PyPI - angr - Versions diffs - 9.2.192__cp311-cp311-macosx_10_12_x86_64.whl - Mend

angr 9.2.192__cp311-cp311-macosx_10_12_x86_64.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1442) hide show

angr/__init__.py +366 -0
angr/__main__.py +182 -0
angr/ail_callable.py +79 -0
angr/ailment/__init__.py +83 -0
angr/ailment/block.py +88 -0
angr/ailment/block_walker.py +856 -0
angr/ailment/constant.py +3 -0
angr/ailment/converter_common.py +11 -0
angr/ailment/converter_pcode.py +648 -0
angr/ailment/converter_vex.py +829 -0
angr/ailment/expression.py +1655 -0
angr/ailment/manager.py +34 -0
angr/ailment/statement.py +973 -0
angr/ailment/tagged_object.py +58 -0
angr/ailment/utils.py +114 -0
angr/analyses/__init__.py +117 -0
angr/analyses/analysis.py +429 -0
angr/analyses/backward_slice.py +686 -0
angr/analyses/binary_optimizer.py +670 -0
angr/analyses/bindiff.py +1512 -0
angr/analyses/boyscout.py +76 -0
angr/analyses/callee_cleanup_finder.py +74 -0
angr/analyses/calling_convention/__init__.py +6 -0
angr/analyses/calling_convention/calling_convention.py +1113 -0
angr/analyses/calling_convention/fact_collector.py +647 -0
angr/analyses/calling_convention/utils.py +60 -0
angr/analyses/cdg.py +189 -0
angr/analyses/cfg/__init__.py +23 -0
angr/analyses/cfg/cfb.py +451 -0
angr/analyses/cfg/cfg.py +74 -0
angr/analyses/cfg/cfg_arch_options.py +95 -0
angr/analyses/cfg/cfg_base.py +2954 -0
angr/analyses/cfg/cfg_emulated.py +3451 -0
angr/analyses/cfg/cfg_fast.py +5431 -0
angr/analyses/cfg/cfg_fast_soot.py +662 -0
angr/analyses/cfg/cfg_job_base.py +203 -0
angr/analyses/cfg/indirect_jump_resolvers/__init__.py +30 -0
angr/analyses/cfg/indirect_jump_resolvers/aarch64_macho_got.py +77 -0
angr/analyses/cfg/indirect_jump_resolvers/amd64_elf_got.py +62 -0
angr/analyses/cfg/indirect_jump_resolvers/amd64_pe_iat.py +51 -0
angr/analyses/cfg/indirect_jump_resolvers/arm_elf_fast.py +159 -0
angr/analyses/cfg/indirect_jump_resolvers/const_resolver.py +339 -0
angr/analyses/cfg/indirect_jump_resolvers/constant_value_manager.py +107 -0
angr/analyses/cfg/indirect_jump_resolvers/default_resolvers.py +82 -0
angr/analyses/cfg/indirect_jump_resolvers/jumptable.py +2490 -0
angr/analyses/cfg/indirect_jump_resolvers/memload_resolver.py +81 -0
angr/analyses/cfg/indirect_jump_resolvers/mips_elf_fast.py +286 -0
angr/analyses/cfg/indirect_jump_resolvers/mips_elf_got.py +148 -0
angr/analyses/cfg/indirect_jump_resolvers/propagator_utils.py +46 -0
angr/analyses/cfg/indirect_jump_resolvers/resolver.py +74 -0
angr/analyses/cfg/indirect_jump_resolvers/syscall_resolver.py +92 -0
angr/analyses/cfg/indirect_jump_resolvers/x86_elf_pic_plt.py +88 -0
angr/analyses/cfg/indirect_jump_resolvers/x86_pe_iat.py +47 -0
angr/analyses/cfg_slice_to_sink/__init__.py +11 -0
angr/analyses/cfg_slice_to_sink/cfg_slice_to_sink.py +117 -0
angr/analyses/cfg_slice_to_sink/graph.py +87 -0
angr/analyses/cfg_slice_to_sink/transitions.py +27 -0
angr/analyses/class_identifier.py +63 -0
angr/analyses/code_tagging.py +123 -0
angr/analyses/codecave.py +77 -0
angr/analyses/complete_calling_conventions.py +475 -0
angr/analyses/congruency_check.py +377 -0
angr/analyses/data_dep/__init__.py +16 -0
angr/analyses/data_dep/data_dependency_analysis.py +595 -0
angr/analyses/data_dep/dep_nodes.py +171 -0
angr/analyses/data_dep/sim_act_location.py +49 -0
angr/analyses/datagraph_meta.py +105 -0
angr/analyses/ddg.py +1670 -0
angr/analyses/decompiler/__init__.py +41 -0
angr/analyses/decompiler/ail_simplifier.py +2246 -0
angr/analyses/decompiler/ailgraph_walker.py +49 -0
angr/analyses/decompiler/block_io_finder.py +302 -0
angr/analyses/decompiler/block_similarity.py +199 -0
angr/analyses/decompiler/block_simplifier.py +397 -0
angr/analyses/decompiler/callsite_maker.py +579 -0
angr/analyses/decompiler/ccall_rewriters/__init__.py +9 -0
angr/analyses/decompiler/ccall_rewriters/amd64_ccalls.py +618 -0
angr/analyses/decompiler/ccall_rewriters/rewriter_base.py +24 -0
angr/analyses/decompiler/ccall_rewriters/x86_ccalls.py +354 -0
angr/analyses/decompiler/clinic.py +3662 -0
angr/analyses/decompiler/condition_processor.py +1323 -0
angr/analyses/decompiler/counters/__init__.py +16 -0
angr/analyses/decompiler/counters/boolean_counter.py +27 -0
angr/analyses/decompiler/counters/call_counter.py +77 -0
angr/analyses/decompiler/counters/expression_counters.py +77 -0
angr/analyses/decompiler/counters/seq_cf_structure_counter.py +63 -0
angr/analyses/decompiler/decompilation_cache.py +54 -0
angr/analyses/decompiler/decompilation_options.py +317 -0
angr/analyses/decompiler/decompiler.py +796 -0
angr/analyses/decompiler/dephication/__init__.py +6 -0
angr/analyses/decompiler/dephication/dephication_base.py +100 -0
angr/analyses/decompiler/dephication/graph_dephication.py +70 -0
angr/analyses/decompiler/dephication/graph_rewriting.py +112 -0
angr/analyses/decompiler/dephication/graph_vvar_mapping.py +357 -0
angr/analyses/decompiler/dephication/rewriting_engine.py +528 -0
angr/analyses/decompiler/dephication/seqnode_dephication.py +156 -0
angr/analyses/decompiler/dirty_rewriters/__init__.py +7 -0
angr/analyses/decompiler/dirty_rewriters/amd64_dirty.py +74 -0
angr/analyses/decompiler/dirty_rewriters/rewriter_base.py +27 -0
angr/analyses/decompiler/empty_node_remover.py +212 -0
angr/analyses/decompiler/expression_narrower.py +290 -0
angr/analyses/decompiler/goto_manager.py +112 -0
angr/analyses/decompiler/graph_region.py +441 -0
angr/analyses/decompiler/jump_target_collector.py +37 -0
angr/analyses/decompiler/jumptable_entry_condition_rewriter.py +67 -0
angr/analyses/decompiler/label_collector.py +32 -0
angr/analyses/decompiler/node_replacer.py +42 -0
angr/analyses/decompiler/notes/__init__.py +9 -0
angr/analyses/decompiler/notes/decompilation_note.py +48 -0
angr/analyses/decompiler/notes/deobfuscated_strings.py +56 -0
angr/analyses/decompiler/optimization_passes/__init__.py +164 -0
angr/analyses/decompiler/optimization_passes/base_ptr_save_simplifier.py +157 -0
angr/analyses/decompiler/optimization_passes/call_stmt_rewriter.py +46 -0
angr/analyses/decompiler/optimization_passes/code_motion.py +362 -0
angr/analyses/decompiler/optimization_passes/condition_constprop.py +211 -0
angr/analyses/decompiler/optimization_passes/const_derefs.py +127 -0
angr/analyses/decompiler/optimization_passes/const_prop_reverter.py +365 -0
angr/analyses/decompiler/optimization_passes/cross_jump_reverter.py +106 -0
angr/analyses/decompiler/optimization_passes/deadblock_remover.py +82 -0
angr/analyses/decompiler/optimization_passes/determine_load_sizes.py +64 -0
angr/analyses/decompiler/optimization_passes/div_simplifier.py +425 -0
angr/analyses/decompiler/optimization_passes/duplication_reverter/__init__.py +5 -0
angr/analyses/decompiler/optimization_passes/duplication_reverter/ail_merge_graph.py +503 -0
angr/analyses/decompiler/optimization_passes/duplication_reverter/duplication_reverter.py +1221 -0
angr/analyses/decompiler/optimization_passes/duplication_reverter/errors.py +16 -0
angr/analyses/decompiler/optimization_passes/duplication_reverter/similarity.py +126 -0
angr/analyses/decompiler/optimization_passes/duplication_reverter/utils.py +167 -0
angr/analyses/decompiler/optimization_passes/eager_std_string_concatenation.py +236 -0
angr/analyses/decompiler/optimization_passes/eager_std_string_eval.py +186 -0
angr/analyses/decompiler/optimization_passes/engine_base.py +502 -0
angr/analyses/decompiler/optimization_passes/expr_op_swapper.py +138 -0
angr/analyses/decompiler/optimization_passes/flip_boolean_cmp.py +113 -0
angr/analyses/decompiler/optimization_passes/inlined_string_transformation_simplifier.py +618 -0
angr/analyses/decompiler/optimization_passes/inlined_strlen_simplifier.py +274 -0
angr/analyses/decompiler/optimization_passes/ite_expr_converter.py +224 -0
angr/analyses/decompiler/optimization_passes/ite_region_converter.py +337 -0
angr/analyses/decompiler/optimization_passes/lowered_switch_simplifier.py +939 -0
angr/analyses/decompiler/optimization_passes/mod_simplifier.py +99 -0
angr/analyses/decompiler/optimization_passes/optimization_pass.py +710 -0
angr/analyses/decompiler/optimization_passes/peephole_simplifier.py +75 -0
angr/analyses/decompiler/optimization_passes/register_save_area_simplifier.py +263 -0
angr/analyses/decompiler/optimization_passes/register_save_area_simplifier_adv.py +198 -0
angr/analyses/decompiler/optimization_passes/ret_addr_save_simplifier.py +171 -0
angr/analyses/decompiler/optimization_passes/ret_deduplicator.py +222 -0
angr/analyses/decompiler/optimization_passes/return_duplicator_base.py +632 -0
angr/analyses/decompiler/optimization_passes/return_duplicator_high.py +61 -0
angr/analyses/decompiler/optimization_passes/return_duplicator_low.py +166 -0
angr/analyses/decompiler/optimization_passes/stack_canary_simplifier.py +333 -0
angr/analyses/decompiler/optimization_passes/static_vvar_rewriter.py +336 -0
angr/analyses/decompiler/optimization_passes/switch_default_case_duplicator.py +166 -0
angr/analyses/decompiler/optimization_passes/switch_reused_entry_rewriter.py +102 -0
angr/analyses/decompiler/optimization_passes/tag_slicer.py +41 -0
angr/analyses/decompiler/optimization_passes/win_stack_canary_simplifier.py +477 -0
angr/analyses/decompiler/optimization_passes/x86_gcc_getpc_simplifier.py +88 -0
angr/analyses/decompiler/peephole_optimizations/__init__.py +136 -0
angr/analyses/decompiler/peephole_optimizations/a_div_const_add_a_mul_n_div_const.py +42 -0
angr/analyses/decompiler/peephole_optimizations/a_mul_const_div_shr_const.py +38 -0
angr/analyses/decompiler/peephole_optimizations/a_mul_const_sub_a.py +34 -0
angr/analyses/decompiler/peephole_optimizations/a_shl_const_sub_a.py +34 -0
angr/analyses/decompiler/peephole_optimizations/a_sub_a_div.py +25 -0
angr/analyses/decompiler/peephole_optimizations/a_sub_a_shr_const_shr_const.py +37 -0
angr/analyses/decompiler/peephole_optimizations/a_sub_a_sub_n.py +23 -0
angr/analyses/decompiler/peephole_optimizations/arm_cmpf.py +236 -0
angr/analyses/decompiler/peephole_optimizations/base.py +157 -0
angr/analyses/decompiler/peephole_optimizations/basepointeroffset_add_n.py +34 -0
angr/analyses/decompiler/peephole_optimizations/basepointeroffset_and_mask.py +36 -0
angr/analyses/decompiler/peephole_optimizations/bitwise_or_to_logical_or.py +34 -0
angr/analyses/decompiler/peephole_optimizations/bool_expr_xor_1.py +27 -0
angr/analyses/decompiler/peephole_optimizations/bswap.py +142 -0
angr/analyses/decompiler/peephole_optimizations/cas_intrinsics.py +182 -0
angr/analyses/decompiler/peephole_optimizations/cmpord_rewriter.py +71 -0
angr/analyses/decompiler/peephole_optimizations/coalesce_adjacent_shrs.py +39 -0
angr/analyses/decompiler/peephole_optimizations/coalesce_same_cascading_ifs.py +28 -0
angr/analyses/decompiler/peephole_optimizations/constant_derefs.py +44 -0
angr/analyses/decompiler/peephole_optimizations/conv_a_sub0_shr_and.py +69 -0
angr/analyses/decompiler/peephole_optimizations/conv_shl_shr.py +52 -0
angr/analyses/decompiler/peephole_optimizations/eager_eval.py +436 -0
angr/analyses/decompiler/peephole_optimizations/extended_byte_and_mask.py +56 -0
angr/analyses/decompiler/peephole_optimizations/inlined_memcpy.py +78 -0
angr/analyses/decompiler/peephole_optimizations/inlined_memset.py +262 -0
angr/analyses/decompiler/peephole_optimizations/inlined_strcpy.py +217 -0
angr/analyses/decompiler/peephole_optimizations/inlined_strcpy_consolidation.py +106 -0
angr/analyses/decompiler/peephole_optimizations/inlined_wcscpy.py +256 -0
angr/analyses/decompiler/peephole_optimizations/inlined_wcscpy_consolidation.py +296 -0
angr/analyses/decompiler/peephole_optimizations/invert_negated_logical_conjuction_disjunction.py +50 -0
angr/analyses/decompiler/peephole_optimizations/modulo_simplifier.py +89 -0
angr/analyses/decompiler/peephole_optimizations/one_sub_bool.py +33 -0
angr/analyses/decompiler/peephole_optimizations/optimized_div_simplifier.py +356 -0
angr/analyses/decompiler/peephole_optimizations/remove_cascading_conversions.py +45 -0
angr/analyses/decompiler/peephole_optimizations/remove_cxx_destructor_calls.py +32 -0
angr/analyses/decompiler/peephole_optimizations/remove_empty_if_body.py +46 -0
angr/analyses/decompiler/peephole_optimizations/remove_noop_conversions.py +47 -0
angr/analyses/decompiler/peephole_optimizations/remove_redundant_bitmasks.py +125 -0
angr/analyses/decompiler/peephole_optimizations/remove_redundant_conversions.py +273 -0
angr/analyses/decompiler/peephole_optimizations/remove_redundant_derefs.py +21 -0
angr/analyses/decompiler/peephole_optimizations/remove_redundant_ite_branch.py +30 -0
angr/analyses/decompiler/peephole_optimizations/remove_redundant_ite_comparisons.py +54 -0
angr/analyses/decompiler/peephole_optimizations/remove_redundant_nots.py +36 -0
angr/analyses/decompiler/peephole_optimizations/remove_redundant_reinterprets.py +44 -0
angr/analyses/decompiler/peephole_optimizations/remove_redundant_shifts.py +95 -0
angr/analyses/decompiler/peephole_optimizations/remove_redundant_shifts_around_comparators.py +115 -0
angr/analyses/decompiler/peephole_optimizations/rewrite_bit_extractions.py +85 -0
angr/analyses/decompiler/peephole_optimizations/rewrite_conv_mul.py +40 -0
angr/analyses/decompiler/peephole_optimizations/rewrite_cxx_operator_calls.py +90 -0
angr/analyses/decompiler/peephole_optimizations/rewrite_mips_gp_loads.py +49 -0
angr/analyses/decompiler/peephole_optimizations/rol_ror.py +130 -0
angr/analyses/decompiler/peephole_optimizations/sar_to_signed_div.py +143 -0
angr/analyses/decompiler/peephole_optimizations/shl_to_mul.py +25 -0
angr/analyses/decompiler/peephole_optimizations/simplify_pc_relative_loads.py +51 -0
angr/analyses/decompiler/peephole_optimizations/single_bit_cond_to_boolexpr.py +28 -0
angr/analyses/decompiler/peephole_optimizations/single_bit_xor.py +29 -0
angr/analyses/decompiler/peephole_optimizations/tidy_stack_addr.py +131 -0
angr/analyses/decompiler/peephole_optimizations/utils.py +18 -0
angr/analyses/decompiler/presets/__init__.py +22 -0
angr/analyses/decompiler/presets/basic.py +36 -0
angr/analyses/decompiler/presets/fast.py +66 -0
angr/analyses/decompiler/presets/full.py +76 -0
angr/analyses/decompiler/presets/malware.py +70 -0
angr/analyses/decompiler/presets/preset.py +37 -0
angr/analyses/decompiler/redundant_label_remover.py +141 -0
angr/analyses/decompiler/region_identifier.py +1319 -0
angr/analyses/decompiler/region_simplifiers/__init__.py +5 -0
angr/analyses/decompiler/region_simplifiers/cascading_cond_transformer.py +95 -0
angr/analyses/decompiler/region_simplifiers/cascading_ifs.py +82 -0
angr/analyses/decompiler/region_simplifiers/expr_folding.py +838 -0
angr/analyses/decompiler/region_simplifiers/goto.py +178 -0
angr/analyses/decompiler/region_simplifiers/if_.py +135 -0
angr/analyses/decompiler/region_simplifiers/ifelse.py +91 -0
angr/analyses/decompiler/region_simplifiers/loop.py +143 -0
angr/analyses/decompiler/region_simplifiers/node_address_finder.py +24 -0
angr/analyses/decompiler/region_simplifiers/region_simplifier.py +270 -0
angr/analyses/decompiler/region_simplifiers/switch_cluster_simplifier.py +654 -0
angr/analyses/decompiler/region_simplifiers/switch_expr_simplifier.py +87 -0
angr/analyses/decompiler/region_walker.py +24 -0
angr/analyses/decompiler/return_maker.py +72 -0
angr/analyses/decompiler/semantic_naming/__init__.py +37 -0
angr/analyses/decompiler/semantic_naming/array_index_naming.py +196 -0
angr/analyses/decompiler/semantic_naming/boolean_naming.py +264 -0
angr/analyses/decompiler/semantic_naming/call_result_naming.py +220 -0
angr/analyses/decompiler/semantic_naming/naming_base.py +166 -0
angr/analyses/decompiler/semantic_naming/orchestrator.py +107 -0
angr/analyses/decompiler/semantic_naming/pointer_naming.py +334 -0
angr/analyses/decompiler/semantic_naming/region_loop_counter_naming.py +246 -0
angr/analyses/decompiler/semantic_naming/size_naming.py +137 -0
angr/analyses/decompiler/seq_to_blocks.py +20 -0
angr/analyses/decompiler/sequence_walker.py +261 -0
angr/analyses/decompiler/ssailification/__init__.py +4 -0
angr/analyses/decompiler/ssailification/rewriting.py +451 -0
angr/analyses/decompiler/ssailification/rewriting_engine.py +1091 -0
angr/analyses/decompiler/ssailification/rewriting_state.py +61 -0
angr/analyses/decompiler/ssailification/ssailification.py +283 -0
angr/analyses/decompiler/ssailification/traversal.py +127 -0
angr/analyses/decompiler/ssailification/traversal_engine.py +323 -0
angr/analyses/decompiler/ssailification/traversal_state.py +48 -0
angr/analyses/decompiler/stack_item.py +36 -0
angr/analyses/decompiler/structured_codegen/__init__.py +25 -0
angr/analyses/decompiler/structured_codegen/base.py +193 -0
angr/analyses/decompiler/structured_codegen/c.py +4257 -0
angr/analyses/decompiler/structured_codegen/dummy.py +15 -0
angr/analyses/decompiler/structured_codegen/dwarf_import.py +190 -0
angr/analyses/decompiler/structuring/__init__.py +30 -0
angr/analyses/decompiler/structuring/dream.py +1217 -0
angr/analyses/decompiler/structuring/phoenix.py +3636 -0
angr/analyses/decompiler/structuring/recursive_structurer.py +187 -0
angr/analyses/decompiler/structuring/sailr.py +120 -0
angr/analyses/decompiler/structuring/structurer_base.py +1140 -0
angr/analyses/decompiler/structuring/structurer_nodes.py +442 -0
angr/analyses/decompiler/utils.py +1224 -0
angr/analyses/deobfuscator/__init__.py +23 -0
angr/analyses/deobfuscator/api_obf_finder.py +333 -0
angr/analyses/deobfuscator/api_obf_peephole_optimizer.py +80 -0
angr/analyses/deobfuscator/api_obf_type2_finder.py +166 -0
angr/analyses/deobfuscator/data_transformation_embedder.py +633 -0
angr/analyses/deobfuscator/hash_lookup_api_deobfuscator.py +156 -0
angr/analyses/deobfuscator/irsb_reg_collector.py +54 -0
angr/analyses/deobfuscator/scope_ops_analyzer.py +68 -0
angr/analyses/deobfuscator/string_obf_finder.py +983 -0
angr/analyses/deobfuscator/string_obf_opt_passes.py +136 -0
angr/analyses/deobfuscator/string_obf_peephole_optimizer.py +47 -0
angr/analyses/disassembly.py +1351 -0
angr/analyses/disassembly_utils.py +101 -0
angr/analyses/dominance_frontier.py +57 -0
angr/analyses/fcp/__init__.py +4 -0
angr/analyses/fcp/fcp.py +427 -0
angr/analyses/find_objects_static.py +205 -0
angr/analyses/flirt/__init__.py +47 -0
angr/analyses/flirt/consts.py +160 -0
angr/analyses/flirt/flirt.py +249 -0
angr/analyses/flirt/flirt_function.py +20 -0
angr/analyses/flirt/flirt_matcher.py +352 -0
angr/analyses/flirt/flirt_module.py +32 -0
angr/analyses/flirt/flirt_node.py +23 -0
angr/analyses/flirt/flirt_sig.py +359 -0
angr/analyses/flirt/flirt_utils.py +31 -0
angr/analyses/forward_analysis/__init__.py +12 -0
angr/analyses/forward_analysis/forward_analysis.py +619 -0
angr/analyses/forward_analysis/job_info.py +64 -0
angr/analyses/forward_analysis/visitors/__init__.py +14 -0
angr/analyses/forward_analysis/visitors/call_graph.py +29 -0
angr/analyses/forward_analysis/visitors/function_graph.py +86 -0
angr/analyses/forward_analysis/visitors/graph.py +242 -0
angr/analyses/forward_analysis/visitors/loop.py +29 -0
angr/analyses/forward_analysis/visitors/single_node_graph.py +38 -0
angr/analyses/identifier/__init__.py +5 -0
angr/analyses/identifier/custom_callable.py +137 -0
angr/analyses/identifier/errors.py +10 -0
angr/analyses/identifier/func.py +60 -0
angr/analyses/identifier/functions/__init__.py +37 -0
angr/analyses/identifier/functions/atoi.py +73 -0
angr/analyses/identifier/functions/based_atoi.py +125 -0
angr/analyses/identifier/functions/fdprintf.py +123 -0
angr/analyses/identifier/functions/free.py +64 -0
angr/analyses/identifier/functions/int2str.py +287 -0
angr/analyses/identifier/functions/malloc.py +111 -0
angr/analyses/identifier/functions/memcmp.py +67 -0
angr/analyses/identifier/functions/memcpy.py +89 -0
angr/analyses/identifier/functions/memset.py +43 -0
angr/analyses/identifier/functions/printf.py +123 -0
angr/analyses/identifier/functions/recv_until.py +312 -0
angr/analyses/identifier/functions/skip_calloc.py +73 -0
angr/analyses/identifier/functions/skip_realloc.py +97 -0
angr/analyses/identifier/functions/skip_recv_n.py +105 -0
angr/analyses/identifier/functions/snprintf.py +112 -0
angr/analyses/identifier/functions/sprintf.py +116 -0
angr/analyses/identifier/functions/strcasecmp.py +33 -0
angr/analyses/identifier/functions/strcmp.py +113 -0
angr/analyses/identifier/functions/strcpy.py +43 -0
angr/analyses/identifier/functions/strlen.py +27 -0
angr/analyses/identifier/functions/strncmp.py +104 -0
angr/analyses/identifier/functions/strncpy.py +65 -0
angr/analyses/identifier/functions/strtol.py +89 -0
angr/analyses/identifier/identify.py +825 -0
angr/analyses/identifier/runner.py +360 -0
angr/analyses/init_finder.py +289 -0
angr/analyses/loop_analysis/__init__.py +4 -0
angr/analyses/loop_analysis/loop_analysis.py +464 -0
angr/analyses/loop_analysis.py +349 -0
angr/analyses/loop_unroller/__init__.py +4 -0
angr/analyses/loop_unroller/loop_unroller.py +222 -0
angr/analyses/loopfinder.py +171 -0
angr/analyses/outliner/__init__.py +7 -0
angr/analyses/outliner/outliner.py +402 -0
angr/analyses/patchfinder.py +137 -0
angr/analyses/pathfinder.py +282 -0
angr/analyses/propagator/__init__.py +5 -0
angr/analyses/propagator/engine_base.py +62 -0
angr/analyses/propagator/engine_vex.py +297 -0
angr/analyses/propagator/propagator.py +361 -0
angr/analyses/propagator/top_checker_mixin.py +218 -0
angr/analyses/propagator/values.py +117 -0
angr/analyses/propagator/vex_vars.py +68 -0
angr/analyses/proximity_graph.py +444 -0
angr/analyses/purity/__init__.py +15 -0
angr/analyses/purity/analysis.py +78 -0
angr/analyses/purity/engine.py +593 -0
angr/analyses/reaching_definitions/__init__.py +67 -0
angr/analyses/reaching_definitions/call_trace.py +73 -0
angr/analyses/reaching_definitions/dep_graph.py +433 -0
angr/analyses/reaching_definitions/engine_ail.py +1128 -0
angr/analyses/reaching_definitions/engine_vex.py +1128 -0
angr/analyses/reaching_definitions/external_codeloc.py +0 -0
angr/analyses/reaching_definitions/function_handler.py +639 -0
angr/analyses/reaching_definitions/function_handler_library/__init__.py +12 -0
angr/analyses/reaching_definitions/function_handler_library/stdio.py +269 -0
angr/analyses/reaching_definitions/function_handler_library/stdlib.py +195 -0
angr/analyses/reaching_definitions/function_handler_library/string.py +158 -0
angr/analyses/reaching_definitions/function_handler_library/unistd.py +51 -0
angr/analyses/reaching_definitions/heap_allocator.py +70 -0
angr/analyses/reaching_definitions/rd_initializer.py +237 -0
angr/analyses/reaching_definitions/rd_state.py +579 -0
angr/analyses/reaching_definitions/reaching_definitions.py +581 -0
angr/analyses/reaching_definitions/subject.py +65 -0
angr/analyses/reassembler.py +2900 -0
angr/analyses/s_liveness.py +254 -0
angr/analyses/s_propagator.py +575 -0
angr/analyses/s_reaching_definitions/__init__.py +12 -0
angr/analyses/s_reaching_definitions/s_rda_model.py +145 -0
angr/analyses/s_reaching_definitions/s_rda_view.py +344 -0
angr/analyses/s_reaching_definitions/s_reaching_definitions.py +230 -0
angr/analyses/smc.py +160 -0
angr/analyses/soot_class_hierarchy.py +273 -0
angr/analyses/stack_pointer_tracker.py +954 -0
angr/analyses/static_hooker.py +53 -0
angr/analyses/typehoon/__init__.py +5 -0
angr/analyses/typehoon/dfa.py +118 -0
angr/analyses/typehoon/lifter.py +133 -0
angr/analyses/typehoon/simple_solver.py +2009 -0
angr/analyses/typehoon/translator.py +283 -0
angr/analyses/typehoon/typeconsts.py +439 -0
angr/analyses/typehoon/typehoon.py +338 -0
angr/analyses/typehoon/typevars.py +633 -0
angr/analyses/typehoon/variance.py +11 -0
angr/analyses/unpacker/__init__.py +6 -0
angr/analyses/unpacker/obfuscation_detector.py +103 -0
angr/analyses/unpacker/packing_detector.py +138 -0
angr/analyses/variable_recovery/__init__.py +9 -0
angr/analyses/variable_recovery/annotations.py +58 -0
angr/analyses/variable_recovery/engine_ail.py +978 -0
angr/analyses/variable_recovery/engine_base.py +1256 -0
angr/analyses/variable_recovery/engine_vex.py +594 -0
angr/analyses/variable_recovery/irsb_scanner.py +143 -0
angr/analyses/variable_recovery/variable_recovery.py +574 -0
angr/analyses/variable_recovery/variable_recovery_base.py +489 -0
angr/analyses/variable_recovery/variable_recovery_fast.py +669 -0
angr/analyses/veritesting.py +626 -0
angr/analyses/vfg.py +1898 -0
angr/analyses/vsa_ddg.py +420 -0
angr/analyses/vtable.py +92 -0
angr/analyses/xrefs.py +286 -0
angr/angrdb/__init__.py +14 -0
angr/angrdb/db.py +215 -0
angr/angrdb/models.py +184 -0
angr/angrdb/serializers/__init__.py +10 -0
angr/angrdb/serializers/cfg_model.py +41 -0
angr/angrdb/serializers/comments.py +60 -0
angr/angrdb/serializers/funcs.py +61 -0
angr/angrdb/serializers/kb.py +111 -0
angr/angrdb/serializers/labels.py +59 -0
angr/angrdb/serializers/loader.py +165 -0
angr/angrdb/serializers/structured_code.py +167 -0
angr/angrdb/serializers/variables.py +58 -0
angr/angrdb/serializers/xrefs.py +48 -0
angr/annocfg.py +317 -0
angr/blade.py +431 -0
angr/block.py +509 -0
angr/callable.py +176 -0
angr/calling_conventions.py +2613 -0
angr/code_location.py +249 -0
angr/codenode.py +145 -0
angr/concretization_strategies/__init__.py +32 -0
angr/concretization_strategies/any.py +17 -0
angr/concretization_strategies/any_named.py +35 -0
angr/concretization_strategies/base.py +81 -0
angr/concretization_strategies/controlled_data.py +58 -0
angr/concretization_strategies/eval.py +19 -0
angr/concretization_strategies/logging.py +35 -0
angr/concretization_strategies/max.py +25 -0
angr/concretization_strategies/nonzero.py +16 -0
angr/concretization_strategies/nonzero_range.py +22 -0
angr/concretization_strategies/norepeats.py +37 -0
angr/concretization_strategies/norepeats_range.py +37 -0
angr/concretization_strategies/range.py +19 -0
angr/concretization_strategies/signed_add.py +31 -0
angr/concretization_strategies/single.py +15 -0
angr/concretization_strategies/solutions.py +20 -0
angr/concretization_strategies/unlimited_range.py +17 -0
angr/distributed/__init__.py +9 -0
angr/distributed/server.py +197 -0
angr/distributed/worker.py +185 -0
angr/emulator.py +144 -0
angr/engines/__init__.py +69 -0
angr/engines/ail/__init__.py +16 -0
angr/engines/ail/callstack.py +58 -0
angr/engines/ail/engine_light.py +903 -0
angr/engines/ail/engine_successors.py +24 -0
angr/engines/ail/setup.py +57 -0
angr/engines/concrete.py +66 -0
angr/engines/engine.py +29 -0
angr/engines/failure.py +27 -0
angr/engines/hook.py +93 -0
angr/engines/icicle.py +294 -0
angr/engines/light/__init__.py +23 -0
angr/engines/light/data.py +681 -0
angr/engines/light/engine.py +1297 -0
angr/engines/pcode/__init__.py +9 -0
angr/engines/pcode/behavior.py +998 -0
angr/engines/pcode/cc.py +148 -0
angr/engines/pcode/emulate.py +440 -0
angr/engines/pcode/engine.py +242 -0
angr/engines/pcode/lifter.py +1428 -0
angr/engines/procedure.py +70 -0
angr/engines/soot/__init__.py +5 -0
angr/engines/soot/engine.py +410 -0
angr/engines/soot/exceptions.py +17 -0
angr/engines/soot/expressions/__init__.py +87 -0
angr/engines/soot/expressions/arrayref.py +22 -0
angr/engines/soot/expressions/base.py +21 -0
angr/engines/soot/expressions/binop.py +28 -0
angr/engines/soot/expressions/cast.py +22 -0
angr/engines/soot/expressions/condition.py +35 -0
angr/engines/soot/expressions/constants.py +47 -0
angr/engines/soot/expressions/instanceOf.py +15 -0
angr/engines/soot/expressions/instancefieldref.py +8 -0
angr/engines/soot/expressions/invoke.py +114 -0
angr/engines/soot/expressions/length.py +8 -0
angr/engines/soot/expressions/local.py +8 -0
angr/engines/soot/expressions/new.py +16 -0
angr/engines/soot/expressions/newArray.py +54 -0
angr/engines/soot/expressions/newMultiArray.py +86 -0
angr/engines/soot/expressions/paramref.py +8 -0
angr/engines/soot/expressions/phi.py +30 -0
angr/engines/soot/expressions/staticfieldref.py +8 -0
angr/engines/soot/expressions/thisref.py +7 -0
angr/engines/soot/expressions/unsupported.py +7 -0
angr/engines/soot/field_dispatcher.py +46 -0
angr/engines/soot/method_dispatcher.py +46 -0
angr/engines/soot/statements/__init__.py +44 -0
angr/engines/soot/statements/assign.py +30 -0
angr/engines/soot/statements/base.py +79 -0
angr/engines/soot/statements/goto.py +14 -0
angr/engines/soot/statements/identity.py +15 -0
angr/engines/soot/statements/if_.py +19 -0
angr/engines/soot/statements/invoke.py +12 -0
angr/engines/soot/statements/return_.py +20 -0
angr/engines/soot/statements/switch.py +41 -0
angr/engines/soot/statements/throw.py +15 -0
angr/engines/soot/values/__init__.py +38 -0
angr/engines/soot/values/arrayref.py +122 -0
angr/engines/soot/values/base.py +7 -0
angr/engines/soot/values/constants.py +18 -0
angr/engines/soot/values/instancefieldref.py +44 -0
angr/engines/soot/values/local.py +18 -0
angr/engines/soot/values/paramref.py +18 -0
angr/engines/soot/values/staticfieldref.py +38 -0
angr/engines/soot/values/strref.py +38 -0
angr/engines/soot/values/thisref.py +149 -0
angr/engines/successors.py +608 -0
angr/engines/syscall.py +51 -0
angr/engines/unicorn.py +490 -0
angr/engines/vex/__init__.py +20 -0
angr/engines/vex/claripy/__init__.py +5 -0
angr/engines/vex/claripy/ccall.py +2097 -0
angr/engines/vex/claripy/datalayer.py +141 -0
angr/engines/vex/claripy/irop.py +1276 -0
angr/engines/vex/heavy/__init__.py +16 -0
angr/engines/vex/heavy/actions.py +231 -0
angr/engines/vex/heavy/concretizers.py +403 -0
angr/engines/vex/heavy/dirty.py +466 -0
angr/engines/vex/heavy/heavy.py +370 -0
angr/engines/vex/heavy/inspect.py +52 -0
angr/engines/vex/heavy/resilience.py +85 -0
angr/engines/vex/heavy/super_fastpath.py +34 -0
angr/engines/vex/lifter.py +420 -0
angr/engines/vex/light/__init__.py +11 -0
angr/engines/vex/light/light.py +551 -0
angr/engines/vex/light/resilience.py +74 -0
angr/engines/vex/light/slicing.py +52 -0
angr/errors.py +611 -0
angr/exploration_techniques/__init__.py +53 -0
angr/exploration_techniques/base.py +126 -0
angr/exploration_techniques/bucketizer.py +94 -0
angr/exploration_techniques/common.py +56 -0
angr/exploration_techniques/dfs.py +37 -0
angr/exploration_techniques/director.py +520 -0
angr/exploration_techniques/driller_core.py +100 -0
angr/exploration_techniques/explorer.py +152 -0
angr/exploration_techniques/lengthlimiter.py +22 -0
angr/exploration_techniques/local_loop_seer.py +65 -0
angr/exploration_techniques/loop_seer.py +236 -0
angr/exploration_techniques/manual_mergepoint.py +82 -0
angr/exploration_techniques/memory_watcher.py +43 -0
angr/exploration_techniques/oppologist.py +92 -0
angr/exploration_techniques/slicecutor.py +118 -0
angr/exploration_techniques/spiller.py +280 -0
angr/exploration_techniques/spiller_db.py +27 -0
angr/exploration_techniques/stochastic.py +56 -0
angr/exploration_techniques/stub_stasher.py +19 -0
angr/exploration_techniques/suggestions.py +159 -0
angr/exploration_techniques/tech_builder.py +49 -0
angr/exploration_techniques/threading.py +69 -0
angr/exploration_techniques/timeout.py +34 -0
angr/exploration_techniques/tracer.py +1098 -0
angr/exploration_techniques/unique.py +106 -0
angr/exploration_techniques/veritesting.py +37 -0
angr/factory.py +413 -0
angr/flirt/__init__.py +124 -0
angr/flirt/build_sig.py +305 -0
angr/graph_utils.py +0 -0
angr/keyed_region.py +525 -0
angr/knowledge_base.py +146 -0
angr/knowledge_plugins/__init__.py +43 -0
angr/knowledge_plugins/callsite_prototypes.py +95 -0
angr/knowledge_plugins/cfg/__init__.py +18 -0
angr/knowledge_plugins/cfg/cfg_manager.py +95 -0
angr/knowledge_plugins/cfg/cfg_model.py +1043 -0
angr/knowledge_plugins/cfg/cfg_node.py +536 -0
angr/knowledge_plugins/cfg/indirect_jump.py +131 -0
angr/knowledge_plugins/cfg/memory_data.py +156 -0
angr/knowledge_plugins/comments.py +16 -0
angr/knowledge_plugins/custom_strings.py +38 -0
angr/knowledge_plugins/data.py +22 -0
angr/knowledge_plugins/debug_variables.py +216 -0
angr/knowledge_plugins/functions/__init__.py +9 -0
angr/knowledge_plugins/functions/function.py +1830 -0
angr/knowledge_plugins/functions/function_manager.py +621 -0
angr/knowledge_plugins/functions/function_parser.py +360 -0
angr/knowledge_plugins/functions/soot_function.py +128 -0
angr/knowledge_plugins/indirect_jumps.py +35 -0
angr/knowledge_plugins/key_definitions/__init__.py +17 -0
angr/knowledge_plugins/key_definitions/atoms.py +374 -0
angr/knowledge_plugins/key_definitions/constants.py +29 -0
angr/knowledge_plugins/key_definitions/definition.py +216 -0
angr/knowledge_plugins/key_definitions/environment.py +96 -0
angr/knowledge_plugins/key_definitions/heap_address.py +33 -0
angr/knowledge_plugins/key_definitions/key_definition_manager.py +82 -0
angr/knowledge_plugins/key_definitions/live_definitions.py +1020 -0
angr/knowledge_plugins/key_definitions/liveness.py +165 -0
angr/knowledge_plugins/key_definitions/rd_model.py +171 -0
angr/knowledge_plugins/key_definitions/tag.py +78 -0
angr/knowledge_plugins/key_definitions/undefined.py +70 -0
angr/knowledge_plugins/key_definitions/unknown_size.py +86 -0
angr/knowledge_plugins/key_definitions/uses.py +178 -0
angr/knowledge_plugins/labels.py +110 -0
angr/knowledge_plugins/obfuscations.py +40 -0
angr/knowledge_plugins/patches.py +126 -0
angr/knowledge_plugins/plugin.py +24 -0
angr/knowledge_plugins/propagations/__init__.py +10 -0
angr/knowledge_plugins/propagations/prop_value.py +191 -0
angr/knowledge_plugins/propagations/propagation_manager.py +60 -0
angr/knowledge_plugins/propagations/propagation_model.py +80 -0
angr/knowledge_plugins/propagations/states.py +552 -0
angr/knowledge_plugins/structured_code.py +63 -0
angr/knowledge_plugins/types.py +95 -0
angr/knowledge_plugins/variables/__init__.py +8 -0
angr/knowledge_plugins/variables/variable_access.py +113 -0
angr/knowledge_plugins/variables/variable_manager.py +1375 -0
angr/knowledge_plugins/xrefs/__init__.py +12 -0
angr/knowledge_plugins/xrefs/xref.py +150 -0
angr/knowledge_plugins/xrefs/xref_manager.py +127 -0
angr/knowledge_plugins/xrefs/xref_types.py +16 -0
angr/misc/__init__.py +19 -0
angr/misc/ansi.py +47 -0
angr/misc/autoimport.py +90 -0
angr/misc/bug_report.py +126 -0
angr/misc/hookset.py +106 -0
angr/misc/loggers.py +130 -0
angr/misc/picklable_lock.py +46 -0
angr/misc/plugins.py +289 -0
angr/misc/telemetry.py +54 -0
angr/misc/testing.py +24 -0
angr/misc/ux.py +31 -0
angr/procedures/__init__.py +12 -0
angr/procedures/advapi32/__init__.py +0 -0
angr/procedures/cgc/__init__.py +3 -0
angr/procedures/cgc/_terminate.py +11 -0
angr/procedures/cgc/allocate.py +75 -0
angr/procedures/cgc/deallocate.py +67 -0
angr/procedures/cgc/fdwait.py +65 -0
angr/procedures/cgc/random.py +67 -0
angr/procedures/cgc/receive.py +93 -0
angr/procedures/cgc/transmit.py +65 -0
angr/procedures/definitions/__init__.py +1043 -0
angr/procedures/definitions/cgc.py +23 -0
angr/procedures/definitions/common/glibc.json +3516 -0
angr/procedures/definitions/gnulib.py +41 -0
angr/procedures/definitions/libstdcpp.py +25 -0
angr/procedures/definitions/linux_kernel.py +8382 -0
angr/procedures/definitions/linux_loader.py +7 -0
angr/procedures/definitions/macho_libsystem.py +18 -0
angr/procedures/definitions/msvcr.py +25 -0
angr/procedures/definitions/parse_glibc.py +77 -0
angr/procedures/definitions/parse_syscalls_from_local_system.py +54 -0
angr/procedures/definitions/parse_win32json.py +2540 -0
angr/procedures/definitions/types_stl.py +22 -0
angr/procedures/definitions/wdk/api-ms-win-dx-d3dkmt-l1-1-4.json +24 -0
angr/procedures/definitions/wdk/api-ms-win-dx-d3dkmt-l1-1-6.json +18 -0
angr/procedures/definitions/wdk/clfs.json +189 -0
angr/procedures/definitions/wdk/fltmgr.json +813 -0
angr/procedures/definitions/wdk/fwpkclnt.json +24 -0
angr/procedures/definitions/wdk/fwpuclnt.json +453 -0
angr/procedures/definitions/wdk/gdi32.json +528 -0
angr/procedures/definitions/wdk/hal.json +96 -0
angr/procedures/definitions/wdk/ksecdd.json +72 -0
angr/procedures/definitions/wdk/ndis.json +336 -0
angr/procedures/definitions/wdk/ntoskrnl.json +5158 -0
angr/procedures/definitions/wdk/offreg.json +87 -0
angr/procedures/definitions/wdk/pshed.json +33 -0
angr/procedures/definitions/wdk/secur32.json +39 -0
angr/procedures/definitions/wdk/vhfum.json +30 -0
angr/procedures/definitions/win32/_types_win32.json +34480 -0
angr/procedures/definitions/win32/aclui.json +24 -0
angr/procedures/definitions/win32/activeds.json +81 -0
angr/procedures/definitions/win32/advapi32.json +2505 -0
angr/procedures/definitions/win32/advpack.json +165 -0
angr/procedures/definitions/win32/amsi.json +36 -0
angr/procedures/definitions/win32/api-ms-win-appmodel-runtime-l1-1-1.json +45 -0
angr/procedures/definitions/win32/api-ms-win-appmodel-runtime-l1-1-3.json +30 -0
angr/procedures/definitions/win32/api-ms-win-appmodel-runtime-l1-1-6.json +18 -0
angr/procedures/definitions/win32/api-ms-win-core-apiquery-l2-1-0.json +18 -0
angr/procedures/definitions/win32/api-ms-win-core-backgroundtask-l1-1-0.json +18 -0
angr/procedures/definitions/win32/api-ms-win-core-comm-l1-1-1.json +18 -0
angr/procedures/definitions/win32/api-ms-win-core-comm-l1-1-2.json +18 -0
angr/procedures/definitions/win32/api-ms-win-core-enclave-l1-1-1.json +24 -0
angr/procedures/definitions/win32/api-ms-win-core-errorhandling-l1-1-3.json +18 -0
angr/procedures/definitions/win32/api-ms-win-core-featurestaging-l1-1-0.json +30 -0
angr/procedures/definitions/win32/api-ms-win-core-featurestaging-l1-1-1.json +18 -0
angr/procedures/definitions/win32/api-ms-win-core-file-fromapp-l1-1-0.json +48 -0
angr/procedures/definitions/win32/api-ms-win-core-handle-l1-1-0.json +18 -0
angr/procedures/definitions/win32/api-ms-win-core-ioring-l1-1-0.json +51 -0
angr/procedures/definitions/win32/api-ms-win-core-marshal-l1-1-0.json +27 -0
angr/procedures/definitions/win32/api-ms-win-core-memory-l1-1-3.json +27 -0
angr/procedures/definitions/win32/api-ms-win-core-memory-l1-1-4.json +18 -0
angr/procedures/definitions/win32/api-ms-win-core-memory-l1-1-5.json +24 -0
angr/procedures/definitions/win32/api-ms-win-core-memory-l1-1-6.json +27 -0
angr/procedures/definitions/win32/api-ms-win-core-memory-l1-1-7.json +21 -0
angr/procedures/definitions/win32/api-ms-win-core-memory-l1-1-8.json +24 -0
angr/procedures/definitions/win32/api-ms-win-core-path-l1-1-0.json +81 -0
angr/procedures/definitions/win32/api-ms-win-core-psm-appnotify-l1-1-0.json +21 -0
angr/procedures/definitions/win32/api-ms-win-core-psm-appnotify-l1-1-1.json +21 -0
angr/procedures/definitions/win32/api-ms-win-core-realtime-l1-1-1.json +24 -0
angr/procedures/definitions/win32/api-ms-win-core-realtime-l1-1-2.json +24 -0
angr/procedures/definitions/win32/api-ms-win-core-slapi-l1-1-0.json +18 -0
angr/procedures/definitions/win32/api-ms-win-core-state-helpers-l1-1-0.json +18 -0
angr/procedures/definitions/win32/api-ms-win-core-synch-l1-2-0.json +24 -0
angr/procedures/definitions/win32/api-ms-win-core-sysinfo-l1-2-0.json +18 -0
angr/procedures/definitions/win32/api-ms-win-core-sysinfo-l1-2-3.json +21 -0
angr/procedures/definitions/win32/api-ms-win-core-sysinfo-l1-2-4.json +21 -0
angr/procedures/definitions/win32/api-ms-win-core-sysinfo-l1-2-6.json +18 -0
angr/procedures/definitions/win32/api-ms-win-core-util-l1-1-1.json +21 -0
angr/procedures/definitions/win32/api-ms-win-core-wow64-l1-1-1.json +24 -0
angr/procedures/definitions/win32/api-ms-win-devices-query-l1-1-0.json +42 -0
angr/procedures/definitions/win32/api-ms-win-devices-query-l1-1-1.json +30 -0
angr/procedures/definitions/win32/api-ms-win-dx-d3dkmt-l1-1-0.json +18 -0
angr/procedures/definitions/win32/api-ms-win-gaming-deviceinformation-l1-1-0.json +18 -0
angr/procedures/definitions/win32/api-ms-win-gaming-expandedresources-l1-1-0.json +24 -0
angr/procedures/definitions/win32/api-ms-win-gaming-tcui-l1-1-0.json +36 -0
angr/procedures/definitions/win32/api-ms-win-gaming-tcui-l1-1-1.json +21 -0
angr/procedures/definitions/win32/api-ms-win-gaming-tcui-l1-1-2.json +36 -0
angr/procedures/definitions/win32/api-ms-win-gaming-tcui-l1-1-3.json +21 -0
angr/procedures/definitions/win32/api-ms-win-gaming-tcui-l1-1-4.json +39 -0
angr/procedures/definitions/win32/api-ms-win-mm-misc-l1-1-1.json +18 -0
angr/procedures/definitions/win32/api-ms-win-net-isolation-l1-1-0.json +39 -0
angr/procedures/definitions/win32/api-ms-win-security-base-l1-2-2.json +18 -0
angr/procedures/definitions/win32/api-ms-win-security-isolatedcontainer-l1-1-0.json +18 -0
angr/procedures/definitions/win32/api-ms-win-security-isolatedcontainer-l1-1-1.json +18 -0
angr/procedures/definitions/win32/api-ms-win-service-core-l1-1-3.json +18 -0
angr/procedures/definitions/win32/api-ms-win-service-core-l1-1-4.json +18 -0
angr/procedures/definitions/win32/api-ms-win-service-core-l1-1-5.json +21 -0
angr/procedures/definitions/win32/api-ms-win-shcore-scaling-l1-1-0.json +24 -0
angr/procedures/definitions/win32/api-ms-win-shcore-scaling-l1-1-1.json +33 -0
angr/procedures/definitions/win32/api-ms-win-shcore-scaling-l1-1-2.json +18 -0
angr/procedures/definitions/win32/api-ms-win-wsl-api-l1-1-0.json +36 -0
angr/procedures/definitions/win32/apphelp.json +18 -0
angr/procedures/definitions/win32/authz.json +114 -0
angr/procedures/definitions/win32/avicap32.json +27 -0
angr/procedures/definitions/win32/avifil32.json +195 -0
angr/procedures/definitions/win32/avrt.json +57 -0
angr/procedures/definitions/win32/bcp47mrm.json +21 -0
angr/procedures/definitions/win32/bcrypt.json +174 -0
angr/procedures/definitions/win32/bcryptprimitives.json +21 -0
angr/procedures/definitions/win32/bluetoothapis.json +138 -0
angr/procedures/definitions/win32/bthprops_cpl.json +33 -0
angr/procedures/definitions/win32/cabinet.json +81 -0
angr/procedures/definitions/win32/certadm.json +69 -0
angr/procedures/definitions/win32/certpoleng.json +39 -0
angr/procedures/definitions/win32/cfgmgr32.json +732 -0
angr/procedures/definitions/win32/chakra.json +270 -0
angr/procedures/definitions/win32/cldapi.json +123 -0
angr/procedures/definitions/win32/clfsw32.json +192 -0
angr/procedures/definitions/win32/clusapi.json +855 -0
angr/procedures/definitions/win32/comctl32.json +360 -0
angr/procedures/definitions/win32/comdlg32.json +78 -0
angr/procedures/definitions/win32/compstui.json +27 -0
angr/procedures/definitions/win32/computecore.json +177 -0
angr/procedures/definitions/win32/computenetwork.json +144 -0
angr/procedures/definitions/win32/computestorage.json +51 -0
angr/procedures/definitions/win32/comsvcs.json +36 -0
angr/procedures/definitions/win32/credui.json +72 -0
angr/procedures/definitions/win32/crypt32.json +702 -0
angr/procedures/definitions/win32/cryptnet.json +30 -0
angr/procedures/definitions/win32/cryptui.json +45 -0
angr/procedures/definitions/win32/cryptxml.json +72 -0
angr/procedures/definitions/win32/cscapi.json +27 -0
angr/procedures/definitions/win32/d2d1.json +54 -0
angr/procedures/definitions/win32/d3d10.json +96 -0
angr/procedures/definitions/win32/d3d10_1.json +21 -0
angr/procedures/definitions/win32/d3d11.json +24 -0
angr/procedures/definitions/win32/d3d12.json +39 -0
angr/procedures/definitions/win32/d3d9.json +48 -0
angr/procedures/definitions/win32/d3dcompiler_47.json +93 -0
angr/procedures/definitions/win32/d3dcsx.json +42 -0
angr/procedures/definitions/win32/davclnt.json +69 -0
angr/procedures/definitions/win32/dbgeng.json +27 -0
angr/procedures/definitions/win32/dbghelp.json +663 -0
angr/procedures/definitions/win32/dbgmodel.json +18 -0
angr/procedures/definitions/win32/dciman32.json +75 -0
angr/procedures/definitions/win32/dcomp.json +51 -0
angr/procedures/definitions/win32/ddraw.json +36 -0
angr/procedures/definitions/win32/deviceaccess.json +18 -0
angr/procedures/definitions/win32/dflayout.json +18 -0
angr/procedures/definitions/win32/dhcpcsvc.json +60 -0
angr/procedures/definitions/win32/dhcpcsvc6.json +33 -0
angr/procedures/definitions/win32/dhcpsapi.json +603 -0
angr/procedures/definitions/win32/diagnosticdataquery.json +120 -0
angr/procedures/definitions/win32/dinput8.json +18 -0
angr/procedures/definitions/win32/directml.json +21 -0
angr/procedures/definitions/win32/dmprocessxmlfiltered.json +18 -0
angr/procedures/definitions/win32/dnsapi.json +207 -0
angr/procedures/definitions/win32/drt.json +63 -0
angr/procedures/definitions/win32/drtprov.json +42 -0
angr/procedures/definitions/win32/drttransport.json +21 -0
angr/procedures/definitions/win32/dsound.json +45 -0
angr/procedures/definitions/win32/dsparse.json +72 -0
angr/procedures/definitions/win32/dsprop.json +36 -0
angr/procedures/definitions/win32/dssec.json +27 -0
angr/procedures/definitions/win32/dsuiext.json +27 -0
angr/procedures/definitions/win32/dwmapi.json +108 -0
angr/procedures/definitions/win32/dwrite.json +18 -0
angr/procedures/definitions/win32/dxcompiler.json +21 -0
angr/procedures/definitions/win32/dxcore.json +18 -0
angr/procedures/definitions/win32/dxgi.json +33 -0
angr/procedures/definitions/win32/dxva2.json +129 -0
angr/procedures/definitions/win32/eappcfg.json +57 -0
angr/procedures/definitions/win32/eappprxy.json +69 -0
angr/procedures/definitions/win32/efswrt.json +21 -0
angr/procedures/definitions/win32/elscore.json +30 -0
angr/procedures/definitions/win32/esent.json +702 -0
angr/procedures/definitions/win32/evr.json +36 -0
angr/procedures/definitions/win32/faultrep.json +27 -0
angr/procedures/definitions/win32/fhsvcctl.json +36 -0
angr/procedures/definitions/win32/firewallapi.json +24 -0
angr/procedures/definitions/win32/fltlib.json +99 -0
angr/procedures/definitions/win32/fontsub.json +21 -0
angr/procedures/definitions/win32/forceinline.json +24 -0
angr/procedures/definitions/win32/fwpuclnt.json +591 -0
angr/procedures/definitions/win32/fxsutility.json +21 -0
angr/procedures/definitions/win32/gdi32.json +1308 -0
angr/procedures/definitions/win32/gdiplus.json +1902 -0
angr/procedures/definitions/win32/glu32.json +171 -0
angr/procedures/definitions/win32/gpedit.json +33 -0
angr/procedures/definitions/win32/hhctrl_ocx.json +21 -0
angr/procedures/definitions/win32/hid.json +150 -0
angr/procedures/definitions/win32/hlink.json +99 -0
angr/procedures/definitions/win32/hrtfapo.json +18 -0
angr/procedures/definitions/win32/httpapi.json +144 -0
angr/procedures/definitions/win32/icm32.json +78 -0
angr/procedures/definitions/win32/icmui.json +21 -0
angr/procedures/definitions/win32/icu.json +3090 -0
angr/procedures/definitions/win32/ieframe.json +102 -0
angr/procedures/definitions/win32/imagehlp.json +84 -0
angr/procedures/definitions/win32/imgutil.json +42 -0
angr/procedures/definitions/win32/imm32.json +261 -0
angr/procedures/definitions/win32/infocardapi.json +66 -0
angr/procedures/definitions/win32/inkobjcore.json +96 -0
angr/procedures/definitions/win32/iphlpapi.json +618 -0
angr/procedures/definitions/win32/iscsidsc.json +252 -0
angr/procedures/definitions/win32/isolatedwindowsenvironmentutils.json +21 -0
angr/procedures/definitions/win32/kernel32.json +4566 -0
angr/procedures/definitions/win32/kernelbase.json +33 -0
angr/procedures/definitions/win32/keycredmgr.json +27 -0
angr/procedures/definitions/win32/ksproxy_ax.json +33 -0
angr/procedures/definitions/win32/ksuser.json +39 -0
angr/procedures/definitions/win32/ktmw32.json +132 -0
angr/procedures/definitions/win32/licenseprotection.json +21 -0
angr/procedures/definitions/win32/loadperf.json +51 -0
angr/procedures/definitions/win32/magnification.json +72 -0
angr/procedures/definitions/win32/mapi32.json +213 -0
angr/procedures/definitions/win32/mdmlocalmanagement.json +24 -0
angr/procedures/definitions/win32/mdmregistration.json +60 -0
angr/procedures/definitions/win32/mf.json +201 -0
angr/procedures/definitions/win32/mfcore.json +21 -0
angr/procedures/definitions/win32/mfplat.json +450 -0
angr/procedures/definitions/win32/mfplay.json +18 -0
angr/procedures/definitions/win32/mfreadwrite.json +30 -0
angr/procedures/definitions/win32/mfsensorgroup.json +45 -0
angr/procedures/definitions/win32/mfsrcsnk.json +21 -0
angr/procedures/definitions/win32/mgmtapi.json +42 -0
angr/procedures/definitions/win32/mi.json +18 -0
angr/procedures/definitions/win32/mmdevapi.json +18 -0
angr/procedures/definitions/win32/mpr.json +156 -0
angr/procedures/definitions/win32/mprapi.json +351 -0
angr/procedures/definitions/win32/mqrt.json +117 -0
angr/procedures/definitions/win32/mrmsupport.json +96 -0
angr/procedures/definitions/win32/msacm32.json +141 -0
angr/procedures/definitions/win32/msajapi.json +1656 -0
angr/procedures/definitions/win32/mscms.json +252 -0
angr/procedures/definitions/win32/mscoree.json +96 -0
angr/procedures/definitions/win32/msctfmonitor.json +24 -0
angr/procedures/definitions/win32/msdelta.json +63 -0
angr/procedures/definitions/win32/msdmo.json +48 -0
angr/procedures/definitions/win32/msdrm.json +267 -0
angr/procedures/definitions/win32/msi.json +807 -0
angr/procedures/definitions/win32/msimg32.json +24 -0
angr/procedures/definitions/win32/mspatcha.json +63 -0
angr/procedures/definitions/win32/mspatchc.json +42 -0
angr/procedures/definitions/win32/msports.json +36 -0
angr/procedures/definitions/win32/msrating.json +72 -0
angr/procedures/definitions/win32/mssign32.json +45 -0
angr/procedures/definitions/win32/mstask.json +21 -0
angr/procedures/definitions/win32/msvfw32.json +144 -0
angr/procedures/definitions/win32/mswsock.json +63 -0
angr/procedures/definitions/win32/mtxdm.json +18 -0
angr/procedures/definitions/win32/ncrypt.json +132 -0
angr/procedures/definitions/win32/ndfapi.json +63 -0
angr/procedures/definitions/win32/netapi32.json +633 -0
angr/procedures/definitions/win32/netsh.json +39 -0
angr/procedures/definitions/win32/netshell.json +21 -0
angr/procedures/definitions/win32/newdev.json +48 -0
angr/procedures/definitions/win32/ninput.json +105 -0
angr/procedures/definitions/win32/normaliz.json +21 -0
angr/procedures/definitions/win32/ntdll.json +234 -0
angr/procedures/definitions/win32/ntdllk.json +18 -0
angr/procedures/definitions/win32/ntdsapi.json +258 -0
angr/procedures/definitions/win32/ntlanman.json +45 -0
angr/procedures/definitions/win32/odbc32.json +477 -0
angr/procedures/definitions/win32/odbcbcp.json +96 -0
angr/procedures/definitions/win32/ole32.json +966 -0
angr/procedures/definitions/win32/oleacc.json +66 -0
angr/procedures/definitions/win32/oleaut32.json +1230 -0
angr/procedures/definitions/win32/oledlg.json +84 -0
angr/procedures/definitions/win32/ondemandconnroutehelper.json +30 -0
angr/procedures/definitions/win32/opengl32.json +1080 -0
angr/procedures/definitions/win32/opmxbox.json +24 -0
angr/procedures/definitions/win32/p2p.json +339 -0
angr/procedures/definitions/win32/p2pgraph.json +126 -0
angr/procedures/definitions/win32/pdh.json +309 -0
angr/procedures/definitions/win32/peerdist.json +99 -0
angr/procedures/definitions/win32/powrprof.json +267 -0
angr/procedures/definitions/win32/prntvpt.json +48 -0
angr/procedures/definitions/win32/projectedfslib.json +72 -0
angr/procedures/definitions/win32/propsys.json +669 -0
angr/procedures/definitions/win32/psapi.json +96 -0
angr/procedures/definitions/win32/quartz.json +21 -0
angr/procedures/definitions/win32/query.json +27 -0
angr/procedures/definitions/win32/qwave.json +48 -0
angr/procedures/definitions/win32/rasapi32.json +267 -0
angr/procedures/definitions/win32/rasdlg.json +33 -0
angr/procedures/definitions/win32/resutils.json +375 -0
angr/procedures/definitions/win32/rpcns4.json +198 -0
angr/procedures/definitions/win32/rpcproxy.json +27 -0
angr/procedures/definitions/win32/rpcrt4.json +1356 -0
angr/procedures/definitions/win32/rstrtmgr.json +48 -0
angr/procedures/definitions/win32/rtm.json +243 -0
angr/procedures/definitions/win32/rtutils.json +138 -0
angr/procedures/definitions/win32/rtworkq.json +114 -0
angr/procedures/definitions/win32/sas.json +18 -0
angr/procedures/definitions/win32/scarddlg.json +30 -0
angr/procedures/definitions/win32/schannel.json +42 -0
angr/procedures/definitions/win32/sechost.json +21 -0
angr/procedures/definitions/win32/secur32.json +282 -0
angr/procedures/definitions/win32/sensapi.json +24 -0
angr/procedures/definitions/win32/sensorsutilsv2.json +135 -0
angr/procedures/definitions/win32/setupapi.json +1017 -0
angr/procedures/definitions/win32/sfc.json +33 -0
angr/procedures/definitions/win32/shdocvw.json +24 -0
angr/procedures/definitions/win32/shell32.json +747 -0
angr/procedures/definitions/win32/shlwapi.json +1095 -0
angr/procedures/definitions/win32/slc.json +111 -0
angr/procedures/definitions/win32/slcext.json +27 -0
angr/procedures/definitions/win32/slwga.json +18 -0
angr/procedures/definitions/win32/snmpapi.json +93 -0
angr/procedures/definitions/win32/spoolss.json +93 -0
angr/procedures/definitions/win32/srclient.json +18 -0
angr/procedures/definitions/win32/srpapi.json +48 -0
angr/procedures/definitions/win32/sspicli.json +36 -0
angr/procedures/definitions/win32/sti.json +18 -0
angr/procedures/definitions/win32/t2embed.json +57 -0
angr/procedures/definitions/win32/tapi32.json +762 -0
angr/procedures/definitions/win32/tbs.json +57 -0
angr/procedures/definitions/win32/tdh.json +96 -0
angr/procedures/definitions/win32/tokenbinding.json +45 -0
angr/procedures/definitions/win32/traffic.json +75 -0
angr/procedures/definitions/win32/txfw32.json +42 -0
angr/procedures/definitions/win32/ualapi.json +27 -0
angr/procedures/definitions/win32/uiautomationcore.json +309 -0
angr/procedures/definitions/win32/urlmon.json +246 -0
angr/procedures/definitions/win32/user32.json +2298 -0
angr/procedures/definitions/win32/userenv.json +147 -0
angr/procedures/definitions/win32/usp10.json +135 -0
angr/procedures/definitions/win32/uxtheme.json +246 -0
angr/procedures/definitions/win32/verifier.json +18 -0
angr/procedures/definitions/win32/version.json +57 -0
angr/procedures/definitions/win32/vertdll.json +36 -0
angr/procedures/definitions/win32/virtdisk.json +102 -0
angr/procedures/definitions/win32/vmdevicehost.json +54 -0
angr/procedures/definitions/win32/vmsavedstatedumpprovider.json +144 -0
angr/procedures/definitions/win32/vssapi.json +18 -0
angr/procedures/definitions/win32/wcmapi.json +30 -0
angr/procedures/definitions/win32/wdsbp.json +36 -0
angr/procedures/definitions/win32/wdsclientapi.json +126 -0
angr/procedures/definitions/win32/wdsmc.json +33 -0
angr/procedures/definitions/win32/wdspxe.json +108 -0
angr/procedures/definitions/win32/wdstptc.json +54 -0
angr/procedures/definitions/win32/webauthn.json +54 -0
angr/procedures/definitions/win32/webservices.json +594 -0
angr/procedures/definitions/win32/websocket.json +54 -0
angr/procedures/definitions/win32/wecapi.json +60 -0
angr/procedures/definitions/win32/wer.json +78 -0
angr/procedures/definitions/win32/wevtapi.json +120 -0
angr/procedures/definitions/win32/winbio.json +177 -0
angr/procedures/definitions/win32/windows_ai_machinelearning.json +18 -0
angr/procedures/definitions/win32/windows_media_mediacontrol.json +39 -0
angr/procedures/definitions/win32/windows_networking.json +18 -0
angr/procedures/definitions/win32/windows_ui_xaml.json +21 -0
angr/procedures/definitions/win32/windowscodecs.json +42 -0
angr/procedures/definitions/win32/winfax.json +183 -0
angr/procedures/definitions/win32/winhttp.json +183 -0
angr/procedures/definitions/win32/winhvemulation.json +27 -0
angr/procedures/definitions/win32/winhvplatform.json +213 -0
angr/procedures/definitions/win32/wininet.json +903 -0
angr/procedures/definitions/win32/winml.json +18 -0
angr/procedures/definitions/win32/winmm.json +543 -0
angr/procedures/definitions/win32/winscard.json +225 -0
angr/procedures/definitions/win32/winspool_drv.json +531 -0
angr/procedures/definitions/win32/wintrust.json +195 -0
angr/procedures/definitions/win32/winusb.json +117 -0
angr/procedures/definitions/win32/wlanapi.json +195 -0
angr/procedures/definitions/win32/wlanui.json +18 -0
angr/procedures/definitions/win32/wldap32.json +744 -0
angr/procedures/definitions/win32/wldp.json +42 -0
angr/procedures/definitions/win32/wmvcore.json +48 -0
angr/procedures/definitions/win32/wnvapi.json +21 -0
angr/procedures/definitions/win32/wofutil.json +48 -0
angr/procedures/definitions/win32/ws2_32.json +495 -0
angr/procedures/definitions/win32/wscapi.json +33 -0
angr/procedures/definitions/win32/wsclient.json +24 -0
angr/procedures/definitions/win32/wsdapi.json +111 -0
angr/procedures/definitions/win32/wsmsvc.json +114 -0
angr/procedures/definitions/win32/wsnmp32.json +162 -0
angr/procedures/definitions/win32/wtsapi32.json +204 -0
angr/procedures/definitions/win32/xaudio2_8.json +27 -0
angr/procedures/definitions/win32/xinput1_4.json +36 -0
angr/procedures/definitions/win32/xmllite.json +33 -0
angr/procedures/definitions/win32/xolehlp.json +27 -0
angr/procedures/definitions/win32/xpsprint.json +21 -0
angr/procedures/glibc/__ctype_b_loc.py +21 -0
angr/procedures/glibc/__ctype_tolower_loc.py +21 -0
angr/procedures/glibc/__ctype_toupper_loc.py +21 -0
angr/procedures/glibc/__errno_location.py +7 -0
angr/procedures/glibc/__init__.py +3 -0
angr/procedures/glibc/__libc_init.py +37 -0
angr/procedures/glibc/__libc_start_main.py +301 -0
angr/procedures/glibc/dynamic_loading.py +20 -0
angr/procedures/glibc/scanf.py +19 -0
angr/procedures/glibc/sscanf.py +10 -0
angr/procedures/gnulib/__init__.py +3 -0
angr/procedures/gnulib/xalloc_die.py +14 -0
angr/procedures/gnulib/xstrtol_fatal.py +14 -0
angr/procedures/java/__init__.py +42 -0
angr/procedures/java/unconstrained.py +65 -0
angr/procedures/java_io/__init__.py +0 -0
angr/procedures/java_io/read.py +12 -0
angr/procedures/java_io/write.py +17 -0
angr/procedures/java_jni/__init__.py +482 -0
angr/procedures/java_jni/array_operations.py +312 -0
angr/procedures/java_jni/class_and_interface_operations.py +31 -0
angr/procedures/java_jni/field_access.py +173 -0
angr/procedures/java_jni/global_and_local_refs.py +57 -0
angr/procedures/java_jni/method_calls.py +365 -0
angr/procedures/java_jni/not_implemented.py +26 -0
angr/procedures/java_jni/object_operations.py +94 -0
angr/procedures/java_jni/string_operations.py +87 -0
angr/procedures/java_jni/version_information.py +12 -0
angr/procedures/java_lang/__init__.py +0 -0
angr/procedures/java_lang/character.py +30 -0
angr/procedures/java_lang/double.py +24 -0
angr/procedures/java_lang/exit.py +13 -0
angr/procedures/java_lang/getsimplename.py +18 -0
angr/procedures/java_lang/integer.py +43 -0
angr/procedures/java_lang/load_library.py +9 -0
angr/procedures/java_lang/math.py +15 -0
angr/procedures/java_lang/string.py +78 -0
angr/procedures/java_lang/stringbuilder.py +44 -0
angr/procedures/java_lang/system.py +18 -0
angr/procedures/java_util/__init__.py +0 -0
angr/procedures/java_util/collection.py +35 -0
angr/procedures/java_util/iterator.py +46 -0
angr/procedures/java_util/list.py +99 -0
angr/procedures/java_util/map.py +131 -0
angr/procedures/java_util/random.py +14 -0
angr/procedures/java_util/scanner_nextline.py +23 -0
angr/procedures/libc/__init__.py +3 -0
angr/procedures/libc/abort.py +9 -0
angr/procedures/libc/access.py +13 -0
angr/procedures/libc/atoi.py +14 -0
angr/procedures/libc/atol.py +13 -0
angr/procedures/libc/calloc.py +8 -0
angr/procedures/libc/closelog.py +10 -0
angr/procedures/libc/err.py +14 -0
angr/procedures/libc/error.py +54 -0
angr/procedures/libc/exit.py +11 -0
angr/procedures/libc/fclose.py +19 -0
angr/procedures/libc/feof.py +21 -0
angr/procedures/libc/fflush.py +16 -0
angr/procedures/libc/fgetc.py +27 -0
angr/procedures/libc/fgets.py +69 -0
angr/procedures/libc/fopen.py +63 -0
angr/procedures/libc/fprintf.py +25 -0
angr/procedures/libc/fputc.py +23 -0
angr/procedures/libc/fputs.py +24 -0
angr/procedures/libc/fread.py +24 -0
angr/procedures/libc/free.py +9 -0
angr/procedures/libc/fscanf.py +20 -0
angr/procedures/libc/fseek.py +34 -0
angr/procedures/libc/ftell.py +22 -0
angr/procedures/libc/fwrite.py +19 -0
angr/procedures/libc/getchar.py +13 -0
angr/procedures/libc/getdelim.py +99 -0
angr/procedures/libc/getegid.py +8 -0
angr/procedures/libc/geteuid.py +8 -0
angr/procedures/libc/getgid.py +8 -0
angr/procedures/libc/gets.py +68 -0
angr/procedures/libc/getuid.py +8 -0
angr/procedures/libc/malloc.py +12 -0
angr/procedures/libc/memcmp.py +69 -0
angr/procedures/libc/memcpy.py +45 -0
angr/procedures/libc/memset.py +72 -0
angr/procedures/libc/openlog.py +10 -0
angr/procedures/libc/perror.py +13 -0
angr/procedures/libc/printf.py +34 -0
angr/procedures/libc/putchar.py +13 -0
angr/procedures/libc/puts.py +19 -0
angr/procedures/libc/rand.py +8 -0
angr/procedures/libc/realloc.py +8 -0
angr/procedures/libc/rewind.py +12 -0
angr/procedures/libc/scanf.py +20 -0
angr/procedures/libc/setbuf.py +9 -0
angr/procedures/libc/setvbuf.py +7 -0
angr/procedures/libc/snprintf.py +36 -0
angr/procedures/libc/sprintf.py +25 -0
angr/procedures/libc/srand.py +7 -0
angr/procedures/libc/sscanf.py +13 -0
angr/procedures/libc/stpcpy.py +18 -0
angr/procedures/libc/strcat.py +14 -0
angr/procedures/libc/strchr.py +48 -0
angr/procedures/libc/strcmp.py +31 -0
angr/procedures/libc/strcpy.py +13 -0
angr/procedures/libc/strlen.py +114 -0
angr/procedures/libc/strncat.py +19 -0
angr/procedures/libc/strncmp.py +183 -0
angr/procedures/libc/strncpy.py +22 -0
angr/procedures/libc/strnlen.py +13 -0
angr/procedures/libc/strstr.py +101 -0
angr/procedures/libc/strtol.py +261 -0
angr/procedures/libc/strtoul.py +9 -0
angr/procedures/libc/system.py +13 -0
angr/procedures/libc/time.py +9 -0
angr/procedures/libc/tmpnam.py +20 -0
angr/procedures/libc/tolower.py +10 -0
angr/procedures/libc/toupper.py +10 -0
angr/procedures/libc/ungetc.py +20 -0
angr/procedures/libc/vsnprintf.py +17 -0
angr/procedures/libc/wchar.py +16 -0
angr/procedures/libstdcpp/__init__.py +0 -0
angr/procedures/libstdcpp/_unwind_resume.py +11 -0
angr/procedures/libstdcpp/std____throw_bad_alloc.py +13 -0
angr/procedures/libstdcpp/std____throw_bad_cast.py +13 -0
angr/procedures/libstdcpp/std____throw_length_error.py +13 -0
angr/procedures/libstdcpp/std____throw_logic_error.py +13 -0
angr/procedures/libstdcpp/std__terminate.py +13 -0
angr/procedures/linux_kernel/__init__.py +3 -0
angr/procedures/linux_kernel/access.py +18 -0
angr/procedures/linux_kernel/arch_prctl.py +34 -0
angr/procedures/linux_kernel/arm_user_helpers.py +59 -0
angr/procedures/linux_kernel/brk.py +18 -0
angr/procedures/linux_kernel/cwd.py +28 -0
angr/procedures/linux_kernel/fstat.py +138 -0
angr/procedures/linux_kernel/fstat64.py +170 -0
angr/procedures/linux_kernel/futex.py +17 -0
angr/procedures/linux_kernel/getegid.py +17 -0
angr/procedures/linux_kernel/geteuid.py +17 -0
angr/procedures/linux_kernel/getgid.py +17 -0
angr/procedures/linux_kernel/getpid.py +14 -0
angr/procedures/linux_kernel/getrlimit.py +24 -0
angr/procedures/linux_kernel/gettid.py +9 -0
angr/procedures/linux_kernel/getuid.py +17 -0
angr/procedures/linux_kernel/iovec.py +47 -0
angr/procedures/linux_kernel/lseek.py +42 -0
angr/procedures/linux_kernel/mmap.py +16 -0
angr/procedures/linux_kernel/mprotect.py +42 -0
angr/procedures/linux_kernel/munmap.py +8 -0
angr/procedures/linux_kernel/openat.py +26 -0
angr/procedures/linux_kernel/set_tid_address.py +8 -0
angr/procedures/linux_kernel/sigaction.py +19 -0
angr/procedures/linux_kernel/sigprocmask.py +23 -0
angr/procedures/linux_kernel/stat.py +23 -0
angr/procedures/linux_kernel/sysinfo.py +59 -0
angr/procedures/linux_kernel/tgkill.py +10 -0
angr/procedures/linux_kernel/time.py +34 -0
angr/procedures/linux_kernel/uid.py +30 -0
angr/procedures/linux_kernel/uname.py +29 -0
angr/procedures/linux_kernel/unlink.py +22 -0
angr/procedures/linux_kernel/vsyscall.py +16 -0
angr/procedures/linux_loader/__init__.py +3 -0
angr/procedures/linux_loader/_dl_initial_error_catch_tsd.py +7 -0
angr/procedures/linux_loader/_dl_rtld_lock.py +15 -0
angr/procedures/linux_loader/sim_loader.py +54 -0
angr/procedures/linux_loader/tls.py +40 -0
angr/procedures/msvcr/__getmainargs.py +16 -0
angr/procedures/msvcr/__init__.py +4 -0
angr/procedures/msvcr/_initterm.py +38 -0
angr/procedures/msvcr/fmode.py +31 -0
angr/procedures/ntdll/__init__.py +0 -0
angr/procedures/ntdll/exceptions.py +60 -0
angr/procedures/posix/__init__.py +3 -0
angr/procedures/posix/accept.py +29 -0
angr/procedures/posix/bind.py +13 -0
angr/procedures/posix/bzero.py +9 -0
angr/procedures/posix/chroot.py +27 -0
angr/procedures/posix/close.py +9 -0
angr/procedures/posix/closedir.py +7 -0
angr/procedures/posix/dup.py +56 -0
angr/procedures/posix/fcntl.py +10 -0
angr/procedures/posix/fdopen.py +76 -0
angr/procedures/posix/fileno.py +18 -0
angr/procedures/posix/fork.py +13 -0
angr/procedures/posix/getenv.py +35 -0
angr/procedures/posix/gethostbyname.py +43 -0
angr/procedures/posix/getpass.py +19 -0
angr/procedures/posix/getsockopt.py +11 -0
angr/procedures/posix/htonl.py +11 -0
angr/procedures/posix/htons.py +11 -0
angr/procedures/posix/inet_ntoa.py +59 -0
angr/procedures/posix/listen.py +13 -0
angr/procedures/posix/mmap.py +144 -0
angr/procedures/posix/open.py +18 -0
angr/procedures/posix/opendir.py +10 -0
angr/procedures/posix/poll.py +55 -0
angr/procedures/posix/pread64.py +46 -0
angr/procedures/posix/pthread.py +87 -0
angr/procedures/posix/pwrite64.py +46 -0
angr/procedures/posix/read.py +13 -0
angr/procedures/posix/readdir.py +62 -0
angr/procedures/posix/recv.py +13 -0
angr/procedures/posix/recvfrom.py +13 -0
angr/procedures/posix/select.py +48 -0
angr/procedures/posix/send.py +23 -0
angr/procedures/posix/setsockopt.py +9 -0
angr/procedures/posix/sigaction.py +23 -0
angr/procedures/posix/sim_time.py +48 -0
angr/procedures/posix/sleep.py +8 -0
angr/procedures/posix/socket.py +18 -0
angr/procedures/posix/strcasecmp.py +26 -0
angr/procedures/posix/strdup.py +18 -0
angr/procedures/posix/strtok_r.py +64 -0
angr/procedures/posix/syslog.py +15 -0
angr/procedures/posix/tz.py +9 -0
angr/procedures/posix/unlink.py +11 -0
angr/procedures/posix/usleep.py +8 -0
angr/procedures/posix/write.py +13 -0
angr/procedures/procedure_dict.py +50 -0
angr/procedures/stubs/CallReturn.py +13 -0
angr/procedures/stubs/NoReturnUnconstrained.py +13 -0
angr/procedures/stubs/Nop.py +7 -0
angr/procedures/stubs/PathTerminator.py +9 -0
angr/procedures/stubs/Redirect.py +18 -0
angr/procedures/stubs/ReturnChar.py +11 -0
angr/procedures/stubs/ReturnUnconstrained.py +24 -0
angr/procedures/stubs/UnresolvableCallTarget.py +9 -0
angr/procedures/stubs/UnresolvableJumpTarget.py +9 -0
angr/procedures/stubs/UserHook.py +18 -0
angr/procedures/stubs/__init__.py +3 -0
angr/procedures/stubs/b64_decode.py +15 -0
angr/procedures/stubs/caller.py +14 -0
angr/procedures/stubs/crazy_scanf.py +20 -0
angr/procedures/stubs/format_parser.py +669 -0
angr/procedures/stubs/syscall_stub.py +24 -0
angr/procedures/testing/__init__.py +3 -0
angr/procedures/testing/manyargs.py +9 -0
angr/procedures/testing/retreg.py +8 -0
angr/procedures/tracer/__init__.py +4 -0
angr/procedures/tracer/random.py +9 -0
angr/procedures/tracer/receive.py +23 -0
angr/procedures/tracer/transmit.py +26 -0
angr/procedures/uclibc/__init__.py +3 -0
angr/procedures/uclibc/__uClibc_main.py +10 -0
angr/procedures/win32/EncodePointer.py +7 -0
angr/procedures/win32/ExitProcess.py +9 -0
angr/procedures/win32/GetCommandLine.py +12 -0
angr/procedures/win32/GetCurrentProcessId.py +7 -0
angr/procedures/win32/GetCurrentThreadId.py +7 -0
angr/procedures/win32/GetLastInputInfo.py +40 -0
angr/procedures/win32/GetModuleHandle.py +29 -0
angr/procedures/win32/GetProcessAffinityMask.py +37 -0
angr/procedures/win32/InterlockedExchange.py +15 -0
angr/procedures/win32/IsProcessorFeaturePresent.py +7 -0
angr/procedures/win32/VirtualAlloc.py +114 -0
angr/procedures/win32/VirtualProtect.py +60 -0
angr/procedures/win32/__init__.py +3 -0
angr/procedures/win32/critical_section.py +12 -0
angr/procedures/win32/dynamic_loading.py +104 -0
angr/procedures/win32/file_handles.py +47 -0
angr/procedures/win32/gethostbyname.py +12 -0
angr/procedures/win32/heap.py +45 -0
angr/procedures/win32/is_bad_ptr.py +26 -0
angr/procedures/win32/local_storage.py +88 -0
angr/procedures/win32/mutex.py +11 -0
angr/procedures/win32/sim_time.py +135 -0
angr/procedures/win32/system_paths.py +35 -0
angr/procedures/win32_kernel/ExAllocatePool.py +13 -0
angr/procedures/win32_kernel/ExFreePoolWithTag.py +8 -0
angr/procedures/win32_kernel/__fastfail.py +15 -0
angr/procedures/win32_kernel/__init__.py +3 -0
angr/procedures/win_user32/__init__.py +0 -0
angr/procedures/win_user32/chars.py +15 -0
angr/procedures/win_user32/keyboard.py +14 -0
angr/procedures/win_user32/messagebox.py +49 -0
angr/project.py +860 -0
angr/protos/__init__.py +19 -0
angr/protos/cfg_pb2.py +42 -0
angr/protos/function_pb2.py +38 -0
angr/protos/primitives_pb2.py +59 -0
angr/protos/variables_pb2.py +55 -0
angr/protos/xrefs_pb2.py +36 -0
angr/py.typed +1 -0
angr/rustylib.cpython-311-darwin.so +0 -0
angr/serializable.py +66 -0
angr/sim_manager.py +971 -0
angr/sim_options.py +436 -0
angr/sim_procedure.py +626 -0
angr/sim_state.py +926 -0
angr/sim_state_options.py +403 -0
angr/sim_type.py +4026 -0
angr/sim_variable.py +470 -0
angr/simos/__init__.py +47 -0
angr/simos/cgc.py +153 -0
angr/simos/javavm.py +458 -0
angr/simos/linux.py +509 -0
angr/simos/simos.py +444 -0
angr/simos/snimmuc_nxp.py +149 -0
angr/simos/userland.py +163 -0
angr/simos/windows.py +615 -0
angr/simos/xbox.py +32 -0
angr/slicer.py +352 -0
angr/state_hierarchy.py +262 -0
angr/state_plugins/__init__.py +84 -0
angr/state_plugins/callstack.py +478 -0
angr/state_plugins/cgc.py +155 -0
angr/state_plugins/debug_variables.py +192 -0
angr/state_plugins/filesystem.py +463 -0
angr/state_plugins/gdb.py +148 -0
angr/state_plugins/globals.py +65 -0
angr/state_plugins/heap/__init__.py +15 -0
angr/state_plugins/heap/heap_base.py +128 -0
angr/state_plugins/heap/heap_brk.py +136 -0
angr/state_plugins/heap/heap_freelist.py +213 -0
angr/state_plugins/heap/heap_libc.py +46 -0
angr/state_plugins/heap/heap_ptmalloc.py +620 -0
angr/state_plugins/heap/utils.py +22 -0
angr/state_plugins/history.py +564 -0
angr/state_plugins/inspect.py +375 -0
angr/state_plugins/javavm_classloader.py +134 -0
angr/state_plugins/jni_references.py +95 -0
angr/state_plugins/libc.py +1263 -0
angr/state_plugins/light_registers.py +168 -0
angr/state_plugins/log.py +84 -0
angr/state_plugins/loop_data.py +92 -0
angr/state_plugins/plugin.py +176 -0
angr/state_plugins/posix.py +703 -0
angr/state_plugins/preconstrainer.py +196 -0
angr/state_plugins/scratch.py +173 -0
angr/state_plugins/sim_action.py +326 -0
angr/state_plugins/sim_action_object.py +271 -0
angr/state_plugins/sim_event.py +59 -0
angr/state_plugins/solver.py +1128 -0
angr/state_plugins/symbolizer.py +291 -0
angr/state_plugins/trace_additions.py +738 -0
angr/state_plugins/uc_manager.py +94 -0
angr/state_plugins/unicorn_engine.py +1920 -0
angr/state_plugins/view.py +340 -0
angr/storage/__init__.py +15 -0
angr/storage/file.py +1210 -0
angr/storage/memory_mixins/__init__.py +317 -0
angr/storage/memory_mixins/actions_mixin.py +72 -0
angr/storage/memory_mixins/address_concretization_mixin.py +384 -0
angr/storage/memory_mixins/bvv_conversion_mixin.py +73 -0
angr/storage/memory_mixins/clouseau_mixin.py +137 -0
angr/storage/memory_mixins/conditional_store_mixin.py +25 -0
angr/storage/memory_mixins/convenient_mappings_mixin.py +256 -0
angr/storage/memory_mixins/default_filler_mixin.py +144 -0
angr/storage/memory_mixins/dirty_addrs_mixin.py +11 -0
angr/storage/memory_mixins/hex_dumper_mixin.py +82 -0
angr/storage/memory_mixins/javavm_memory_mixin.py +392 -0
angr/storage/memory_mixins/keyvalue_memory_mixin.py +43 -0
angr/storage/memory_mixins/label_merger_mixin.py +31 -0
angr/storage/memory_mixins/memory_mixin.py +175 -0
angr/storage/memory_mixins/multi_value_merger_mixin.py +79 -0
angr/storage/memory_mixins/name_resolution_mixin.py +67 -0
angr/storage/memory_mixins/paged_memory/__init__.py +0 -0
angr/storage/memory_mixins/paged_memory/page_backer_mixins.py +266 -0
angr/storage/memory_mixins/paged_memory/paged_memory_mixin.py +743 -0
angr/storage/memory_mixins/paged_memory/paged_memory_multivalue_mixin.py +65 -0
angr/storage/memory_mixins/paged_memory/pages/__init__.py +26 -0
angr/storage/memory_mixins/paged_memory/pages/base.py +31 -0
angr/storage/memory_mixins/paged_memory/pages/cooperation.py +341 -0
angr/storage/memory_mixins/paged_memory/pages/history_tracking_mixin.py +92 -0
angr/storage/memory_mixins/paged_memory/pages/ispo_mixin.py +55 -0
angr/storage/memory_mixins/paged_memory/pages/list_page.py +338 -0
angr/storage/memory_mixins/paged_memory/pages/multi_values.py +324 -0
angr/storage/memory_mixins/paged_memory/pages/mv_list_page.py +419 -0
angr/storage/memory_mixins/paged_memory/pages/permissions_mixin.py +36 -0
angr/storage/memory_mixins/paged_memory/pages/refcount_mixin.py +52 -0
angr/storage/memory_mixins/paged_memory/pages/ultra_page.py +529 -0
angr/storage/memory_mixins/paged_memory/privileged_mixin.py +36 -0
angr/storage/memory_mixins/paged_memory/stack_allocation_mixin.py +74 -0
angr/storage/memory_mixins/regioned_memory/__init__.py +17 -0
angr/storage/memory_mixins/regioned_memory/abstract_address_descriptor.py +36 -0
angr/storage/memory_mixins/regioned_memory/abstract_merger_mixin.py +31 -0
angr/storage/memory_mixins/regioned_memory/region_category_mixin.py +9 -0
angr/storage/memory_mixins/regioned_memory/region_data.py +246 -0
angr/storage/memory_mixins/regioned_memory/region_meta_mixin.py +241 -0
angr/storage/memory_mixins/regioned_memory/regioned_address_concretization_mixin.py +119 -0
angr/storage/memory_mixins/regioned_memory/regioned_memory_mixin.py +442 -0
angr/storage/memory_mixins/regioned_memory/static_find_mixin.py +69 -0
angr/storage/memory_mixins/simple_interface_mixin.py +71 -0
angr/storage/memory_mixins/simplification_mixin.py +15 -0
angr/storage/memory_mixins/size_resolution_mixin.py +143 -0
angr/storage/memory_mixins/slotted_memory.py +140 -0
angr/storage/memory_mixins/smart_find_mixin.py +161 -0
angr/storage/memory_mixins/symbolic_merger_mixin.py +16 -0
angr/storage/memory_mixins/top_merger_mixin.py +25 -0
angr/storage/memory_mixins/underconstrained_mixin.py +67 -0
angr/storage/memory_mixins/unwrapper_mixin.py +26 -0
angr/storage/memory_object.py +195 -0
angr/tablespecs.py +91 -0
angr/unicornlib.dylib +0 -0
angr/utils/__init__.py +46 -0
angr/utils/ail.py +176 -0
angr/utils/algo.py +34 -0
angr/utils/balancer.py +776 -0
angr/utils/bits.py +46 -0
angr/utils/constants.py +9 -0
angr/utils/cowdict.py +63 -0
angr/utils/cpp.py +17 -0
angr/utils/doms.py +150 -0
angr/utils/dynamic_dictlist.py +89 -0
angr/utils/endness.py +18 -0
angr/utils/enums_conv.py +97 -0
angr/utils/env.py +12 -0
angr/utils/formatting.py +128 -0
angr/utils/funcid.py +244 -0
angr/utils/graph.py +981 -0
angr/utils/lazy_import.py +13 -0
angr/utils/library.py +236 -0
angr/utils/loader.py +55 -0
angr/utils/mp.py +66 -0
angr/utils/orderedset.py +74 -0
angr/utils/ssa/__init__.py +455 -0
angr/utils/ssa/tmp_uses_collector.py +23 -0
angr/utils/ssa/vvar_uses_collector.py +36 -0
angr/utils/strings.py +20 -0
angr/utils/tagged_interval_map.py +112 -0
angr/utils/timing.py +74 -0
angr/utils/types.py +193 -0
angr/utils/vex.py +11 -0
angr/vaults.py +367 -0
angr-9.2.192.dist-info/METADATA +112 -0
angr-9.2.192.dist-info/RECORD +1442 -0
angr-9.2.192.dist-info/WHEEL +6 -0
angr-9.2.192.dist-info/entry_points.txt +2 -0
angr-9.2.192.dist-info/licenses/LICENSE +27 -0
angr-9.2.192.dist-info/top_level.txt +1 -0

angr/analyses/reaching_definitions/engine_ail.py ADDED Viewed

@@ -0,0 +1,1128 @@
+# pylint:disable=missing-class-docstring,too-many-boolean-expressions
+from __future__ import annotations
+from itertools import chain
+from collections.abc import Iterable
+import logging
+from typing import cast
+from archinfo.types import RegisterOffset
+import claripy
+import angr.ailment as ailment
+from claripy import FSORT_DOUBLE, FSORT_FLOAT
+from angr.engines.light import SpOffset
+from angr.engines.light.engine import SimEngineNostmtAIL
+from angr.errors import SimEngineError, SimMemoryMissingError
+from angr.calling_conventions import default_cc, SimRegArg, SimTypeBottom
+from angr.storage.memory_mixins.paged_memory.pages.multi_values import MultiValues, mv_is_bv
+from angr.knowledge_plugins.key_definitions.atoms import Atom, Register, Tmp, MemoryLocation
+from angr.knowledge_plugins.key_definitions.constants import OP_BEFORE, OP_AFTER
+from angr.knowledge_plugins.key_definitions.live_definitions import Definition, LiveDefinitions
+from angr.code_location import CodeLocation, ExternalCodeLocation
+from .subject import SubjectType
+from .rd_state import ReachingDefinitionsState
+from .function_handler import FunctionHandler, FunctionCallData
+l = logging.getLogger(name=__name__)
+class SimEngineRDAIL(
+    SimEngineNostmtAIL[
+        ReachingDefinitionsState, MultiValues[claripy.ast.BV | claripy.ast.FP], None, ReachingDefinitionsState
+    ]
+):
+    def __init__(
+        self,
+        project,
+        function_handler: FunctionHandler,
+        stack_pointer_tracker=None,
+        use_callee_saved_regs_at_return=True,
+        bp_as_gpr: bool = False,
+    ):
+        super().__init__(project)
+        self._function_handler = function_handler
+        self._visited_blocks = None
+        self._dep_graph = None
+        self._stack_pointer_tracker = stack_pointer_tracker
+        self._use_callee_saved_regs_at_return = use_callee_saved_regs_at_return
+        self.bp_as_gpr = bp_as_gpr
+    def _is_top(self, expr):
+        """
+        MultiValues are not really "top" in the stricter sense. They are just a collection of values,
+        some of which might be top
+        """
+        return False
+    def _top(self, bits) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        return MultiValues(self.state.top(bits))
+    def process(
+        self, state, *, dep_graph=None, visited_blocks=None, block=None, fail_fast=False, whitelist=None, **kwargs
+    ):
+        self._dep_graph = dep_graph
+        self._visited_blocks = visited_blocks
+        try:
+            result_state = super().process(state, whitelist=whitelist, block=block)
+        except SimEngineError:
+            if fail_fast is True:
+                raise
+            result_state = state
+        return result_state
+    def _process_block_end(self, block, stmt_data, whitelist):
+        return self.state
+    #
+    # Private methods
+    #
+    def _expr_bv(self, expr: ailment.expression.Expression) -> MultiValues[claripy.ast.BV]:
+        result = self._expr(expr)
+        assert mv_is_bv(result)
+        return result
+    def _expr_pair(
+        self, arg0: ailment.expression.Expression, arg1: ailment.expression.Expression
+    ) -> (
+        tuple[MultiValues[claripy.ast.BV], MultiValues[claripy.ast.BV]]
+        | tuple[MultiValues[claripy.ast.FP], MultiValues[claripy.ast.FP]]
+    ):
+        r0 = self._expr(arg0)
+        r1 = self._expr(arg1)
+        assert type(r0) is type(r1)
+        return r0, r1  # type: ignore
+    def _external_codeloc(self):
+        return ExternalCodeLocation(self.state.codeloc.context)
+    def _set_codeloc(self):
+        # TODO do we want a better mechanism to specify context updates?
+        new_codeloc = CodeLocation(
+            self.block.addr,
+            self.stmt_idx,
+            ins_addr=self.ins_addr,
+            block_idx=self.block.idx,
+            context=self.state.codeloc.context,
+        )
+        self.state.move_codelocs(new_codeloc)
+        self.state.analysis.model.at_new_stmt(new_codeloc)
+    #
+    # AIL statement handlers
+    #
+    def _stmt(self, stmt):
+        if self.state.analysis:
+            self.state.analysis.stmt_observe(self.stmt_idx, stmt, self.block, self.state, OP_BEFORE)
+            self.state.analysis.insn_observe(self.ins_addr, stmt, self.block, self.state, OP_BEFORE)
+        self._set_codeloc()
+        super()._stmt(stmt)
+        if self.state.analysis:
+            self.state.analysis.stmt_observe(self.stmt_idx, stmt, self.block, self.state, OP_AFTER)
+            self.state.analysis.insn_observe(self.ins_addr, stmt, self.block, self.state, OP_AFTER)
+    def _handle_stmt_Assignment(self, stmt):
+        src = self._expr(stmt.src)
+        dst = stmt.dst
+        if isinstance(dst, ailment.Tmp):
+            self.state.kill_and_add_definition(Tmp(dst.tmp_idx, dst.size), src)
+            self.tmps[dst.tmp_idx] = src
+        elif isinstance(dst, ailment.Register):
+            reg = Register(RegisterOffset(dst.reg_offset), dst.size)
+            self.state.kill_and_add_definition(reg, src)
+            if dst.reg_offset == self.arch.sp_offset:
+                self.state._sp_adjusted = True
+                # TODO: Special logic that frees all definitions above the current stack pointer
+        else:
+            l.warning("Unsupported type of Assignment dst %s.", type(dst).__name__)
+    def _handle_stmt_CAS(self, stmt: ailment.statement.CAS):
+        addr = self._expr(stmt.addr)
+        old_lo = stmt.old_lo
+        old_hi = stmt.old_hi
+        self._expr(stmt.data_lo)
+        if stmt.data_hi is not None:
+            self._expr(stmt.data_hi)
+        self._expr(stmt.expd_lo)
+        if stmt.expd_hi is not None:
+            self._expr(stmt.expd_hi)
+        if isinstance(old_lo, ailment.Tmp):
+            self.state.kill_and_add_definition(Tmp(old_lo.tmp_idx, old_lo.size), addr)
+            self.tmps[old_lo.tmp_idx] = self._top(old_lo.size)
+        if isinstance(old_hi, ailment.Tmp):
+            self.state.kill_and_add_definition(Tmp(old_hi.tmp_idx, old_hi.size), addr)
+            self.tmps[old_hi.tmp_idx] = self._top(old_hi.size)
+    def _handle_stmt_Store(self, stmt: ailment.Stmt.Store) -> None:
+        data = self._expr(stmt.data)
+        addr = self._expr_bv(stmt.addr)
+        size: int = stmt.size
+        if stmt.guard is not None:
+            self._expr(stmt.guard)
+        addr_v = addr.one_value()
+        if addr_v is not None and not self.state.is_top(addr_v):
+            if self.state.is_stack_address(addr_v):
+                stack_offset = self.state.get_stack_offset(addr_v)
+                if stack_offset is not None:
+                    memory_location = MemoryLocation(SpOffset(self.arch.bits, stack_offset), size, endness=stmt.endness)
+                else:
+                    memory_location = None
+            elif self.state.is_heap_address(addr_v):
+                memory_location = None
+            else:
+                memory_location = MemoryLocation(addr_v.concrete_value, size, endness=stmt.endness)
+            if memory_location is not None:
+                self.state.kill_and_add_definition(memory_location, data, endness=stmt.endness)
+    def _handle_stmt_Jump(self, stmt):
+        _ = self._expr(stmt.target)
+    def _handle_stmt_ConditionalJump(self, stmt):
+        _ = self._expr(stmt.condition)  # pylint:disable=unused-variable
+        if stmt.true_target is not None:
+            _ = self._expr(stmt.true_target)  # pylint:disable=unused-variable
+        if stmt.false_target is not None:
+            _ = self._expr(stmt.false_target)  # pylint:disable=unused-variable
+        ip = Register(cast(RegisterOffset, self.arch.ip_offset), self.arch.bytes)
+        self.state.kill_definitions(ip)
+    def _handle_stmt_Call(self, stmt: ailment.Stmt.Call):
+        data = self._handle_Call_base(stmt, is_expr=False)
+        src = data.ret_values
+        if src is None:
+            return
+        dst = stmt.ret_expr
+        if isinstance(dst, ailment.Tmp):
+            _, defs = self.state.kill_and_add_definition(Tmp(dst.tmp_idx, dst.size), src, uses=data.ret_values_deps)
+            self.tmps[dst.tmp_idx] = src
+        elif isinstance(dst, ailment.Register):
+            full_reg_offset, full_reg_size = self.arch.registers[
+                self.arch.register_names[RegisterOffset(dst.reg_offset)]
+            ]
+            if dst.size != full_reg_size:
+                # we need to extend the value to overwrite the entire register
+                otv = {}
+                next_off = 0
+                if full_reg_offset < dst.reg_offset:
+                    otv[0] = {claripy.BVV(0, (dst.reg_offset - full_reg_offset) * 8)}
+                    next_off = dst.reg_offset - full_reg_offset
+                for off, items in src.items():
+                    otv[next_off + off] = set(items)
+                next_off += len(src) // 8
+                if next_off < full_reg_size:
+                    otv[next_off] = {claripy.BVV(0, (full_reg_size - next_off) * 8)}
+                src = MultiValues(offset_to_values=otv)
+            reg = Register(full_reg_offset, full_reg_size)
+            _, defs = self.state.kill_and_add_definition(reg, src, uses=data.ret_values_deps)
+        else:
+            defs = set()
+        if self.state.analysis:
+            self.state.analysis.function_calls[data.callsite_codeloc].ret_defns.update(defs)
+    def _handle_Call_base(self, stmt: ailment.Stmt.Call, is_expr: bool = False) -> FunctionCallData:
+        if isinstance(stmt.target, ailment.Expr.Expression):
+            target = self._expr(stmt.target)  # pylint:disable=unused-variable
+            func_name = None
+        elif isinstance(stmt.target, str):
+            func_name = stmt.target
+            target = None
+        else:
+            target = stmt.target
+            func_name = None
+        ip = Register(cast(RegisterOffset, self.arch.ip_offset), self.arch.bytes)
+        self.state.kill_definitions(ip)
+        statement = self.block.statements[self.stmt_idx]
+        caller_will_handle_single_ret = True
+        if hasattr(statement, "dst") and statement.dst != stmt.ret_expr:
+            caller_will_handle_single_ret = False
+        data = FunctionCallData(
+            self.state.codeloc,
+            self._function_handler.make_function_codeloc(
+                target, self.state.codeloc, self.state.analysis.model.func_addr
+            ),
+            target,
+            cc=stmt.calling_convention,
+            prototype=stmt.prototype,
+            name=func_name,
+            args_values=[self._expr(arg) for arg in stmt.args] if stmt.args is not None else None,
+            redefine_locals=stmt.args is None and not is_expr,
+            caller_will_handle_single_ret=caller_will_handle_single_ret,
+            ret_atoms={Atom.from_ail_expr(stmt.ret_expr, self.arch)} if stmt.ret_expr is not None else None,
+        )
+        self._function_handler.handle_function(self.state, data)
+        if hasattr(stmt, "arg_defs"):
+            for arg_def in stmt.arg_defs:
+                arg_def: Definition
+                if arg_def in self.state.all_definitions:
+                    self.state.kill_definitions(arg_def.atom)
+        # kill all cc_ops
+        if "cc_op" in self.arch.registers:
+            def killreg(name: str):
+                offset, size = self.arch.registers[name]
+                self.state.kill_definitions(Register(offset, size))
+            killreg("cc_op")
+            killreg("cc_dep1")
+            killreg("cc_dep2")
+            killreg("cc_ndep")
+        return data
+    def _handle_stmt_Return(self, stmt: ailment.Stmt.Return):  # pylint:disable=unused-argument
+        cc = None
+        prototype = None
+        if self.state.analysis.subject.type == SubjectType.Function:
+            cc = self.state.analysis.subject.content.calling_convention
+            prototype = self.state.analysis.subject.content.prototype
+            # import ipdb; ipdb.set_trace()
+        if cc is None:
+            # fall back to the default calling convention
+            cc_cls = default_cc(
+                self.project.arch.name,
+                platform=self.project.simos.name if self.project.simos is not None else None,
+                default=None,
+            )
+            if cc_cls is None:
+                l.warning("Unknown default calling convention for architecture %s.", self.project.arch.name)
+                cc = None
+            else:
+                cc = cc_cls(self.project.arch)
+        if self._use_callee_saved_regs_at_return and cc is not None:
+            # handle callee-saved registers: add uses for these registers so that the restoration statements are not
+            # considered dead assignments.
+            for reg in self.arch.register_list:
+                if (
+                    reg.general_purpose
+                    and reg.name not in cc.CALLER_SAVED_REGS
+                    and reg.name not in cc.ARG_REGS
+                    and reg.vex_offset
+                    not in {
+                        self.arch.sp_offset,
+                        self.arch.bp_offset,
+                        self.arch.ip_offset,
+                    }
+                    and (isinstance(cc.RETURN_VAL, SimRegArg) and reg.name != cc.RETURN_VAL.reg_name)
+                ):
+                    self.state.add_register_use(reg.vex_offset, reg.size)
+        if stmt.ret_exprs:
+            # Handle return expressions
+            for ret_expr in stmt.ret_exprs:
+                self._expr(ret_expr)
+            return
+        # No return expressions are available.
+        # consume registers that are potentially useful
+        # return value
+        if (
+            cc is not None
+            and prototype is not None
+            and prototype.returnty is not None
+            and not isinstance(prototype.returnty, SimTypeBottom)
+        ):
+            ret_val = cc.return_val(prototype.returnty)
+            if isinstance(ret_val, SimRegArg):
+                if ret_val.clear_entire_reg:
+                    offset, size = cc.arch.registers[ret_val.reg_name]
+                else:
+                    offset = cc.arch.registers[ret_val.reg_name][0] + ret_val.reg_offset
+                    size = ret_val.size
+                self.state.add_register_use(offset, size)
+            else:
+                l.error("Cannot handle CC with non-register return value location")
+        # base pointer
+        # TODO: Check if the stack base pointer is used as a stack base pointer in this function or not
+        self.state.add_register_use(self.project.arch.bp_offset, self.project.arch.bytes)
+        # We don't add sp since stack pointers are supposed to be get rid of in AIL. this is definitely a hack though
+        # self.state.add_use(Register(self.project.arch.sp_offset, self.project.arch.bits // 8))
+    def _handle_stmt_DirtyStatement(self, stmt: ailment.Stmt.DirtyStatement):
+        self._expr(stmt.dirty)
+    #
+    # AIL expression handlers
+    #
+    def _handle_expr_Tmp(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        self.state.add_tmp_use(expr.tmp_idx)
+        try:
+            return self.tmps[expr.tmp_idx]
+        except KeyError:
+            return self._top(expr.bits)
+    def _handle_expr_Call(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        data = self._handle_Call_base(expr, is_expr=True)
+        result = data.ret_values
+        if result is None:
+            return self._top(expr.bits)
+        # truncate result if needed
+        if len(result) > expr.bits:
+            assert mv_is_bv(result)
+            result = cast(
+                MultiValues[claripy.ast.BV | claripy.ast.FP],
+                result.extract((len(result) - expr.bits) // 8, expr.bits // 8, "Iend_BE"),
+            )
+        if data.ret_values_deps is not None:
+            for dep in data.ret_values_deps:
+                result = self.state.annotate_mv_with_def(result, dep)
+        return result
+    def _handle_expr_Register(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        self.state: ReachingDefinitionsState
+        reg_offset = expr.reg_offset
+        size = expr.size
+        # bits = size * 8
+        # Special handling for SP and BP
+        if self._stack_pointer_tracker is not None:
+            if reg_offset == self.arch.sp_offset:
+                sb_offset = self._stack_pointer_tracker.offset_before(self.ins_addr, self.arch.sp_offset)
+                if sb_offset is not None:
+                    return MultiValues(v=self.state._initial_stack_pointer() + sb_offset)
+            elif reg_offset == self.arch.bp_offset and not self.bp_as_gpr:
+                sb_offset = self._stack_pointer_tracker.offset_before(self.ins_addr, self.arch.bp_offset)
+                if sb_offset is not None:
+                    return MultiValues(v=self.state._initial_stack_pointer() + sb_offset)
+        reg_atom = Register(RegisterOffset(reg_offset), size)
+        # first check if it is ever defined
+        try:
+            value: MultiValues = self.state.registers.load(reg_offset, size=size)
+        except SimMemoryMissingError as ex:
+            # the full value does not exist, but we handle partial existence, too
+            missing_defs = None
+            if ex.missing_size != size:
+                existing_values = []
+                i = 0
+                while i < size:
+                    try:
+                        value: MultiValues = self.state.registers.load(reg_offset + i, size=1)
+                    except SimMemoryMissingError as ex_:
+                        i += ex_.missing_size
+                        continue
+                    i += 1
+                    existing_values.append(value)
+                # extract existing definitions
+                for existing_value in existing_values:
+                    for vs in existing_value.values():
+                        for v in vs:
+                            if missing_defs is None:
+                                missing_defs = self.state.extract_defs(v)
+                            else:
+                                missing_defs = chain(missing_defs, self.state.extract_defs(v))
+            if missing_defs is not None:
+                self.state.add_register_use_by_defs(missing_defs, expr=expr)
+            top = self.state.top(size * self.state.arch.byte_width)
+            # annotate it
+            extloc = self._external_codeloc()
+            top = self.state.annotate_with_def(top, Definition(reg_atom, extloc))
+            value = MultiValues(top)
+            # write it back
+            self.state.kill_and_add_definition(reg_atom, value, override_codeloc=extloc)
+        # extract Definitions
+        defs: Iterable[Definition] | None = None
+        for vs in value.values():
+            for v in vs:
+                defs = self.state.extract_defs(v) if defs is None else chain(defs, self.state.extract_defs(v))
+        if defs is None:
+            # define it right away as an external dependency
+            self.state.kill_and_add_definition(reg_atom, value, override_codeloc=self._external_codeloc())
+        else:
+            self.state.add_register_use_by_defs(defs, expr=expr)
+        return value
+    def _handle_expr_Load(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        addrs = self._expr_bv(expr.addr)
+        size = expr.size
+        bits = expr.bits
+        if expr.guard is not None:
+            assert expr.alt is not None
+            self._expr(expr.guard)
+            self._expr(expr.alt)
+        # convert addrs from MultiValues to a list of valid addresses
+        if addrs.count() == 1:
+            addrs_v = next(iter(addrs.values()))
+        else:
+            top = self.state.top(bits)
+            # annotate it
+            extloc = self._external_codeloc()
+            dummy_atom = MemoryLocation(0, size, endness=expr.endness)
+            def_ = Definition(dummy_atom, extloc)
+            top = self.state.annotate_with_def(top, def_)
+            # add use
+            self.state.add_memory_use_by_def(def_, expr=expr)
+            return MultiValues(top)
+        result: MultiValues | None = None
+        for addr in addrs_v:
+            if not isinstance(addr, claripy.ast.Base):
+                continue
+            if addr.concrete:
+                # a concrete address
+                concrete_addr: int = addr.concrete_value
+                try:
+                    vs: MultiValues = self.state.memory.load(concrete_addr, size=size, endness=expr.endness)
+                    defs = set(LiveDefinitions.extract_defs_from_mv(vs))
+                except SimMemoryMissingError:
+                    continue
+                self.state.add_memory_use_by_defs(defs, expr=expr)
+                result = result.merge(vs) if result is not None else vs
+            elif self.state.is_stack_address(addr):
+                stack_offset = self.state.get_stack_offset(addr)
+                if stack_offset is not None:
+                    stack_addr = self.state.live_definitions.stack_offset_to_stack_addr(stack_offset)
+                    try:
+                        vs: MultiValues = self.state.stack.load(stack_addr, size=size, endness=expr.endness)
+                        defs = set(LiveDefinitions.extract_defs_from_mv(vs))
+                    except SimMemoryMissingError:
+                        continue
+                    # XXX should be add_stack_use_by_defs?
+                    self.state.add_memory_use_by_defs(defs, expr=expr)
+                    result = result.merge(vs) if result is not None else vs
+            else:
+                # XXX does ail not support heap tracking?
+                l.debug("Memory address %r undefined or unsupported at pc %#x.", addr, self.ins_addr)
+        if result is None:
+            top = self.state.top(bits)
+            # TODO: Annotate top with a definition
+            result = MultiValues(top)
+        return result
+    def _handle_expr_Convert(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        to_conv: MultiValues = self._expr(expr.operand)
+        bits = expr.to_bits
+        size = bits // self.arch.byte_width
+        if (
+            to_conv.count() == 1
+            and 0 in to_conv
+            and expr.from_type == ailment.Expr.Convert.TYPE_INT
+            and expr.to_type == ailment.Expr.Convert.TYPE_INT
+        ):
+            values = to_conv[0]
+        else:
+            top = self.state.top(expr.to_bits)
+            # annotate it
+            dummy_atom = MemoryLocation(0, size, endness=self.arch.memory_endness)
+            def_ = Definition(dummy_atom, self._external_codeloc())
+            top = self.state.annotate_with_def(top, def_)
+            # add use
+            self.state.add_memory_use_by_def(def_, expr=expr)
+            return MultiValues(top)
+        converted = set()
+        for v in values:
+            if expr.to_bits < expr.from_bits:
+                conv = v[expr.to_bits - 1 : 0]
+            elif expr.to_bits > expr.from_bits:
+                conv = claripy.ZeroExt(expr.to_bits - expr.from_bits, v)
+            else:
+                conv = v
+            converted.add(conv)
+        return MultiValues(offset_to_values={0: converted})
+    def _handle_expr_Reinterpret(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        _: MultiValues = self._expr(expr.operand)
+        bits = expr.to_bits
+        # we currently do not support floating-point operations. therefore, we return TOP directly
+        reinterpreted = self.state.top(bits)
+        return MultiValues(reinterpreted)
+    def _handle_unop_Default(self, expr):
+        return self._top(expr.bits)
+    _handle_unop_Reference = _handle_unop_Default
+    _handle_unop_Ctz = _handle_unop_Default
+    _handle_unop_Dereference = _handle_unop_Default
+    _handle_unop_GetMSBs = _handle_unop_Default
+    _handle_unop_unpack = _handle_unop_Default
+    _handle_unop_Sqrt = _handle_unop_Default
+    _handle_unop_RSqrtEst = _handle_unop_Default
+    def _handle_expr_ITE(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        _: MultiValues = self._expr(expr.cond)
+        iftrue: MultiValues = self._expr(expr.iftrue)
+        _: MultiValues = self._expr(expr.iffalse)
+        top = self.state.top(len(iftrue))
+        return MultiValues(top)
+    def _handle_unop_Not(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        operand = self._expr_bv(expr.operand)
+        bits = expr.bits
+        operand_v = operand.one_value()
+        if operand_v is not None and operand_v.concrete:
+            return MultiValues(~operand_v)  # pylint:disable=invalid-unary-operand-type
+        return MultiValues(self.state.top(bits))
+    def _handle_unop_Neg(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        operand: MultiValues = self._expr(expr.operand)
+        bits = expr.bits
+        operand_v = operand.one_value()
+        if operand_v is not None and operand_v.concrete:
+            return MultiValues(-operand_v)  # pylint:disable=invalid-unary-operand-type
+        return MultiValues(self.state.top(bits))
+    def _handle_unop_BitwiseNeg(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        operand = self._expr_bv(expr.operand)
+        bits = expr.bits
+        operand_v = operand.one_value()
+        if operand_v is not None and operand_v.concrete:
+            return MultiValues(offset_to_values={0: {~operand_v}})
+        return MultiValues(offset_to_values={0: {self.state.top(bits)}})
+    def _handle_binop_Add(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        expr0, expr1 = self._expr_pair(expr.operands[0], expr.operands[1])
+        bits = expr.bits
+        r: MultiValues[claripy.ast.BV | claripy.ast.FP] | None = None
+        expr0_v = expr0.one_value()
+        expr1_v = expr1.one_value()
+        if expr0_v is not None and expr1_v is not None:
+            # adding two single values together
+            if (expr0_v.concrete or self.state.is_stack_address(expr0_v)) and expr1_v.concrete:
+                r = MultiValues(expr0_v + expr1_v)  # type: ignore
+        elif expr0_v is None and expr1_v is not None:
+            # adding a single value to a multivalue
+            if (
+                expr0.count() == 1
+                and 0 in expr0
+                and all(v.concrete or self.state.is_stack_address(v) for v in expr0[0])
+            ):
+                vs = {v + expr1_v for v in expr0[0]}  # type: ignore
+                r = MultiValues(offset_to_values={0: vs})
+        elif expr0_v is not None and expr1_v is None:
+            # adding a single value to a multivalue
+            if expr1.count() == 1 and 0 in expr1 and all(v.concrete for v in expr1[0]):
+                vs = {v + expr0_v for v in expr1[0]}  # type: ignore
+                r = MultiValues(offset_to_values={0: vs})
+        else:
+            r = MultiValues(self.state.top(bits))
+        if r is None:
+            r = MultiValues(self.state.top(bits))
+        return r
+    def _handle_binop_Sub(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        expr0, expr1 = self._expr_pair(expr.operands[0], expr.operands[1])
+        bits = expr.bits
+        r: MultiValues[claripy.ast.BV | claripy.ast.FP] | None = None
+        expr0_v = expr0.one_value()
+        expr1_v = expr1.one_value()
+        if expr0_v is not None and expr1_v is not None:
+            if (expr0_v.concrete or self.state.is_stack_address(expr0_v)) and expr1_v.concrete:
+                r = MultiValues(expr0_v - expr1_v)  # type: ignore
+        elif expr0_v is None and expr1_v is not None:
+            # subtracting a single value from a multivalue
+            if (
+                expr0.count() == 1
+                and 0 in expr0
+                and all(v.concrete or self.state.is_stack_address(v) for v in expr0[0])
+            ):
+                vs = {v - expr1_v for v in expr0[0]}  # type: ignore
+                r = MultiValues(offset_to_values={0: vs})
+        elif expr0_v is not None and expr1_v is None:
+            # subtracting a single value from a multivalue
+            if expr1.count() == 1 and 0 in expr1 and all(v.concrete for v in expr1[0]):
+                vs = {expr0_v - v for v in expr1[0]}  # type: ignore
+                r = MultiValues(offset_to_values={0: vs})
+        else:
+            r = MultiValues(self.state.top(bits))
+        if r is None:
+            r = MultiValues(self.state.top(bits))
+        return r
+    def _handle_binop_Default(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        arg0, arg1 = expr.operands
+        self._expr(arg0)
+        self._expr(arg1)
+        bits = expr.bits
+        return MultiValues(self.state.top(bits))
+    _handle_binop_AddV = _handle_binop_Add
+    _handle_binop_Div = _handle_binop_Default
+    _handle_binop_MulV = _handle_binop_Default
+    _handle_binop_MulHiV = _handle_binop_Default
+    _handle_binop_Mod = _handle_binop_Default
+    _handle_binop_AddF = _handle_binop_Default
+    _handle_binop_DivF = _handle_binop_Default
+    _handle_binop_DivV = _handle_binop_Default
+    _handle_binop_MulF = _handle_binop_Default
+    _handle_binop_SubF = _handle_binop_Default
+    _handle_binop_SubV = _handle_binop_Default
+    _handle_binop_InterleaveLOV = _handle_binop_Default
+    _handle_binop_InterleaveHIV = _handle_binop_Default
+    _handle_binop_CasCmpEQ = _handle_binop_Default
+    _handle_binop_CasCmpNE = _handle_binop_Default
+    _handle_binop_SarNV = _handle_binop_Default
+    _handle_binop_ShrNV = _handle_binop_Default
+    _handle_binop_ShlNV = _handle_binop_Default
+    _handle_binop_CmpEQV = _handle_binop_Default
+    _handle_binop_CmpNEV = _handle_binop_Default
+    _handle_binop_CmpGEV = _handle_binop_Default
+    _handle_binop_CmpGTV = _handle_binop_Default
+    _handle_binop_CmpLEV = _handle_binop_Default
+    _handle_binop_CmpLTV = _handle_binop_Default
+    _handle_binop_MinV = _handle_binop_Default
+    _handle_binop_MaxV = _handle_binop_Default
+    _handle_binop_QAddV = _handle_binop_Default
+    _handle_binop_QNarrowBinV = _handle_binop_Default
+    _handle_binop_PermV = _handle_binop_Default
+    _handle_binop_Set = _handle_binop_Default
+    def _handle_binop_Mul(self, expr):
+        expr0 = self._expr(expr.operands[0])
+        expr1 = self._expr(expr.operands[1])
+        bits = expr.bits
+        expr0_v = expr0.one_value()
+        expr1_v = expr1.one_value()
+        if expr0_v is not None and expr1_v is not None and expr0_v.concrete and expr1_v.concrete:
+            r = MultiValues(offset_to_values={0: {expr0_v * expr1_v}})  # type: ignore
+        else:
+            r = MultiValues(offset_to_values={0: {self.state.top(bits)}})
+        return r
+    def _handle_binop_Mull(self, expr):
+        expr0 = self._expr(expr.operands[0])
+        expr1 = self._expr(expr.operands[1])
+        bits = expr.bits
+        expr0_v = expr0.one_value()
+        expr1_v = expr1.one_value()
+        if expr0_v is not None and expr1_v is not None and expr0_v.concrete and expr1_v.concrete:
+            xt = expr.bits // 2
+            if expr.signed:
+                r = MultiValues(
+                    offset_to_values={0: {expr0_v.sign_extend(xt) * expr1_v.sign_extend(xt)}}  # type: ignore
+                )
+            else:
+                r = MultiValues(
+                    offset_to_values={0: {expr0_v.zero_extend(xt) * expr1_v.zero_extend(xt)}}  # type: ignore
+                )
+        else:
+            r = MultiValues(offset_to_values={0: {self.state.top(bits)}})
+        return r
+    def _handle_binop_Shr(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        expr0 = self._expr_bv(expr.operands[0])
+        expr1 = self._expr_bv(expr.operands[1])
+        bits = expr.bits
+        r: MultiValues[claripy.ast.BV | claripy.ast.FP] | None = None
+        expr0_v = expr0.one_value()
+        expr1_v = expr1.one_value()
+        if expr0_v is not None and expr1_v is not None:
+            if expr0_v.concrete and expr1_v.concrete:
+                r = MultiValues(claripy.LShR(expr0_v, expr1_v.concrete_value))
+        elif expr0_v is None and expr1_v is not None:
+            # each value in expr0 >> expr1_v
+            if expr0.count() == 1 and 0 in expr0 and all(v.concrete for v in expr0[0]) and expr1_v.concrete:
+                vs = {
+                    (claripy.LShR(v, expr1_v.concrete_value) if v.concrete else self.state.top(bits)) for v in expr0[0]
+                }
+                r = MultiValues(offset_to_values={0: vs})
+        elif expr0_v is not None and expr1_v is None:
+            # expr0_v >> each value in expr1
+            if expr1.count() == 1 and 0 in expr1 and all(v.concrete for v in expr1[0]):
+                vs = {
+                    (claripy.LShR(expr0_v, v.concrete_value) if v.concrete else self.state.top(bits)) for v in expr1[0]
+                }
+                r = MultiValues(offset_to_values={0: vs})
+        else:
+            r = MultiValues(self.state.top(bits))
+        if r is None:
+            r = MultiValues(self.state.top(bits))
+        return r
+    def _handle_binop_Sar(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        expr0 = self._expr_bv(expr.operands[0])
+        expr1 = self._expr_bv(expr.operands[1])
+        bits = expr.bits
+        r: MultiValues[claripy.ast.BV | claripy.ast.FP] | None = None
+        expr0_v = expr0.one_value()
+        expr1_v = expr1.one_value()
+        if expr0_v is not None and expr1_v is not None:
+            if expr0_v.concrete and expr1_v.concrete:
+                r = MultiValues(expr0_v >> expr1_v.concrete_value)
+        elif expr0_v is None and expr1_v is not None:
+            # each value in expr0 >> expr1_v
+            if expr0.count() == 1 and 0 in expr0 and all(v.concrete for v in expr0[0]) and expr1_v.concrete:
+                vs = {
+                    (claripy.LShR(v, expr1_v.concrete_value) if v.concrete else self.state.top(bits)) for v in expr0[0]
+                }
+                r = MultiValues(offset_to_values={0: vs})
+        elif expr0_v is not None and expr1_v is None:
+            # expr0_v >> each value in expr1
+            if expr1.count() == 1 and 0 in expr1 and all(v.concrete for v in expr1[0]):
+                vs = {
+                    (claripy.LShR(expr0_v, v.concrete_value) if v.concrete else self.state.top(bits)) for v in expr1[0]
+                }
+                r = MultiValues(offset_to_values={0: vs})
+        else:
+            r = MultiValues(self.state.top(bits))
+        if r is None:
+            r = MultiValues(self.state.top(bits))
+        return r
+    def _handle_binop_Shl(self, expr):
+        expr0 = self._expr_bv(expr.operands[0])
+        expr1 = self._expr_bv(expr.operands[1])
+        bits = expr.bits
+        r: MultiValues[claripy.ast.BV | claripy.ast.FP] | None = None
+        expr0_v = expr0.one_value()
+        expr1_v = expr1.one_value()
+        if expr0_v is not None and expr1_v is not None:
+            if expr0_v.concrete and expr1_v.concrete:
+                r = MultiValues(expr0_v << expr1_v.concrete_value)
+        elif expr0_v is None and expr1_v is not None:
+            # each value in expr0 << expr1_v
+            if expr0.count() == 1 and 0 in expr0 and all(v.concrete for v in expr0[0]) and expr1_v.concrete:
+                vs = {((v << expr1_v.concrete_value) if v.concrete else self.state.top(bits)) for v in expr0[0]}
+                r = MultiValues(offset_to_values={0: vs})
+        elif expr0_v is not None and expr1_v is None:
+            # expr0_v >> each value in expr1
+            if expr1.count() == 1 and 0 in expr1 and all(v.concrete for v in expr1[0]):
+                vs = {((expr0_v << v.concrete_value) if v.concrete else self.state.top(bits)) for v in expr1[0]}
+                r = MultiValues(offset_to_values={0: vs})
+        else:
+            r = MultiValues(self.state.top(bits))
+        if r is None:
+            r = MultiValues(self.state.top(bits))
+        return r
+    _handle_binop_Rol = _handle_binop_Default
+    _handle_binop_Ror = _handle_binop_Default
+    def _handle_binop_And(self, expr):
+        expr0 = self._expr_bv(expr.operands[0])
+        expr1 = self._expr_bv(expr.operands[1])
+        bits = expr.bits
+        r: MultiValues[claripy.ast.BV | claripy.ast.FP] | None = None
+        expr0_v = expr0.one_value()
+        expr1_v = expr1.one_value()
+        if expr0_v is not None and expr1_v is not None:
+            # special handling for stack alignment
+            if self.state.is_stack_address(expr0_v):
+                r = MultiValues(expr0_v)
+            else:
+                if expr0_v.concrete and expr1_v.concrete:
+                    r = MultiValues(expr0_v & expr1_v)
+        elif expr0_v is None and expr1_v is not None:
+            # expr1_v & each value in expr0
+            if expr0.count() == 1 and 0 in expr0 and all(v.concrete for v in expr0[0]):
+                r = MultiValues(offset_to_values={0: {v & expr1_v for v in expr0[0]}})
+        elif expr0_v is not None and expr1_v is None:
+            # expr0_v & each value in expr1
+            if expr1.count() == 1 and 0 in expr1 and all(v.concrete for v in expr1[0]):
+                r = MultiValues(offset_to_values={0: {expr0_v & v for v in expr1[0]}})
+        else:
+            r = MultiValues(self.state.top(bits))
+        if r is None:
+            r = MultiValues(self.state.top(bits))
+        return r
+    def _handle_binop_Or(self, expr):
+        expr0: MultiValues = self._expr(expr.operands[0])
+        expr1: MultiValues = self._expr(expr.operands[1])
+        bits = expr.bits
+        r: MultiValues[claripy.ast.BV | claripy.ast.FP] | None = None
+        expr0_v = expr0.one_value()
+        expr1_v = expr1.one_value()
+        if expr0_v is not None and expr1_v is not None:
+            if expr0_v.concrete and expr1_v.concrete:
+                r = MultiValues(expr0_v | expr1_v)
+        elif expr0_v is None and expr1_v is not None:
+            # expr1_v | each value in expr0
+            if expr0.count() == 1 and 0 in expr0 and all(v.concrete for v in expr0[0]):
+                vs = {v | expr1_v for v in expr0[0]}
+                r = MultiValues(offset_to_values={0: vs})
+        elif expr0_v is not None and expr1_v is None:
+            # expr0_v | each value in expr1
+            if expr1.count() == 1 and 0 in expr1 and all(v.concrete for v in expr1[0]):
+                vs = {expr0_v | v for v in expr1[0]}
+                r = MultiValues(offset_to_values={0: vs})
+        else:
+            r = MultiValues(self.state.top(bits))
+        if r is None:
+            r = MultiValues(self.state.top(bits))
+        return r
+    def _handle_binop_LogicalAnd(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        expr0: MultiValues = self._expr(expr.operands[0])
+        expr1: MultiValues = self._expr(expr.operands[1])
+        bits = expr.bits
+        expr0_v = expr0.one_value()
+        expr1_v = expr1.one_value()
+        # TODO: can maybe be smarter about this. if we can determine that expr0 is never falsey, we can just return it,
+        # TODO: or if it's always falsey we can return expr1 (did I get this backwards?)
+        if expr0_v is None or expr1_v is None:
+            return MultiValues(self.state.top(bits))
+        return MultiValues(claripy.If(expr0_v == 0, expr0_v, expr1_v))
+    def _handle_binop_LogicalOr(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        expr0: MultiValues = self._expr(expr.operands[0])
+        expr1: MultiValues = self._expr(expr.operands[1])
+        bits = expr.bits
+        expr0_v = expr0.one_value()
+        expr1_v = expr1.one_value()
+        if expr0_v is None or expr1_v is None:
+            return MultiValues(self.state.top(bits))
+        return MultiValues(claripy.If(expr0_v != 0, expr0_v, expr1_v))
+    def _handle_binop_LogicalXor(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        expr0: MultiValues = self._expr(expr.operands[0])
+        expr1: MultiValues = self._expr(expr.operands[1])
+        bits = expr.bits
+        expr0_v = expr0.one_value()
+        expr1_v = expr1.one_value()
+        if expr0_v is None or expr1_v is None:
+            return MultiValues(self.state.top(bits))
+        return MultiValues(claripy.If(expr0_v != 0, expr1_v, expr0_v))
+    def _handle_binop_Xor(self, expr):
+        expr0: MultiValues = self._expr(expr.operands[0])
+        expr1: MultiValues = self._expr(expr.operands[1])
+        bits = expr.bits
+        r: MultiValues[claripy.ast.BV | claripy.ast.FP] | None = None
+        expr0_v = expr0.one_value()
+        expr1_v = expr1.one_value()
+        if expr0_v is not None and expr1_v is not None:
+            if expr0_v.concrete and expr1_v.concrete:
+                r = MultiValues(expr0_v ^ expr1_v)
+        elif expr0_v is None and expr1_v is not None:
+            # expr1_v ^ each value in expr0
+            if expr0.count() == 1 and 0 in expr0 and all(v.concrete for v in expr0[0]):
+                vs = {v ^ expr1_v for v in expr0[0]}
+                r = MultiValues(offset_to_values={0: vs})
+        elif expr0_v is not None and expr1_v is None:
+            # expr0_v ^ each value in expr1
+            if expr1.count() == 1 and 0 in expr1 and all(v.concrete for v in expr1[0]):
+                vs = {expr0_v ^ v for v in expr1[0]}
+                r = MultiValues(offset_to_values={0: vs})
+        else:
+            r = MultiValues(self.state.top(bits))
+        if r is None:
+            r = MultiValues(self.state.top(bits))
+        return r
+    def _handle_binop_Carry(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        _ = self._expr(expr.operands[0])
+        _ = self._expr(expr.operands[1])
+        bits = expr.bits
+        return MultiValues(self.state.top(bits))
+    def _handle_binop_SCarry(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        _ = self._expr(expr.operands[0])
+        _ = self._expr(expr.operands[1])
+        bits = expr.bits
+        return MultiValues(self.state.top(bits))
+    def _handle_binop_SBorrow(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        _ = self._expr(expr.operands[0])
+        _ = self._expr(expr.operands[1])
+        bits = expr.bits
+        return MultiValues(self.state.top(bits))
+    def _handle_binop_Concat(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        expr0 = self._expr_bv(expr.operands[0])
+        expr1 = self._expr_bv(expr.operands[1])
+        bits = expr.bits
+        r: MultiValues[claripy.ast.BV | claripy.ast.FP] | None = None
+        expr0_v = expr0.one_value()
+        expr1_v = expr1.one_value()
+        if expr0_v is not None and expr1_v is not None:
+            if expr0_v.concrete and expr1_v.concrete:
+                r = MultiValues(claripy.Concat(expr0_v, expr1_v))
+        elif expr0_v is None and expr1_v is not None:
+            # concatenate expr1_v with each value in expr0
+            if expr0.count() == 1 and 0 in expr0 and all(v.concrete for v in expr0[0]):
+                r = MultiValues(offset_to_values={0: {claripy.Concat(v, expr1_v) for v in expr0[0]}})
+        elif expr0_v is not None and expr1_v is None:
+            # concatenate expr0_v with each value in expr1
+            if expr1.count() == 1 and 0 in expr1 and all(v.concrete for v in expr1[0]):
+                r = MultiValues(offset_to_values={0: {claripy.Concat(expr0_v, v) for v in expr1[0]}})
+        else:
+            r = MultiValues(self.state.top(bits))
+        if r is None:
+            r = MultiValues(self.state.top(bits))
+        return r
+    def _handle_binop_Cmp(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        op0 = self._expr(expr.operands[0])
+        op1 = self._expr(expr.operands[1])
+        if op0 is None:
+            _ = expr.operands[0]
+        if op1 is None:
+            _ = expr.operands[1]
+        top = self.state.top(expr.bits)
+        return MultiValues(top)
+    _handle_binop_CmpF = _handle_binop_Cmp
+    _handle_binop_CmpEQ = _handle_binop_Cmp
+    _handle_binop_CmpNE = _handle_binop_Cmp
+    _handle_binop_CmpLE = _handle_binop_Cmp
+    _handle_binop_CmpLEs = _handle_binop_Cmp
+    _handle_binop_CmpLT = _handle_binop_Cmp
+    _handle_binop_CmpLTs = _handle_binop_Cmp
+    _handle_binop_CmpGE = _handle_binop_Cmp
+    _handle_binop_CmpGEs = _handle_binop_Cmp
+    _handle_binop_CmpGT = _handle_binop_Cmp
+    _handle_binop_CmpGTs = _handle_binop_Cmp
+    _handle_binop_CmpORD = _handle_binop_Cmp
+    def _handle_binop_ExpCmpNE(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        self._expr(expr.operands[0])
+        self._expr(expr.operands[1])
+        return MultiValues(self.state.top(expr.bits))
+    def _handle_unop_Clz(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        self._expr(expr.operand)
+        return MultiValues(self.state.top(expr.bits))
+    def _handle_expr_Const(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        self.state.mark_const(expr.value, expr.size)
+        if isinstance(expr.value, float):
+            sort = None
+            if expr.bits == 64:
+                sort = FSORT_DOUBLE
+            elif expr.bits == 32:
+                sort = FSORT_FLOAT
+            return MultiValues(claripy.FPV(expr.value, sort))
+        return MultiValues(claripy.BVV(expr.value, expr.bits))
+    def _handle_expr_StackBaseOffset(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        stack_addr = self.state.stack_address(expr.offset)
+        return MultiValues(stack_addr)
+    def _ail_handle_VEXCCallExpression(self, expr: ailment.Expr.VEXCCallExpression) -> MultiValues:
+        for operand in expr.operands:
+            self._expr(operand)
+        top = self.state.top(expr.bits)
+        return MultiValues(top)
+    def _handle_expr_Phi(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        return self._top(expr.bits)  # TODO
+    def _handle_expr_VEXCCallExpression(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        return self._top(expr.bits)  # TODO
+    def _handle_expr_VirtualVariable(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        return self._top(expr.bits)  # TODO
+    def _handle_expr_DirtyExpression(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        if isinstance(expr.dirty_expr, ailment.expression.VEXCCallExpression):
+            for operand in expr.dirty_expr.operands:
+                self._expr(operand)
+        return MultiValues(self.state.top(expr.bits))
+    def _handle_expr_BasePointerOffset(self, expr):
+        return self._top(expr.bits)
+    def _handle_expr_MultiStatementExpression(self, expr):
+        return self._top(expr.bits)