angr 9.2.86__py3-none-win_amd64.whl → 9.2.87__py3-none-win_amd64.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of angr might be problematic. Click here for more details.
- angr/__init__.py +1 -1
- angr/analyses/calling_convention.py +8 -6
- angr/analyses/data_dep/data_dependency_analysis.py +1 -0
- angr/analyses/decompiler/condition_processor.py +15 -9
- angr/analyses/decompiler/empty_node_remover.py +5 -3
- angr/analyses/decompiler/optimization_passes/optimization_pass.py +3 -3
- angr/analyses/decompiler/structured_codegen/c.py +17 -11
- angr/analyses/decompiler/structuring/phoenix.py +15 -9
- angr/analyses/disassembly.py +14 -12
- angr/analyses/reaching_definitions/dep_graph.py +10 -20
- angr/analyses/reaching_definitions/rd_state.py +4 -8
- angr/analyses/vfg.py +6 -6
- angr/calling_conventions.py +15 -7
- angr/engines/soot/expressions/condition.py +1 -1
- angr/engines/vex/claripy/irop.py +1 -0
- angr/engines/vex/heavy/heavy.py +3 -0
- angr/factory.py +2 -4
- angr/knowledge_plugins/key_definitions/live_definitions.py +4 -8
- angr/knowledge_plugins/key_definitions/rd_model.py +4 -4
- angr/knowledge_plugins/variables/variable_manager.py +3 -3
- angr/lib/angr_native.dll +0 -0
- angr/sim_procedure.py +3 -3
- angr/sim_type.py +9 -5
- angr/state_plugins/solver.py +36 -72
- angr/state_plugins/unicorn_engine.py +3 -3
- angr/storage/file.py +13 -9
- angr/storage/memory_mixins/paged_memory/pages/cooperation.py +10 -6
- angr/storage/memory_mixins/paged_memory/pages/multi_values.py +2 -10
- angr/storage/memory_mixins/regioned_memory/regioned_memory_mixin.py +12 -12
- angr/utils/graph.py +2 -1
- {angr-9.2.86.dist-info → angr-9.2.87.dist-info}/METADATA +6 -6
- {angr-9.2.86.dist-info → angr-9.2.87.dist-info}/RECORD +38 -36
- tests/utils/__init__.py +0 -0
- tests/utils/test_graph.py +41 -0
- {angr-9.2.86.dist-info → angr-9.2.87.dist-info}/LICENSE +0 -0
- {angr-9.2.86.dist-info → angr-9.2.87.dist-info}/WHEEL +0 -0
- {angr-9.2.86.dist-info → angr-9.2.87.dist-info}/entry_points.txt +0 -0
- {angr-9.2.86.dist-info → angr-9.2.87.dist-info}/top_level.txt +0 -0
angr/__init__.py
CHANGED
|
@@ -166,9 +166,11 @@ class CallingConventionAnalysis(Analysis):
|
|
|
166
166
|
)
|
|
167
167
|
cc_cls = default_cc(
|
|
168
168
|
self.project.arch.name,
|
|
169
|
-
platform=
|
|
170
|
-
|
|
171
|
-
|
|
169
|
+
platform=(
|
|
170
|
+
self.project.simos.name
|
|
171
|
+
if self.project is not None and self.project.simos is not None
|
|
172
|
+
else None
|
|
173
|
+
),
|
|
172
174
|
)
|
|
173
175
|
if cc_cls is not None:
|
|
174
176
|
cc = cc_cls(self.project.arch)
|
|
@@ -224,9 +226,9 @@ class CallingConventionAnalysis(Analysis):
|
|
|
224
226
|
]
|
|
225
227
|
cc_cls = default_cc(
|
|
226
228
|
self.project.arch.name,
|
|
227
|
-
platform=
|
|
228
|
-
|
|
229
|
-
|
|
229
|
+
platform=(
|
|
230
|
+
self.project.simos.name if self.project is not None and self.project.simos is not None else None
|
|
231
|
+
),
|
|
230
232
|
)
|
|
231
233
|
if cc_cls is not None:
|
|
232
234
|
cc = cc_cls(self.project.arch)
|
|
@@ -309,9 +309,11 @@ class ConditionProcessor:
|
|
|
309
309
|
elif isinstance(node, CodeNode):
|
|
310
310
|
node = CodeNode(
|
|
311
311
|
self.remove_claripy_bool_asts(node.node, memo=memo),
|
|
312
|
-
|
|
313
|
-
|
|
314
|
-
|
|
312
|
+
(
|
|
313
|
+
None
|
|
314
|
+
if node.reaching_condition is None
|
|
315
|
+
else self.convert_claripy_bool_ast(node.reaching_condition, memo=memo)
|
|
316
|
+
),
|
|
315
317
|
)
|
|
316
318
|
return node
|
|
317
319
|
|
|
@@ -325,9 +327,11 @@ class ConditionProcessor:
|
|
|
325
327
|
elif isinstance(node, ConditionNode):
|
|
326
328
|
return ConditionNode(
|
|
327
329
|
node.addr,
|
|
328
|
-
|
|
329
|
-
|
|
330
|
-
|
|
330
|
+
(
|
|
331
|
+
None
|
|
332
|
+
if node.reaching_condition is None
|
|
333
|
+
else self.convert_claripy_bool_ast(node.reaching_condition, memo=memo)
|
|
334
|
+
),
|
|
331
335
|
self.convert_claripy_bool_ast(node.condition, memo=memo),
|
|
332
336
|
self.remove_claripy_bool_asts(node.true_node, memo=memo),
|
|
333
337
|
self.remove_claripy_bool_asts(node.false_node, memo=memo),
|
|
@@ -689,9 +693,11 @@ class ConditionProcessor:
|
|
|
689
693
|
"__mod__": lambda cond_, tags: _binary_op_reduce("Mod", cond_.args, tags),
|
|
690
694
|
"LShR": lambda cond_, tags: _binary_op_reduce("Shr", cond_.args, tags),
|
|
691
695
|
"BVV": lambda cond_, tags: ailment.Expr.Const(None, None, cond_.args[0], cond_.size(), **tags),
|
|
692
|
-
"BoolV": lambda cond_, tags:
|
|
693
|
-
|
|
694
|
-
|
|
696
|
+
"BoolV": lambda cond_, tags: (
|
|
697
|
+
ailment.Expr.Const(None, None, True, 1, **tags)
|
|
698
|
+
if cond_.args[0] is True
|
|
699
|
+
else ailment.Expr.Const(None, None, False, 1, **tags)
|
|
700
|
+
),
|
|
695
701
|
"Extract": lambda cond_, tags: self._convert_extract(*cond_.args, tags, memo=memo),
|
|
696
702
|
"ZeroExt": lambda cond_, tags: _binary_op_reduce(
|
|
697
703
|
"Concat", [claripy.BVV(0, cond_.args[0]), cond_.args[1]], tags
|
|
@@ -133,9 +133,11 @@ class EmptyNodeRemover:
|
|
|
133
133
|
return ConditionNode(
|
|
134
134
|
node.addr,
|
|
135
135
|
node.reaching_condition,
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
136
|
+
(
|
|
137
|
+
ConditionProcessor.simplify_condition(claripy.Not(node.condition))
|
|
138
|
+
if self._claripy_ast_conditions
|
|
139
|
+
else negate(node.condition)
|
|
140
|
+
),
|
|
139
141
|
false_node,
|
|
140
142
|
false_node=None,
|
|
141
143
|
)
|
|
@@ -52,9 +52,9 @@ class BaseOptimizationPass:
|
|
|
52
52
|
ARCHES = [] # strings of supported architectures
|
|
53
53
|
PLATFORMS = [] # strings of supported platforms. Can be one of the following: "win32", "linux"
|
|
54
54
|
STAGE: int = None # Specifies when this optimization pass should be executed
|
|
55
|
-
STRUCTURING: Optional[
|
|
56
|
-
|
|
57
|
-
|
|
55
|
+
STRUCTURING: Optional[str] = (
|
|
56
|
+
None # specifies if this optimization pass is specific to a certain structuring algorithm
|
|
57
|
+
)
|
|
58
58
|
NAME = "N/A"
|
|
59
59
|
DESCRIPTION = "N/A"
|
|
60
60
|
|
|
@@ -2801,18 +2801,24 @@ class CStructuredCodeGenerator(BaseStructuredCodeGenerator, Analysis):
|
|
|
2801
2801
|
result = reduce(
|
|
2802
2802
|
lambda a1, a2: CBinaryOp("Add", a1, a2, codegen=self),
|
|
2803
2803
|
(
|
|
2804
|
-
|
|
2805
|
-
|
|
2806
|
-
|
|
2807
|
-
|
|
2808
|
-
|
|
2809
|
-
|
|
2810
|
-
|
|
2804
|
+
(
|
|
2805
|
+
CBinaryOp(
|
|
2806
|
+
"Mul",
|
|
2807
|
+
CConstant(c, t.type, codegen=self),
|
|
2808
|
+
(
|
|
2809
|
+
t
|
|
2810
|
+
if not isinstance(t.type, SimTypePointer)
|
|
2811
|
+
else CTypeCast(t.type, SimTypePointer(SimTypeChar()), t, codegen=self)
|
|
2812
|
+
),
|
|
2813
|
+
codegen=self,
|
|
2814
|
+
)
|
|
2815
|
+
if c != 1
|
|
2816
|
+
else (
|
|
2817
|
+
t
|
|
2818
|
+
if not isinstance(t.type, SimTypePointer)
|
|
2819
|
+
else CTypeCast(t.type, SimTypePointer(SimTypeChar()), t, codegen=self)
|
|
2820
|
+
)
|
|
2811
2821
|
)
|
|
2812
|
-
if c != 1
|
|
2813
|
-
else t
|
|
2814
|
-
if not isinstance(t.type, SimTypePointer)
|
|
2815
|
-
else CTypeCast(t.type, SimTypePointer(SimTypeChar()), t, codegen=self)
|
|
2816
2822
|
for c, t in o_terms
|
|
2817
2823
|
),
|
|
2818
2824
|
)
|
|
@@ -179,9 +179,11 @@ class PhoenixStructurer(StructurerBase):
|
|
|
179
179
|
removed_edge = self._last_resort_refinement(
|
|
180
180
|
self._region.head,
|
|
181
181
|
self._region.graph,
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
182
|
+
(
|
|
183
|
+
self._region.graph_with_successors
|
|
184
|
+
if self._region.graph_with_successors is not None
|
|
185
|
+
else networkx.DiGraph(self._region.graph)
|
|
186
|
+
),
|
|
185
187
|
)
|
|
186
188
|
self._assert_graph_ok(self._region.graph, "Last resort refinement went wrong")
|
|
187
189
|
if not removed_edge:
|
|
@@ -204,9 +206,11 @@ class PhoenixStructurer(StructurerBase):
|
|
|
204
206
|
node,
|
|
205
207
|
self._region.head,
|
|
206
208
|
self._region.graph,
|
|
207
|
-
|
|
208
|
-
|
|
209
|
-
|
|
209
|
+
(
|
|
210
|
+
self._region.graph_with_successors
|
|
211
|
+
if self._region.graph_with_successors is not None
|
|
212
|
+
else networkx.DiGraph(self._region.graph)
|
|
213
|
+
),
|
|
210
214
|
)
|
|
211
215
|
l.debug("... matching cyclic schemas: %s at %r", matched, node)
|
|
212
216
|
any_matches |= matched
|
|
@@ -911,9 +915,11 @@ class PhoenixStructurer(StructurerBase):
|
|
|
911
915
|
try:
|
|
912
916
|
any_matches_this_iteration = self._match_acyclic_schemas(
|
|
913
917
|
self._region.graph,
|
|
914
|
-
|
|
915
|
-
|
|
916
|
-
|
|
918
|
+
(
|
|
919
|
+
self._region.graph_with_successors
|
|
920
|
+
if self._region.graph_with_successors is not None
|
|
921
|
+
else networkx.DiGraph(self._region.graph)
|
|
922
|
+
),
|
|
917
923
|
self._region.head,
|
|
918
924
|
)
|
|
919
925
|
except GraphChangedNotification:
|
angr/analyses/disassembly.py
CHANGED
|
@@ -1168,18 +1168,20 @@ class Disassembly(Analysis):
|
|
|
1168
1168
|
|
|
1169
1169
|
if formatting is None:
|
|
1170
1170
|
formatting = {
|
|
1171
|
-
"colors":
|
|
1172
|
-
|
|
1173
|
-
|
|
1174
|
-
|
|
1175
|
-
|
|
1176
|
-
|
|
1177
|
-
|
|
1178
|
-
|
|
1179
|
-
|
|
1180
|
-
|
|
1181
|
-
|
|
1182
|
-
|
|
1171
|
+
"colors": (
|
|
1172
|
+
{
|
|
1173
|
+
"address": "gray",
|
|
1174
|
+
"bytes": "cyan",
|
|
1175
|
+
"edge": "yellow",
|
|
1176
|
+
Label: "bright_yellow",
|
|
1177
|
+
ConstantOperand: "cyan",
|
|
1178
|
+
MemoryOperand: "yellow",
|
|
1179
|
+
Comment: "gray",
|
|
1180
|
+
Hook: "green",
|
|
1181
|
+
}
|
|
1182
|
+
if ansi_color_enabled and color
|
|
1183
|
+
else {}
|
|
1184
|
+
),
|
|
1183
1185
|
"format_callback": lambda item, s: ansi_color(s, formatting["colors"].get(type(item), None)),
|
|
1184
1186
|
}
|
|
1185
1187
|
|
|
@@ -240,8 +240,7 @@ class DepGraph:
|
|
|
240
240
|
*,
|
|
241
241
|
kind: Type[A],
|
|
242
242
|
**kwargs: Any,
|
|
243
|
-
) -> List[Definition[A]]:
|
|
244
|
-
...
|
|
243
|
+
) -> List[Definition[A]]: ...
|
|
245
244
|
|
|
246
245
|
@overload
|
|
247
246
|
def find_all_predecessors(
|
|
@@ -250,8 +249,7 @@ class DepGraph:
|
|
|
250
249
|
*,
|
|
251
250
|
kind: Literal[AtomKind.REGISTER] = AtomKind.REGISTER,
|
|
252
251
|
**kwargs: Any,
|
|
253
|
-
) -> List[Definition[Register]]:
|
|
254
|
-
...
|
|
252
|
+
) -> List[Definition[Register]]: ...
|
|
255
253
|
|
|
256
254
|
@overload
|
|
257
255
|
def find_all_predecessors(
|
|
@@ -260,8 +258,7 @@ class DepGraph:
|
|
|
260
258
|
*,
|
|
261
259
|
kind: Literal[AtomKind.MEMORY] = AtomKind.MEMORY,
|
|
262
260
|
**kwargs: Any,
|
|
263
|
-
) -> List[Definition[MemoryLocation]]:
|
|
264
|
-
...
|
|
261
|
+
) -> List[Definition[MemoryLocation]]: ...
|
|
265
262
|
|
|
266
263
|
@overload
|
|
267
264
|
def find_all_predecessors(
|
|
@@ -270,8 +267,7 @@ class DepGraph:
|
|
|
270
267
|
*,
|
|
271
268
|
kind: Literal[AtomKind.TMP] = AtomKind.TMP,
|
|
272
269
|
**kwargs: Any,
|
|
273
|
-
) -> List[Definition[Tmp]]:
|
|
274
|
-
...
|
|
270
|
+
) -> List[Definition[Tmp]]: ...
|
|
275
271
|
|
|
276
272
|
@overload
|
|
277
273
|
def find_all_predecessors(
|
|
@@ -280,8 +276,7 @@ class DepGraph:
|
|
|
280
276
|
*,
|
|
281
277
|
kind: Literal[AtomKind.CONSTANT] = AtomKind.CONSTANT,
|
|
282
278
|
**kwargs: Any,
|
|
283
|
-
) -> List[Definition[ConstantSrc]]:
|
|
284
|
-
...
|
|
279
|
+
) -> List[Definition[ConstantSrc]]: ...
|
|
285
280
|
|
|
286
281
|
@overload
|
|
287
282
|
def find_all_predecessors(
|
|
@@ -290,8 +285,7 @@ class DepGraph:
|
|
|
290
285
|
*,
|
|
291
286
|
kind: Literal[AtomKind.GUARD] = AtomKind.GUARD,
|
|
292
287
|
**kwargs: Any,
|
|
293
|
-
) -> List[Definition[GuardUse]]:
|
|
294
|
-
...
|
|
288
|
+
) -> List[Definition[GuardUse]]: ...
|
|
295
289
|
|
|
296
290
|
@overload
|
|
297
291
|
def find_all_predecessors(
|
|
@@ -300,26 +294,22 @@ class DepGraph:
|
|
|
300
294
|
*,
|
|
301
295
|
reg_name: Union[int, str] = ...,
|
|
302
296
|
**kwargs: Any,
|
|
303
|
-
) -> List[Definition[Register]]:
|
|
304
|
-
...
|
|
297
|
+
) -> List[Definition[Register]]: ...
|
|
305
298
|
|
|
306
299
|
@overload
|
|
307
300
|
def find_all_predecessors(
|
|
308
301
|
self, starts: Union[Definition[Atom], Iterable[Definition[Atom]]], *, stack_offset: int = ..., **kwargs: Any
|
|
309
|
-
) -> List[Definition[MemoryLocation]]:
|
|
310
|
-
...
|
|
302
|
+
) -> List[Definition[MemoryLocation]]: ...
|
|
311
303
|
|
|
312
304
|
@overload
|
|
313
305
|
def find_all_predecessors(
|
|
314
306
|
self, starts: Union[Definition[Atom], Iterable[Definition[Atom]]], *, const_val: int = ..., **kwargs: Any
|
|
315
|
-
) -> List[Definition[ConstantSrc]]:
|
|
316
|
-
...
|
|
307
|
+
) -> List[Definition[ConstantSrc]]: ...
|
|
317
308
|
|
|
318
309
|
@overload
|
|
319
310
|
def find_all_predecessors(
|
|
320
311
|
self, starts: Union[Definition[Atom], Iterable[Definition[Atom]]], **kwargs: Any
|
|
321
|
-
) -> List[Definition[Atom]]:
|
|
322
|
-
...
|
|
312
|
+
) -> List[Definition[Atom]]: ...
|
|
323
313
|
|
|
324
314
|
def find_all_predecessors(self, starts, **kwargs):
|
|
325
315
|
"""
|
|
@@ -496,14 +496,12 @@ class ReachingDefinitionsState:
|
|
|
496
496
|
@overload
|
|
497
497
|
def get_concrete_value(
|
|
498
498
|
self, spec: Union[Atom, Definition[Atom], Iterable[Atom]], cast_to: Type[int] = ...
|
|
499
|
-
) -> Optional[int]:
|
|
500
|
-
...
|
|
499
|
+
) -> Optional[int]: ...
|
|
501
500
|
|
|
502
501
|
@overload
|
|
503
502
|
def get_concrete_value(
|
|
504
503
|
self, spec: Union[Atom, Definition[Atom], Iterable[Atom]], cast_to: Type[bytes] = ...
|
|
505
|
-
) -> Optional[bytes]:
|
|
506
|
-
...
|
|
504
|
+
) -> Optional[bytes]: ...
|
|
507
505
|
|
|
508
506
|
def get_concrete_value(
|
|
509
507
|
self, spec: Union[Atom, Definition[Atom], Iterable[Atom]], cast_to: Union[Type[int], Type[bytes]] = int
|
|
@@ -574,8 +572,7 @@ class ReachingDefinitionsState:
|
|
|
574
572
|
pointer: Union[int, claripy.ast.bv.BV, HeapAddress, SpOffset],
|
|
575
573
|
size: Union[int, DerefSize],
|
|
576
574
|
endness: str = ...,
|
|
577
|
-
) -> Optional[MemoryLocation]:
|
|
578
|
-
...
|
|
575
|
+
) -> Optional[MemoryLocation]: ...
|
|
579
576
|
|
|
580
577
|
@overload
|
|
581
578
|
def deref(
|
|
@@ -583,8 +580,7 @@ class ReachingDefinitionsState:
|
|
|
583
580
|
pointer: Union[MultiValues, Atom, Definition, Iterable[Atom], Iterable[Definition]],
|
|
584
581
|
size: Union[int, DerefSize],
|
|
585
582
|
endness: str = ...,
|
|
586
|
-
) -> Set[MemoryLocation]:
|
|
587
|
-
...
|
|
583
|
+
) -> Set[MemoryLocation]: ...
|
|
588
584
|
|
|
589
585
|
def deref(
|
|
590
586
|
self,
|
angr/analyses/vfg.py
CHANGED
|
@@ -370,9 +370,9 @@ class VFG(ForwardAnalysis[SimState, VFGNode, VFGJob, BlockID], Analysis): # pyl
|
|
|
370
370
|
self._record_function_final_states = record_function_final_states
|
|
371
371
|
|
|
372
372
|
self._nodes: Dict[BlockID, VFGNode] = {} # all the vfg nodes, keyed on block IDs
|
|
373
|
-
self._normal_states: Dict[
|
|
374
|
-
|
|
375
|
-
|
|
373
|
+
self._normal_states: Dict[BlockID, SimState] = (
|
|
374
|
+
{}
|
|
375
|
+
) # Last available state for each program point without widening
|
|
376
376
|
self._widened_states: Dict[BlockID, SimState] = {} # States on which widening has occurred
|
|
377
377
|
|
|
378
378
|
# Initial states of each function, which is context sensitive
|
|
@@ -398,9 +398,9 @@ class VFG(ForwardAnalysis[SimState, VFGNode, VFGJob, BlockID], Analysis): # pyl
|
|
|
398
398
|
|
|
399
399
|
self._thumb_addrs: Set[int] = set() # set of all addresses that are code in thumb mode
|
|
400
400
|
|
|
401
|
-
self._final_address: Optional[
|
|
402
|
-
|
|
403
|
-
|
|
401
|
+
self._final_address: Optional[int] = (
|
|
402
|
+
None # Address of the very last instruction. The analysis is terminated there.
|
|
403
|
+
)
|
|
404
404
|
|
|
405
405
|
self._function_merge_points: Dict[int, List[int]] = {}
|
|
406
406
|
self._function_widening_points: Dict[int, List[int]] = {}
|
angr/calling_conventions.py
CHANGED
|
@@ -565,12 +565,12 @@ class SimCC:
|
|
|
565
565
|
CALLER_SAVED_REGS: List[str] = [] # Caller-saved registers
|
|
566
566
|
RETURN_ADDR: SimFunctionArgument = None # The location where the return address is stored, as a SimFunctionArgument
|
|
567
567
|
RETURN_VAL: SimFunctionArgument = None # The location where the return value is stored, as a SimFunctionArgument
|
|
568
|
-
OVERFLOW_RETURN_VAL: Optional[
|
|
569
|
-
|
|
570
|
-
|
|
571
|
-
FP_RETURN_VAL: Optional[
|
|
572
|
-
|
|
573
|
-
|
|
568
|
+
OVERFLOW_RETURN_VAL: Optional[SimFunctionArgument] = (
|
|
569
|
+
None # The second half of the location where a double-length return value is stored
|
|
570
|
+
)
|
|
571
|
+
FP_RETURN_VAL: Optional[SimFunctionArgument] = (
|
|
572
|
+
None # The location where floating-point argument return values are stored
|
|
573
|
+
)
|
|
574
574
|
ARCH = None # The archinfo.Arch class that this CC must be used for, if relevant
|
|
575
575
|
CALLEE_CLEANUP = False # Whether the callee has to deallocate the stack space for the arguments
|
|
576
576
|
|
|
@@ -1423,7 +1423,15 @@ class SimCCSystemVAMD64(SimCC):
|
|
|
1423
1423
|
ex_arg = arg
|
|
1424
1424
|
# attempt to coerce the argument into a form that might show up in these lists
|
|
1425
1425
|
if type(ex_arg) is SimRegArg:
|
|
1426
|
-
|
|
1426
|
+
if ex_arg.reg_name not in arch.registers:
|
|
1427
|
+
# danger!
|
|
1428
|
+
# if the register name is a digit-only string, we use it as an offset
|
|
1429
|
+
try:
|
|
1430
|
+
regfile_offset = int(ex_arg.reg_name)
|
|
1431
|
+
except ValueError:
|
|
1432
|
+
return False
|
|
1433
|
+
else:
|
|
1434
|
+
regfile_offset = arch.registers[ex_arg.reg_name][0]
|
|
1427
1435
|
while regfile_offset not in arch.register_names:
|
|
1428
1436
|
regfile_offset -= 1
|
|
1429
1437
|
ex_arg.reg_name = arch.register_names[regfile_offset]
|
angr/engines/vex/claripy/irop.py
CHANGED
angr/engines/vex/heavy/heavy.py
CHANGED
|
@@ -221,6 +221,9 @@ class HeavyVEXMixin(SuccessorsMixin, ClaripyDataMixin, SimStateStorageMixin, VEX
|
|
|
221
221
|
else ret_state.solver.false
|
|
222
222
|
)
|
|
223
223
|
ret_target = ret_state.solver.BVV(successors.addr + irsb.size, ret_state.arch.bits)
|
|
224
|
+
ret_state.registers.store(
|
|
225
|
+
ret_state.arch.ret_offset, ret_state.solver.Unconstrained("fake_ret_value", ret_state.arch.bits)
|
|
226
|
+
)
|
|
224
227
|
if ret_state.arch.call_pushes_ret and not exit_jumpkind.startswith("Ijk_Sys"):
|
|
225
228
|
ret_state.regs.sp = ret_state.regs.sp + ret_state.arch.bytes
|
|
226
229
|
successors.add_successor(
|
angr/factory.py
CHANGED
|
@@ -289,8 +289,7 @@ class AngrObjectFactory:
|
|
|
289
289
|
cross_insn_opt=True,
|
|
290
290
|
load_from_ro_regions=False,
|
|
291
291
|
initial_regs=None,
|
|
292
|
-
) -> "Block":
|
|
293
|
-
...
|
|
292
|
+
) -> "Block": ...
|
|
294
293
|
|
|
295
294
|
# pylint: disable=unused-argument, no-self-use, function-redefined
|
|
296
295
|
@overload
|
|
@@ -312,8 +311,7 @@ class AngrObjectFactory:
|
|
|
312
311
|
strict_block_end=None,
|
|
313
312
|
collect_data_refs=False,
|
|
314
313
|
cross_insn_opt=True,
|
|
315
|
-
) -> "SootBlock":
|
|
316
|
-
...
|
|
314
|
+
) -> "SootBlock": ...
|
|
317
315
|
|
|
318
316
|
def block(
|
|
319
317
|
self,
|
|
@@ -846,16 +846,14 @@ class LiveDefinitions:
|
|
|
846
846
|
@overload
|
|
847
847
|
def get_concrete_value(
|
|
848
848
|
self, spec: Union[Atom, Definition[Atom], Iterable[Atom], Iterable[Definition[Atom]]], cast_to: Type[int] = ...
|
|
849
|
-
) -> Optional[int]:
|
|
850
|
-
...
|
|
849
|
+
) -> Optional[int]: ...
|
|
851
850
|
|
|
852
851
|
@overload
|
|
853
852
|
def get_concrete_value(
|
|
854
853
|
self,
|
|
855
854
|
spec: Union[Atom, Definition[Atom], Iterable[Atom], Iterable[Definition[Atom]]],
|
|
856
855
|
cast_to: Type[bytes] = ...,
|
|
857
|
-
) -> Optional[bytes]:
|
|
858
|
-
...
|
|
856
|
+
) -> Optional[bytes]: ...
|
|
859
857
|
|
|
860
858
|
def get_concrete_value(
|
|
861
859
|
self,
|
|
@@ -949,8 +947,7 @@ class LiveDefinitions:
|
|
|
949
947
|
pointer: Union[MultiValues, Atom, Definition, Iterable[Atom], Iterable[Definition]],
|
|
950
948
|
size: Union[int, DerefSize],
|
|
951
949
|
endness: archinfo.Endness = ...,
|
|
952
|
-
) -> Set[MemoryLocation]:
|
|
953
|
-
...
|
|
950
|
+
) -> Set[MemoryLocation]: ...
|
|
954
951
|
|
|
955
952
|
@overload
|
|
956
953
|
def deref(
|
|
@@ -958,8 +955,7 @@ class LiveDefinitions:
|
|
|
958
955
|
pointer: Union[int, claripy.ast.BV, HeapAddress, SpOffset],
|
|
959
956
|
size: Union[int, DerefSize],
|
|
960
957
|
endness: archinfo.Endness = ...,
|
|
961
|
-
) -> Optional[MemoryLocation]:
|
|
962
|
-
...
|
|
958
|
+
) -> Optional[MemoryLocation]: ...
|
|
963
959
|
|
|
964
960
|
def deref(self, pointer, size, endness=archinfo.Endness.BE):
|
|
965
961
|
if isinstance(pointer, (Atom, Definition)):
|
|
@@ -139,14 +139,14 @@ class ReachingDefinitionsModel:
|
|
|
139
139
|
return self.observed_results.get(key, None)
|
|
140
140
|
|
|
141
141
|
@overload
|
|
142
|
-
def get_observation_by_stmt(
|
|
143
|
-
|
|
142
|
+
def get_observation_by_stmt(
|
|
143
|
+
self, codeloc: "CodeLocation", kind: ObservationPointType
|
|
144
|
+
) -> Optional[LiveDefinitions]: ...
|
|
144
145
|
|
|
145
146
|
@overload
|
|
146
147
|
def get_observation_by_stmt(
|
|
147
148
|
self, node_addr: int, stmt_idx: int, kind: ObservationPointType, *, block_idx: Optional[int] = None
|
|
148
|
-
):
|
|
149
|
-
...
|
|
149
|
+
): ...
|
|
150
150
|
|
|
151
151
|
def get_observation_by_stmt(self, arg1, arg2, arg3=None, *, block_idx=None):
|
|
152
152
|
if isinstance(arg1, int):
|
|
@@ -83,9 +83,9 @@ class VariableManagerInternal(Serializable):
|
|
|
83
83
|
|
|
84
84
|
self._variable_accesses: Dict[SimVariable, Set[VariableAccess]] = defaultdict(set)
|
|
85
85
|
self._insn_to_variable: Dict[int, Set[Tuple[SimVariable, int]]] = defaultdict(set)
|
|
86
|
-
self._stmt_to_variable: Dict[
|
|
87
|
-
|
|
88
|
-
|
|
86
|
+
self._stmt_to_variable: Dict[Union[Tuple[int, int], Tuple[int, int, int]], Set[Tuple[SimVariable, int]]] = (
|
|
87
|
+
defaultdict(set)
|
|
88
|
+
)
|
|
89
89
|
self._variable_to_stmt: Dict[SimVariable, Set[Union[Tuple[int, int], Tuple[int, int, int]]]] = defaultdict(set)
|
|
90
90
|
self._atom_to_variable: Dict[
|
|
91
91
|
Union[Tuple[int, int], Tuple[int, int, int]], Dict[int, Set[Tuple[SimVariable, int]]]
|
angr/lib/angr_native.dll
CHANGED
|
Binary file
|
angr/sim_procedure.py
CHANGED
|
@@ -200,9 +200,9 @@ class SimProcedure:
|
|
|
200
200
|
if self.arch.name in DEFAULT_CC:
|
|
201
201
|
self.cc = default_cc(
|
|
202
202
|
self.arch.name,
|
|
203
|
-
platform=
|
|
204
|
-
|
|
205
|
-
|
|
203
|
+
platform=(
|
|
204
|
+
self.project.simos.name if self.project is not None and self.project.simos is not None else None
|
|
205
|
+
),
|
|
206
206
|
)(self.arch)
|
|
207
207
|
else:
|
|
208
208
|
raise SimProcedureError(
|
angr/sim_type.py
CHANGED
|
@@ -2861,11 +2861,15 @@ def _decl_to_type(decl, extra_types=None, bitsize=None, arch=None) -> SimType:
|
|
|
2861
2861
|
()
|
|
2862
2862
|
if decl.args is None
|
|
2863
2863
|
else [
|
|
2864
|
-
|
|
2865
|
-
|
|
2866
|
-
|
|
2867
|
-
|
|
2868
|
-
|
|
2864
|
+
(
|
|
2865
|
+
...
|
|
2866
|
+
if type(x) is pycparser.c_ast.EllipsisParam
|
|
2867
|
+
else (
|
|
2868
|
+
SimTypeBottom().with_arch(arch)
|
|
2869
|
+
if type(x) is pycparser.c_ast.ID
|
|
2870
|
+
else _decl_to_type(x.type, extra_types, arch=arch)
|
|
2871
|
+
)
|
|
2872
|
+
)
|
|
2869
2873
|
for x in decl.args.params
|
|
2870
2874
|
]
|
|
2871
2875
|
)
|