angr 9.2.175__cp310-abi3-macosx_11_0_arm64.whl → 9.2.176__cp310-abi3-macosx_11_0_arm64.whl

angr/__init__.py

@@ -2,7 +2,7 @@
 # pylint: disable=wrong-import-position
 from __future__ import annotations
 
-__version__ = "9.2.175"
+__version__ = "9.2.176"
 
 if bytes is str:
     raise Exception(

angr/analyses/calling_convention/calling_convention.py

@@ -95,6 +95,8 @@ class CallingConventionAnalysis(Analysis):
                                 calling convention and arguments. This can be time-consuming if there are many call
                                 sites to analyze.
     :ivar cc:           The recovered calling convention for the function.
+    :ivar _collect_facts:       True if we should run FunctionFactCollector to collect input arguments and return
+                                value size. False if input arguments and return value size are provided by the user.
     """
 
     def __init__(
@@ -108,6 +110,7 @@ class CallingConventionAnalysis(Analysis):
         func_graph: networkx.DiGraph | None = None,
         input_args: list[SimRegArg | SimStackArg] | None = None,
         retval_size: int | None = None,
+        collect_facts: bool = False,
     ):
         if func is not None and not isinstance(func, Function):
             func = self.kb.functions[func]
@@ -121,6 +124,7 @@ class CallingConventionAnalysis(Analysis):
         self._func_graph = func_graph
         self._input_args = input_args
         self._retval_size = retval_size
+        self._collect_facts = collect_facts
 
         if self._retval_size is not None and self._input_args is None:
             # retval size will be ignored if input_args is not specified - user error?
@@ -132,6 +136,7 @@ class CallingConventionAnalysis(Analysis):
         self.cc: SimCC | None = None
         self.prototype: SimTypeFunction | None = None
         self.prototype_libname: str | None = None
+        self.proto_from_symbol: bool = False
 
         if self._cfg is None and "CFGFast" in self.kb.cfgs:
             self._cfg = self.kb.cfgs["CFGFast"]
@@ -168,6 +173,7 @@ class CallingConventionAnalysis(Analysis):
             r_demangled = self._analyze_demangled_name(demangled_name)
             if r_demangled is not None:
                 self.cc, self.prototype, self.prototype_libname = r_demangled
+                self.proto_from_symbol = True
                 return
 
         if self._function.is_simprocedure:
@@ -242,6 +248,12 @@ class CallingConventionAnalysis(Analysis):
                 self.cc, self.prototype, self.prototype_libname = r_plt
             return
 
+        # we gotta analyze the function properly
+        if self._collect_facts and self._input_args is None and self._retval_size is None:
+            facts = self.project.analyses.FunctionFactCollector(self._function, kb=self.kb)
+            self._input_args = facts.input_args
+            self._retval_size = facts.retval_size
+
         r = self._analyze_function()
         if r is None:
             l.warning("Cannot determine calling convention for %r.", self._function)

angr/analyses/complete_calling_conventions.py

@@ -17,7 +17,7 @@ from angr.utils.graph import GraphUtils
 from angr.simos import SimWindows
 from angr.utils.mp import mp_context, Initializer
 from angr.knowledge_plugins.cfg import CFGModel
-from . import Analysis, register_analysis, VariableRecoveryFast, CallingConventionAnalysis, FactCollector, CFGFast
+from . import Analysis, register_analysis, VariableRecoveryFast, CallingConventionAnalysis, CFGFast
 
 if TYPE_CHECKING:
     from angr.calling_conventions import SimCC
@@ -191,10 +191,15 @@ class CompleteCallingConventionsAnalysis(Analysis):
         self._prioritize_func_addrs = None  # no longer useful
 
     def _set_function_prototype(
-        self, func: Function, prototype: SimTypeFunction | None, prototype_libname: str | None
+        self,
+        func: Function,
+        prototype: SimTypeFunction | None,
+        prototype_libname: str | None,
+        prototype_guessed: bool | None,
     ) -> None:
         if func.prototype is None or func.is_prototype_guessed or self._force:
-            func.is_prototype_guessed = True
+            if prototype_guessed is not None:
+                func.is_prototype_guessed = prototype_guessed
             func.prototype = prototype
             func.prototype_libname = prototype_libname
 
@@ -204,12 +209,12 @@ class CompleteCallingConventionsAnalysis(Analysis):
         if self._workers == 0:
             self._update_progress(0)
             for idx, func_addr in enumerate(self._func_addrs):
-                cc, proto, proto_libname, _ = self._analyze_core(func_addr)
+                cc, proto, proto_libname, proto_guessed, _ = self._analyze_core(func_addr)
 
                 func = self.kb.functions.get_by_addr(func_addr)
                 if cc is not None or proto is not None:
                     func.calling_convention = cc
-                    self._set_function_prototype(func, proto, proto_libname)
+                    self._set_function_prototype(func, proto, proto_libname, proto_guessed)
                     if proto_libname is not None:
                         self.prototype_libnames.add(proto_libname)
 
@@ -269,10 +274,13 @@ class CompleteCallingConventionsAnalysis(Analysis):
             # update progress
             self._update_progress(0)
             idx = 0
+            assert self._results_lock is not None
             while idx < total_funcs:
                 try:
                     with self._results_lock:
-                        func_addr, cc, proto, proto_libname, varman = self._results.get(True, timeout=0.01)
+                        func_addr, cc, proto, proto_libname, proto_guessed, varman = self._results.get(
+                            True, timeout=0.01
+                        )
                 except queue.Empty:
                     time.sleep(0.1)
                     continue
@@ -280,7 +288,7 @@ class CompleteCallingConventionsAnalysis(Analysis):
                 func = self.kb.functions.get_by_addr(func_addr)
                 if cc is not None or proto is not None:
                     func.calling_convention = cc
-                    self._set_function_prototype(func, proto, proto_libname)
+                    self._set_function_prototype(func, proto, proto_libname, proto_guessed)
                     if proto_libname is not None:
                         self.prototype_libnames.add(proto_libname)
 
@@ -317,6 +325,7 @@ class CompleteCallingConventionsAnalysis(Analysis):
     def _worker_routine(self, worker_id: int, initializer: Initializer):
         initializer.initialize()
         idx = 0
+        assert self._remaining_funcs is not None and self._func_queue is not None and self._results_lock is not None
         while self._remaining_funcs.value > 0:
             try:
                 with self._func_queue_lock:
@@ -327,33 +336,39 @@ class CompleteCallingConventionsAnalysis(Analysis):
                 continue
 
             if callee_info is not None:
-                callee_info: dict[int, tuple[SimCC | None, SimTypeFunction | None, str | None]]
-                for callee, (callee_cc, callee_proto, callee_proto_libname) in callee_info.items():
+                callee_info: dict[int, tuple[SimCC | None, SimTypeFunction | None, str | None, bool | None]]
+                for callee, (
+                    callee_cc,
+                    callee_proto,
+                    callee_proto_libname,
+                    callee_proto_guessed,
+                ) in callee_info.items():
                     callee_func = self.kb.functions.get_by_addr(callee)
                     callee_func.calling_convention = callee_cc
-                    self._set_function_prototype(callee_func, callee_proto, callee_proto_libname)
+                    self._set_function_prototype(callee_func, callee_proto, callee_proto_libname, callee_proto_guessed)
 
             idx += 1
             if self._low_priority and idx % 3 == 0:
                 time.sleep(0.1)
 
             try:
-                cc, proto, proto_libname, varman = self._analyze_core(func_addr)
+                cc, proto, proto_libname, proto_guessed, varman = self._analyze_core(func_addr)
             except Exception:  # pylint:disable=broad-except
                 _l.error("Worker %d: Exception occurred during _analyze_core().", worker_id, exc_info=True)
-                cc, proto, proto_libname, varman = None, None, None, None
+                cc, proto, proto_libname, proto_guessed, varman = None, None, None, None, None
             with self._results_lock:
-                self._results.put((func_addr, cc, proto, proto_libname, varman))
+                self._results.put((func_addr, cc, proto, proto_libname, proto_guessed, varman))
 
     def _analyze_core(
         self, func_addr: int
-    ) -> tuple[SimCC | None, SimTypeFunction | None, str | None, VariableManagerInternal | None]:
+    ) -> tuple[SimCC | None, SimTypeFunction | None, str | None, bool | None, VariableManagerInternal | None]:
         func = self.kb.functions.get_by_addr(func_addr)
         if func.ran_cca:
             return (
                 func.calling_convention,
                 func.prototype,
                 func.prototype_libname,
+                func.is_prototype_guessed,
                 self.kb.variables.get_function_manager(func_addr),
             )
 
@@ -365,7 +380,7 @@ class CompleteCallingConventionsAnalysis(Analysis):
             # special case: we don't have a PCode-engine variable recovery analysis for PCode architectures!
             if ":" in self.project.arch.name and self._func_graphs and func.addr in self._func_graphs:
                 # this is a pcode architecture
-                return None, None, None, None
+                return None, None, None, None, None
 
             _l.info("Performing variable recovery on %r...", func)
             try:
@@ -378,17 +393,14 @@ class CompleteCallingConventionsAnalysis(Analysis):
                     func.addr,
                     exc_info=True,
                 )
-                return None, None, None, None
-
-        kwargs = {}
-        if self.mode == CallingConventionAnalysisMode.FAST:
-            facts = self.project.analyses[FactCollector].prep(kb=self.kb)(func)
-            kwargs["input_args"] = facts.input_args
-            kwargs["retval_size"] = facts.retval_size
+                return None, None, None, None, None
 
         # determine the calling convention of each function
         cc_analysis = self.project.analyses[CallingConventionAnalysis].prep(kb=self.kb)(
-            func, cfg=self._cfg, analyze_callsites=self._analyze_callsites, **kwargs
+            func,
+            cfg=self._cfg,
+            analyze_callsites=self._analyze_callsites,
+            collect_facts=self.mode == CallingConventionAnalysisMode.FAST,
         )
 
         if cc_analysis.cc is not None:
@@ -397,10 +409,11 @@ class CompleteCallingConventionsAnalysis(Analysis):
                 cc_analysis.cc,
                 cc_analysis.prototype,
                 cc_analysis.prototype_libname if cc_analysis.prototype_libname is not None else func.prototype_libname,
+                not cc_analysis.proto_from_symbol,
                 self.kb.variables.get_function_manager(func_addr),
             )
         _l.info("Cannot determine calling convention for %r.", func)
-        return None, None, None, self.kb.variables.get_function_manager(func_addr)
+        return None, None, None, None, self.kb.variables.get_function_manager(func_addr)
 
     def prioritize_functions(self, func_addrs_to_prioritize: Iterable[int]):
         """
@@ -424,12 +437,12 @@ class CompleteCallingConventionsAnalysis(Analysis):
 
     def _get_callees_cc_prototypes(
         self, caller_func_addr: int
-    ) -> dict[int, tuple[SimCC | None, SimTypeFunction | None, str | None]]:
+    ) -> dict[int, tuple[SimCC | None, SimTypeFunction | None, str | None, bool | None]]:
         d = {}
         for callee in self.kb.functions.callgraph.successors(caller_func_addr):
             if callee != caller_func_addr and callee not in d:
                 func = self.kb.functions.get_by_addr(callee)
-                tpl = func.calling_convention, func.prototype, func.prototype_libname
+                tpl = func.calling_convention, func.prototype, func.prototype_libname, func.is_prototype_guessed
                 d[callee] = tpl
         return d
 

angr/analyses/decompiler/ail_simplifier.py

@@ -168,6 +168,7 @@ class AILSimplifier(Analysis):
         fold_callexprs_into_conditions=False,
         use_callee_saved_regs_at_return=True,
         rewrite_ccalls=True,
+        rename_ccalls=True,
         removed_vvar_ids: set[int] | None = None,
         arg_vvars: dict[int, tuple[VirtualVariable, SimVariable]] | None = None,
         avoid_vvar_ids: set[int] | None = None,
@@ -188,6 +189,7 @@ class AILSimplifier(Analysis):
         self._fold_callexprs_into_conditions = fold_callexprs_into_conditions
         self._use_callee_saved_regs_at_return = use_callee_saved_regs_at_return
         self._should_rewrite_ccalls = rewrite_ccalls
+        self._should_rename_ccalls = rename_ccalls
         self._removed_vvar_ids = removed_vvar_ids if removed_vvar_ids is not None else set()
         self._arg_vvars = arg_vvars
         self._avoid_vvar_ids = avoid_vvar_ids if avoid_vvar_ids is not None else set()
@@ -1992,20 +1994,20 @@ class AILSimplifier(Analysis):
 
             v = False
 
-        def _handle_expr(
-            expr_idx: int, expr: Expression, stmt_idx: int, stmt: Statement | None, block: Block | None
+        def _handle_VEXCCallExpression(
+            expr_idx: int, expr: VEXCCallExpression, stmt_idx: int, stmt: Statement, block: Block | None
         ) -> Expression | None:
-            if isinstance(expr, VEXCCallExpression):
-                rewriter = rewriter_cls(expr, self.project.arch)
-                if rewriter.result is not None:
-                    _any_update.v = True
-                    return rewriter.result
-                return None
-
-            return AILBlockWalker._handle_expr(walker, expr_idx, expr, stmt_idx, stmt, block)
+            r_expr = AILBlockWalker._handle_VEXCCallExpression(walker, expr_idx, expr, stmt_idx, stmt, block)
+            if r_expr is None:
+                r_expr = expr
+            rewriter = rewriter_cls(r_expr, self.project.arch, rename_ccalls=self._should_rename_ccalls)
+            if rewriter.result is not None:
+                _any_update.v = True
+                return rewriter.result
+            return r_expr if r_expr is not expr else None
 
         blocks_by_addr_and_idx = {(node.addr, node.idx): node for node in self.func_graph.nodes()}
-        walker._handle_expr = _handle_expr
+        walker.expr_handlers[VEXCCallExpression] = _handle_VEXCCallExpression
 
         updated = False
         for block in blocks_by_addr_and_idx.values():

angr/analyses/decompiler/ccall_rewriters/rewriter_base.py

@@ -12,9 +12,13 @@ class CCallRewriterBase:
         "result",
     )
 
-    def __init__(self, ccall: ailment.Expr.VEXCCallExpression, arch):
+    def __init__(self, ccall: ailment.Expr.VEXCCallExpression, arch, rename_ccalls: bool = False):
         self.arch = arch
         self.result: ailment.Expr.Expression | None = self._rewrite(ccall)
+        if rename_ccalls and self.result is None and ccall.callee != "_ccall":
+            renamed = ccall.copy()
+            renamed.callee = "_ccall"
+            self.result = renamed
 
     def _rewrite(self, ccall: ailment.Expr.VEXCCallExpression) -> ailment.Expr.Expression | None:
         raise NotImplementedError

angr/analyses/decompiler/clinic.py

@@ -1231,52 +1231,62 @@ class Clinic(Analysis):
     @timethis
     def _replace_tail_jumps_with_calls(self, ail_graph: networkx.DiGraph) -> networkx.DiGraph:
         """
-        Replace tail jumps them with a return statement and a call expression.
+        Rewrite tail jumps to functions as call statements.
         """
         for block in list(ail_graph.nodes()):
-            out_degree = ail_graph.out_degree[block]
-
-            if out_degree != 0:
+            if ail_graph.out_degree[block] > 1:
                 continue
 
             last_stmt = block.statements[-1]
             if isinstance(last_stmt, ailment.Stmt.Jump):
-                # jumping to somewhere outside the current function
-                # rewrite it as a call *if and only if* the target is identified as a function
-                target = last_stmt.target
-                if isinstance(target, ailment.Const):
-                    target_addr = target.value
-                    if self.kb.functions.contains_addr(target_addr):
-                        # replace the statement
-                        target_func = self.kb.functions.get_by_addr(target_addr)
-                        if target_func.returning and self.project.arch.ret_offset is not None:
-                            ret_reg_offset = self.project.arch.ret_offset
-                            ret_expr = ailment.Expr.Register(
-                                None,
-                                None,
-                                ret_reg_offset,
-                                self.project.arch.bits,
-                                reg_name=self.project.arch.translate_register_name(
-                                    ret_reg_offset, size=self.project.arch.bits
-                                ),
-                                **target.tags,
-                            )
-                            call_stmt = ailment.Stmt.Call(
-                                None,
-                                target,
-                                calling_convention=None,  # target_func.calling_convention,
-                                prototype=None,  # target_func.prototype,
-                                ret_expr=ret_expr,
-                                **last_stmt.tags,
-                            )
-                            block.statements[-1] = call_stmt
-
-                            ret_stmt = ailment.Stmt.Return(None, [], **last_stmt.tags)
-                            ret_block = ailment.Block(self.new_block_addr(), 1, statements=[ret_stmt])
-                            ail_graph.add_edge(block, ret_block, type="fake_return")
-                        else:
-                            stmt = ailment.Stmt.Call(None, target, **last_stmt.tags)
-                            block.statements[-1] = stmt
+                targets = [last_stmt.target]
+                replace_last_stmt = True
+            elif isinstance(last_stmt, ailment.Stmt.ConditionalJump):
+                targets = [last_stmt.true_target, last_stmt.false_target]
+                replace_last_stmt = False
+            else:
+                continue
+
+            for target in targets:
+                if not isinstance(target, ailment.Const) or not self.kb.functions.contains_addr(target.value):
+                    continue
+
+                target_func = self.kb.functions.get_by_addr(target.value)
+
+                ret_reg_offset = self.project.arch.ret_offset
+                if target_func.returning and ret_reg_offset is not None:
+                    ret_expr = ailment.Expr.Register(
+                        None,
+                        None,
+                        ret_reg_offset,
+                        self.project.arch.bits,
+                        reg_name=self.project.arch.translate_register_name(ret_reg_offset, size=self.project.arch.bits),
+                        **target.tags,
+                    )
+                else:
+                    ret_expr = None
+
+                call_stmt = ailment.Stmt.Call(
+                    None,
+                    target.copy(),
+                    calling_convention=None,  # target_func.calling_convention,
+                    prototype=None,  # target_func.prototype,
+                    ret_expr=ret_expr,
+                    **last_stmt.tags,
+                )
+
+                if replace_last_stmt:
+                    call_block = block
+                    block.statements[-1] = call_stmt
+                else:
+                    call_block = ailment.Block(self.new_block_addr(), 1, statements=[call_stmt])
+                    ail_graph.add_edge(block, call_block)
+                    target.value = call_block.addr
+
+                if target_func.returning:
+                    ret_stmt = ailment.Stmt.Return(None, [], **last_stmt.tags)
+                    ret_block = ailment.Block(self.new_block_addr(), 1, statements=[ret_stmt])
+                    ail_graph.add_edge(call_block, ret_block, type="fake_return")
 
         return ail_graph
 
@@ -1443,6 +1453,7 @@ class Clinic(Analysis):
         only_consts=False,
         fold_callexprs_into_conditions=False,
         rewrite_ccalls=True,
+        rename_ccalls=True,
         removed_vvar_ids: set[int] | None = None,
         arg_vvars: dict[int, tuple[ailment.Expr.VirtualVariable, SimVariable]] | None = None,
         preserve_vvar_ids: set[int] | None = None,
@@ -1462,6 +1473,7 @@ class Clinic(Analysis):
                 only_consts=only_consts,
                 fold_callexprs_into_conditions=fold_callexprs_into_conditions,
                 rewrite_ccalls=rewrite_ccalls,
+                rename_ccalls=rename_ccalls,
                 removed_vvar_ids=removed_vvar_ids,
                 arg_vvars=arg_vvars,
                 preserve_vvar_ids=preserve_vvar_ids,
@@ -1480,6 +1492,7 @@ class Clinic(Analysis):
         only_consts=False,
         fold_callexprs_into_conditions=False,
         rewrite_ccalls=True,
+        rename_ccalls=True,
         removed_vvar_ids: set[int] | None = None,
         arg_vvars: dict[int, tuple[ailment.Expr.VirtualVariable, SimVariable]] | None = None,
         preserve_vvar_ids: set[int] | None = None,
@@ -1504,6 +1517,7 @@ class Clinic(Analysis):
             fold_callexprs_into_conditions=fold_callexprs_into_conditions,
             use_callee_saved_regs_at_return=not self._register_save_areas_removed,
             rewrite_ccalls=rewrite_ccalls,
+            rename_ccalls=rename_ccalls,
             removed_vvar_ids=removed_vvar_ids,
             arg_vvars=arg_vvars,
             secondary_stackvars=self.secondary_stackvars,

angr/analyses/decompiler/optimization_passes/ite_region_converter.py

@@ -296,7 +296,7 @@ class ITERegionConverter(OptimizationPass):
                 )
 
             if len(new_src_and_vvars) == 1:
-                new_assignment = Assignment(
+                new_stmt = Assignment(
                     stmt.idx,
                     stmt.dst,
                     new_src_and_vvars[0][1],
@@ -309,13 +309,13 @@ class ITERegionConverter(OptimizationPass):
                     new_src_and_vvars,
                     **stmt.src.tags,
                 )
-                new_assignment = Assignment(
+                new_stmt = Assignment(
                     stmt.idx,
                     stmt.dst,
                     new_phi,
                     **stmt.tags,
                 )
-            stmts.append(new_assignment)
+            stmts.append(new_stmt)
         new_region_tail = Block(region_tail.addr, region_tail.original_size, statements=stmts, idx=region_tail.idx)
 
         #

angr/analyses/decompiler/optimization_passes/lowered_switch_simplifier.py

@@ -864,7 +864,7 @@ class LoweredSwitchSimplifier(StructuringOptimizationPass):
         next_node_addr = last_block.addr
 
         while next_node_addr is not None and next_node_addr in ca_others:
-            onode, value, target, target_idx, next_node_addr = ca_others[next_node_addr]
+            onode, _value, target, target_idx, next_node_addr = ca_others[next_node_addr]
             onode: Block
 
             if first_nonlabel_nonphi_statement(onode) is not onode.statements[-1]:
@@ -893,7 +893,7 @@ class LoweredSwitchSimplifier(StructuringOptimizationPass):
 
         # default nodes
         if ca_default:
-            onode, value, target, target_idx, _ = ca_default[0]
+            onode, _value, target, target_idx, _ = ca_default[0]
             default_target = next(
                 iter(
                     nn

angr/analyses/decompiler/peephole_optimizations/__init__.py

@@ -46,8 +46,8 @@ from .rol_ror import RolRorRewriter
 from .inlined_memcpy import InlinedMemcpy
 from .inlined_strcpy import InlinedStrcpy
 from .inlined_strcpy_consolidation import InlinedStrcpyConsolidation
-from .inlined_wstrcpy import InlinedWstrcpy
-from .inlined_wstrcpy_consolidation import InlinedWstrcpyConsolidation
+from .inlined_wcscpy import InlinedWcscpy
+from .inlined_wcscpy_consolidation import InlinedWcscpyConsolidation
 from .cmpord_rewriter import CmpORDRewriter
 from .coalesce_adjacent_shrs import CoalesceAdjacentShiftRights
 from .a_mul_const_sub_a import AMulConstSubA
@@ -104,8 +104,8 @@ ALL_PEEPHOLE_OPTS: list[type[PeepholeOptimizationExprBase]] = [
     InlinedMemcpy,
     InlinedStrcpy,
     InlinedStrcpyConsolidation,
-    InlinedWstrcpy,
-    InlinedWstrcpyConsolidation,
+    InlinedWcscpy,
+    InlinedWcscpyConsolidation,
     CmpORDRewriter,
     CoalesceAdjacentShiftRights,
     ShlToMul,

angr/analyses/decompiler/peephole_optimizations/{inlined_wstrcpy.py → inlined_wcscpy.py}

@@ -17,17 +17,20 @@ ASCII_PRINTABLES = {ord(x) for x in string.printable}
 ASCII_DIGITS = {ord(x) for x in string.digits}
 
 
-class InlinedWstrcpy(PeepholeOptimizationStmtBase):
+class InlinedWcscpy(PeepholeOptimizationStmtBase):
     """
-    Simplifies inlined wide string copying logic into calls to wstrcpy.
+    Simplifies inlined wide string copying logic into calls to wcscpy.
     """
 
     __slots__ = ()
 
-    NAME = "Simplifying inlined wstrcpy"
+    NAME = "Simplifying inlined wcscpy"
     stmt_classes = (Assignment, Store)
 
     def optimize(self, stmt: Assignment | Store, stmt_idx: int | None = None, block=None, **kwargs):
+        assert self.project is not None
+        assert self.kb is not None
+
         if (
             isinstance(stmt, Assignment)
             and isinstance(stmt.dst, VirtualVariable)
@@ -48,11 +51,12 @@ class InlinedWstrcpy(PeepholeOptimizationStmtBase):
         r, s = self.is_integer_likely_a_wide_string(value, value_size, self.project.arch.memory_endness)
         if r:
             # replace it with a call to strncpy
+            assert s is not None
             str_id = self.kb.custom_strings.allocate(s)
             wstr_type = SimTypePointer(SimTypeWideChar()).with_arch(self.project.arch)
             return Call(
                 stmt.idx,
-                "wstrncpy",
+                "wcsncpy",
                 args=[
                     dst,
                     Const(None, None, str_id, self.project.arch.bits, custom_string=True, type=wstr_type),
@@ -83,6 +87,7 @@ class InlinedWstrcpy(PeepholeOptimizationStmtBase):
                 integer, size = self.stride_to_int(stride)
                 r, s = self.is_integer_likely_a_wide_string(integer, size, Endness.BE, min_length=3)
                 if r:
+                    assert s is not None
                     # we remove all involved statements whose statement IDs are greater than the current one
                     for _, stmt_idx_, _ in reversed(stride):
                         if stmt_idx_ <= stmt_idx:
@@ -94,7 +99,7 @@ class InlinedWstrcpy(PeepholeOptimizationStmtBase):
                     wstr_type = SimTypePointer(SimTypeWideChar()).with_arch(self.project.arch)
                     return Call(
                         stmt.idx,
-                        "wstrncpy",
+                        "wcsncpy",
                         args=[
                             dst,
                             Const(None, None, str_id, self.project.arch.bits, custom_string=True, type=wstr_type),
@@ -112,11 +117,14 @@ class InlinedWstrcpy(PeepholeOptimizationStmtBase):
         size = 0
         for _, _, v in stride:
             size += v.size
+            assert isinstance(v.value, int)
             n <<= v.bits
             n |= v.value
         return n, size
 
     def collect_constant_stores(self, block, starting_stmt_idx: int) -> dict[int, tuple[int, Const | None]]:
+        assert self.project is not None
+
         r = {}
         expected_store_varid: int | None = None
         starting_stmt = block.statements[starting_stmt_idx]
@@ -224,7 +232,7 @@ class InlinedWstrcpy(PeepholeOptimizationStmtBase):
             # unsupported endness
             return False, None
 
-        if not (InlinedWstrcpy.even_offsets_are_zero(chars) or InlinedWstrcpy.odd_offsets_are_zero(chars)):
+        if not (InlinedWcscpy.even_offsets_are_zero(chars) or InlinedWcscpy.odd_offsets_are_zero(chars)):
             return False, None
 
         if chars and len(chars) >= 2 and chars[-1] == 0 and chars[-2] == 0:
@@ -236,11 +244,11 @@ class InlinedWstrcpy(PeepholeOptimizationStmtBase):
         return False, None
 
     @staticmethod
-    def is_inlined_wstrncpy(stmt: Statement) -> bool:
+    def is_inlined_wcsncpy(stmt: Statement) -> bool:
         return (
             isinstance(stmt, Call)
             and isinstance(stmt.target, str)
-            and stmt.target == "wstrncpy"
+            and stmt.target == "wcsncpy"
             and stmt.args is not None
             and len(stmt.args) == 3
             and isinstance(stmt.args[1], Const)