angr 9.2.174__cp310-abi3-win_amd64.whl → 9.2.175__cp310-abi3-win_amd64.whl

angr/__init__.py

@@ -2,7 +2,7 @@
 # pylint: disable=wrong-import-position
 from __future__ import annotations
 
-__version__ = "9.2.174"
+__version__ = "9.2.175"
 
 if bytes is str:
     raise Exception(

angr/__main__.py

@@ -6,11 +6,14 @@ import re
 from typing import TYPE_CHECKING
 from collections.abc import Generator
 
+from rich.syntax import Syntax
+from rich.console import Console
+
 import angr
 from angr.analyses.decompiler import DECOMPILATION_PRESETS
 from angr.analyses.decompiler.structuring import STRUCTURER_CLASSES, DEFAULT_STRUCTURER
 from angr.analyses.decompiler.utils import decompile_functions
-
+from angr.utils.formatting import ansi_color_enabled
 
 if TYPE_CHECKING:
     from angr.knowledge_plugins.functions import Function
@@ -82,11 +85,27 @@ def decompile(args):
         base_address=args.base_addr,
         preset=args.preset,
     )
-    print(decompilation)
+
+    # Determine if we should use syntax highlighting
+    should_highlight = ansi_color_enabled and not args.no_colors
+
+    if should_highlight:
+        try:
+            console = Console()
+            syntax = Syntax(decompilation, "c", theme=args.theme, line_numbers=False)
+            console.print(syntax)
+        # pylint: disable=broad-exception-caught
+        except Exception as e:
+            log.warning("Syntax highlighting failed: %s", e)
+            # Fall back to plain text if syntax highlighting fails
+            print(decompilation)
+    else:
+        print(decompilation)
 
 
 def main():
     parser = argparse.ArgumentParser(description="The angr CLI allows you to decompile and analyze binaries.")
+    parser.add_argument("--version", action="version", version=angr.__version__)
     parser.add_argument("binary", help="The path to the binary to analyze.")
     parser.add_argument(
         "--catch-exceptions",
@@ -133,6 +152,17 @@ def main():
         symbols of the binary or as addresses like: 0x401000.""",
         nargs="+",
     )
+    decompile_cmd_parser.add_argument(
+        "--no-colors",
+        help="Disable syntax highlighting in the decompiled output.",
+        action="store_true",
+        default=False,
+    )
+    decompile_cmd_parser.add_argument(
+        "--theme",
+        help="The syntax highlighting theme to use (only if rich is installed and colors are enabled).",
+        default="dracula",
+    )
 
     disassemble_cmd_parser = subparsers.add_parser("disassemble", aliases=["dis"], help=disassemble.__doc__)
     disassemble_cmd_parser.set_defaults(func=disassemble)

angr/analyses/cfg/cfg_base.py

@@ -937,7 +937,7 @@ class CFGBase(Analysis):
         """
 
         addrs = set()
-        if isinstance(self._binary, ELF) and self._binary.has_dwarf_info:
+        if (isinstance(self._binary, ELF) and self._binary.has_dwarf_info) or isinstance(self._binary, PE):
             for function_hint in self._binary.function_hints:
                 if function_hint.source == FunctionHintSource.EH_FRAME:
                     addrs.add(function_hint.addr)

angr/analyses/cfg/cfg_fast.py

@@ -435,6 +435,7 @@ class CFGJobType(Enum):
     COMPLETE_SCANNING = 2
     IFUNC_HINTS = 3
     DATAREF_HINTS = 4
+    EH_FRAME_HINTS = 5
 
 
 class CFGJob:
@@ -612,7 +613,7 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase):  # pylin
         low_priority=False,
         cfb=None,
         model=None,
-        elf_eh_frame=True,
+        eh_frame=True,
         exceptions=True,
         skip_unmapped_addrs=True,
         nodecode_window_size=512,
@@ -625,6 +626,7 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase):  # pylin
         end=None,  # deprecated
         collect_data_references=None,  # deprecated
         extra_cross_references=None,  # deprecated
+        elf_eh_frame=None,  # deprecated
         **extra_arch_options,
     ):
         """
@@ -664,8 +666,8 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase):  # pylin
                                              types will be loaded.
         :param base_state:              A state to use as a backer for all memory loads
         :param bool detect_tail_calls:  Enable aggressive tail-call optimization detection.
-        :param bool elf_eh_frame:       Retrieve function starts (and maybe sizes later) from the .eh_frame of ELF
-                                        binaries.
+        :param bool eh_frame:           Retrieve function starts (and maybe sizes later) from the .eh_frame of ELF
+                                        binaries or exception records of PE binaries.
         :param skip_unmapped_addrs:     Ignore all branches into unmapped regions. True by default. You may want to set
                                         it to False if you are analyzing manually patched binaries or malware samples.
         :param indirect_calls_always_return:    Should CFG assume indirect calls must return or not. Assuming indirect
@@ -778,13 +780,17 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase):  # pylin
             )
             force_complete_scan = False
 
+        if elf_eh_frame is not None:
+            l.warning('"elf_eh_frame" is deprecated and will be removed soon. Please use "eh_frame" instead.')
+            eh_frame = eh_frame or elf_eh_frame
+
         self._pickle_intermediate_results = pickle_intermediate_results
 
         self._use_symbols = symbols
         self._use_function_prologues = function_prologues
         self._force_smart_scan = force_smart_scan
         self._force_complete_scan = force_complete_scan
-        self._use_elf_eh_frame = elf_eh_frame
+        self._use_eh_frame = eh_frame
         self._use_exceptions = exceptions
         self._check_funcret_max_job = check_funcret_max_job
 
@@ -841,7 +847,8 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase):  # pylin
         self._read_addr_to_run = defaultdict(list)
         self._write_addr_to_run = defaultdict(list)
 
-        self._remaining_function_prologue_addrs = None
+        self._remaining_eh_frame_addrs: list[int] | None = None
+        self._remaining_function_prologue_addrs: list[int] | None = None
 
         # exception handling
         self._exception_handling_by_endaddr = SortedDict()
@@ -1440,9 +1447,6 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase):  # pylin
         if self._use_symbols:
             starting_points |= self._function_addresses_from_symbols
 
-        if self._use_elf_eh_frame:
-            starting_points |= self._function_addresses_from_eh_frame
-
         if self._extra_function_starts:
             starting_points |= set(self._extra_function_starts)
 
@@ -1467,6 +1471,9 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase):  # pylin
 
         self._updated_nonreturning_functions = set()
 
+        if self._use_eh_frame:
+            self._remaining_eh_frame_addrs = sorted(self._function_addresses_from_eh_frame)
+
         if self._use_function_prologues and self.project.concrete_target is None:
             self._remaining_function_prologue_addrs = sorted(self._func_addrs_from_prologues())
 
@@ -1742,6 +1749,18 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase):  # pylin
                 self._insert_job(job)
                 return
 
+        if self._use_eh_frame and self._remaining_eh_frame_addrs:
+            while self._remaining_eh_frame_addrs:
+                eh_addr = self._remaining_eh_frame_addrs[0]
+                self._remaining_eh_frame_addrs = self._remaining_eh_frame_addrs[1:]
+                if self._seg_list.is_occupied(eh_addr):
+                    continue
+
+                job = CFGJob(eh_addr, eh_addr, "Ijk_Boring", job_type=CFGJobType.EH_FRAME_HINTS)
+                self._insert_job(job)
+                self._register_analysis_job(eh_addr, job)
+                return
+
         if self._use_function_prologues and self._remaining_function_prologue_addrs:
             while self._remaining_function_prologue_addrs:
                 prolog_addr = self._remaining_function_prologue_addrs[0]

angr/analyses/decompiler/utils.py

@@ -989,7 +989,7 @@ def decompile_functions(
     show_casts: bool = True,
     base_address: int | None = None,
     preset: str | None = None,
-) -> str | None:
+) -> str:
     """
     Decompile a binary into a set of functions.
 

angr/analyses/smc.py

@@ -146,7 +146,7 @@ class SelfModifyingCodeAnalysis(Analysis):
 
         for n in range(100):
             self._update_progress(n)
-            simgr.step(n=3)
+            simgr.run(n=3)
             random.shuffle(simgr.active)
             simgr.split(from_stash="active", to_stash=simgr.DROP, limit=10)
 

angr/calling_conventions.py

@@ -34,6 +34,7 @@ from .sim_type import (
     SimTypeBottom,
     parse_signature,
     SimTypeReference,
+    SimTypeRef,
 )
 from .state_plugins.sim_action_object import SimActionObject
 
@@ -1430,7 +1431,7 @@ class SimCCMicrosoftAMD64(SimCC):
         return SimReferenceArgument(int_loc, referenced_loc)
 
     def return_in_implicit_outparam(self, ty):
-        if isinstance(ty, SimTypeBottom):
+        if isinstance(ty, (SimTypeBottom, SimTypeRef)):
             return False
         return not isinstance(ty, SimTypeFloat) and ty.size > self.STRUCT_RETURN_THRESHOLD
 

angr/knowledge_plugins/functions/function.py

@@ -1663,7 +1663,7 @@ class Function(Serializable):
 
     @property
     def demangled_name(self):
-        ast = pydemumble.demangle(self.name)
+        ast = pydemumble.demangle(self.name).strip()
         if self.is_rust_function():
             nodes = ast.split("::")[:-1]
             ast = "::".join([Function._rust_fmt_node(node) for node in nodes])

angr/misc/bug_report.py

@@ -17,11 +17,20 @@ except ImportError:
     print("If you install gitpython (`pip install gitpython`), I can give you git info too!")
 
 
-angr_modules = ["angr", "ailment", "cle", "pyvex", "claripy", "archinfo", "z3", "unicorn"]
+angr_modules = [
+    "angr",
+    "archinfo",
+    "claripy",
+    "cle",
+    "pypcode",
+    "pyvex",
+    "unicorn",
+    "z3",
+]
 native_modules = {
     "angr": lambda: angr.state_plugins.unicorn_engine._UC_NATIVE,  # pylint: disable=undefined-variable
-    "unicorn": lambda: unicorn.unicorn._uc,  # pylint: disable=undefined-variable
     "pyvex": lambda: pyvex.pvc,  # pylint: disable=undefined-variable
+    "unicorn": lambda: unicorn.unicorn._uc,  # pylint: disable=undefined-variable
     "z3": lambda: next(x for x in gc.get_objects() if type(x) is ctypes.CDLL and "z3" in str(x)),  # YIKES FOREVER
 }
 python_packages = {"z3": "z3-solver"}

angr/procedures/definitions/__init__.py

@@ -161,13 +161,12 @@ class SimLibrary:
             for arch_name, cc_name in d["default_cc"].items():
                 cc = CC_NAMES[cc_name]
                 lib.set_default_cc(arch_name, cc)
-        if "aliases" in d:
-            for name, alt_names in d["aliases"].items():
-                lib.add_alias(name, *alt_names)
         if "library_names" in d:
             lib.set_library_names(*d["library_names"])
         else:
             raise KeyError("library_names is required")
+        if "non_returning" in d:
+            lib.set_non_returning(*d["non_returning"])
         if "functions" in d:
             lib.prototypes_json = {k: v["proto"] for k, v in d["functions"].items() if "proto" in v}
         return lib
@@ -307,8 +306,8 @@ class SimLibrary:
             new_procedure = copy.deepcopy(old_procedure)
             new_procedure.display_name = alt
             self.procedures[alt] = new_procedure
-            if name in self.prototypes:
-                self.prototypes[alt] = self.prototypes[name]
+            if self.has_prototype(name):
+                self.prototypes[alt] = self.get_prototype(name)  # type:ignore
             if name in self.non_returning:
                 self.non_returning.add(alt)
 
@@ -317,8 +316,8 @@ class SimLibrary:
             proc.cc = self.default_ccs[arch.name](arch)
         if proc.cc is None and arch.name in self.fallback_cc:
             proc.cc = self.fallback_cc[arch.name]["Linux"](arch)
-        if proc.display_name in self.prototypes:
-            proc.prototype = self.prototypes[proc.display_name].with_arch(arch)
+        if self.has_prototype(proc.display_name):
+            proc.prototype = self.get_prototype(proc.display_name, deref=True).with_arch(arch)  # type:ignore
             proc.guessed_prototype = False
             if proc.prototype.arg_names is None:
                 # Use inspect to extract the parameters from the run python function
@@ -361,12 +360,13 @@ class SimLibrary:
         self._apply_metadata(proc, arch)
         return proc
 
-    def get_prototype(self, name: str, arch=None) -> SimTypeFunction | None:
+    def get_prototype(self, name: str, arch=None, deref: bool = False) -> SimTypeFunction | None:
         """
         Get a prototype of the given function name, optionally specialize the prototype to a given architecture.
 
         :param name:    Name of the function.
         :param arch:    The architecture to specialize to.
+        :param deref:   True if any SimTypeRefs in the prototype should be dereferenced using library information.
         :return:        Prototype of the function, or None if the prototype does not exist.
         """
         if name not in self.prototypes and name in self.prototypes_json:
@@ -389,6 +389,11 @@ class SimLibrary:
             proto = self.prototypes.get(name, None)
         if proto is None:
             return None
+        if deref:
+            from angr.utils.types import dereference_simtype_by_lib  # pylint:disable=import-outside-toplevel
+
+            proto = dereference_simtype_by_lib(proto, self.name)
+            assert isinstance(proto, SimTypeFunction)
         if arch is not None:
             return proto.with_arch(arch)
         return proto
@@ -400,7 +405,7 @@ class SimLibrary:
         :param name:    The name of the function as a string
         :return:        A bool indicating if anything is known about the function
         """
-        return self.has_implementation(name) or name in self.non_returning or name in self.prototypes
+        return self.has_implementation(name) or name in self.non_returning or self.has_prototype(name)
 
     def has_implementation(self, name):
         """
@@ -490,17 +495,18 @@ class SimCppLibrary(SimLibrary):
                     stub.num_args = len(stub.prototype.args)
         return stub
 
-    def get_prototype(self, name: str, arch=None) -> SimTypeFunction | None:
+    def get_prototype(self, name: str, arch=None, deref: bool = False) -> SimTypeFunction | None:
         """
         Get a prototype of the given function name, optionally specialize the prototype to a given architecture. The
         function name will be demangled first.
 
         :param name:    Name of the function.
         :param arch:    The architecture to specialize to.
+        :param deref:   True if any SimTypeRefs in the prototype should be dereferenced using library information.
         :return:        Prototype of the function, or None if the prototype does not exist.
         """
         demangled_name = self._try_demangle(name)
-        return super().get_prototype(demangled_name, arch=arch)
+        return super().get_prototype(demangled_name, arch=arch, deref=deref)
 
     def has_metadata(self, name):
         """
@@ -659,11 +665,39 @@ class SimSyscallLibrary(SimLibrary):
         if abi in self.default_cc_mapping:
             cc = self.default_cc_mapping[abi](arch)
             proc.cc = cc
+        elif arch.name in self.default_ccs:
+            proc.cc = self.default_ccs[arch.name](arch)
         # a bit of a hack.
         name = proc.display_name
-        if self.syscall_prototypes[abi].get(name, None) is not None:
+        if self.has_prototype(abi, name):
             proc.guessed_prototype = False
-            proc.prototype = self.syscall_prototypes[abi][name].with_arch(arch)
+            proto = self.get_prototype(abi, name, deref=True)
+            assert proto is not None
+            proc.prototype = proto.with_arch(arch)
+
+    def add_alias(self, name, *alt_names):
+        """
+        Add some duplicate names for a given function. The original function's implementation must already be
+        registered.
+
+        :param name:        The name of the function for which an implementation is already present
+        :param alt_names:   Any number of alternate names may be passed as varargs
+        """
+        old_procedure = self.procedures[name]
+        for alt in alt_names:
+            new_procedure = copy.deepcopy(old_procedure)
+            new_procedure.display_name = alt
+            self.procedures[alt] = new_procedure
+            for abi in self.syscall_prototypes:
+                if self.has_prototype(abi, name):
+                    self.syscall_prototypes[abi][alt] = self.get_prototype(abi, name)  # type:ignore
+            if name in self.non_returning:
+                self.non_returning.add(alt)
+
+    def _apply_metadata(self, proc, arch):
+        # this function is a no-op in SimSyscallLibrary; users are supposed to explicitly call
+        # _apply_numerical_metadata instead.
+        pass
 
     # pylint: disable=arguments-differ
     def get(self, number, arch, abi_list=()):  # type:ignore
@@ -703,7 +737,9 @@ class SimSyscallLibrary(SimLibrary):
         l.debug("unsupported syscall: %s", number)
         return proc
 
-    def get_prototype(self, abi: str, name: str, arch=None) -> SimTypeFunction | None:  # type:ignore
+    def get_prototype(  # type:ignore
+        self, abi: str, name: str, arch=None, deref: bool = False
+    ) -> SimTypeFunction | None:
         """
         Get a prototype of the given syscall name and its ABI, optionally specialize the prototype to a given
         architecture.
@@ -711,6 +747,7 @@ class SimSyscallLibrary(SimLibrary):
         :param abi:     ABI of the prototype to get.
         :param name:    Name of the syscall.
         :param arch:    The architecture to specialize to.
+        :param deref:   True if any SimTypeRefs in the prototype should be dereferenced using library information.
         :return:        Prototype of the syscall, or None if the prototype does not exist.
         """
         if abi not in self.syscall_prototypes:
@@ -718,6 +755,11 @@ class SimSyscallLibrary(SimLibrary):
         proto = self.syscall_prototypes[abi].get(name, None)
         if proto is None:
             return None
+        if deref:
+            from angr.utils.types import dereference_simtype_by_lib  # pylint:disable=import-outside-toplevel
+
+            proto = dereference_simtype_by_lib(proto, self.name)
+            assert isinstance(proto, SimTypeFunction)
         return proto.with_arch(arch=arch)
 
     def has_metadata(self, number, arch, abi_list=()):  # type:ignore
@@ -729,8 +771,10 @@ class SimSyscallLibrary(SimLibrary):
         :param abi_list:    A list of ABI names that could be used
         :return:            A bool of whether or not any implementation or metadata is known about the given syscall
         """
-        name, _, _ = self._canonicalize(number, arch, abi_list)
-        return super().has_metadata(name)
+        name, _, abi = self._canonicalize(number, arch, abi_list)
+        return (
+            name in self.procedures or name in self.non_returning or (abi is not None and self.has_prototype(abi, name))
+        )
 
     def has_implementation(self, number, arch, abi_list=()):  # type:ignore
         """
@@ -879,7 +923,7 @@ def load_external_definitions():
 
 
 def _update_libkernel32(lib: SimLibrary):
-    from angr import SIM_PROCEDURES as P  # pylint:disable=import-outside-toplevel
+    from angr.procedures.procedure_dict import SIM_PROCEDURES as P  # pylint:disable=import-outside-toplevel
 
     lib.add_all_from_dict(P["win32"])
     lib.add_alias("EncodePointer", "DecodePointer")
@@ -895,7 +939,7 @@ def _update_libkernel32(lib: SimLibrary):
 
 
 def _update_libntdll(lib: SimLibrary):
-    from angr import SIM_PROCEDURES as P  # pylint:disable=import-outside-toplevel
+    from angr.procedures.procedure_dict import SIM_PROCEDURES as P  # pylint:disable=import-outside-toplevel
 
     lib.add("RtlEncodePointer", P["win32"]["EncodePointer"])
     lib.add("RtlDecodePointer", P["win32"]["EncodePointer"])
@@ -903,7 +947,7 @@ def _update_libntdll(lib: SimLibrary):
 
 
 def _update_libuser32(lib: SimLibrary):
-    from angr import SIM_PROCEDURES as P  # pylint:disable=import-outside-toplevel
+    from angr.procedures.procedure_dict import SIM_PROCEDURES as P  # pylint:disable=import-outside-toplevel
     from angr.calling_conventions import SimCCCdecl  # pylint:disable=import-outside-toplevel
 
     lib.add_all_from_dict(P["win_user32"])
@@ -911,11 +955,33 @@ def _update_libuser32(lib: SimLibrary):
 
 
 def _update_libntoskrnl(lib: SimLibrary):
-    from angr import SIM_PROCEDURES as P  # pylint:disable=import-outside-toplevel
+    from angr.procedures.procedure_dict import SIM_PROCEDURES as P  # pylint:disable=import-outside-toplevel
 
     lib.add_all_from_dict(P["win32_kernel"])
 
 
+def _update_glibc(libc: SimLibrary):
+    from angr.procedures.procedure_dict import SIM_PROCEDURES as P  # pylint:disable=import-outside-toplevel
+
+    libc.add_all_from_dict(P["libc"])
+    libc.add_all_from_dict(P["posix"])
+    libc.add_all_from_dict(P["glibc"])
+    # gotta do this since there's no distinguishing different libcs without analysis. there should be no naming
+    # conflicts in the functions.
+    libc.add_all_from_dict(P["uclibc"])
+
+    # aliases for SimProcedures
+    libc.add_alias("abort", "__assert_fail", "__stack_chk_fail")
+    libc.add_alias("memcpy", "memmove", "bcopy")
+    libc.add_alias("getc", "_IO_getc")
+    libc.add_alias("putc", "_IO_putc")
+    libc.add_alias("gets", "_IO_gets")
+    libc.add_alias("puts", "_IO_puts")
+    libc.add_alias("exit", "_exit", "_Exit")
+    libc.add_alias("sprintf", "siprintf")
+    libc.add_alias("snprintf", "sniprintf")
+
+
 def load_win32api_definitions():
     load_win32_type_collections()
     if once("load_win32api_definitions"):
@@ -961,4 +1027,6 @@ load_type_collections(skip={"win32"})
 
 
 # Load common definitions
+_load_definitions(os.path.join(_DEFINITIONS_BASEDIR, "common"), only=COMMON_LIBRARIES)
 _load_definitions(_DEFINITIONS_BASEDIR, only=COMMON_LIBRARIES)
+_update_glibc(SIM_LIBRARIES["libc.so"][0])