angr 9.2.172__cp310-abi3-macosx_10_12_x86_64.whl → 9.2.173__cp310-abi3-macosx_10_12_x86_64.whl

angr/__init__.py

@@ -2,7 +2,7 @@
 # pylint: disable=wrong-import-position
 from __future__ import annotations
 
-__version__ = "9.2.172"
+__version__ = "9.2.173"
 
 if bytes is str:
     raise Exception(

angr/analyses/calling_convention/fact_collector.py

@@ -622,10 +622,15 @@ class FactCollector(Analysis):
 
         stack_offset_created = set()
         ret_addr_offset = 0 if not self.project.arch.call_pushes_ret else self.project.arch.bytes
+        # handle shadow stack args
+        cc_cls = default_cc(
+            self.project.arch.name, platform=self.project.simos.name if self.project.simos is not None else None
+        )
+        stackarg_sp_buff = cc_cls.STACKARG_SP_BUFF if cc_cls is not None else 0
         for state in end_states:
             for offset, size in state.stack_reads.items():
                 offset = u2s(offset, self.project.arch.bits)
-                if offset - ret_addr_offset > 0:
+                if offset - ret_addr_offset > stackarg_sp_buff:
                     if offset in stack_offset_created or offset in callee_saved_reg_stack_offsets:
                         continue
                     stack_offset_created.add(offset)

angr/analyses/cfg/cfg_fast.py

@@ -3237,22 +3237,24 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase):  # pylin
             # Fill in the jump_tables dict
             self.jump_tables[jump.addr] = jump
             # occupy the jump table region
-            if jump.jumptable_addr is not None:
-                self._seg_list.occupy(jump.jumptable_addr, jump.jumptable_size, "data")
+            for jumptable_info in jump.jumptables:
+                if jumptable_info.addr is None:
+                    continue
+                self._seg_list.occupy(jumptable_info.addr, jumptable_info.size, "data")
                 if self._collect_data_ref:
-                    if jump.jumptable_addr in self._memory_data:
-                        memory_data = self._memory_data[jump.jumptable_addr]
-                        memory_data.size = jump.jumptable_size
-                        memory_data.max_size = jump.jumptable_size
+                    if jumptable_info.addr in self._memory_data:
+                        memory_data = self._memory_data[jumptable_info.addr]
+                        memory_data.size = jumptable_info.size
+                        memory_data.max_size = jumptable_info.size
                         memory_data.sort = MemoryDataSort.Unknown
                     else:
                         memory_data = MemoryData(
-                            jump.jumptable_addr,
-                            jump.jumptable_size,
+                            jumptable_info.addr,
+                            jumptable_info.size,
                             MemoryDataSort.Unknown,
-                            max_size=jump.jumptable_size,
+                            max_size=jumptable_info.size,
                         )
-                        self._memory_data[jump.jumptable_addr] = memory_data
+                        self._memory_data[jumptable_info.addr] = memory_data
 
         jump.resolved_targets = targets
         all_targets = set(targets)

angr/analyses/cfg/indirect_jump_resolvers/jumptable.py

@@ -780,7 +780,7 @@ class JumpTableResolver(IndirectJumpResolver):
         self._find_bss_region()
 
     def filter(self, cfg, addr, func_addr, block, jumpkind):
-        if pcode is not None and isinstance(block.vex, pcode.lifter.IRSB):
+        if pcode is not None and isinstance(block.vex, pcode.lifter.IRSB):  # type:ignore
             if once("pcode__indirect_jump_resolver"):
                 l.warning("JumpTableResolver does not support P-Code IR yet; CFG may be incomplete.")
             return False
@@ -1049,6 +1049,7 @@ class JumpTableResolver(IndirectJumpResolver):
 
             # Get the jumping targets
             for r in simgr.found:
+                jt2, jt2_addr, jt2_entrysize, jt2_size = None, None, None, None
                 if load_stmt is not None:
                     ret = self._try_resolve_targets_load(
                         r,
@@ -1064,7 +1065,18 @@ class JumpTableResolver(IndirectJumpResolver):
                     if ret is None:
                         # Try the next state
                         continue
-                    jump_table, jumptable_addr, entry_size, jumptable_size, all_targets, sort = ret
+                    (
+                        jump_table,
+                        jumptable_addr,
+                        entry_size,
+                        jumptable_size,
+                        all_targets,
+                        sort,
+                        jt2,
+                        jt2_addr,
+                        jt2_entrysize,
+                        jt2_size,
+                    ) = ret
                     if sort == "jumptable":
                         ij_type = IndirectJumpType.Jumptable_AddressLoadedFromMemory
                     elif sort == "vtable":
@@ -1116,15 +1128,14 @@ class JumpTableResolver(IndirectJumpResolver):
                             ij.jumptable = True
                         else:
                             ij.jumptable = False
-                        ij.jumptable_addr = jumptable_addr
-                        ij.jumptable_size = jumptable_size
-                        ij.jumptable_entry_size = entry_size
+                        ij.add_jumptable(jumptable_addr, jumptable_size, entry_size, jump_table, is_primary=True)
                         ij.resolved_targets = set(jump_table)
-                        ij.jumptable_entries = jump_table
                         ij.type = ij_type
                     else:
                         ij.jumptable = False
                         ij.resolved_targets = set(jump_table)
+                    if jt2 is not None and jt2_addr is not None and jt2_size is not None and jt2_entrysize is not None:
+                        ij.add_jumptable(jt2_addr, jt2_size, jt2_entrysize, jt2, is_primary=False)
 
                 return True, all_targets
 
@@ -1560,7 +1571,9 @@ class JumpTableResolver(IndirectJumpResolver):
                 stmt_whitelist = annotatedcfg.get_whitelisted_statements(block_addr)
                 assert isinstance(stmt_whitelist, list)
                 try:
-                    engine.process(state, block=block, whitelist=stmt_whitelist)
+                    engine.process(
+                        state, block=block, whitelist=set(stmt_whitelist) if stmt_whitelist is not None else None
+                    )
                 except (claripy.ClaripyError, SimError, AngrError):
                     # anything can happen
                     break
@@ -1789,7 +1802,18 @@ class JumpTableResolver(IndirectJumpResolver):
                         )
                     else:
                         l.debug("Table at %#x has %d plausible targets", table_base_addr, num_targets)
-                        return jump_table, table_base_addr, load_size, num_targets * load_size, jump_table, sort
+                        return (
+                            jump_table,
+                            table_base_addr,
+                            load_size,
+                            num_targets * load_size,
+                            jump_table,
+                            sort,
+                            None,
+                            None,
+                            None,
+                            None,
+                        )
 
             # We resolved too many targets for this indirect jump. Something might have gone wrong.
             l.debug(
@@ -1848,6 +1872,7 @@ class JumpTableResolver(IndirectJumpResolver):
         # Adjust entries inside the jump table
         mask = (2**self.project.arch.bits) - 1
         transformation_list = list(reversed([v for v in transformations.values() if not v.first_load]))
+        jt_2nd_memloads: dict[int, int] = {}
         if transformation_list:
 
             def handle_signed_ext(a):
@@ -1872,6 +1897,10 @@ class JumpTableResolver(IndirectJumpResolver):
                 return (a + con) & mask
 
             def handle_load(size, a):
+                if a not in jt_2nd_memloads:
+                    jt_2nd_memloads[a] = size
+                else:
+                    jt_2nd_memloads[a] = max(jt_2nd_memloads[a], size)
                 return cfg._fast_memory_load_pointer(a, size=size)
 
             invert_conversion_ops = []
@@ -1936,6 +1965,31 @@ class JumpTableResolver(IndirectJumpResolver):
             l.debug("Could not recover jump table")
             return None
 
+        # there might be a secondary jumptable
+        jt_2nd = self._get_secondary_jumptable_from_transformations(transformation_list)
+        jt_2nd_entries: list[int] | None = None
+        jt_2nd_baseaddr: int | None = None
+        jt_2nd_entrysize: int | None = None
+        jt_2nd_size: int | None = None
+        if jt_2nd is not None and jt_2nd_memloads:
+            # determine the size of the secondary jump table
+            jt_2nd_baseaddr, jt_2nd_entrysize = jt_2nd
+            if jt_2nd_baseaddr in jt_2nd_memloads:
+                jt_2nd_size = max(jt_2nd_memloads) - jt_2nd_baseaddr + jt_2nd_entrysize
+                if jt_2nd_size % jt_2nd_entrysize == 0:
+                    jt_2nd_entrycount = jt_2nd_size // jt_2nd_entrysize
+                    if jt_2nd_entrycount <= len(all_targets):
+                        # we found it!
+                        jt_2nd_entries = []
+                        for i in range(jt_2nd_entrycount):
+                            target = cfg._fast_memory_load_pointer(
+                                jt_2nd_baseaddr + i * jt_2nd_entrysize,
+                                size=jt_2nd_entrysize,
+                            )
+                            if target is None:
+                                break
+                            jt_2nd_entries.append(target)
+
         # Finally... all targets are ready
         illegal_target_found = False
         for target in all_targets:
@@ -1953,7 +2007,18 @@ class JumpTableResolver(IndirectJumpResolver):
         if illegal_target_found:
             return None
 
-        return jump_table, min_jumptable_addr, load_size, total_cases * load_size, all_targets, sort
+        return (
+            jump_table,
+            min_jumptable_addr,
+            load_size,
+            total_cases * load_size,
+            all_targets,
+            sort,
+            jt_2nd_entries,
+            jt_2nd_baseaddr,
+            jt_2nd_entrysize,
+            jt_2nd_size,
+        )
 
     def _try_resolve_targets_ite(
         self, r, addr, cfg, annotatedcfg, ite_stmt: pyvex.IRStmt.WrTmp
@@ -2279,6 +2344,64 @@ class JumpTableResolver(IndirectJumpResolver):
                 return None
         return jump_addr
 
+    def _get_secondary_jumptable_from_transformations(
+        self, transformations: list[AddressTransformation]
+    ) -> tuple[int, int] | None:
+        """
+        Find the potential secondary "jump table" from a list of transformations.
+
+        :param transformations: A list of address transformations.
+        :return:    A tuple of [jump_table_addr, entry_size] if a secondary jump table is found. None otherwise.
+        """
+
+        # find all add-(add-)load sequence
+
+        for i in range(len(transformations) - 1):
+            prev_tran = transformations[i - 1] if i - 1 >= 0 else None
+            tran = transformations[i]
+            if not (
+                tran.op == AddressTransformationTypes.Add
+                and (prev_tran is None or prev_tran.op != AddressTransformationTypes.Add)
+            ):
+                continue
+            next_tran = transformations[i + 1]
+            add_tran, load_tran = None, None
+            if next_tran.op == AddressTransformationTypes.Load:
+                add_tran = None
+                load_tran = next_tran
+            elif next_tran.op == AddressTransformationTypes.Add:
+                next2_tran = transformations[i + 2] if i + 2 < len(transformations) else None
+                if next2_tran is not None and next2_tran.op == AddressTransformationTypes.Load:
+                    add_tran = next_tran
+                    load_tran = next2_tran
+
+            if load_tran is None:
+                continue
+            # we have found an add-(add-)load sequence
+            jumptable_base_addr = None
+            if isinstance(tran.operands[0], AddressOperand) and isinstance(tran.operands[1], int):
+                jumptable_base_addr = tran.operands[1]
+            elif isinstance(tran.operands[1], AddressOperand) and isinstance(tran.operands[0], int):
+                jumptable_base_addr = tran.operands[0]
+            else:
+                # unsupported first add
+                continue
+
+            if add_tran is not None:
+                mask = (1 << self.project.arch.bits) - 1
+                if isinstance(add_tran.operands[0], AddressOperand) and isinstance(add_tran.operands[1], int):
+                    jumptable_base_addr = (jumptable_base_addr + add_tran.operands[1]) & mask
+                elif isinstance(add_tran.operands[1], AddressOperand) and isinstance(add_tran.operands[0], int):
+                    jumptable_base_addr = (jumptable_base_addr + add_tran.operands[0]) & mask
+                else:
+                    # unsupported second add
+                    continue
+
+            load_size = load_tran.operands[1]
+            # we have a potential secondary jump table!
+            return jumptable_base_addr, load_size
+        return None
+
     def _sp_moved_up(self, block) -> bool:
         """
         Examine if the stack pointer moves up (if any values are popped out of the stack) within a single block.

angr/analyses/decompiler/block_simplifier.py

@@ -303,6 +303,23 @@ class BlockSimplifier(Analysis):
         return block.copy(statements=new_statements)
 
     def _eliminate_dead_assignments(self, block):
+
+        def _statement_has_calls(stmt: Statement) -> bool:
+            """
+            Check if a statement has any Call expressions.
+            """
+            walker = HasCallExprWalker()
+            walker.walk_statement(stmt)
+            return walker.has_call_expr
+
+        def _expression_has_calls(expr: Expression) -> bool:
+            """
+            Check if an expression has any Call expressions.
+            """
+            walker = HasCallExprWalker()
+            walker.walk_expression(expr)
+            return walker.has_call_expr
+
         new_statements = []
         if not block.statements:
             return block
@@ -325,8 +342,11 @@ class BlockSimplifier(Analysis):
         # micro optimization: if all statements that use a tmp are going to be removed, we remove this tmp as well
         for tmp, used_locs in rd.all_tmp_uses[block_loc].items():
             used_at = {stmt_idx for _, stmt_idx in used_locs}
-            if used_at.issubset(dead_defs_stmt_idx):
-                continue
+            if used_at.issubset(dead_defs_stmt_idx):  # noqa:SIM102
+                # cannot remove this tmp if any use sites involve call expressions; this is basically a duplicate of
+                # the logic in the larger loop below
+                if all(not _statement_has_calls(block.statements[i]) for i in used_at):
+                    continue
             used_tmps.add(tmp.tmp_idx)
 
         # Remove dead assignments
@@ -337,9 +357,7 @@ class BlockSimplifier(Analysis):
                     # is it assigning to an unused tmp or a dead virgin?
 
                     # does .src involve any Call expressions? if so, we cannot remove it
-                    walker = HasCallExprWalker()
-                    walker.walk_expression(stmt.src)
-                    if not walker.has_call_expr:
+                    if not _expression_has_calls(stmt.src):
                         continue
 
                     if type(stmt.dst) is Tmp and isinstance(stmt.src, Call):

angr/analyses/decompiler/clinic.py

@@ -2158,10 +2158,9 @@ class Clinic(Analysis):
             # custom string?
             if hasattr(expr, "custom_string") and expr.custom_string is True:
                 s = self.kb.custom_strings[expr.value]
+                ty = expr.type if hasattr(expr, "type") else SimTypePointer(SimTypeChar()).with_arch(self.project.arch)
                 expr.tags["reference_values"] = {
-                    SimTypePointer(SimTypeChar().with_arch(self.project.arch)).with_arch(self.project.arch): s.decode(
-                        "latin-1"
-                    ),
+                    ty: s,
                 }
             else:
                 # global variable?

angr/analyses/decompiler/peephole_optimizations/__init__.py

@@ -47,6 +47,7 @@ from .inlined_memcpy import InlinedMemcpy
 from .inlined_strcpy import InlinedStrcpy
 from .inlined_strcpy_consolidation import InlinedStrcpyConsolidation
 from .inlined_wstrcpy import InlinedWstrcpy
+from .inlined_wstrcpy_consolidation import InlinedWstrcpyConsolidation
 from .cmpord_rewriter import CmpORDRewriter
 from .coalesce_adjacent_shrs import CoalesceAdjacentShiftRights
 from .a_mul_const_sub_a import AMulConstSubA
@@ -104,6 +105,7 @@ ALL_PEEPHOLE_OPTS: list[type[PeepholeOptimizationExprBase]] = [
     InlinedStrcpy,
     InlinedStrcpyConsolidation,
     InlinedWstrcpy,
+    InlinedWstrcpyConsolidation,
     CmpORDRewriter,
     CoalesceAdjacentShiftRights,
     ShlToMul,

angr/analyses/decompiler/peephole_optimizations/cas_intrinsics.py

@@ -1,7 +1,7 @@
 # pylint:disable=arguments-differ,too-many-boolean-expressions
 from __future__ import annotations
 
-from angr.ailment.expression import BinaryOp, Load
+from angr.ailment.expression import BinaryOp, Load, Expression, Tmp
 from angr.ailment.statement import CAS, ConditionalJump, Statement, Assignment, Call
 
 from .base import PeepholeOptimizationMultiStmtBase
@@ -60,11 +60,13 @@ class CASIntrinsics(PeepholeOptimizationMultiStmtBase):
             and next_stmt.ins_addr == cas_stmt.ins_addr
         ):
             addr = cas_stmt.addr
+            expd_lo = self._resolve_tmp_expr(cas_stmt.expd_lo, block)
+            next_stmt_cond_op1 = self._resolve_tmp_expr(next_stmt.condition.operands[1], block)
             if (
-                isinstance(cas_stmt.expd_lo, Load)
-                and cas_stmt.expd_lo.addr.likes(addr)
-                and isinstance(next_stmt.condition.operands[1], Load)
-                and next_stmt.condition.operands[1].addr.likes(addr)
+                isinstance(expd_lo, Load)
+                and expd_lo.addr.likes(addr)
+                and isinstance(next_stmt_cond_op1, Load)
+                and next_stmt_cond_op1.addr.likes(addr)
                 and cas_stmt.old_lo.likes(next_stmt.condition.operands[0])
                 and cas_stmt.old_hi is None
             ):
@@ -113,3 +115,11 @@ class CASIntrinsics(PeepholeOptimizationMultiStmtBase):
                 os = "Linux"
             return _INTRINSICS_NAMES[mnemonic][os]
         return mnemonic
+
+    @staticmethod
+    def _resolve_tmp_expr(expr: Expression, block) -> Expression:
+        if isinstance(expr, Tmp):
+            for stmt in block.statements:
+                if isinstance(stmt, Assignment) and stmt.dst.likes(expr):
+                    return stmt.src
+        return expr

angr/analyses/decompiler/peephole_optimizations/inlined_wstrcpy.py

@@ -4,15 +4,17 @@ import string
 
 from archinfo import Endness
 
+from angr.ailment import BinaryOp
 from angr.ailment.expression import Const, StackBaseOffset, VirtualVariable
-from angr.ailment.statement import Call, Assignment
+from angr.ailment.statement import Call, Assignment, Statement, Store
 
+from angr.sim_type import SimTypePointer, SimTypeWideChar
 from angr.utils.endness import ail_const_to_be
 from .base import PeepholeOptimizationStmtBase
 
 
-ASCII_PRINTABLES = set(string.printable)
-ASCII_DIGITS = set(string.digits)
+ASCII_PRINTABLES = {ord(x) for x in string.printable}
+ASCII_DIGITS = {ord(x) for x in string.digits}
 
 
 class InlinedWstrcpy(PeepholeOptimizationStmtBase):
@@ -23,70 +25,83 @@ class InlinedWstrcpy(PeepholeOptimizationStmtBase):
     __slots__ = ()
 
     NAME = "Simplifying inlined wstrcpy"
-    stmt_classes = (Assignment,)
+    stmt_classes = (Assignment, Store)
 
-    def optimize(self, stmt: Assignment, stmt_idx: int | None = None, block=None, **kwargs):
+    def optimize(self, stmt: Assignment | Store, stmt_idx: int | None = None, block=None, **kwargs):
         if (
-            isinstance(stmt.dst, VirtualVariable)
+            isinstance(stmt, Assignment)
+            and isinstance(stmt.dst, VirtualVariable)
             and stmt.dst.was_stack
             and isinstance(stmt.src, Const)
             and isinstance(stmt.src.value, int)
         ):
-            r, s = self.is_integer_likely_a_wide_string(stmt.src.value, stmt.src.size, self.project.arch.memory_endness)
-            if r:
-                # replace it with a call to strncpy
-                str_id = self.kb.custom_strings.allocate(s.encode("ascii"))
-                return Call(
-                    stmt.idx,
-                    "wstrncpy",
-                    args=[
-                        StackBaseOffset(None, self.project.arch.bits, stmt.dst.stack_offset),
-                        Const(None, None, str_id, self.project.arch.bits, custom_string=True),
-                        Const(None, None, len(s), self.project.arch.bits),
-                    ],
-                    **stmt.tags,
-                )
-
-            # scan forward in the current block to find all consecutive constant stores
-            if block is not None and stmt_idx is not None:
-                all_constant_stores: dict[int, tuple[int, Const | None]] = self.collect_constant_stores(block, stmt_idx)
-                if all_constant_stores:
-                    offsets = sorted(all_constant_stores.keys())
-                    next_offset = min(offsets)
-                    stride = []
-                    for offset in offsets:
-                        if next_offset is not None and offset != next_offset:
-                            next_offset = None
-                            stride = []
-                        stmt_idx_, v = all_constant_stores[offset]
-                        if v is not None:
-                            stride.append((offset, stmt_idx_, v))
-                            next_offset = offset + v.size
-                        else:
-                            next_offset = None
-                            stride = []
-
-                    integer, size = self.stride_to_int(stride)
-                    r, s = self.is_integer_likely_a_wide_string(integer, size, Endness.BE)
-                    if r:
-                        # we remove all involved statements whose statement IDs are greater than the current one
-                        for _, stmt_idx_, _ in reversed(stride):
-                            if stmt_idx_ <= stmt_idx:
-                                continue
-                            block.statements[stmt_idx_] = None
-                        block.statements = [ss for ss in block.statements if ss is not None]
-
-                        str_id = self.kb.custom_strings.allocate(s.encode("ascii"))
-                        return Call(
-                            stmt.idx,
-                            "wstrncpy",
-                            args=[
-                                StackBaseOffset(None, self.project.arch.bits, stmt.dst.stack_offset),
-                                Const(None, None, str_id, self.project.arch.bits, custom_string=True),
-                                Const(None, None, len(s), self.project.arch.bits),
-                            ],
-                            **stmt.tags,
-                        )
+            dst = StackBaseOffset(None, self.project.arch.bits, stmt.dst.stack_offset)
+            value_size = stmt.src.size
+            value = stmt.src.value
+        elif isinstance(stmt, Store) and isinstance(stmt.data, Const) and isinstance(stmt.data.value, int):
+            dst = stmt.addr
+            value_size = stmt.data.size
+            value = stmt.data.value
+        else:
+            return None
+
+        r, s = self.is_integer_likely_a_wide_string(value, value_size, self.project.arch.memory_endness)
+        if r:
+            # replace it with a call to strncpy
+            str_id = self.kb.custom_strings.allocate(s)
+            wstr_type = SimTypePointer(SimTypeWideChar()).with_arch(self.project.arch)
+            return Call(
+                stmt.idx,
+                "wstrncpy",
+                args=[
+                    dst,
+                    Const(None, None, str_id, self.project.arch.bits, custom_string=True, type=wstr_type),
+                    Const(None, None, len(s) // 2, self.project.arch.bits),
+                ],
+                **stmt.tags,
+            )
+
+        # scan forward in the current block to find all consecutive constant stores
+        if block is not None and stmt_idx is not None:
+            all_constant_stores: dict[int, tuple[int, Const | None]] = self.collect_constant_stores(block, stmt_idx)
+            if all_constant_stores:
+                offsets = sorted(all_constant_stores.keys())
+                next_offset = min(offsets)
+                stride = []
+                for offset in offsets:
+                    if next_offset is not None and offset != next_offset:
+                        next_offset = None
+                        stride = []
+                    stmt_idx_, v = all_constant_stores[offset]
+                    if v is not None:
+                        stride.append((offset, stmt_idx_, v))
+                        next_offset = offset + v.size
+                    else:
+                        next_offset = None
+                        stride = []
+
+                integer, size = self.stride_to_int(stride)
+                r, s = self.is_integer_likely_a_wide_string(integer, size, Endness.BE, min_length=3)
+                if r:
+                    # we remove all involved statements whose statement IDs are greater than the current one
+                    for _, stmt_idx_, _ in reversed(stride):
+                        if stmt_idx_ <= stmt_idx:
+                            continue
+                        block.statements[stmt_idx_] = None
+                    block.statements = [ss for ss in block.statements if ss is not None]
+
+                    str_id = self.kb.custom_strings.allocate(s)
+                    wstr_type = SimTypePointer(SimTypeWideChar()).with_arch(self.project.arch)
+                    return Call(
+                        stmt.idx,
+                        "wstrncpy",
+                        args=[
+                            dst,
+                            Const(None, None, str_id, self.project.arch.bits, custom_string=True, type=wstr_type),
+                            Const(None, None, len(s) // 2, self.project.arch.bits),
+                        ],
+                        **stmt.tags,
+                    )
 
         return None
 
@@ -103,68 +118,131 @@ class InlinedWstrcpy(PeepholeOptimizationStmtBase):
 
     def collect_constant_stores(self, block, starting_stmt_idx: int) -> dict[int, tuple[int, Const | None]]:
         r = {}
+        expected_store_varid: int | None = None
+        starting_stmt = block.statements[starting_stmt_idx]
+        if (
+            isinstance(starting_stmt, Assignment)
+            and isinstance(starting_stmt.dst, VirtualVariable)
+            and starting_stmt.dst.was_stack
+            and isinstance(starting_stmt.dst.stack_offset, int)
+        ):
+            expected_type = "stack"
+        elif isinstance(starting_stmt, Store):
+            if isinstance(starting_stmt.addr, VirtualVariable):
+                expected_store_varid = starting_stmt.addr.varid
+            elif (
+                isinstance(starting_stmt.addr, BinaryOp)
+                and starting_stmt.addr.op == "Add"
+                and isinstance(starting_stmt.addr.operands[0], VirtualVariable)
+                and isinstance(starting_stmt.addr.operands[1], Const)
+            ):
+                expected_store_varid = starting_stmt.addr.operands[0].varid
+            else:
+                expected_store_varid = None
+            expected_type = "store"
+        else:
+            return r
+
         for idx, stmt in enumerate(block.statements):
             if idx < starting_stmt_idx:
                 continue
             if (
-                isinstance(stmt, Assignment)
+                expected_type == "stack"
+                and isinstance(stmt, Assignment)
                 and isinstance(stmt.dst, VirtualVariable)
                 and stmt.dst.was_stack
                 and isinstance(stmt.dst.stack_offset, int)
             ):
-                if isinstance(stmt.src, Const):
-                    r[stmt.dst.stack_offset] = idx, ail_const_to_be(stmt.src, self.project.arch.memory_endness)
+                offset = stmt.dst.stack_offset
+                value = (
+                    ail_const_to_be(stmt.src, self.project.arch.memory_endness) if isinstance(stmt.src, Const) else None
+                )
+            elif expected_type == "store" and isinstance(stmt, Store):
+                if isinstance(stmt.addr, VirtualVariable) and stmt.addr.varid == expected_store_varid:
+                    offset = 0
+                elif (
+                    isinstance(stmt.addr, BinaryOp)
+                    and stmt.addr.op == "Add"
+                    and isinstance(stmt.addr.operands[0], VirtualVariable)
+                    and isinstance(stmt.addr.operands[1], Const)
+                    and stmt.addr.operands[0].varid == expected_store_varid
+                ):
+                    offset = stmt.addr.operands[1].value
                 else:
-                    r[stmt.dst.stack_offset] = idx, None
+                    offset = None
+                value = (
+                    ail_const_to_be(stmt.data, self.project.arch.memory_endness)
+                    if isinstance(stmt.data, Const)
+                    else None
+                )
+            else:
+                continue
+
+            if offset is not None:
+                r[offset] = idx, value
 
         return r
 
     @staticmethod
-    def even_offsets_are_zero(lst: list[str]) -> bool:
-        return all(ch == "\x00" for i, ch in enumerate(lst) if i % 2 == 0)
+    def even_offsets_are_zero(lst: list[int]) -> bool:
+        if len(lst) >= 2 and lst[-1] == 0 and lst[-2] == 0:
+            lst = lst[:-2]
+        return all((ch == 0 if i % 2 == 0 else ch != 0) for i, ch in enumerate(lst))
 
     @staticmethod
-    def odd_offsets_are_zero(lst: list[str]) -> bool:
-        return all(ch == "\x00" for i, ch in enumerate(lst) if i % 2 == 1)
+    def odd_offsets_are_zero(lst: list[int]) -> bool:
+        if len(lst) >= 2 and lst[-1] == 0 and lst[-2] == 0:
+            lst = lst[:-2]
+        return all((ch == 0 if i % 2 == 1 else ch != 0) for i, ch in enumerate(lst))
 
     @staticmethod
     def is_integer_likely_a_wide_string(
         v: int, size: int, endness: Endness, min_length: int = 4
-    ) -> tuple[bool, str | None]:
+    ) -> tuple[bool, bytes | None]:
         # we need at least four bytes of printable characters
 
-        chars = []
+        chars: list[int] = []
         if endness == Endness.LE:
             while v != 0:
                 byt = v & 0xFF
-                if byt != 0 and chr(byt) not in ASCII_PRINTABLES:
+                if byt != 0 and byt not in ASCII_PRINTABLES:
                     return False, None
-                chars.append(chr(byt))
+                chars.append(byt)
                 v >>= 8
+            if len(chars) % 2 == 1:
+                chars.append(0)
 
         elif endness == Endness.BE:
             for _ in range(size):
                 byt = v & 0xFF
                 v >>= 8
-                if byt != 0 and chr(byt) not in ASCII_PRINTABLES:
+                if byt != 0 and byt not in ASCII_PRINTABLES:
                     return False, None
-                chars.append(chr(byt))
+                chars.append(byt)
             chars.reverse()
         else:
             # unsupported endness
             return False, None
 
-        if InlinedWstrcpy.even_offsets_are_zero(chars):
-            chars = [ch for i, ch in enumerate(chars) if i % 2 == 1]
-        elif InlinedWstrcpy.odd_offsets_are_zero(chars):
-            chars = [ch for i, ch in enumerate(chars) if i % 2 == 0]
-        else:
+        if not (InlinedWstrcpy.even_offsets_are_zero(chars) or InlinedWstrcpy.odd_offsets_are_zero(chars)):
             return False, None
 
-        if chars and chars[-1] == "\x00":
+        if chars and len(chars) >= 2 and chars[-1] == 0 and chars[-2] == 0:
             chars = chars[:-1]
-        if len(chars) >= min_length and all(ch in ASCII_PRINTABLES for ch in chars):
-            if len(chars) <= 4 and all(ch in ASCII_DIGITS for ch in chars):
+        if len(chars) >= min_length * 2 and all((ch == 0 or ch in ASCII_PRINTABLES) for ch in chars):
+            if len(chars) <= 4 * 2 and all((ch == 0 or ch in ASCII_DIGITS) for ch in chars):
                 return False, None
-            return True, "".join(chars)
+            return True, bytes(chars)
         return False, None
+
+    @staticmethod
+    def is_inlined_wstrncpy(stmt: Statement) -> bool:
+        return (
+            isinstance(stmt, Call)
+            and isinstance(stmt.target, str)
+            and stmt.target == "wstrncpy"
+            and stmt.args is not None
+            and len(stmt.args) == 3
+            and isinstance(stmt.args[1], Const)
+            and hasattr(stmt.args[1], "custom_string")
+        )

angr/analyses/decompiler/peephole_optimizations/inlined_wstrcpy_consolidation.py

@@ -0,0 +1,113 @@
+# pylint:disable=arguments-differ
+from __future__ import annotations
+
+from angr.ailment.expression import Expression, BinaryOp, Const, Register, StackBaseOffset, UnaryOp, VirtualVariable
+from angr.ailment.statement import Call, Store
+
+from angr.sim_type import SimTypePointer, SimTypeWideChar
+from .base import PeepholeOptimizationMultiStmtBase
+from .inlined_wstrcpy import InlinedWstrcpy
+
+
+class InlinedWstrcpyConsolidation(PeepholeOptimizationMultiStmtBase):
+    """
+    Consolidate multiple inlined wstrcpy/wstrncpy calls.
+    """
+
+    __slots__ = ()
+
+    NAME = "Consolidate multiple inlined wstrncpy calls"
+    stmt_classes = ((Call, Call), (Call, Store))
+
+    def optimize(  # type:ignore
+        self, stmts: list[Call], stmt_idx: int | None = None, block=None, **kwargs
+    ):  # pylint:disable=unused-argument
+        last_stmt, stmt = stmts
+        if InlinedWstrcpy.is_inlined_wstrncpy(last_stmt):
+            assert last_stmt.args is not None
+            assert self.kb is not None
+            s_last: bytes = self.kb.custom_strings[last_stmt.args[1].value]
+            addr_last = last_stmt.args[0]
+            new_str = None  # will be set if consolidation should happen
+
+            if isinstance(stmt, Call) and InlinedWstrcpy.is_inlined_wstrncpy(stmt):
+                assert stmt.args is not None
+                # consolidating two calls
+                s_curr: bytes = self.kb.custom_strings[stmt.args[1].value]
+                addr_curr = stmt.args[0]
+                # determine if the two addresses are consecutive
+                delta = self._get_delta(addr_last, addr_curr)
+                if delta is not None and delta == len(s_last):
+                    # consolidate both calls!
+                    new_str = s_last + s_curr
+            elif isinstance(stmt, Store) and isinstance(stmt.data, Const) and isinstance(stmt.data.value, int):
+                # consolidating a call and a store, in case the store statement is storing the suffix of a string (but
+                # the suffix is too short to qualify an inlined strcpy optimization)
+                addr_curr = stmt.addr
+                delta = self._get_delta(addr_last, addr_curr)
+                if delta is not None and delta == len(s_last):
+                    if stmt.size == 2 and stmt.data.value == 0:
+                        # it's probably the terminating null byte
+                        r, s = True, b"\x00\x00"
+                    else:
+                        r, s = InlinedWstrcpy.is_integer_likely_a_wide_string(
+                            stmt.data.value, stmt.size, stmt.endness, min_length=1  # type:ignore
+                        )
+                    if r and s is not None:
+                        new_str = s_last + s
+
+            if new_str is not None:
+                assert self.project is not None
+                wstr_type = SimTypePointer(SimTypeWideChar()).with_arch(self.project.arch)
+                if new_str.endswith(b"\x00\x00"):
+                    call_name = "wstrcpy"
+                    new_str_idx = self.kb.custom_strings.allocate(new_str[:-2])
+                    args = [
+                        last_stmt.args[0],
+                        Const(None, None, new_str_idx, last_stmt.args[0].bits, custom_string=True, type=wstr_type),
+                    ]
+                    prototype = None
+                else:
+                    call_name = "wstrncpy"
+                    new_str_idx = self.kb.custom_strings.allocate(new_str)
+                    args = [
+                        last_stmt.args[0],
+                        Const(None, None, new_str_idx, last_stmt.args[0].bits, custom_string=True, type=wstr_type),
+                        Const(None, None, len(new_str) // 2, self.project.arch.bits),
+                    ]
+                    prototype = None
+
+                return [Call(stmt.idx, call_name, args=args, prototype=prototype, **stmt.tags)]
+
+        return None
+
+    @staticmethod
+    def _parse_addr(addr: Expression) -> tuple[Expression, int]:
+        if isinstance(addr, Register):
+            return addr, 0
+        if isinstance(addr, StackBaseOffset):
+            return StackBaseOffset(None, addr.bits, 0), addr.offset
+        if (
+            isinstance(addr, UnaryOp)
+            and addr.op == "Reference"
+            and isinstance(addr.operand, VirtualVariable)
+            and addr.operand.was_stack
+        ):
+            return StackBaseOffset(None, addr.bits, 0), addr.operand.stack_offset
+        if isinstance(addr, BinaryOp):
+            if addr.op == "Add" and isinstance(addr.operands[1], Const) and isinstance(addr.operands[1].value, int):
+                base_0, offset_0 = InlinedWstrcpyConsolidation._parse_addr(addr.operands[0])
+                return base_0, offset_0 + addr.operands[1].value
+            if addr.op == "Sub" and isinstance(addr.operands[1], Const) and isinstance(addr.operands[1].value, int):
+                base_0, offset_0 = InlinedWstrcpyConsolidation._parse_addr(addr.operands[0])
+                return base_0, offset_0 - addr.operands[1].value
+
+        return addr, 0
+
+    @staticmethod
+    def _get_delta(addr_0: Expression, addr_1: Expression) -> int | None:
+        base_0, offset_0 = InlinedWstrcpyConsolidation._parse_addr(addr_0)
+        base_1, offset_1 = InlinedWstrcpyConsolidation._parse_addr(addr_1)
+        if base_0.likes(base_1):
+            return offset_1 - offset_0
+        return None

angr/analyses/decompiler/structured_codegen/c.py

@@ -2230,52 +2230,68 @@ class CConstant(CExpression):
         return f'{prefix}"{base_str}"'
 
     def c_repr_chunks(self, indent=0, asexpr=False):
+
+        def _default_output(v) -> str | None:
+            if isinstance(v, MemoryData) and v.sort == MemoryDataSort.String:
+                return CConstant.str_to_c_str(v.content.decode("utf-8"))
+            if isinstance(v, Function):
+                return get_cpp_function_name(v.demangled_name)
+            if isinstance(v, str):
+                return CConstant.str_to_c_str(v)
+            if isinstance(v, bytes):
+                return CConstant.str_to_c_str(v.replace(b"\x00", b"").decode("utf-8"))
+            return None
+
         if self.collapsed:
             yield "...", self
             return
 
-        # default priority: string references -> variables -> other reference values
         if self.reference_values is not None:
-            for _ty, v in self.reference_values.items():  # pylint:disable=unused-variable
-                if isinstance(v, MemoryData) and v.sort == MemoryDataSort.String:
-                    yield CConstant.str_to_c_str(v.content.decode("utf-8")), self
-                    return
-                elif isinstance(v, Function):
-                    yield get_cpp_function_name(v.demangled_name), self
+            if self._type is not None and self._type in self.reference_values:
+                if isinstance(self._type, SimTypeInt):
+                    if isinstance(self.reference_values[self._type], int):
+                        yield self.fmt_int(self.reference_values[self._type]), self
+                        return
+                    yield hex(self.reference_values[self._type]), self
                     return
-                elif isinstance(v, str):
+                elif isinstance(self._type, SimTypePointer) and isinstance(self._type.pts_to, SimTypeChar):
+                    refval = self.reference_values[self._type]
+                    if isinstance(refval, MemoryData):
+                        v = refval.content.decode("utf-8")
+                    elif isinstance(refval, bytes):
+                        v = refval.decode("latin1")
+                    else:
+                        # it must be a string
+                        v = refval
+                        assert isinstance(v, str)
                     yield CConstant.str_to_c_str(v), self
                     return
-                elif isinstance(v, bytes):
-                    yield CConstant.str_to_c_str(v.replace(b"\x00", b"").decode("utf-8")), self
+                elif isinstance(self._type, SimTypePointer) and isinstance(self._type.pts_to, SimTypeWideChar):
+                    refval = self.reference_values[self._type]
+                    v = (
+                        refval.content.decode("utf_16_le")
+                        if isinstance(refval, MemoryData)
+                        else refval.decode("utf_16_le")
+                    )  # it's a string
+                    yield CConstant.str_to_c_str(v, prefix="L"), self
                     return
-
-        if self.reference_values is not None and self._type is not None and self._type in self.reference_values:
-            if isinstance(self._type, SimTypeInt):
-                if isinstance(self.reference_values[self._type], int):
-                    yield self.fmt_int(self.reference_values[self._type]), self
-                    return
-                yield hex(self.reference_values[self._type]), self
-            elif isinstance(self._type, SimTypePointer) and isinstance(self._type.pts_to, SimTypeChar):
-                refval = self.reference_values[self._type]
-                if isinstance(refval, MemoryData):
-                    v = refval.content.decode("utf-8")
                 else:
-                    # it's a string
-                    v = refval
-                    assert isinstance(v, str)
-                yield CConstant.str_to_c_str(v), self
-            elif isinstance(self._type, SimTypePointer) and isinstance(self._type.pts_to, SimTypeWideChar):
-                refval = self.reference_values[self._type]
-                v = refval.content.decode("utf_16_le") if isinstance(refval, MemoryData) else refval  # it's a string
-                yield CConstant.str_to_c_str(v, prefix="L"), self
-            else:
-                if isinstance(self.reference_values[self._type], int):
-                    yield self.fmt_int(self.reference_values[self._type]), self
+                    if isinstance(self.reference_values[self._type], int):
+                        yield self.fmt_int(self.reference_values[self._type]), self
+                        return
+                    o = _default_output(self.reference_values[self.type])
+                    if o is not None:
+                        yield o, self
+                        return
+
+            # default priority: string references -> variables -> other reference values
+            for _ty, v in self.reference_values.items():  # pylint:disable=unused-variable
+                o = _default_output(v)
+                if o is not None:
+                    yield o, self
                     return
-                yield self.reference_values[self.type], self
 
-        elif isinstance(self.value, int) and self.value == 0 and isinstance(self.type, SimTypePointer):
+        if isinstance(self.value, int) and self.value == 0 and isinstance(self.type, SimTypePointer):
             # print NULL instead
             yield "NULL", self
 
@@ -3622,10 +3638,10 @@ class CStructuredCodeGenerator(BaseStructuredCodeGenerator, Analysis):
         if type_ is None and hasattr(expr, "type"):
             type_ = expr.type
 
-        if type_ is None and reference_values is None and hasattr(expr, "reference_values"):
+        if reference_values is None and hasattr(expr, "reference_values"):
             reference_values = expr.reference_values.copy()
-            if len(reference_values) == 1:  # type: ignore
-                type_ = next(iter(reference_values))  # type: ignore
+        if type_ is None and reference_values is not None and len(reference_values) == 1:  # type: ignore
+            type_ = next(iter(reference_values))  # type: ignore
 
         if reference_values is None:
             reference_values = {}
@@ -3714,10 +3730,10 @@ class CStructuredCodeGenerator(BaseStructuredCodeGenerator, Analysis):
             offset = getattr(expr, "reference_variable_offset", 0)
             var_access = self._access_constant_offset_reference(self._get_variable_reference(cvar), offset, None)
 
-        if var_access is not None and expr.value >= self.min_data_addr:
-            return var_access
-
-        reference_values["offset"] = var_access
+        if var_access is not None:
+            if expr.value >= self.min_data_addr:
+                return var_access
+            reference_values["offset"] = var_access
         return CConstant(expr.value, type_, reference_values=reference_values, tags=expr.tags, codegen=self)
 
     def _handle_Expr_UnaryOp(self, expr, **kwargs):

angr/analyses/s_reaching_definitions/s_rda_view.py

@@ -30,6 +30,9 @@ class RegVVarPredicate:
         self.arch = arch
 
     def _get_call_clobbered_regs(self, stmt: Call) -> set[int]:
+        if isinstance(stmt.target, str):
+            # pseudo calls do not clobber any registers
+            return set()
         cc = stmt.calling_convention
         if cc is None:
             # get the default calling convention

angr/knowledge_plugins/cfg/indirect_jump.py

@@ -1,25 +1,45 @@
 from __future__ import annotations
+
 from angr.serializable import Serializable
 
 
 class IndirectJumpType:
+    """
+    The type of an indirect jump or call.
+    """
+
     Jumptable_AddressLoadedFromMemory = 0
     Jumptable_AddressComputed = 1
     Vtable = 3
     Unknown = 255
 
 
+class JumptableInfo:
+    """
+    Describes a jump table or a vtable.
+    """
+
+    __slots__ = ("addr", "entries", "entry_size", "size")
+
+    def __init__(self, addr: int | None, size: int, entry_size: int, entries: list[int]):
+        self.addr = addr
+        self.size = size
+        self.entry_size = entry_size
+        self.entries = entries
+
+
 class IndirectJump(Serializable):
+    """
+    Describes an indirect jump or call site.
+    """
+
     __slots__ = (
         "addr",
         "func_addr",
         "ins_addr",
         "jumpkind",
         "jumptable",
-        "jumptable_addr",
-        "jumptable_entries",
-        "jumptable_entry_size",
-        "jumptable_size",
+        "jumptables",
         "resolved_targets",
         "stmt_idx",
         "type",
@@ -47,12 +67,56 @@ class IndirectJump(Serializable):
         self.stmt_idx = stmt_idx
         self.resolved_targets = set() if resolved_targets is None else set(resolved_targets)
         self.jumptable = jumptable
-        self.jumptable_addr = jumptable_addr
-        self.jumptable_size = jumptable_size
-        self.jumptable_entry_size = jumptable_entry_size
-        self.jumptable_entries = jumptable_entries
+        self.jumptables: list[JumptableInfo] = []
+        if (
+            jumptable_addr is not None
+            and jumptable_size is not None
+            and jumptable_entry_size is not None
+            and jumptable_entries is not None
+        ):
+            self.add_jumptable(jumptable_addr, jumptable_size, jumptable_entry_size, jumptable_entries)
         self.type = type_
 
+    def add_jumptable(
+        self,
+        addr: int | None,
+        size: int,
+        entry_size: int,
+        entries: list[int],
+        is_primary: bool = False,
+    ) -> None:
+        ji = JumptableInfo(addr, size, entry_size, entries)
+        if is_primary:
+            self.jumptables.insert(0, ji)
+        else:
+            self.jumptables.append(ji)
+
+    # for compatibility convenience
+
+    @property
+    def jumptable_addr(self) -> int | None:
+        if self.jumptables:
+            return self.jumptables[0].addr
+        return None
+
+    @property
+    def jumptable_size(self) -> int | None:
+        if self.jumptables:
+            return self.jumptables[0].size
+        return None
+
+    @property
+    def jumptable_entry_size(self) -> int | None:
+        if self.jumptables:
+            return self.jumptables[0].entry_size
+        return None
+
+    @property
+    def jumptable_entries(self) -> list[int] | None:
+        if self.jumptables:
+            return self.jumptables[0].entries
+        return None
+
     def __repr__(self):
         status = ""
         if self.jumptable or self.jumptable_entries:
@@ -61,5 +125,7 @@ class IndirectJump(Serializable):
                 status += f"@{self.jumptable_addr:#08x}"
             if self.jumptable_entries is not None:
                 status += f" with {len(self.jumptable_entries)} entries"
+            if len(self.jumptables) > 1:
+                status += f" (+{len(self.jumptables)-1} jumptables)"
 
         return "<IndirectJump {:#08x} - ins {:#08x}{}>".format(self.addr, self.ins_addr, " " + status if status else "")

{angr-9.2.172.dist-info → angr-9.2.173.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: angr
-Version: 9.2.172
+Version: 9.2.173
 Summary: A multi-architecture binary analysis toolkit, with the ability to perform dynamic symbolic execution and various static analyses on binaries
 License: BSD-2-Clause
 Project-URL: Homepage, https://angr.io/
@@ -16,12 +16,12 @@ Description-Content-Type: text/markdown
 License-File: LICENSE
 Requires-Dist: cxxheaderparser
 Requires-Dist: GitPython
-Requires-Dist: archinfo==9.2.172
+Requires-Dist: archinfo==9.2.173
 Requires-Dist: cachetools
 Requires-Dist: capstone==5.0.3
 Requires-Dist: cffi>=1.14.0
-Requires-Dist: claripy==9.2.172
-Requires-Dist: cle==9.2.172
+Requires-Dist: claripy==9.2.173
+Requires-Dist: cle==9.2.173
 Requires-Dist: mulpyplexer
 Requires-Dist: networkx!=2.8.1,>=2.0
 Requires-Dist: protobuf>=5.28.2
@@ -30,7 +30,7 @@ Requires-Dist: pycparser>=2.18
 Requires-Dist: pydemumble
 Requires-Dist: pyformlang
 Requires-Dist: pypcode<4.0,>=3.2.1
-Requires-Dist: pyvex==9.2.172
+Requires-Dist: pyvex==9.2.173
 Requires-Dist: rich>=13.1.0
 Requires-Dist: sortedcontainers
 Requires-Dist: sympy

{angr-9.2.172.dist-info → angr-9.2.173.dist-info}/RECORD

@@ -1,23 +1,23 @@
-angr-9.2.172.dist-info/RECORD,,
-angr-9.2.172.dist-info/WHEEL,sha256=wTy_3c4XcOAcqIE15cpeRqeJHiJiSBH-pmU5VVW1EO8,137
-angr-9.2.172.dist-info/entry_points.txt,sha256=Vjh1C8PMyr5dZFMnik5WkEP01Uwr2T73I3a6N32sgQU,44
-angr-9.2.172.dist-info/top_level.txt,sha256=dKw0KWTbwLXytFvv15oAAG4sUs3ey47tt6DorJG9-hw,5
-angr-9.2.172.dist-info/METADATA,sha256=55ffKaXpTmUAExTjDVpK_UPO5MKEwSHXIQcMUDrnARY,4343
-angr-9.2.172.dist-info/licenses/LICENSE,sha256=PmWf0IlSz6Jjp9n7nyyBQA79Q5C2ma68LRykY1V3GF0,1456
+angr-9.2.173.dist-info/RECORD,,
+angr-9.2.173.dist-info/WHEEL,sha256=wTy_3c4XcOAcqIE15cpeRqeJHiJiSBH-pmU5VVW1EO8,137
+angr-9.2.173.dist-info/entry_points.txt,sha256=Vjh1C8PMyr5dZFMnik5WkEP01Uwr2T73I3a6N32sgQU,44
+angr-9.2.173.dist-info/top_level.txt,sha256=dKw0KWTbwLXytFvv15oAAG4sUs3ey47tt6DorJG9-hw,5
+angr-9.2.173.dist-info/METADATA,sha256=iZFZTkufSw1zmEbcMmoF3paxU1UXWSFzOPAJ4lU_t4c,4343
+angr-9.2.173.dist-info/licenses/LICENSE,sha256=PmWf0IlSz6Jjp9n7nyyBQA79Q5C2ma68LRykY1V3GF0,1456
 angr/vaults.py,sha256=D_gkDegCyPlZMKGC5E8zINYAaZfSXNWbmhX0rXCYpvM,9718
-angr/unicornlib.dylib,sha256=E4kM6p5IQ9XGbL7Zh12CarXRVNVKccJiNPqPjHH-VjQ,264656
+angr/unicornlib.dylib,sha256=ap3ME0HcxUPSsyrifxavZ6J_v9nKZSz1chr2amCB8Jw,264656
 angr/state_hierarchy.py,sha256=qDQCUGXmQm3vOxE3CSoiqTH4OAFFOWZZt9BLhNpeOhA,8484
 angr/callable.py,sha256=j9Orwd4H4fPqOYylcEt5GuLGPV7ZOqyA_OYO2bp5PAA,6437
 angr/sim_type.py,sha256=Z0gWJaTVwjC6I_O7nzwa0DtEXZSFA9ekikm-U2gxCR4,135357
 angr/knowledge_base.py,sha256=hRoSLuLaOXmddTSF9FN5TVs7liftpBGq_IICz5AaYBk,4533
 angr/emulator.py,sha256=572e9l-N4VUzUzLKylqpv3JmBvVC5VExi1tLy6MZSoU,4633
-angr/rustylib.abi3.so,sha256=Df1Cq53wXQziP6KC27BS7ehr_LOVNNnMwBXNH7VuZMQ,5259788
+angr/rustylib.abi3.so,sha256=GxYgg0Ujk_bP1mpelCeLpUeAKSF1ZUCuAiO7pJ-hk7M,5259788
 angr/codenode.py,sha256=hCrQRp4Ebb2X6JicNmY1PXo3_Pm8GDxVivVW0Pwe84k,3918
 angr/graph_utils.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 angr/sim_manager.py,sha256=w7yTfWR-P9yoN5x85eeiNpj9dTrnjpJ3o5aoFpDAPnc,39396
 angr/serializable.py,sha256=l908phj_KcqopEEL_oCufbP_H6cm3Wc9v-5xdux1-6g,1533
 angr/code_location.py,sha256=kXNJDEMge9VRHadrK4E6HQ8wDdCaHSXNqyAZuHDEGuM,5397
-angr/__init__.py,sha256=ZeGnjkV15b26W_suDwvHXnFGn8nN22iB2dV9D0w5lW4,9246
+angr/__init__.py,sha256=2Ys7dgqv6Ad4nZVxaLf0JjowZ0LJFev07_3vDZ21Y3M,9246
 angr/blade.py,sha256=OGGW-oggqI9_LvgZhiQuh9Ktkvf3vhRBmH0XviNyZ6o,15801
 angr/factory.py,sha256=PPNWvTiWaIgzxzyoTr8ObSF-TXp1hCdbY2e-0xBePNc,17815
 angr/sim_state_options.py,sha256=dsMY3UefvL7yZKXloubMhzUET3N2Crw-Fpw2Vd1ouZQ,12468
@@ -914,7 +914,7 @@ angr/knowledge_plugins/key_definitions/definition.py,sha256=AAePJW3BYV0Ju3ZFdqVJ
 angr/knowledge_plugins/key_definitions/environment.py,sha256=UbXUgv2vjz_dbG_gF2iNK6ZztKt2vgxov9SXdVEWFXk,3886
 angr/knowledge_plugins/key_definitions/atoms.py,sha256=dKbhvROB0cKSIZC1Z29MvIUmEHx5Ke6rK1lMgmKNdV8,11149
 angr/knowledge_plugins/key_definitions/tag.py,sha256=QWtBe5yuMei6t2NRPwolVyUa1XyY2khMeU6pQwb66iQ,1710
-angr/knowledge_plugins/cfg/indirect_jump.py,sha256=W3KWpH7Sx-6Z7h_BwQjCK_XfP3ce_MaeAu_Aaq3D3qg,2072
+angr/knowledge_plugins/cfg/indirect_jump.py,sha256=XQjyH8ZhSlRFWLc--QY9Voq0RB7nI2wzeP5COANwoOc,3741
 angr/knowledge_plugins/cfg/__init__.py,sha256=oU07YZ4TIsoje8qr6nw_nM2NXizEGKuulD1RDxk4PWI,418
 angr/knowledge_plugins/cfg/memory_data.py,sha256=QLxFZfrtwz8u6UJn1L-Sxa-C8S0Gy9IOlfNfHCLPIow,5056
 angr/knowledge_plugins/cfg/cfg_model.py,sha256=Z5HOM7xh285gF5DGmQGRSWWD9KJyjXVWLvl0i521OkA,41722
@@ -1120,7 +1120,7 @@ angr/analyses/variable_recovery/engine_vex.py,sha256=5Q2S1jAr7tALa0m0okqBHBe3cUe
 angr/analyses/variable_recovery/variable_recovery_base.py,sha256=Ewd0TzNdZ_gRYXtXjVrJfODNABMMPjnuvMy9-Nnyui0,16813
 angr/analyses/variable_recovery/annotations.py,sha256=2va7cXnRHYqVqXeVt00QanxfAo3zanL4BkAcC0-Bk20,1438
 angr/analyses/variable_recovery/engine_base.py,sha256=MJ6h-dq_0r-3I3ZOhR8E4So2VqxlyudNeSrAHyQCNRg,53171
-angr/analyses/calling_convention/fact_collector.py,sha256=SCdNm-6qfgj-SRnbtPpzzkZBS0nH0Ik3zPn5wLG6-7Y,28480
+angr/analyses/calling_convention/fact_collector.py,sha256=9qx3jvBBrhKvRoZrCir61KZBqFtduiFzhbHAtWFvMic,28762
 angr/analyses/calling_convention/__init__.py,sha256=bK5VS6AxT5l86LAhTL7l1HUT9IuvXG9x9ikbIohIFoE,194
 angr/analyses/calling_convention/calling_convention.py,sha256=vdGqrv7SQDnO6Rg9rgDuQSUPxHYGRgEeneTEQhGM-2M,46762
 angr/analyses/calling_convention/utils.py,sha256=twkO073RvkkFXnOTc-KYQT1GKUtz0OPjxh0N6AWIriQ,2110
@@ -1159,13 +1159,13 @@ angr/analyses/reaching_definitions/function_handler_library/stdlib.py,sha256=YRN
 angr/analyses/cfg/cfg.py,sha256=dc9M91CaLeEKduYfMwpsT_01x6XyYuoNvgvcDKtbN-I,3177
 angr/analyses/cfg/cfb.py,sha256=HI25OJKs2OUlWkOSG4kLsZQFnBJcfDwSQKp6_ZRsoQY,15353
 angr/analyses/cfg/cfg_job_base.py,sha256=Zshze972MakTsd-licQz77lac17igQaaTsAteHeHhYQ,5974
-angr/analyses/cfg/cfg_fast.py,sha256=e0rl_AIM1ne-GZK7yuDPNkceyNSZIYY77sg0-jvjsyo,232943
+angr/analyses/cfg/cfg_fast.py,sha256=shJdaaQ_4gAB7yMe6oFNrC-uWIdhbD-z4jqx5_VdSGs,233023
 angr/analyses/cfg/__init__.py,sha256=-w8Vd6FD6rtjlQaQ7MxwmliFgS2zt-kZepAY4gHas04,446
 angr/analyses/cfg/cfg_fast_soot.py,sha256=8YgMtY_8w4nAMcHR6n-q_eFvKwsvNz0anUH7EzIL1B4,25924
 angr/analyses/cfg/cfg_arch_options.py,sha256=_XRewFZ51SeNaxChadb6_ER7-8LW8KXeTIpoP8_iRj0,3506
 angr/analyses/cfg/cfg_emulated.py,sha256=4lKrmGVfCGt8l3Nz9zH6EcUcAVLwyOM7p81DlxUVNGA,148351
 angr/analyses/cfg/cfg_base.py,sha256=eleUmM_znfsl6KV7T2tUmSEy2iLmPsrT3dNB2BYudd4,124964
-angr/analyses/cfg/indirect_jump_resolvers/jumptable.py,sha256=lUAzzSl6URNpMTzsTdaBc1xjDYtzZ0ghUFdgwok-_v8,103712
+angr/analyses/cfg/indirect_jump_resolvers/jumptable.py,sha256=XJKPcZiKAYJQ4YusVx0xPXQfuoi_qdrHM1Wjf_zh2C4,109111
 angr/analyses/cfg/indirect_jump_resolvers/mips_elf_fast.py,sha256=SSwWVKCqMNxdqTeMkLqXk5UFmzgxJDm8H-xLNBr1Hnc,10173
 angr/analyses/cfg/indirect_jump_resolvers/memload_resolver.py,sha256=jmCiDkloyyqb6iRfjXBlu2N9uwYhiqeiXWhnUXW27dU,2950
 angr/analyses/cfg/indirect_jump_resolvers/const_resolver.py,sha256=eo9Bn-lVAzsx-Y7ncr647enHmWyAZIehc9_Q6Uq7xc8,15517
@@ -1228,9 +1228,9 @@ angr/analyses/decompiler/region_identifier.py,sha256=kQJ_KCd3Qx9LWStTM_iUNBG10bD
 angr/analyses/decompiler/empty_node_remover.py,sha256=4CdxTM1AVmRoEdRIwJg1YEy10AgkEoRmJ8SU7xGbKnM,7424
 angr/analyses/decompiler/seq_to_blocks.py,sha256=4-tqstendHHO2J0WD3JHQkm8c4c2KG3AO3mYWrn4xvg,569
 angr/analyses/decompiler/__init__.py,sha256=eyxt2UKvPkbuS_l_1GPb0CJ6hrj2wTavh-mVf23wwiQ,1162
-angr/analyses/decompiler/clinic.py,sha256=rGR5ODSEZyHX1cmEuUNPKxK3BNcVAg-97TlppxhdtDs,151349
+angr/analyses/decompiler/clinic.py,sha256=pULhfkuDYNBT9o5nYWX9fl1sP0RiWBVCUhHDsmUeIPc,151320
 angr/analyses/decompiler/decompilation_cache.py,sha256=06oiG299mVpGOTL54Xy1CUxz5s8QLgYJn5XIvKFLYkU,1566
-angr/analyses/decompiler/block_simplifier.py,sha256=XcX9wsBM4AL_WWqmFrtSUDeSv0a125cC1-Q1NhmTrNE,14777
+angr/analyses/decompiler/block_simplifier.py,sha256=vjlugXCB3xFYBDBn3LPxOtU1dDc76PpYtVEoju3i9-4,15513
 angr/analyses/decompiler/node_replacer.py,sha256=jJd3XkIwFE07bIbLriJ6_mQEvfhm90C8lqlrL5Mz1Xg,1450
 angr/analyses/decompiler/decompilation_options.py,sha256=bs6CNpU3UxepgBB_9eUH4jriNpGoryyPP0sR1hDWpTk,8477
 angr/analyses/decompiler/region_walker.py,sha256=u0hR0bEX1hSwkv-vejIM1gS-hcX2F2DLsDqpKhQ5_pQ,752
@@ -1245,7 +1245,7 @@ angr/analyses/decompiler/label_collector.py,sha256=fsCkldy8ZKH4FjkREByg-NDmfCd7P
 angr/analyses/decompiler/jumptable_entry_condition_rewriter.py,sha256=f_JyNiSZfoudElfl2kIzONoYCiosR4xYFOe8Q5SkvLg,2176
 angr/analyses/decompiler/structured_codegen/__init__.py,sha256=mxG4yruPAab8735wVgXZ1zu8qFPz-njKe0m5UcywE3o,633
 angr/analyses/decompiler/structured_codegen/dwarf_import.py,sha256=J6V40RuIyKXN7r6ESftIYfoREgmgFavnUL5m3lyTzlM,7072
-angr/analyses/decompiler/structured_codegen/c.py,sha256=ebZzyHrh0Jt6fPL6gi-MDgRoA4OeXtb_NVePMLe2h4A,149613
+angr/analyses/decompiler/structured_codegen/c.py,sha256=sFizu2EWABRhv_yaBXd85rPhoRIEZNZ6zdLp5Q4XHa8,150180
 angr/analyses/decompiler/structured_codegen/dummy.py,sha256=JZLeovXE-8C-unp2hbejxCG30l-yCx4sWFh7JMF_iRM,570
 angr/analyses/decompiler/structured_codegen/base.py,sha256=mb5d5iQO1N2wMl7QySvfHemXM-e0yQBhjtlmnLsVSgE,5134
 angr/analyses/decompiler/ssailification/rewriting.py,sha256=aIYuFGlroEXqxaf6lZCfodLD2B53Sb8UJgl2nNb4lg8,15076
@@ -1284,7 +1284,7 @@ angr/analyses/decompiler/region_simplifiers/cascading_ifs.py,sha256=kPWajH8__ap-
 angr/analyses/decompiler/region_simplifiers/expr_folding.py,sha256=naCgnDUjdiDsh6dvoNO-VARfbTfaEYpu3EX9HkJ1cqE,31790
 angr/analyses/decompiler/peephole_optimizations/basepointeroffset_and_mask.py,sha256=2Tb4zGnFA5hZH8oI6t1hoRstGDmOBsOoQxf6fU5Ct7A,1105
 angr/analyses/decompiler/peephole_optimizations/tidy_stack_addr.py,sha256=8gPWhFTcezgO7pZ_v0pxR7pweds4_GrrY82ur6Nrlf8,4796
-angr/analyses/decompiler/peephole_optimizations/cas_intrinsics.py,sha256=B1FJjIWOo12MwV5X1ybpz69U0zkyeSlW4zmCPIZcXv8,4129
+angr/analyses/decompiler/peephole_optimizations/cas_intrinsics.py,sha256=2A7NZIzZpDCq3i8e72l7c7KHfEwfJvzi5NffoXU_NNE,4559
 angr/analyses/decompiler/peephole_optimizations/remove_redundant_nots.py,sha256=V5Vm1zUGjsauyOYXbUgDfZEgmChLbY8wnvmcRbfdMk0,1278
 angr/analyses/decompiler/peephole_optimizations/bool_expr_xor_1.py,sha256=vLXt0ekjRep4SgaNq1wyxVkBTzOMTa03d3rgkjUOcUg,995
 angr/analyses/decompiler/peephole_optimizations/bswap.py,sha256=fXV_a58W2X30KCanYeSHdZ2yPcfDlyZq_OkYNMkglrg,6420
@@ -1301,7 +1301,7 @@ angr/analyses/decompiler/peephole_optimizations/a_mul_const_sub_a.py,sha256=5Gsq
 angr/analyses/decompiler/peephole_optimizations/remove_redundant_shifts.py,sha256=0R_ja5u2fO_BMSpfSk68sDMfhwpvBpyCBKahQh-SB4w,3997
 angr/analyses/decompiler/peephole_optimizations/rewrite_mips_gp_loads.py,sha256=YMfsqffIzsB7YslHVohBOeOWeNJydsrBowJ_6oD1QyY,1909
 angr/analyses/decompiler/peephole_optimizations/remove_noop_conversions.py,sha256=KRjv1VUMmzkmax_s1ZM3nz24iqz1wqInMgJn3NR9kd4,1788
-angr/analyses/decompiler/peephole_optimizations/__init__.py,sha256=TSpLThx8U5YK05r779be8SozeTya0zbziPOZDKCGa6M,4930
+angr/analyses/decompiler/peephole_optimizations/__init__.py,sha256=EbnjFKVoLce23AbmF-06EdW-TzAeoZjn_NHDkqNWATQ,5034
 angr/analyses/decompiler/peephole_optimizations/remove_redundant_ite_branch.py,sha256=1pbXLE65KwREUoB9GqCXBgz-BeUrzXxoIRFUYZAnBVA,1133
 angr/analyses/decompiler/peephole_optimizations/remove_redundant_reinterprets.py,sha256=NpjPio84lBFY76hPyvOWChRo1jgFEj9XKmSh_A3A-bg,1430
 angr/analyses/decompiler/peephole_optimizations/rewrite_conv_mul.py,sha256=nhV4URuLjH_G-te15cJJ3O2-9VJvpOnkRJjdHSBRoko,1481
@@ -1327,9 +1327,10 @@ angr/analyses/decompiler/peephole_optimizations/invert_negated_logical_conjuctio
 angr/analyses/decompiler/peephole_optimizations/rol_ror.py,sha256=hrtAJaWTZgphP6Wex50uz9vHIBeXy1ie5M5CBSruY7Y,5144
 angr/analyses/decompiler/peephole_optimizations/conv_a_sub0_shr_and.py,sha256=4fZUQGdEY2qVANb6xQWZJRf5N7X78R_gyECxzhC_5vU,2384
 angr/analyses/decompiler/peephole_optimizations/coalesce_same_cascading_ifs.py,sha256=--C1JQluHt8ltdfUPBHvRD3SjW_ZcBU3oWdFwpCtpuw,1072
-angr/analyses/decompiler/peephole_optimizations/inlined_wstrcpy.py,sha256=irbBK2HB75f27L2EnHPuwDHumz1GBYqVwB96zoe-SFM,6787
+angr/analyses/decompiler/peephole_optimizations/inlined_wstrcpy.py,sha256=rR3eC_pjCVBuc8GuWzJJkn6h8c964ODf-5uiwlncwVE,9896
 angr/analyses/decompiler/peephole_optimizations/coalesce_adjacent_shrs.py,sha256=fXq-qFe7JUdD5LdtUhoA9AF3LnY-3Jrmo4t3ZRJIIiQ,1414
 angr/analyses/decompiler/peephole_optimizations/remove_redundant_bitmasks.py,sha256=FUf1bg9nADlwT1upwTKcVhhPcvZ98C-8PlmkWoHqwZ4,4787
+angr/analyses/decompiler/peephole_optimizations/inlined_wstrcpy_consolidation.py,sha256=TsQEpHhyVr7MdiSFkijR6GFMHsuKlmmy9qvSCo32c2U,5409
 angr/analyses/decompiler/peephole_optimizations/remove_redundant_shifts_around_comparators.py,sha256=pMdKsNJtAIPqyWsR8cUEyujdF7e7kbqqvVgelVmKtqY,1610
 angr/analyses/decompiler/peephole_optimizations/optimized_div_simplifier.py,sha256=M4GxEWKs6V9aEYejGluZ8w8QpvPKpaESeFFzid88HjE,14208
 angr/analyses/decompiler/peephole_optimizations/a_div_const_add_a_mul_n_div_const.py,sha256=HY6EQkThiyMaahz3bodJUqLBKWY2n4aKGbKyspMXN50,1641
@@ -1398,7 +1399,7 @@ angr/analyses/decompiler/presets/basic.py,sha256=sHT2oalBmINVSZfpEbx4LmK0G1zqbZm
 angr/analyses/s_reaching_definitions/__init__.py,sha256=TyfVplxkJj8FAAAw9wegzJlcrbGwlFpIB23PdCcwrLA,254
 angr/analyses/s_reaching_definitions/s_reaching_definitions.py,sha256=gNdg8xpu5by_McWU8j0g0502yQsO2evkTlben9yimV0,7826
 angr/analyses/s_reaching_definitions/s_rda_model.py,sha256=FJSge_31FFzyzBJA1xm7dQz40TfuNna6v_RWAZMZvi0,5801
-angr/analyses/s_reaching_definitions/s_rda_view.py,sha256=r0UThjO4ZhrlCUuMYflzMoH5spObH25A65-S2koY5vM,13807
+angr/analyses/s_reaching_definitions/s_rda_view.py,sha256=7o-llkMUJP_ZhnQ4tkCDrzYok4cAOA7PLt2tX9DY8Mo,13929
 angr/analyses/fcp/__init__.py,sha256=E9dxFckDM9DijfU4RRg9SGL6xDKCz7yBBP-XSkS-S9U,115
 angr/analyses/fcp/fcp.py,sha256=djkJsvSja_De7ptNwllmTHjvVl62BFcH_haBhwhzFtw,16373
 angr/analyses/flirt/flirt.py,sha256=UNXtUBs11WafKeMAW2BwqKJLFhOyObqmRhfCqYdsJpc,10762