PyPI - angr - Versions diffs - 9.2.181__cp310-abi3-win_amd64.whl → 9.2.182__cp310-abi3-win_amd64.whl - Mend

angr 9.2.181__cp310-abi3-win_amd64.whl → 9.2.182__cp310-abi3-win_amd64.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of angr might be problematic. Click here for more details.

Files changed (139) hide show

angr/__init__.py +1 -1
angr/ailment/expression.py +2 -2
angr/analyses/decompiler/ail_simplifier.py +77 -5
angr/analyses/decompiler/callsite_maker.py +6 -1
angr/analyses/decompiler/clinic.py +22 -10
angr/analyses/decompiler/dephication/graph_vvar_mapping.py +4 -10
angr/analyses/decompiler/ssailification/rewriting.py +82 -10
angr/analyses/decompiler/ssailification/rewriting_engine.py +22 -11
angr/analyses/decompiler/ssailification/ssailification.py +7 -5
angr/analyses/s_reaching_definitions/s_rda_view.py +38 -16
angr/analyses/s_reaching_definitions/s_reaching_definitions.py +59 -6
angr/engines/pcode/behavior.py +6 -2
angr/knowledge_plugins/functions/function_manager.py +1 -1
angr/knowledge_plugins/variables/variable_manager.py +10 -19
angr/procedures/definitions/parse_glibc.py +0 -1
angr/procedures/definitions/parse_win32json.py +12 -3
angr/procedures/definitions/wdk/fltmgr.json +11 -11
angr/procedures/definitions/wdk/fwpuclnt.json +32 -32
angr/procedures/definitions/wdk/gdi32.json +1 -1
angr/procedures/definitions/wdk/ntoskrnl.json +61 -61
angr/procedures/definitions/win32/_types_win32.json +1103 -1102
angr/procedures/definitions/win32/activeds.json +2 -2
angr/procedures/definitions/win32/advapi32.json +47 -47
angr/procedures/definitions/win32/apphelp.json +1 -1
angr/procedures/definitions/win32/avifil32.json +10 -10
angr/procedures/definitions/win32/avrt.json +4 -4
angr/procedures/definitions/win32/bluetoothapis.json +3 -3
angr/procedures/definitions/win32/certpoleng.json +1 -1
angr/procedures/definitions/win32/cfgmgr32.json +43 -43
angr/procedures/definitions/win32/clusapi.json +1 -1
angr/procedures/definitions/win32/comctl32.json +3 -3
angr/procedures/definitions/win32/computenetwork.json +14 -14
angr/procedures/definitions/win32/comsvcs.json +3 -3
angr/procedures/definitions/win32/crypt32.json +5 -5
angr/procedures/definitions/win32/d2d1.json +1 -1
angr/procedures/definitions/win32/d3d12.json +6 -6
angr/procedures/definitions/win32/d3dcompiler_47.json +2 -2
angr/procedures/definitions/win32/dbgeng.json +4 -4
angr/procedures/definitions/win32/dbghelp.json +2 -2
angr/procedures/definitions/win32/dcomp.json +4 -4
angr/procedures/definitions/win32/ddraw.json +6 -6
angr/procedures/definitions/win32/diagnosticdataquery.json +1 -1
angr/procedures/definitions/win32/dinput8.json +1 -1
angr/procedures/definitions/win32/directml.json +2 -2
angr/procedures/definitions/win32/dsound.json +10 -10
angr/procedures/definitions/win32/dsparse.json +2 -2
angr/procedures/definitions/win32/dwmapi.json +1 -1
angr/procedures/definitions/win32/dwrite.json +1 -1
angr/procedures/definitions/win32/dxcompiler.json +2 -2
angr/procedures/definitions/win32/dxcore.json +1 -1
angr/procedures/definitions/win32/dxgi.json +4 -4
angr/procedures/definitions/win32/dxva2.json +1 -1
angr/procedures/definitions/win32/eappprxy.json +3 -3
angr/procedures/definitions/win32/evr.json +4 -4
angr/procedures/definitions/win32/fwpuclnt.json +32 -32
angr/procedures/definitions/win32/gdiplus.json +9 -9
angr/procedures/definitions/win32/hid.json +1 -1
angr/procedures/definitions/win32/hlink.json +7 -7
angr/procedures/definitions/win32/ieframe.json +4 -4
angr/procedures/definitions/win32/imgutil.json +1 -1
angr/procedures/definitions/win32/inkobjcore.json +4 -4
angr/procedures/definitions/win32/iphlpapi.json +8 -8
angr/procedures/definitions/win32/kernel32.json +5 -5
angr/procedures/definitions/win32/ksproxy_ax.json +2 -2
angr/procedures/definitions/win32/ktmw32.json +10 -10
angr/procedures/definitions/win32/mapi32.json +2 -2
angr/procedures/definitions/win32/mf.json +5 -5
angr/procedures/definitions/win32/mfplat.json +33 -33
angr/procedures/definitions/win32/mfsensorgroup.json +2 -2
angr/procedures/definitions/win32/mmdevapi.json +1 -1
angr/procedures/definitions/win32/mqrt.json +2 -2
angr/procedures/definitions/win32/mscoree.json +9 -9
angr/procedures/definitions/win32/msdmo.json +5 -5
angr/procedures/definitions/win32/mswsock.json +8 -8
angr/procedures/definitions/win32/ndfapi.json +1 -1
angr/procedures/definitions/win32/netapi32.json +6 -6
angr/procedures/definitions/win32/netsh.json +1 -1
angr/procedures/definitions/win32/ntdll.json +1 -1
angr/procedures/definitions/win32/ntdsapi.json +14 -14
angr/procedures/definitions/win32/ntlanman.json +3 -3
angr/procedures/definitions/win32/ole32.json +78 -78
angr/procedures/definitions/win32/oleacc.json +6 -6
angr/procedures/definitions/win32/oleaut32.json +15 -15
angr/procedures/definitions/win32/oledlg.json +1 -1
angr/procedures/definitions/win32/p2p.json +11 -11
angr/procedures/definitions/win32/p2pgraph.json +7 -7
angr/procedures/definitions/win32/pdh.json +1 -1
angr/procedures/definitions/win32/powrprof.json +47 -47
angr/procedures/definitions/win32/projectedfslib.json +2 -2
angr/procedures/definitions/win32/propsys.json +25 -25
angr/procedures/definitions/win32/query.json +1 -1
angr/procedures/definitions/win32/resutils.json +1 -1
angr/procedures/definitions/win32/rpcns4.json +5 -5
angr/procedures/definitions/win32/rpcrt4.json +33 -33
angr/procedures/definitions/win32/rtm.json +1 -1
angr/procedures/definitions/win32/sensorsutilsv2.json +4 -4
angr/procedures/definitions/win32/setupapi.json +49 -49
angr/procedures/definitions/win32/shell32.json +34 -34
angr/procedures/definitions/win32/shlwapi.json +7 -7
angr/procedures/definitions/win32/slc.json +25 -25
angr/procedures/definitions/win32/slcext.json +2 -2
angr/procedures/definitions/win32/slwga.json +1 -1
angr/procedures/definitions/win32/tapi32.json +4 -4
angr/procedures/definitions/win32/tdh.json +6 -6
angr/procedures/definitions/win32/traffic.json +6 -6
angr/procedures/definitions/win32/txfw32.json +1 -1
angr/procedures/definitions/win32/uiautomationcore.json +1 -1
angr/procedures/definitions/win32/urlmon.json +6 -6
angr/procedures/definitions/win32/user32.json +1 -1
angr/procedures/definitions/win32/userenv.json +4 -4
angr/procedures/definitions/win32/virtdisk.json +4 -4
angr/procedures/definitions/win32/vmdevicehost.json +1 -1
angr/procedures/definitions/win32/wcmapi.json +2 -2
angr/procedures/definitions/win32/webauthn.json +2 -2
angr/procedures/definitions/win32/winbio.json +2 -2
angr/procedures/definitions/win32/windows_ui_xaml.json +2 -2
angr/procedures/definitions/win32/windowscodecs.json +9 -9
angr/procedures/definitions/win32/winhttp.json +1 -1
angr/procedures/definitions/win32/winhvplatform.json +1 -1
angr/procedures/definitions/win32/winscard.json +12 -12
angr/procedures/definitions/win32/winspool_drv.json +4 -4
angr/procedures/definitions/win32/wintrust.json +9 -9
angr/procedures/definitions/win32/wlanapi.json +27 -27
angr/procedures/definitions/win32/wlanui.json +1 -1
angr/procedures/definitions/win32/wldp.json +4 -4
angr/procedures/definitions/win32/ws2_32.json +34 -34
angr/procedures/definitions/win32/xaudio2_8.json +1 -1
angr/procedures/definitions/win32/xmllite.json +2 -2
angr/procedures/definitions/win32/xolehlp.json +4 -4
angr/project.py +4 -1
angr/rustylib.pyd +0 -0
angr/unicornlib.dll +0 -0
angr/utils/ail.py +107 -1
{angr-9.2.181.dist-info → angr-9.2.182.dist-info}/METADATA +5 -5
{angr-9.2.181.dist-info → angr-9.2.182.dist-info}/RECORD +139 -139
{angr-9.2.181.dist-info → angr-9.2.182.dist-info}/WHEEL +0 -0
{angr-9.2.181.dist-info → angr-9.2.182.dist-info}/entry_points.txt +0 -0
{angr-9.2.181.dist-info → angr-9.2.182.dist-info}/licenses/LICENSE +0 -0
{angr-9.2.181.dist-info → angr-9.2.182.dist-info}/top_level.txt +0 -0

angr/analyses/s_reaching_definitions/s_rda_view.py CHANGED Viewed

@@ -1,6 +1,7 @@
 from __future__ import annotations
 import logging
+import copy
 from collections.abc import Callable
 from collections import defaultdict
@@ -24,8 +25,9 @@ class RegVVarPredicate:
     Implements a predicate that is used in get_reg_vvar_by_stmt_idx and get_reg_vvar_by_insn.
     """
-    def __init__(self, reg_offset: int, vvars: list[VirtualVariable], arch):
+    def __init__(self, reg_offset: int, min_size: int, vvars: list[VirtualVariable], arch):
         self.reg_offset = reg_offset
+        self.min_size = min_size
         self.vvars = vvars
         self.arch = arch
@@ -52,6 +54,7 @@ class RegVVarPredicate:
             and isinstance(stmt.dst, VirtualVariable)
             and stmt.dst.was_reg
             and stmt.dst.reg_offset == self.reg_offset
+            and stmt.dst.size >= self.min_size
         ):
             if stmt.dst not in self.vvars:
                 self.vvars.append(stmt.dst)
@@ -61,6 +64,7 @@ class RegVVarPredicate:
                 isinstance(stmt.ret_expr, VirtualVariable)
                 and stmt.ret_expr.was_reg
                 and stmt.ret_expr.reg_offset == self.reg_offset
+                and stmt.ret_expr.size >= self.min_size
             ):
                 if stmt.ret_expr not in self.vvars:
                     self.vvars.append(stmt.ret_expr)
@@ -146,11 +150,17 @@ class SRDAView:
                         queue.append((pred, None))
     def get_reg_vvar_by_stmt(
-        self, reg_offset: int, block_addr: int, block_idx: int | None, stmt_idx: int, op_type: ObservationPointType
+        self,
+        reg_offset: int,
+        min_size: int,
+        block_addr: int,
+        block_idx: int | None,
+        stmt_idx: int,
+        op_type: ObservationPointType,
     ) -> VirtualVariable | None:
         reg_offset = get_reg_offset_base(reg_offset, self.model.arch)
         vvars = []
-        predicater = RegVVarPredicate(reg_offset, vvars, self.model.arch)
+        predicater = RegVVarPredicate(reg_offset, min_size, vvars, self.model.arch)
         self._get_vvar_by_stmt(block_addr, block_idx, stmt_idx, op_type, predicater.predicate)
         if not vvars:
@@ -160,7 +170,7 @@ class SRDAView:
                     func_arg_category = func_arg.parameter_category
                     if func_arg_category == VirtualVariableCategory.REGISTER:
                         func_arg_regoff = func_arg.parameter_reg_offset
-                        if func_arg_regoff == reg_offset:
+                        if func_arg_regoff == reg_offset and func_arg.size >= min_size:
                             vvars.append(func_arg)
         assert len(vvars) <= 1
@@ -225,11 +235,11 @@ class SRDAView:
         self._get_vvar_by_stmt(the_block.addr, the_block.idx, starting_stmt_idx, op_type, predicate)
     def get_reg_vvar_by_insn(
-        self, reg_offset: int, addr: int, op_type: ObservationPointType, block_idx: int | None = None
+        self, reg_offset: int, min_size: int, addr: int, op_type: ObservationPointType, block_idx: int | None = None
     ) -> VirtualVariable | None:
         reg_offset = get_reg_offset_base(reg_offset, self.model.arch)
         vvars = []
-        predicater = RegVVarPredicate(reg_offset, vvars, self.model.arch)
+        predicater = RegVVarPredicate(reg_offset, min_size, vvars, self.model.arch)
         self._get_vvar_by_insn(addr, op_type, predicater.predicate, block_idx=block_idx)
@@ -271,7 +281,7 @@ class SRDAView:
         # TODO: Other types
         traversal_order = GraphUtils.quasi_topological_sort_nodes(self.model.func_graph)
-        all_reg2vvarid: defaultdict[tuple[int, int | None], dict[int, int]] = defaultdict(dict)
+        all_reg2vvarid: defaultdict[tuple[int, int | None], dict[int, dict[int, int]]] = defaultdict(dict)
         observations = {}
         for block in traversal_order:
@@ -280,40 +290,52 @@ class SRDAView:
             if (block.addr, block.idx) in node_ops and node_ops[
                 (block.addr, block.idx)
             ] == ObservationPointType.OP_BEFORE:
-                observations[("block", (block.addr, block.idx), ObservationPointType.OP_BEFORE)] = reg2vvarid.copy()
+                observations[("node", (block.addr, block.idx), ObservationPointType.OP_BEFORE)] = copy.deepcopy(
+                    reg2vvarid
+                )
             last_insn_addr = None
             for stmt_idx, stmt in enumerate(block.statements):
                 if last_insn_addr != stmt.ins_addr:
                     # observe
                     if last_insn_addr in insn_ops and insn_ops[last_insn_addr] == ObservationPointType.OP_AFTER:
-                        observations[("insn", last_insn_addr, ObservationPointType.OP_AFTER)] = reg2vvarid.copy()
+                        observations[("insn", last_insn_addr, ObservationPointType.OP_AFTER)] = copy.deepcopy(
+                            reg2vvarid
+                        )
                     if stmt.ins_addr in insn_ops and insn_ops[stmt.ins_addr] == ObservationPointType.OP_BEFORE:
-                        observations[("insn", last_insn_addr, ObservationPointType.OP_BEFORE)] = reg2vvarid.copy()
+                        observations[("insn", last_insn_addr, ObservationPointType.OP_BEFORE)] = copy.deepcopy(
+                            reg2vvarid
+                        )
                     last_insn_addr = stmt.ins_addr
                 stmt_key = (block.addr, block.idx), stmt_idx
                 if stmt_key in stmt_ops and stmt_ops[stmt_key] == ObservationPointType.OP_BEFORE:
-                    observations[("stmt", stmt_key, ObservationPointType.OP_BEFORE)] = reg2vvarid.copy()
+                    observations[("stmt", stmt_key, ObservationPointType.OP_BEFORE)] = copy.deepcopy(reg2vvarid)
                 if isinstance(stmt, Assignment) and isinstance(stmt.dst, VirtualVariable) and stmt.dst.was_reg:
                     base_offset = get_reg_offset_base(stmt.dst.reg_offset, self.model.arch)
-                    reg2vvarid[base_offset] = stmt.dst.varid
+                    if base_offset not in reg2vvarid:
+                        reg2vvarid[base_offset] = {}
+                    reg2vvarid[base_offset][stmt.dst.size] = stmt.dst.varid
                 elif isinstance(stmt, Call) and isinstance(stmt.ret_expr, VirtualVariable) and stmt.ret_expr.was_reg:
                     base_offset = get_reg_offset_base(stmt.ret_expr.reg_offset, self.model.arch)
-                    reg2vvarid[base_offset] = stmt.ret_expr.varid
+                    if base_offset not in reg2vvarid:
+                        reg2vvarid[base_offset] = {}
+                    reg2vvarid[base_offset][stmt.ret_expr.size] = stmt.ret_expr.varid
                 if stmt_key in stmt_ops and stmt_ops[stmt_key] == ObservationPointType.OP_AFTER:
-                    observations[("stmt", stmt_key, ObservationPointType.OP_AFTER)] = reg2vvarid.copy()
+                    observations[("stmt", stmt_key, ObservationPointType.OP_AFTER)] = copy.deepcopy(reg2vvarid)
             if (block.addr, block.idx) in node_ops and node_ops[
                 (block.addr, block.idx)
             ] == ObservationPointType.OP_AFTER:
-                observations[("block", (block.addr, block.idx), ObservationPointType.OP_AFTER)] = reg2vvarid.copy()
+                observations[("node", (block.addr, block.idx), ObservationPointType.OP_AFTER)] = copy.deepcopy(
+                    reg2vvarid
+                )
             for succ in self.model.func_graph.successors(block):
                 if succ is block:
                     continue
-                all_reg2vvarid[succ.addr, succ.idx] = reg2vvarid.copy()
+                all_reg2vvarid[succ.addr, succ.idx] = copy.deepcopy(reg2vvarid)
         return observations

angr/analyses/s_reaching_definitions/s_reaching_definitions.py CHANGED Viewed

@@ -1,16 +1,17 @@
+# pylint:disable=too-many-boolean-expressions
 from __future__ import annotations
+import networkx
 from angr.ailment.block import Block
 from angr.ailment.statement import Assignment, Call, Return
 from angr.ailment.expression import VirtualVariable
-import networkx
 from angr.knowledge_plugins.functions import Function
 from angr.knowledge_plugins.key_definitions.constants import ObservationPointType
 from angr.code_location import CodeLocation, ExternalCodeLocation
 from angr.analyses import Analysis, register_analysis
 from angr.utils.ssa import get_vvar_uselocs, get_vvar_deflocs, get_tmp_deflocs, get_tmp_uselocs
-from angr.calling_conventions import default_cc
+from angr.calling_conventions import default_cc, SimRegArg
 from .s_rda_model import SRDAModel
 from .s_rda_view import SRDAView
@@ -26,6 +27,7 @@ class SReachingDefinitionsAnalysis(Analysis):
         func_addr: int | None = None,
         func_graph: networkx.DiGraph[Block] | None = None,
         func_args: set[VirtualVariable] | None = None,
+        use_callee_saved_regs_at_return: bool = False,
         track_tmps: bool = False,
     ):
         if isinstance(subject, Block):
@@ -43,6 +45,7 @@ class SReachingDefinitionsAnalysis(Analysis):
         self.func_addr = func_addr if func_addr is not None else self.func.addr if self.func is not None else None
         self.func_args = func_args
         self._track_tmps = track_tmps
+        self._use_callee_saved_regs_at_return = use_callee_saved_regs_at_return
         self._bp_as_gpr = False
         if self.func is not None:
@@ -94,6 +97,8 @@ class SReachingDefinitionsAnalysis(Analysis):
         if self.mode == "function":
+            assert self.func is not None
             # fix register definitions for arguments
             defined_vvarids = set(vvar_deflocs)
             undefined_vvarids = set(vvar_uselocs.keys()).difference(defined_vvarids)
@@ -151,10 +156,58 @@ class SReachingDefinitionsAnalysis(Analysis):
                     arg_locs += [r_name for r_name in cc.FP_ARG_REGS if r_name not in arg_locs]
                 for arg_reg_name in arg_locs:
-                    reg_offset = self.project.arch.registers[arg_reg_name][0]
+                    reg_offset, reg_size = self.project.arch.registers[arg_reg_name]
                     if reg_offset in reg_to_vvarids:
-                        vvarid = reg_to_vvarids[reg_offset]
-                        self.model.add_vvar_use(vvarid, None, codeloc)
+                        for vvar_size in reg_to_vvarids[reg_offset]:
+                            if vvar_size >= reg_size:
+                                vvarid = reg_to_vvarids[reg_offset][vvar_size]
+                                self.model.add_vvar_use(vvarid, None, codeloc)
+            if self._use_callee_saved_regs_at_return:
+                # handle callee-saved registers: add uses for these registers so that the restoration statements are not
+                # considered dead assignments.
+                cc = self.func.calling_convention
+                if cc is None:
+                    cc_cls = default_cc(
+                        self.project.arch.name,
+                        platform=self.project.simos.name if self.project.simos is not None else None,
+                    )
+                    assert cc_cls is not None
+                    cc = cc_cls(self.project.arch)
+                arch = self.project.arch
+                ob_points = []
+                endpoint_addrs = {end_point.addr for end_point in self.func.endpoints}
+                for block in blocks.values():
+                    if block.addr in endpoint_addrs:
+                        ob_points.append(("node", (block.addr, block.idx), ObservationPointType.OP_AFTER))
+                func_end_observations = srda_view.observe(ob_points)
+                ignore_reg_offsets = {arch.sp_offset, arch.ip_offset}
+                if not self._bp_as_gpr:
+                    ignore_reg_offsets.add(arch.bp_offset)
+                for key, reg_to_vvarids in func_end_observations.items():
+                    _, (block_addr, block_idx), _ = key
+                    block = blocks[(block_addr, block_idx)]
+                    if not block.statements:
+                        # totally unexpected
+                        continue
+                    stmt = block.statements[-1]
+                    codeloc = CodeLocation(
+                        block_addr, len(block.statements) - 1, block_idx=block_idx, ins_addr=stmt.ins_addr
+                    )
+                    for reg in arch.register_list:
+                        if (
+                            reg.general_purpose
+                            and reg.name not in cc.CALLER_SAVED_REGS
+                            and reg.name not in cc.ARG_REGS
+                            and reg.vex_offset not in ignore_reg_offsets
+                            and (isinstance(cc.RETURN_VAL, SimRegArg) and reg.name != cc.RETURN_VAL.reg_name)
+                        ):
+                            reg_offset = self.project.arch.registers[reg.name][0]
+                            if reg_offset in reg_to_vvarids:
+                                max_vvar_size = max(reg_to_vvarids[reg_offset])
+                                vvarid = reg_to_vvarids[reg_offset][max_vvar_size]
+                                self.model.add_vvar_use(vvarid, None, codeloc)
         if self._track_tmps:
             # track tmps

angr/engines/pcode/behavior.py CHANGED Viewed

@@ -12,13 +12,17 @@ from angr.errors import AngrError
 # pylint:disable=abstract-method
-def make_bv_sizes_equal(bv1: BV, bv2: BV) -> tuple[BV, BV]:
+def make_bv_sizes_equal(bv1: BV, bv2: BV, zero_ext: bool = False) -> tuple[BV, BV]:
     """
     Makes two BVs equal in length through sign extension.
     """
     if bv1.size() < bv2.size():
+        if zero_ext:
+            return (bv1.zero_extend(bv2.size() - bv1.size()), bv2)
         return (bv1.sign_extend(bv2.size() - bv1.size()), bv2)
     if bv1.size() > bv2.size():
+        if zero_ext:
+            return (bv1, bv2.zero_extend(bv1.size() - bv2.size()))
         return (bv1, bv2.sign_extend(bv1.size() - bv2.size()))
     return (bv1, bv2)
@@ -340,7 +344,7 @@ class OpBehaviorIntRight(OpBehavior):
         super().__init__(OpCode.INT_RIGHT, False)
     def evaluate_binary(self, size_out: int, size_in: int, in1: BV, in2: BV) -> BV:
-        in1, in2 = make_bv_sizes_equal(in1, in2)
+        in1, in2 = make_bv_sizes_equal(in1, in2, zero_ext=True)
         return in1.LShR(in2)

angr/knowledge_plugins/functions/function_manager.py CHANGED Viewed

@@ -175,7 +175,7 @@ class FunctionManager(KnowledgeBasePlugin, collections.abc.Mapping):
             idx = bisect.bisect_left(self._rplt_cache_ranges, obj_range)
             if not (idx < len(self._rplt_cache_ranges) and self._rplt_cache_ranges[idx] == obj_range):
                 self._rplt_cache_ranges.insert(idx, obj_range)
-            if isinstance(obj, cle.MetaELF):
+            if isinstance(obj, (cle.MetaELF, cle.MachO)):
                 if self._rplt_cache is None:
                     self._rplt_cache = set()
                 self._rplt_cache |= set(obj.reverse_plt)

angr/knowledge_plugins/variables/variable_manager.py CHANGED Viewed

@@ -4,6 +4,7 @@ import logging
 from collections import defaultdict
 from itertools import count, chain
+from sortedcontainers import SortedDict
 import networkx
 import angr.ailment as ailment
@@ -118,7 +119,8 @@ class VariableManagerInternal(Serializable):
         # optimization
         self._variables_without_writes = set()
-        self.stack_offset_to_struct_member_info: dict[SimStackVariable, tuple[int, SimStackVariable, SimStruct]] = {}
+        # dict[int, tuple[SimStackVariable, SimStruct]]
+        self.stack_offset_to_struct = SortedDict()
         self.ret_val_size = None
@@ -515,7 +517,7 @@ class VariableManagerInternal(Serializable):
                 self._atom_to_variable[key][atom_hash] = {var_and_offset}
             if isinstance(atom, ailment.Expr.VirtualVariable):
                 self._vvarid_to_variable[atom.varid] = variable
-                self._variable_to_vvarids[variable] = set(atom.varid)
+                self._variable_to_vvarids[variable] = {atom.varid}
         else:
             if location.ins_addr is not None:
                 self._insn_to_variable[location.ins_addr].add(var_and_offset)
@@ -1058,22 +1060,7 @@ class VariableManagerInternal(Serializable):
                         if mark_manual:
                             self.variables_with_manual_types.add(other_var)
         if isinstance(var, SimStackVariable) and isinstance(ty, TypeRef) and isinstance(ty.type, SimStruct):
-            self.stack_offset_to_struct_member_info.update(self._extract_fields_from_struct(var, ty.type))
-    def _extract_fields_from_struct(self, var, ty: SimStruct, top_struct_offset=0):
-        result = {}
-        for name, field_offset in ty.offsets.items():
-            field_ty = ty.fields[name]
-            offset = top_struct_offset + field_offset
-            if isinstance(field_ty, TypeRef):
-                field_ty = field_ty.type
-            if isinstance(field_ty, SimStruct):
-                result.update(
-                    self._extract_fields_from_struct(var, field_ty, top_struct_offset=top_struct_offset + field_offset)
-                )
-            else:
-                result[var.offset + offset] = (offset, var, ty)
-        return result
+            self.stack_offset_to_struct[var.offset] = var, ty.type
     def get_variable_type(self, var) -> SimType | None:
         return self.variable_to_types.get(var, None)
@@ -1228,7 +1215,11 @@ class VariableManagerInternal(Serializable):
         for acc in accesses:
             assert acc.location.block_addr is not None
             block = func_block_by_addr.get((acc.location.block_addr, acc.location.block_idx), None)
-            if block is not None:
+            if (
+                block is not None
+                and acc.location.stmt_idx is not None
+                and acc.location.stmt_idx < len(block.statements)
+            ):
                 stmt = block.statements[acc.location.stmt_idx]
                 if not is_phi_assignment(stmt):
                     return False

angr/procedures/definitions/parse_glibc.py CHANGED Viewed

@@ -21,7 +21,6 @@ def main():
         c_decl = c_decl.strip("\n")
         # preprocessing
-        c_decl = c_decl.replace("FILE *", "FILE_t *")
         c_decl = c_decl.replace("const ", "")
         c_decl = c_decl.replace("*restrict ", "* ")

angr/procedures/definitions/parse_win32json.py CHANGED Viewed

@@ -21,6 +21,16 @@ altnames = set()
 typelib = SimTypeCollection()
 typelib.names = ["win32"]
+# add Guid
+guid_fields = OrderedDict()
+guid_fields["Data1"] = angr.types.SimTypeInt(signed=False)
+guid_fields["Data2"] = angr.types.SimTypeShort(signed=False)
+guid_fields["Data3"] = angr.types.SimTypeShort(signed=False)
+guid_fields["Data4"] = angr.types.SimTypeFixedSizeArray(angr.types.SimTypeChar(signed=False), length=8)
+guid = angr.types.SimStruct(guid_fields, name="Guid", pack=True, align=1)
+typelib.add("Guid", guid)
 known_struct_names: set[str] = set()
@@ -60,8 +70,7 @@ def get_angr_type_from_name(name):
     if name == "Boolean":
         return angr.types.SimTypeBool(label="Boolean")
     if name == "Guid":
-        # FIXME
-        return angr.types.SimTypeBottom(label="Guid")
+        return angr.types.SimTypeRef("Guid", angr.types.SimStruct)
     print(f"Unhandled Native Type: {name}")
     sys.exit(-1)
@@ -2470,7 +2479,7 @@ def do_it(in_dir):
                 non_returning.append(func)
         if not non_returning:
             del d["non_returning"]
-        with open(os.path.join(prefix, filename), "w") as f:
+        with open(os.path.join(prefix, filename), "w", encoding="utf-8") as f:
             f.write(json.dumps(d, indent="\t"))
     # Dump the type collection to a JSON file

angr/procedures/definitions/wdk/fltmgr.json CHANGED Viewed

@@ -51,10 +51,10 @@
 			"proto": "{'_t': 'func', 'args': [], 'returnty': {'_t': '_ref', 'name': 'PFLT_DEFERRED_IO_WORKITEM', 'ot': 'ptr'}, 'arg_names': []}"
 		},
 		"FltAllocateExtraCreateParameter": {
-			"proto": "{'_t': 'func', 'args': [{'_t': '_ref', 'name': 'PFLT_FILTER', 'ot': 'ptr'}, {'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Guid'}}, {'_t': 'int', 'signed': false, 'label': 'UInt32'}, {'_t': 'int', 'signed': false, 'label': 'UInt32'}, {'_t': 'ptr', 'pts_to': {'_t': 'func', 'args': [{'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Void'}}, {'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Guid'}}], 'returnty': {'_t': 'bot', 'label': 'Void'}, 'arg_names': ['EcpContext', 'EcpType']}}, {'_t': 'int', 'signed': false, 'label': 'UInt32'}, {'_t': 'ptr', 'pts_to': {'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Void'}}}], 'returnty': {'_t': '_ref', 'name': 'NTSTATUS', 'ot': 'int'}, 'arg_names': ['Filter', 'EcpType', 'SizeOfContext', 'Flags', 'CleanupCallback', 'PoolTag', 'EcpContext']}"
+			"proto": "{'_t': 'func', 'args': [{'_t': '_ref', 'name': 'PFLT_FILTER', 'ot': 'ptr'}, {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'Guid', 'ot': '_ref'}}, {'_t': 'int', 'signed': false, 'label': 'UInt32'}, {'_t': 'int', 'signed': false, 'label': 'UInt32'}, {'_t': 'ptr', 'pts_to': {'_t': 'func', 'args': [{'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Void'}}, {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'Guid', 'ot': '_ref'}}], 'returnty': {'_t': 'bot', 'label': 'Void'}, 'arg_names': ['EcpContext', 'EcpType']}}, {'_t': 'int', 'signed': false, 'label': 'UInt32'}, {'_t': 'ptr', 'pts_to': {'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Void'}}}], 'returnty': {'_t': '_ref', 'name': 'NTSTATUS', 'ot': 'int'}, 'arg_names': ['Filter', 'EcpType', 'SizeOfContext', 'Flags', 'CleanupCallback', 'PoolTag', 'EcpContext']}"
 		},
 		"FltAllocateExtraCreateParameterFromLookasideList": {
-			"proto": "{'_t': 'func', 'args': [{'_t': '_ref', 'name': 'PFLT_FILTER', 'ot': 'ptr'}, {'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Guid'}}, {'_t': 'int', 'signed': false, 'label': 'UInt32'}, {'_t': 'int', 'signed': false, 'label': 'UInt32'}, {'_t': 'ptr', 'pts_to': {'_t': 'func', 'args': [{'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Void'}}, {'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Guid'}}], 'returnty': {'_t': 'bot', 'label': 'Void'}, 'arg_names': ['EcpContext', 'EcpType']}}, {'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Void'}}, {'_t': 'ptr', 'pts_to': {'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Void'}}}], 'returnty': {'_t': '_ref', 'name': 'NTSTATUS', 'ot': 'int'}, 'arg_names': ['Filter', 'EcpType', 'SizeOfContext', 'Flags', 'CleanupCallback', 'LookasideList', 'EcpContext']}"
+			"proto": "{'_t': 'func', 'args': [{'_t': '_ref', 'name': 'PFLT_FILTER', 'ot': 'ptr'}, {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'Guid', 'ot': '_ref'}}, {'_t': 'int', 'signed': false, 'label': 'UInt32'}, {'_t': 'int', 'signed': false, 'label': 'UInt32'}, {'_t': 'ptr', 'pts_to': {'_t': 'func', 'args': [{'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Void'}}, {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'Guid', 'ot': '_ref'}}], 'returnty': {'_t': 'bot', 'label': 'Void'}, 'arg_names': ['EcpContext', 'EcpType']}}, {'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Void'}}, {'_t': 'ptr', 'pts_to': {'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Void'}}}], 'returnty': {'_t': '_ref', 'name': 'NTSTATUS', 'ot': 'int'}, 'arg_names': ['Filter', 'EcpType', 'SizeOfContext', 'Flags', 'CleanupCallback', 'LookasideList', 'EcpContext']}"
 		},
 		"FltAllocateExtraCreateParameterList": {
 			"proto": "{'_t': 'func', 'args': [{'_t': '_ref', 'name': 'PFLT_FILTER', 'ot': 'ptr'}, {'_t': 'int', 'signed': false, 'label': 'UInt32'}, {'_t': 'ptr', 'pts_to': {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'ECP_LIST', 'ot': '_ref'}}}], 'returnty': {'_t': '_ref', 'name': 'NTSTATUS', 'ot': 'int'}, 'arg_names': ['Filter', 'Flags', 'EcpList']}"
@@ -276,7 +276,7 @@
 			"proto": "{'_t': 'func', 'args': [{'_t': '_ref', 'name': 'PFLT_INSTANCE', 'ot': 'ptr'}, {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'FILE_OBJECT', 'ot': '_ref'}}, {'_t': 'ptr', 'pts_to': {'_t': 'llong', 'label': 'Int64'}}, {'_t': 'int', 'signed': false, 'label': 'UInt32'}, {'_t': 'int', 'signed': false, 'label': 'UInt32'}, {'_t': 'ptr', 'pts_to': {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'MDL', 'ot': '_ref'}}}, {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'IO_STATUS_BLOCK', 'ot': '_ref'}}], 'returnty': {'_t': '_ref', 'name': 'BOOLEAN', 'ot': 'char'}, 'arg_names': ['InitiatingInstance', 'FileObject', 'FileOffset', 'Length', 'LockKey', 'MdlChain', 'IoStatus']}"
 		},
 		"FltFindExtraCreateParameter": {
-			"proto": "{'_t': 'func', 'args': [{'_t': '_ref', 'name': 'PFLT_FILTER', 'ot': 'ptr'}, {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'ECP_LIST', 'ot': '_ref'}}, {'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Guid'}}, {'_t': 'ptr', 'pts_to': {'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Void'}}}, {'_t': 'ptr', 'pts_to': {'_t': 'int', 'signed': false, 'label': 'UInt32'}}], 'returnty': {'_t': '_ref', 'name': 'NTSTATUS', 'ot': 'int'}, 'arg_names': ['Filter', 'EcpList', 'EcpType', 'EcpContext', 'EcpContextSize']}"
+			"proto": "{'_t': 'func', 'args': [{'_t': '_ref', 'name': 'PFLT_FILTER', 'ot': 'ptr'}, {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'ECP_LIST', 'ot': '_ref'}}, {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'Guid', 'ot': '_ref'}}, {'_t': 'ptr', 'pts_to': {'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Void'}}}, {'_t': 'ptr', 'pts_to': {'_t': 'int', 'signed': false, 'label': 'UInt32'}}], 'returnty': {'_t': '_ref', 'name': 'NTSTATUS', 'ot': 'int'}, 'arg_names': ['Filter', 'EcpList', 'EcpType', 'EcpContext', 'EcpContextSize']}"
 		},
 		"FltFlushBuffers": {
 			"proto": "{'_t': 'func', 'args': [{'_t': '_ref', 'name': 'PFLT_INSTANCE', 'ot': 'ptr'}, {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'FILE_OBJECT', 'ot': '_ref'}}], 'returnty': {'_t': '_ref', 'name': 'NTSTATUS', 'ot': 'int'}, 'arg_names': ['Instance', 'FileObject']}"
@@ -315,7 +315,7 @@
 			"proto": "{'_t': 'func', 'args': [{'_t': '_ref', 'name': 'PFLT_INSTANCE', 'ot': 'ptr'}, {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'FILE_OBJECT', 'ot': '_ref'}}, {'_t': 'int', 'signed': false, 'label': 'UInt32'}, {'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Void'}}, {'_t': 'int', 'signed': false, 'label': 'UInt32'}, {'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Void'}}, {'_t': 'int', 'signed': false, 'label': 'UInt32'}, {'_t': 'ptr', 'pts_to': {'_t': 'int', 'signed': false, 'label': 'UInt32'}}], 'returnty': {'_t': '_ref', 'name': 'NTSTATUS', 'ot': 'int'}, 'arg_names': ['Instance', 'FileObject', 'FsControlCode', 'InputBuffer', 'InputBufferLength', 'OutputBuffer', 'OutputBufferLength', 'LengthReturned']}"
 		},
 		"FltGetActivityIdCallbackData": {
-			"proto": "{'_t': 'func', 'args': [{'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'FLT_CALLBACK_DATA', 'ot': '_ref'}}, {'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Guid'}}], 'returnty': {'_t': '_ref', 'name': 'NTSTATUS', 'ot': 'int'}, 'arg_names': ['CallbackData', 'Guid']}"
+			"proto": "{'_t': 'func', 'args': [{'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'FLT_CALLBACK_DATA', 'ot': '_ref'}}, {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'Guid', 'ot': '_ref'}}], 'returnty': {'_t': '_ref', 'name': 'NTSTATUS', 'ot': 'int'}, 'arg_names': ['CallbackData', 'Guid']}"
 		},
 		"FltGetBottomInstance": {
 			"proto": "{'_t': 'func', 'args': [{'_t': '_ref', 'name': 'PFLT_VOLUME', 'ot': 'ptr'}, {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'PFLT_INSTANCE', 'ot': '_ref'}}], 'returnty': {'_t': '_ref', 'name': 'NTSTATUS', 'ot': 'int'}, 'arg_names': ['Volume', 'Instance']}"
@@ -393,7 +393,7 @@
 			"proto": "{'_t': 'func', 'args': [{'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'FLT_CALLBACK_DATA', 'ot': '_ref'}}], 'returnty': {'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Void'}}, 'arg_names': ['CallbackData']}"
 		},
 		"FltGetNextExtraCreateParameter": {
-			"proto": "{'_t': 'func', 'args': [{'_t': '_ref', 'name': 'PFLT_FILTER', 'ot': 'ptr'}, {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'ECP_LIST', 'ot': '_ref'}}, {'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Void'}}, {'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Guid'}}, {'_t': 'ptr', 'pts_to': {'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Void'}}}, {'_t': 'ptr', 'pts_to': {'_t': 'int', 'signed': false, 'label': 'UInt32'}}], 'returnty': {'_t': '_ref', 'name': 'NTSTATUS', 'ot': 'int'}, 'arg_names': ['Filter', 'EcpList', 'CurrentEcpContext', 'NextEcpType', 'NextEcpContext', 'NextEcpContextSize']}"
+			"proto": "{'_t': 'func', 'args': [{'_t': '_ref', 'name': 'PFLT_FILTER', 'ot': 'ptr'}, {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'ECP_LIST', 'ot': '_ref'}}, {'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Void'}}, {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'Guid', 'ot': '_ref'}}, {'_t': 'ptr', 'pts_to': {'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Void'}}}, {'_t': 'ptr', 'pts_to': {'_t': 'int', 'signed': false, 'label': 'UInt32'}}], 'returnty': {'_t': '_ref', 'name': 'NTSTATUS', 'ot': 'int'}, 'arg_names': ['Filter', 'EcpList', 'CurrentEcpContext', 'NextEcpType', 'NextEcpContext', 'NextEcpContextSize']}"
 		},
 		"FltGetRequestorProcess": {
 			"proto": "{'_t': 'func', 'args': [{'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'FLT_CALLBACK_DATA', 'ot': '_ref'}}], 'returnty': {'_t': '_ref', 'name': 'PEPROCESS', 'ot': 'ptr'}, 'arg_names': ['CallbackData']}"
@@ -582,7 +582,7 @@
 			"proto": "{'_t': 'func', 'args': [{'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'FILE_LOCK', 'ot': '_ref'}}, {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'FLT_CALLBACK_DATA', 'ot': '_ref'}}, {'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Void'}}], 'returnty': {'_t': '_ref', 'name': 'FLT_PREOP_CALLBACK_STATUS', 'ot': 'int'}, 'arg_names': ['FileLock', 'CallbackData', 'Context']}"
 		},
 		"FltPropagateActivityIdToThread": {
-			"proto": "{'_t': 'func', 'args': [{'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'FLT_CALLBACK_DATA', 'ot': '_ref'}}, {'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Guid'}}, {'_t': 'ptr', 'pts_to': {'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Guid'}}}], 'returnty': {'_t': '_ref', 'name': 'NTSTATUS', 'ot': 'int'}, 'arg_names': ['CallbackData', 'PropagateId', 'OriginalId']}"
+			"proto": "{'_t': 'func', 'args': [{'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'FLT_CALLBACK_DATA', 'ot': '_ref'}}, {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'Guid', 'ot': '_ref'}}, {'_t': 'ptr', 'pts_to': {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'Guid', 'ot': '_ref'}}}], 'returnty': {'_t': '_ref', 'name': 'NTSTATUS', 'ot': 'int'}, 'arg_names': ['CallbackData', 'PropagateId', 'OriginalId']}"
 		},
 		"FltPropagateIrpExtension": {
 			"proto": "{'_t': 'func', 'args': [{'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'FLT_CALLBACK_DATA', 'ot': '_ref'}}, {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'FLT_CALLBACK_DATA', 'ot': '_ref'}}, {'_t': 'int', 'signed': false, 'label': 'UInt32'}], 'returnty': {'_t': '_ref', 'name': 'NTSTATUS', 'ot': 'int'}, 'arg_names': ['SourceData', 'TargetData', 'Flags']}"
@@ -666,7 +666,7 @@
 			"proto": "{'_t': 'func', 'args': [{'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'ERESOURCE', 'ot': '_ref'}}], 'returnty': {'_t': 'bot', 'label': 'Void'}, 'arg_names': ['Resource']}"
 		},
 		"FltRemoveExtraCreateParameter": {
-			"proto": "{'_t': 'func', 'args': [{'_t': '_ref', 'name': 'PFLT_FILTER', 'ot': 'ptr'}, {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'ECP_LIST', 'ot': '_ref'}}, {'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Guid'}}, {'_t': 'ptr', 'pts_to': {'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Void'}}}, {'_t': 'ptr', 'pts_to': {'_t': 'int', 'signed': false, 'label': 'UInt32'}}], 'returnty': {'_t': '_ref', 'name': 'NTSTATUS', 'ot': 'int'}, 'arg_names': ['Filter', 'EcpList', 'EcpType', 'EcpContext', 'EcpContextSize']}"
+			"proto": "{'_t': 'func', 'args': [{'_t': '_ref', 'name': 'PFLT_FILTER', 'ot': 'ptr'}, {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'ECP_LIST', 'ot': '_ref'}}, {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'Guid', 'ot': '_ref'}}, {'_t': 'ptr', 'pts_to': {'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Void'}}}, {'_t': 'ptr', 'pts_to': {'_t': 'int', 'signed': false, 'label': 'UInt32'}}], 'returnty': {'_t': '_ref', 'name': 'NTSTATUS', 'ot': 'int'}, 'arg_names': ['Filter', 'EcpList', 'EcpType', 'EcpContext', 'EcpContextSize']}"
 		},
 		"FltRemoveOpenReparseEntry": {
 			"proto": "{'_t': 'func', 'args': [{'_t': '_ref', 'name': 'PFLT_FILTER', 'ot': 'ptr'}, {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'FLT_CALLBACK_DATA', 'ot': '_ref'}}, {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'OPEN_REPARSE_LIST_ENTRY', 'ot': '_ref'}}], 'returnty': {'_t': 'bot', 'label': 'Void'}, 'arg_names': ['Filter', 'Data', 'OpenReparseEntry']}"
@@ -702,7 +702,7 @@
 			"proto": "{'_t': 'func', 'args': [{'_t': '_ref', 'name': 'PFLT_FILTER', 'ot': 'ptr'}, {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'PFLT_PORT', 'ot': '_ref'}}, {'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Void'}}, {'_t': 'int', 'signed': false, 'label': 'UInt32'}, {'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Void'}}, {'_t': 'ptr', 'pts_to': {'_t': 'int', 'signed': false, 'label': 'UInt32'}}, {'_t': 'ptr', 'pts_to': {'_t': 'llong', 'label': 'Int64'}}], 'returnty': {'_t': '_ref', 'name': 'NTSTATUS', 'ot': 'int'}, 'arg_names': ['Filter', 'ClientPort', 'SenderBuffer', 'SenderBufferLength', 'ReplyBuffer', 'ReplyLength', 'Timeout']}"
 		},
 		"FltSetActivityIdCallbackData": {
-			"proto": "{'_t': 'func', 'args': [{'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'FLT_CALLBACK_DATA', 'ot': '_ref'}}, {'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Guid'}}], 'returnty': {'_t': '_ref', 'name': 'NTSTATUS', 'ot': 'int'}, 'arg_names': ['CallbackData', 'Guid']}"
+			"proto": "{'_t': 'func', 'args': [{'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'FLT_CALLBACK_DATA', 'ot': '_ref'}}, {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'Guid', 'ot': '_ref'}}], 'returnty': {'_t': '_ref', 'name': 'NTSTATUS', 'ot': 'int'}, 'arg_names': ['CallbackData', 'Guid']}"
 		},
 		"FltSetCallbackDataDirty": {
 			"proto": "{'_t': 'func', 'args': [{'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'FLT_CALLBACK_DATA', 'ot': '_ref'}}], 'returnty': {'_t': 'bot', 'label': 'Void'}, 'arg_names': ['Data']}"
@@ -777,10 +777,10 @@
 			"proto": "{'_t': 'func', 'args': [{'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'FILE_OBJECT', 'ot': '_ref'}}], 'returnty': {'_t': '_ref', 'name': 'BOOLEAN', 'ot': 'char'}, 'arg_names': ['FileObject']}"
 		},
 		"FltTagFile": {
-			"proto": "{'_t': 'func', 'args': [{'_t': '_ref', 'name': 'PFLT_INSTANCE', 'ot': 'ptr'}, {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'FILE_OBJECT', 'ot': '_ref'}}, {'_t': 'int', 'signed': false, 'label': 'UInt32'}, {'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Guid'}}, {'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Void'}}, {'_t': 'short', 'signed': false, 'label': 'UInt16'}], 'returnty': {'_t': '_ref', 'name': 'NTSTATUS', 'ot': 'int'}, 'arg_names': ['InitiatingInstance', 'FileObject', 'FileTag', 'Guid', 'DataBuffer', 'DataBufferLength']}"
+			"proto": "{'_t': 'func', 'args': [{'_t': '_ref', 'name': 'PFLT_INSTANCE', 'ot': 'ptr'}, {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'FILE_OBJECT', 'ot': '_ref'}}, {'_t': 'int', 'signed': false, 'label': 'UInt32'}, {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'Guid', 'ot': '_ref'}}, {'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Void'}}, {'_t': 'short', 'signed': false, 'label': 'UInt16'}], 'returnty': {'_t': '_ref', 'name': 'NTSTATUS', 'ot': 'int'}, 'arg_names': ['InitiatingInstance', 'FileObject', 'FileTag', 'Guid', 'DataBuffer', 'DataBufferLength']}"
 		},
 		"FltTagFileEx": {
-			"proto": "{'_t': 'func', 'args': [{'_t': '_ref', 'name': 'PFLT_INSTANCE', 'ot': 'ptr'}, {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'FILE_OBJECT', 'ot': '_ref'}}, {'_t': 'int', 'signed': false, 'label': 'UInt32'}, {'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Guid'}}, {'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Void'}}, {'_t': 'short', 'signed': false, 'label': 'UInt16'}, {'_t': 'int', 'signed': false, 'label': 'UInt32'}, {'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Guid'}}, {'_t': 'int', 'signed': false, 'label': 'UInt32'}], 'returnty': {'_t': '_ref', 'name': 'NTSTATUS', 'ot': 'int'}, 'arg_names': ['InitiatingInstance', 'FileObject', 'FileTag', 'Guid', 'DataBuffer', 'DataBufferLength', 'ExistingFileTag', 'ExistingGuid', 'Flags']}"
+			"proto": "{'_t': 'func', 'args': [{'_t': '_ref', 'name': 'PFLT_INSTANCE', 'ot': 'ptr'}, {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'FILE_OBJECT', 'ot': '_ref'}}, {'_t': 'int', 'signed': false, 'label': 'UInt32'}, {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'Guid', 'ot': '_ref'}}, {'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Void'}}, {'_t': 'short', 'signed': false, 'label': 'UInt16'}, {'_t': 'int', 'signed': false, 'label': 'UInt32'}, {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'Guid', 'ot': '_ref'}}, {'_t': 'int', 'signed': false, 'label': 'UInt32'}], 'returnty': {'_t': '_ref', 'name': 'NTSTATUS', 'ot': 'int'}, 'arg_names': ['InitiatingInstance', 'FileObject', 'FileTag', 'Guid', 'DataBuffer', 'DataBufferLength', 'ExistingFileTag', 'ExistingGuid', 'Flags']}"
 		},
 		"FltUninitializeFileLock": {
 			"proto": "{'_t': 'func', 'args': [{'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'FILE_LOCK', 'ot': '_ref'}}], 'returnty': {'_t': 'bot', 'label': 'Void'}, 'arg_names': ['FileLock']}"
@@ -795,7 +795,7 @@
 			"proto": "{'_t': 'func', 'args': [{'_t': '_ref', 'name': 'PFLT_FILTER', 'ot': 'ptr'}], 'returnty': {'_t': 'bot', 'label': 'Void'}, 'arg_names': ['Filter']}"
 		},
 		"FltUntagFile": {
-			"proto": "{'_t': 'func', 'args': [{'_t': '_ref', 'name': 'PFLT_INSTANCE', 'ot': 'ptr'}, {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'FILE_OBJECT', 'ot': '_ref'}}, {'_t': 'int', 'signed': false, 'label': 'UInt32'}, {'_t': 'ptr', 'pts_to': {'_t': 'bot', 'label': 'Guid'}}], 'returnty': {'_t': '_ref', 'name': 'NTSTATUS', 'ot': 'int'}, 'arg_names': ['InitiatingInstance', 'FileObject', 'FileTag', 'Guid']}"
+			"proto": "{'_t': 'func', 'args': [{'_t': '_ref', 'name': 'PFLT_INSTANCE', 'ot': 'ptr'}, {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'FILE_OBJECT', 'ot': '_ref'}}, {'_t': 'int', 'signed': false, 'label': 'UInt32'}, {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'Guid', 'ot': '_ref'}}], 'returnty': {'_t': '_ref', 'name': 'NTSTATUS', 'ot': 'int'}, 'arg_names': ['InitiatingInstance', 'FileObject', 'FileTag', 'Guid']}"
 		},
 		"FltVetoBypassIo": {
 			"proto": "{'_t': 'func', 'args': [{'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'FLT_CALLBACK_DATA', 'ot': '_ref'}}, {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'FLT_RELATED_OBJECTS', 'ot': '_ref'}}, {'_t': '_ref', 'name': 'NTSTATUS', 'ot': 'int'}, {'_t': 'ptr', 'pts_to': {'_t': '_ref', 'name': 'UNICODE_STRING', 'ot': '_ref'}}], 'returnty': {'_t': '_ref', 'name': 'NTSTATUS', 'ot': 'int'}, 'arg_names': ['CallbackData', 'FltObjects', 'OperationStatus', 'FailureReason']}"