at the end of each node going to exit nodes.
+        # this jump statement will be rewritten to a break statement during structuring.
+        for exit_node in refined_exit_nodes:
+            for pred in graph.predecessors(exit_node):
+                if pred in refined_loop_nodes:
+                    self._ensure_jump_at_loop_exit_ends(pred)
+        if len(refined_exit_nodes) > 1:
+            # self._get_start_node(graph)
+            node_post_order = list(networkx.dfs_postorder_nodes(graph, head))
+            sorted_exit_nodes = sorted(refined_exit_nodes, key=node_post_order.index)
+            normal_exit_node = sorted_exit_nodes[0]
+            abnormal_exit_nodes = set(sorted_exit_nodes[1:])
+        else:
+            normal_exit_node = next(iter(refined_exit_nodes)) if len(refined_exit_nodes) > 0 else None
+            abnormal_exit_nodes = set()
+        region = self._abstract_cyclic_region(
+            graph,
+            refined_loop_nodes,
+            head,
+            normal_entries,
+            abnormal_entries,
+            normal_exit_node,
+            abnormal_exit_nodes,
+            self._node_order,
+        )
+        if region.successors is not None and len(region.successors) > 1 and self._force_loop_single_exit:
+            # multi-successor region. refinement is required
+            self._refine_loop_successors_to_guarded_successors(region, graph)
+        # if the head node is in the graph and it's not the head of the graph, we will need to update the head node
+        # address.
+        if original_entry is not None and original_entry in region.graph and region.head is not original_entry:
+            self.entry_node_addr = (head.addr, None)
+            # FIXME: the identified region will probably be incorrect. we may need to add a jump block that jumps to
+            #  original_entry.
+        return region
+    def _refine_loop_successors_to_guarded_successors(self, region, graph: networkx.DiGraph):
+        """
+        If there are multiple successors of a loop, convert them into guarded successors. Eventually there should be
+        only one loop successor. This is used in the DREAM structuring algorithm.
+        :param GraphRegion region:      The cyclic region to refine.
+        :param networkx.DiGraph graph:  The current graph that is being structured.
+        :return:                        None
+        """
+        if len(region.successors) <= 1:
+            return
+        # recover reaching conditions
+        self.cond_proc.recover_reaching_conditions(region, with_successors=True)
+        successors = list(region.successors)
+        condnode_addr = next(CONDITIONNODE_ADDR)
+        # create a new successor
+        cond = ConditionNode(
+            condnode_addr,
+            None,
+            self.cond_proc.reaching_conditions[successors[1]],
+            successors[1],
+            false_node=successors[0],
+        )
+        for succ in successors[2:]:
+            cond = ConditionNode(
+                condnode_addr,
+                None,
+                self.cond_proc.reaching_conditions[succ],
+                succ,
+                false_node=cond,
+            )
+        g = region.graph_with_successors
+        # modify region in place
+        region.successors = {cond}
+        for succ in successors:
+            for src, _, data in list(g.in_edges(succ, data=True)):
+                removed_edges = []
+                for src2src, _, data_ in list(g.in_edges(src, data=True)):
+                    removed_edges.append((src2src, src, data_))
+                    g.remove_edge(src2src, src)
+                g.remove_edge(src, succ)
+                # TODO: rewrite the conditional jumps in src so that it goes to cond-node instead.
+                # modify the last statement of src so that it jumps to cond
+                replaced_any_stmt = False
+                last_stmts = self.cond_proc.get_last_statements(src)
+                for last_stmt in last_stmts:
+                    if isinstance(last_stmt, ConditionalJump):
+                        if (
+                            isinstance(last_stmt.true_target, ailment.Expr.Const)
+                            and last_stmt.true_target.value == succ.addr
+                        ):
+                            new_last_stmt = ConditionalJump(
+                                last_stmt.idx,
+                                last_stmt.condition,
+                                ailment.Expr.Const(None, None, condnode_addr, self.project.arch.bits),
+                                last_stmt.false_target,
+                                ins_addr=last_stmt.ins_addr,
+                            )
+                        elif (
+                            isinstance(last_stmt.false_target, ailment.Expr.Const)
+                            and last_stmt.false_target.value == succ.addr
+                        ):
+                            new_last_stmt = ConditionalJump(
+                                last_stmt.idx,
+                                last_stmt.condition,
+                                last_stmt.true_target,
+                                ailment.Expr.Const(None, None, condnode_addr, self.project.arch.bits),
+                                ins_addr=last_stmt.ins_addr,
+                            )
+                        else:
+                            # none of the two branches is jumping out of the loop
+                            continue
+                    elif isinstance(last_stmt, Jump):
+                        if isinstance(last_stmt.target, ailment.Expr.Const):
+                            new_last_stmt = Jump(
+                                last_stmt.idx,
+                                ailment.Expr.Const(None, None, condnode_addr, self.project.arch.bits),
+                                ins_addr=last_stmt.ins_addr,
+                            )
+                        else:
+                            # an indirect jump - might be a jump table. ignore it
+                            continue
+                    else:
+                        l.error("Unexpected last_stmt type %s. Ignore.", type(last_stmt))
+                        continue
+                    replace_last_statement(src, last_stmt, new_last_stmt)
+                    replaced_any_stmt = True
+                if not replaced_any_stmt:
+                    l.warning("No statement was replaced. Is there anything wrong?")
+                    # raise Exception()
+                # add src back
+                for src2src, _, data_ in removed_edges:
+                    g.add_edge(src2src, src, **data_)
+                g.add_edge(src, cond, **data)
+        # modify graph
+        graph.add_edge(region, cond)
+        for succ in successors:
+            edge_data = graph.get_edge_data(region, succ)
+            graph.remove_edge(region, succ)
+            graph.add_edge(cond, succ, **edge_data)
+        # compute the node order of newly created nodes
+        self._node_order[region] = region_node_order = min(self._node_order[node_] for node_ in region.graph)
+        self._node_order[cond] = region_node_order[0], region_node_order[1] + 1
+    #
+    # Acyclic regions
+    #
+    def _make_acyclic_region(self, head, graph: networkx.DiGraph, secondary_graph, failed_region_attempts, cyclic):
+        # pre-processing
+        # we need to create a copy of the original graph if
+        # - there are in edges to the head node, or
+        # - there are more than one end nodes
+        head_inedges = list(graph.in_edges(head))
+        if head_inedges:
+            # we need a copy of the graph to remove edges coming into the head
+            graph_copy = networkx.DiGraph(graph)
+            # remove any in-edge to the head node
+            for src, _ in head_inedges:
+                graph_copy.remove_edge(src, head)
+        else:
+            graph_copy = graph
+        endnodes = [node for node in graph_copy.nodes() if graph_copy.out_degree(node) == 0]
+        if len(endnodes) == 0:
+            # sanity check: there should be at least one end node
+            l.critical("No end node is found in a supposedly acyclic graph. Is it really acyclic?")
+            return False
+        add_dummy_endnode = False
+        if len(endnodes) > 1:
+            # if this graph has multiple end nodes: create a single end node
+            add_dummy_endnode = True
+        elif head_inedges and len(endnodes) == 1 and endnodes[0] not in list(graph.predecessors(head)):
+            # special case: there are in-edges to head, but the only end node is not a predecessor to head.
+            # in this case, we will want to put the end node and a predecessor of the head into the same region.
+            add_dummy_endnode = True
+        if add_dummy_endnode:
+            # we need a copy of the graph!
+            graph_copy = networkx.DiGraph(graph_copy)
+            dummy_endnode = "DUMMY_ENDNODE"
+            for endnode in endnodes:
+                graph_copy.add_edge(endnode, dummy_endnode)
+            endnodes = [dummy_endnode]
+        else:
+            dummy_endnode = None
+        # dominators and post-dominators, computed incrementally
+        doms = IncrementalDominators(graph_copy, head)
+        postdoms = IncrementalDominators(graph_copy, endnodes[0], post=True)
+        # visit the nodes in post-order
+        region_created = False
+        for node in list(networkx.dfs_postorder_nodes(graph_copy, source=head)):
+            if node is dummy_endnode:
+                # skip the dummy endnode
+                continue
+            if cyclic and node is head:
+                continue
+            if node not in graph_copy:
+                continue
+            out_degree = graph_copy.out_degree[node]
+            if out_degree == 0:
+                # the root element of the region hierarchy should always be a GraphRegion,
+                # so we transform it into one, if necessary
+                if graph_copy.in_degree(node) == 0 and not isinstance(node, GraphRegion):
+                    subgraph = networkx.DiGraph()
+                    subgraph.add_node(node)
+                    self._abstract_acyclic_region(
+                        graph,
+                        GraphRegion(node, subgraph, None, None, False, None, cyclic_ancestor=cyclic),
+                        [],
+                        self._node_order,
+                        secondary_graph=secondary_graph,
+                    )
+                continue
+            # test if this node is an entry to a single-entry, single-successor region
+            levels = 0
+            postdom_node = postdoms.idom(node)
+            while postdom_node is not None:
+                if (node, postdom_node) not in failed_region_attempts and self._check_region(
+                    graph_copy, node, postdom_node, doms
+                ):
+                    frontier = [postdom_node]
+                    region = self._compute_region(
+                        graph_copy, node, frontier, dummy_endnode=dummy_endnode, cyclic_ancestor=cyclic
+                    )
+                    if region is not None:
+                        # update region.graph_with_successors
+                        if secondary_graph is not None:
+                            assert region.graph_with_successors is not None
+                            assert region.successors is not None
+                            if self._complete_successors:
+                                for nn in list(region.graph_with_successors.nodes):
+                                    original_successors = secondary_graph.successors(nn)
+                                    for succ in original_successors:
+                                        if not region.graph_with_successors.has_edge(nn, succ):
+                                            region.graph_with_successors.add_edge(nn, succ)
+                                            region.successors.add(succ)
+                            else:
+                                for nn in list(region.graph_with_successors.nodes):
+                                    original_successors = secondary_graph.successors(nn)
+                                    for succ in original_successors:
+                                        if succ not in graph_copy:
+                                            # the successor wasn't added to the graph because it does not belong
+                                            # to the frontier. we backpatch the successor graph here.
+                                            region.graph_with_successors.add_edge(nn, succ)
+                                            region.successors.add(succ)
+                            # add edges between successors
+                            for succ_0 in region.successors:
+                                for succ_1 in region.successors:
+                                    if succ_0 is not succ_1 and secondary_graph.has_edge(succ_0, succ_1):
+                                        region.graph_with_successors.add_edge(succ_0, succ_1)
+                        # l.debug("Walked back %d levels in postdom tree.", levels)
+                        l.debug("Node %r, frontier %r.", node, frontier)
+                        # l.debug("Identified an acyclic region %s.", self._dbg_block_list(region.graph.nodes()))
+                        self._abstract_acyclic_region(
+                            graph,
+                            region,
+                            frontier,
+                            self._node_order,
+                            dummy_endnode=dummy_endnode,
+                            secondary_graph=secondary_graph,
+                        )
+                        # assert dummy_endnode not in graph
+                        region_created = True
+                        # we created a new region to replace one or more nodes in the graph.
+                        replaced_nodes = set(region.graph)
+                        # update graph_copy; doms and postdoms are updated as well because they hold references to
+                        # graph_copy internally.
+                        if graph_copy is not graph:
+                            self._update_graph(graph_copy, region, replaced_nodes)
+                        doms.graph_updated(region, replaced_nodes, region.head)
+                        postdoms.graph_updated(region, replaced_nodes, region.head)
+                        # break out of the inner loop
+                        break
+                failed_region_attempts.add((node, postdom_node))
+                if not doms.dominates(node, postdom_node):
+                    break
+                if postdom_node is postdoms.idom(postdom_node):
+                    break
+                postdom_node = postdoms.idom(postdom_node)
+                levels += 1
+            # l.debug("Walked back %d levels in postdom tree and did not find anything for %r. Next.", levels, node)
+        return region_created
+    @staticmethod
+    def _update_graph(graph: networkx.DiGraph, new_region, replaced_nodes: set) -> None:
+        region_in_edges = RegionIdentifier._region_in_edges(graph, new_region, data=True)
+        region_out_edges = RegionIdentifier._region_out_edges(graph, new_region, data=True)
+        for node in replaced_nodes:
+            graph.remove_node(node)
+        graph.add_node(new_region)
+        for src, _, data in region_in_edges:
+            graph.add_edge(src, new_region, **data)
+        for _, dst, data in region_out_edges:
+            graph.add_edge(new_region, dst, **data)
+    @staticmethod
+    def _check_region(graph, start_node, end_node, doms) -> bool:
+        """
+        Determine the graph slice between start_node and end_node forms a good region.
+        """
+        # if the exit node is the header of a loop that contains the start node, the dominance frontier should only
+        # contain the exit node.
+        start_node_frontier = None
+        end_node_frontier = None
+        if not doms.dominates(start_node, end_node):
+            start_node_frontier = doms.df(start_node)
+            for node in start_node_frontier:
+                if node is not start_node and node is not end_node:
+                    return False
+        # no edges should enter the region.
+        end_node_frontier = doms.df(end_node)
+        for node in end_node_frontier:
+            if doms.dominates(start_node, node) and node is not end_node:
+                return False
+        if start_node_frontier is None:
+            start_node_frontier = doms.df(start_node)
+        # no edges should leave the region.
+        for node in start_node_frontier:
+            if node is start_node or node is end_node:
+                continue
+            if node not in end_node_frontier:
+                return False
+            for pred in graph.predecessors(node):
+                if doms.dominates(start_node, pred) and not doms.dominates(end_node, pred):
+                    return False
+        return True
+    @staticmethod
+    def _compute_region(graph, node, frontier, include_frontier=False, dummy_endnode=None, cyclic_ancestor=False):
+        subgraph = networkx.DiGraph()
+        frontier_edges = []
+        queue = [node]
+        traversed = set()
+        while queue:
+            node_ = queue.pop()
+            if node_ in frontier:
+                continue
+            traversed.add(node_)
+            subgraph.add_node(node_)
+            for succ in graph.successors(node_):
+                edge_data = graph.get_edge_data(node_, succ)
+                if node_ in frontier and succ in traversed:
+                    if include_frontier:
+                        # if frontier nodes are included, do not keep traversing their successors
+                        # however, if it has an edge to an already traversed node, we should add that edge
+                        subgraph.add_edge(node_, succ, **edge_data)
+                    else:
+                        frontier_edges.append((node_, succ, edge_data))
+                    continue
+                if succ is dummy_endnode:
+                    continue
+                if succ in frontier and not include_frontier:
+                    # skip all frontier nodes
+                    frontier_edges.append((node_, succ, edge_data))
+                    continue
+                subgraph.add_edge(node_, succ, **edge_data)
+                if succ in traversed:
+                    continue
+                queue.append(succ)
+        if dummy_endnode is not None:
+            frontier = {n for n in frontier if n is not dummy_endnode}
+        if subgraph.number_of_nodes() > 1:
+            subgraph_with_frontier = networkx.DiGraph(subgraph)
+            for src, dst, edge_data in frontier_edges:
+                if dst is not dummy_endnode:
+                    subgraph_with_frontier.add_edge(src, dst, **edge_data)
+            # assert dummy_endnode not in frontier
+            # assert dummy_endnode not in subgraph_with_frontier
+            return GraphRegion(
+                node, subgraph, frontier, subgraph_with_frontier, False, None, cyclic_ancestor=cyclic_ancestor
+            )
+        return None
+    @staticmethod
+    def _abstract_acyclic_region(
+        graph: networkx.DiGraph,
+        region,
+        frontier,
+        node_order: dict[Any, tuple[int, int]],
+        dummy_endnode=None,
+        secondary_graph=None,
+    ):
+        in_edges = RegionIdentifier._region_in_edges(graph, region, data=True)
+        out_edges = RegionIdentifier._region_out_edges(graph, region, data=True)
+        nodes_set = set()
+        for node_ in list(region.graph.nodes()):
+            nodes_set.add(node_)
+            if node_ is not dummy_endnode:
+                graph.remove_node(node_)
+        graph.add_node(region)
+        node_order[region] = min(node_order[node_] for node_ in nodes_set)
+        for src, _, data in in_edges:
+            if src not in nodes_set:
+                graph.add_edge(src, region, **data)
+        for _, dst, data in out_edges:
+            if dst not in nodes_set:
+                graph.add_edge(region, dst, **data)
+        if frontier:
+            for frontier_node in frontier:
+                if frontier_node is not dummy_endnode:
+                    graph.add_edge(region, frontier_node)
+        if secondary_graph is not None:
+            RegionIdentifier._abstract_acyclic_region(secondary_graph, region, {}, node_order)
+    @staticmethod
+    def _abstract_cyclic_region(
+        graph: networkx.DiGraph,
+        loop_nodes,
+        head,
+        normal_entries,
+        abnormal_entries,
+        normal_exit_node,
+        abnormal_exit_nodes,
+        node_order: dict[Any, tuple[int, int]],
+    ):
+        region = GraphRegion(head, None, None, None, True, None)
+        subgraph = networkx.DiGraph()
+        region_outedges = []
+        delayed_edges = []
+        full_graph = networkx.DiGraph()
+        for node in loop_nodes:
+            subgraph.add_node(node)
+            in_edges = list(graph.in_edges(node, data=True))
+            out_edges = list(graph.out_edges(node, data=True))
+            for src, dst, data in in_edges:
+                full_graph.add_edge(src, dst, **data)
+                if src in loop_nodes:
+                    subgraph.add_edge(src, dst, **data)
+                elif src == region:
+                    subgraph.add_edge(head, dst, **data)
+                elif src in normal_entries:
+                    # graph.add_edge(src, region, **data)
+                    delayed_edges.append((src, region, data))
+                elif src in abnormal_entries:
+                    data["region_dst_node"] = dst
+                    # graph.add_edge(src, region, **data)
+                    delayed_edges.append((src, region, data))
+                else:
+                    assert 0
+            for src, dst, data in out_edges:
+                full_graph.add_edge(src, dst, **data)
+                if dst in loop_nodes:
+                    subgraph.add_edge(src, dst, **data)
+                elif dst == region:
+                    subgraph.add_edge(src, head, **data)
+                elif dst == normal_exit_node:
+                    region_outedges.append((node, dst))
+                    # graph.add_edge(region, dst, **data)
+                    delayed_edges.append((region, dst, data))
+                elif dst in abnormal_exit_nodes:
+                    region_outedges.append((node, dst))
+                    # data['region_src_node'] = src
+                    # graph.add_edge(region, dst, **data)
+                    delayed_edges.append((region, dst, data))
+                else:
+                    assert 0
+        subgraph_with_exits = networkx.DiGraph(subgraph)
+        for src, dst in region_outedges:
+            subgraph_with_exits.add_edge(src, dst)
+        region.graph = subgraph
+        region.graph_with_successors = subgraph_with_exits
+        succs = [normal_exit_node] if normal_exit_node is not None else []
+        succs += list(abnormal_exit_nodes)
+        succs = sorted(set(succs), key=lambda x: x.addr)
+        region.successors = set(succs)
+        for succ_0 in succs:
+            for succ_1 in succs:
+                if succ_0 is not succ_1 and graph.has_edge(succ_0, succ_1):
+                    region.graph_with_successors.add_edge(succ_0, succ_1)
+        for node in loop_nodes:
+            graph.remove_node(node)
+        # add delayed edges
+        graph.add_node(region)
+        for src, dst, data in delayed_edges:
+            graph.add_edge(src, dst, **data)
+        # update node order
+        node_order[region] = node_order[head]
+        region.full_graph = full_graph
+        return region
+    @staticmethod
+    def _region_in_edges(graph, region, data=False):
+        return list(graph.in_edges(region.head, data=data))
+    @staticmethod
+    def _region_out_edges(graph, region, data=False):
+        out_edges = []
+        for node in region.graph.nodes():
+            out_ = graph.out_edges(node, data=data)
+            for _, dst, data_ in out_:
+                if dst in region.graph:
+                    continue
+                out_edges.append((region, dst, data_))
+        return out_edges
+    @staticmethod
+    def _merge_nodes(graph: networkx.DiGraph, node_a, node_b, force_multinode=False):
+        in_edges = list(graph.in_edges(node_a, data=True))
+        out_edges = list(graph.out_edges(node_b, data=True))
+        if not force_multinode and len(in_edges) <= 1 and len(out_edges) <= 1:
+            # it forms a region by itself :-)
+            new_node = None
+        else:
+            new_node = MultiNode([node_a, node_b])
+        graph.remove_node(node_a)
+        graph.remove_node(node_b)
+        if new_node is not None:
+            graph.add_node(new_node)
+            for src, _, data in in_edges:
+                if src is node_b:
+                    src = new_node
+                graph.add_edge(src, new_node, **data)
+            for _, dst, data in out_edges:
+                if dst is node_a:
+                    dst = new_node
+                graph.add_edge(new_node, dst, **data)
+        assert node_a not in graph
+        assert node_b not in graph
+        return new_node
+    def _ensure_jump_at_loop_exit_ends(self, node: Block | MultiNode) -> None:
+        if isinstance(node, Block):
+            if not node.statements:
+                node.statements.append(
+                    Jump(
+                        None,
+                        Const(None, None, node.addr + node.original_size, self.project.arch.bits),
+                        ins_addr=node.addr,
+                    )
+                )
+            else:
+                if not isinstance(first_nonlabel_nonphi_statement(node), ConditionalJump) and not isinstance(
+                    node.statements[-1],
+                    (
+                        Jump,
+                        ConditionalJump,
+                        IncompleteSwitchCaseHeadStatement,
+                    ),
+                ):
+                    node.statements.append(
+                        Jump(
+                            None,
+                            Const(None, None, node.addr + node.original_size, self.project.arch.bits),
+                            ins_addr=node.addr,
+                        )
+                    )
+        elif isinstance(node, MultiNode) and node.nodes:
+            self._ensure_jump_at_loop_exit_ends(node.nodes[-1])
+    @staticmethod
+    def _dbg_block_list(blocks):
+        return [(hex(b.addr) if hasattr(b, "addr") else repr(b)) for b in blocks]
+    #
+    # Reducibility
+    #
+    def test_reducibility(self) -> bool:
+        # make a copy of the graph
+        graph = networkx.DiGraph(self._graph)
+        # preprocess: make it a super graph
+        self._make_supergraph(graph)
+        while True:
+            changed = False
+            # find a node with a back-edge, remove the edge (deleting the loop), and replace it with a MultiNode
+            changed |= self._remove_self_loop(graph)
+            # find a node that has only one predecessor, and merge it with its predecessor (replace them with a
+            # MultiNode)
+            changed |= self._merge_single_entry_node(graph)
+            if not changed:
+                # a fixed-point is reached
+                break
+        # Flow graph reducibility, Hecht and Ullman
+        return len(graph.nodes) == 1
+    def _remove_self_loop(self, graph: networkx.DiGraph) -> bool:
+        r = False
+        while True:
+            for node in graph.nodes():
+                if node in graph[node]:
+                    # found a self loop
+                    self._remove_node(graph, node)
+                    r = True
+                    break
+            else:
+                break
+        return r
+    def _merge_single_entry_node(self, graph: networkx.DiGraph) -> bool:
+        r = False
+        while True:
+            for node in networkx.dfs_postorder_nodes(graph):
+                preds = list(graph.predecessors(node))
+                if len(preds) == 1:
+                    # merge the two nodes
+                    self._absorb_node(graph, preds[0], node)
+                    r = True
+                    break
+            else:
+                break
+        return r
+    def _remove_node(self, graph: networkx.DiGraph, node):  # pylint:disable=no-self-use
+        in_edges = [(src, dst, data) for (src, dst, data) in graph.in_edges(node, data=True) if src is not node]
+        out_edges = [(src, dst, data) for (src, dst, data) in graph.out_edges(node, data=True) if dst is not node]
+        # true case: it forms a region by itself :-)
+        new_node = None if len(in_edges) <= 1 and len(out_edges) <= 1 else MultiNode([node])
+        graph.remove_node(node)
+        if new_node is not None:
+            for src, _, data in in_edges:
+                graph.add_edge(src, new_node, **data)
+            for _, dst, data in out_edges:
+                graph.add_edge(new_node, dst, **data)
+    @staticmethod
+    def _absorb_node(graph: networkx.DiGraph, node_mommy, node_kiddie, force_multinode=False):
+        in_edges_mommy = graph.in_edges(node_mommy, data=True)
+        out_edges_mommy = graph.out_edges(node_mommy, data=True)
+        out_edges_kiddie = graph.out_edges(node_kiddie, data=True)
+        if not force_multinode and len(in_edges_mommy) <= 1 and len(out_edges_kiddie) <= 1:
+            # it forms a region by itself :-)
+            new_node = None
+        else:
+            new_node = MultiNode([node_mommy, node_kiddie])
+        graph.remove_node(node_mommy)
+        graph.remove_node(node_kiddie)
+        if new_node is not None:
+            graph.add_node(new_node)
+            for src, _, data in in_edges_mommy:
+                if src == node_kiddie:
+                    src = new_node
+                graph.add_edge(src, new_node, **data)
+            for _, dst, data in out_edges_mommy:
+                if dst == node_kiddie:
+                    continue
+                if dst == node_mommy:
+                    dst = new_node
+                graph.add_edge(new_node, dst, **data)
+            for _, dst, data in out_edges_kiddie:
+                if dst == node_mommy:
+                    dst = new_node
+                graph.add_edge(new_node, dst, **data)
+        assert node_mommy not in graph
+        assert node_kiddie not in graph
+register_analysis(RegionIdentifier, "RegionIdentifier")