angr 9.2.87__py3-none-manylinux2014_x86_64.whl → 9.2.89__py3-none-manylinux2014_x86_64.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of angr might be problematic. Click here for more details.

Files changed (248) hide show
  1. angr/__init__.py +4 -1
  2. angr/analyses/decompiler/clinic.py +16 -0
  3. angr/analyses/decompiler/decompiler.py +3 -0
  4. angr/analyses/decompiler/optimization_passes/__init__.py +5 -0
  5. angr/analyses/decompiler/optimization_passes/cross_jump_reverter.py +108 -0
  6. angr/analyses/decompiler/optimization_passes/optimization_pass.py +17 -4
  7. angr/analyses/decompiler/optimization_passes/return_duplicator.py +4 -32
  8. angr/analyses/decompiler/structured_codegen/c.py +12 -2
  9. angr/analyses/decompiler/utils.py +13 -0
  10. angr/analyses/typehoon/dfa.py +108 -0
  11. angr/analyses/typehoon/lifter.py +34 -2
  12. angr/analyses/typehoon/simple_solver.py +1043 -503
  13. angr/analyses/typehoon/translator.py +13 -4
  14. angr/analyses/typehoon/typeconsts.py +117 -36
  15. angr/analyses/typehoon/typehoon.py +31 -11
  16. angr/analyses/typehoon/typevars.py +88 -21
  17. angr/analyses/typehoon/variance.py +10 -0
  18. angr/analyses/variable_recovery/engine_ail.py +28 -9
  19. angr/analyses/variable_recovery/engine_base.py +50 -43
  20. angr/analyses/variable_recovery/variable_recovery_base.py +16 -3
  21. angr/analyses/variable_recovery/variable_recovery_fast.py +14 -5
  22. angr/exploration_techniques/tracer.py +2 -0
  23. angr/misc/autoimport.py +26 -0
  24. angr/procedures/definitions/__init__.py +32 -3
  25. angr/utils/constants.py +1 -0
  26. angr/utils/graph.py +20 -1
  27. {angr-9.2.87.dist-info → angr-9.2.89.dist-info}/METADATA +7 -6
  28. {angr-9.2.87.dist-info → angr-9.2.89.dist-info}/RECORD +32 -244
  29. angr-9.2.89.dist-info/top_level.txt +1 -0
  30. angr/procedures/definitions/ntdll.py +0 -12
  31. angr-9.2.87.dist-info/top_level.txt +0 -2
  32. tests/__init__.py +0 -0
  33. tests/analyses/__init__.py +0 -0
  34. tests/analyses/cfg/__init__.py +0 -0
  35. tests/analyses/cfg/test_cfg_clflush.py +0 -43
  36. tests/analyses/cfg/test_cfg_get_any_node.py +0 -34
  37. tests/analyses/cfg/test_cfg_manager.py +0 -32
  38. tests/analyses/cfg/test_cfg_model.py +0 -55
  39. tests/analyses/cfg/test_cfg_patching.py +0 -378
  40. tests/analyses/cfg/test_cfg_rust_got_resolution.py +0 -36
  41. tests/analyses/cfg/test_cfg_thumb_firmware.py +0 -50
  42. tests/analyses/cfg/test_cfg_vex_postprocessor.py +0 -27
  43. tests/analyses/cfg/test_cfgemulated.py +0 -634
  44. tests/analyses/cfg/test_cfgfast.py +0 -1123
  45. tests/analyses/cfg/test_cfgfast_soot.py +0 -38
  46. tests/analyses/cfg/test_const_resolver.py +0 -38
  47. tests/analyses/cfg/test_iat_resolver.py +0 -37
  48. tests/analyses/cfg/test_jumptables.py +0 -3008
  49. tests/analyses/cfg/test_noop_blocks.py +0 -54
  50. tests/analyses/cfg_slice_to_sink/__init__.py +0 -0
  51. tests/analyses/cfg_slice_to_sink/test_cfg_slice_to_sink.py +0 -93
  52. tests/analyses/cfg_slice_to_sink/test_graph.py +0 -114
  53. tests/analyses/cfg_slice_to_sink/test_transitions.py +0 -28
  54. tests/analyses/decompiler/__init__.py +0 -0
  55. tests/analyses/decompiler/test_baseptr_save_simplifier.py +0 -80
  56. tests/analyses/decompiler/test_decompiler.py +0 -3336
  57. tests/analyses/decompiler/test_peephole_optimizations.py +0 -48
  58. tests/analyses/decompiler/test_propagator_loops.py +0 -101
  59. tests/analyses/decompiler/test_structurer.py +0 -275
  60. tests/analyses/reaching_definitions/__init__.py +0 -0
  61. tests/analyses/reaching_definitions/test_dep_graph.py +0 -432
  62. tests/analyses/reaching_definitions/test_function_handler.py +0 -131
  63. tests/analyses/reaching_definitions/test_heap_allocator.py +0 -46
  64. tests/analyses/reaching_definitions/test_rd_state.py +0 -78
  65. tests/analyses/reaching_definitions/test_reachingdefinitions.py +0 -463
  66. tests/analyses/reaching_definitions/test_subject.py +0 -76
  67. tests/analyses/test_bindiff.py +0 -52
  68. tests/analyses/test_block_simplifier.py +0 -112
  69. tests/analyses/test_boyscout.py +0 -104
  70. tests/analyses/test_calling_convention_analysis.py +0 -352
  71. tests/analyses/test_callsite_maker.py +0 -60
  72. tests/analyses/test_cdg.py +0 -165
  73. tests/analyses/test_cfb.py +0 -37
  74. tests/analyses/test_class_identifier.py +0 -46
  75. tests/analyses/test_clinic.py +0 -30
  76. tests/analyses/test_codetagging.py +0 -32
  77. tests/analyses/test_constantpropagation.py +0 -88
  78. tests/analyses/test_ddg.py +0 -95
  79. tests/analyses/test_ddg_global_var_dependencies.py +0 -83
  80. tests/analyses/test_ddg_memvar_addresses.py +0 -40
  81. tests/analyses/test_disassembly.py +0 -121
  82. tests/analyses/test_find_objects_static.py +0 -35
  83. tests/analyses/test_flirt.py +0 -49
  84. tests/analyses/test_identifier.py +0 -33
  85. tests/analyses/test_init_finder.py +0 -38
  86. tests/analyses/test_proximitygraph.py +0 -31
  87. tests/analyses/test_reassembler.py +0 -295
  88. tests/analyses/test_regionidentifier.py +0 -27
  89. tests/analyses/test_slicing.py +0 -164
  90. tests/analyses/test_stack_pointer_tracker.py +0 -74
  91. tests/analyses/test_static_hooker.py +0 -28
  92. tests/analyses/test_typehoon.py +0 -55
  93. tests/analyses/test_variablerecovery.py +0 -464
  94. tests/analyses/test_vfg.py +0 -221
  95. tests/analyses/test_vtable.py +0 -31
  96. tests/analyses/test_xrefs.py +0 -77
  97. tests/common.py +0 -128
  98. tests/engines/__init__.py +0 -0
  99. tests/engines/light/__init__.py +0 -0
  100. tests/engines/light/test_data.py +0 -17
  101. tests/engines/pcode/__init__.py +0 -0
  102. tests/engines/pcode/test_emulate.py +0 -607
  103. tests/engines/pcode/test_pcode.py +0 -84
  104. tests/engines/test_actions.py +0 -27
  105. tests/engines/test_hook.py +0 -112
  106. tests/engines/test_java.py +0 -697
  107. tests/engines/test_unicorn.py +0 -518
  108. tests/engines/vex/__init__.py +0 -0
  109. tests/engines/vex/test_lifter.py +0 -124
  110. tests/engines/vex/test_vex.py +0 -574
  111. tests/exploration_techniques/__init__.py +0 -0
  112. tests/exploration_techniques/test_cacher.py +0 -45
  113. tests/exploration_techniques/test_director.py +0 -67
  114. tests/exploration_techniques/test_driller_core.py +0 -48
  115. tests/exploration_techniques/test_loop_seer.py +0 -158
  116. tests/exploration_techniques/test_memory_watcher.py +0 -46
  117. tests/exploration_techniques/test_oppologist.py +0 -65
  118. tests/exploration_techniques/test_spiller.py +0 -82
  119. tests/exploration_techniques/test_stochastic.py +0 -40
  120. tests/exploration_techniques/test_tech_builder.py +0 -61
  121. tests/exploration_techniques/test_tracer.py +0 -856
  122. tests/exploration_techniques/test_unique.py +0 -40
  123. tests/exploration_techniques/test_veritesting.py +0 -120
  124. tests/factory/__init__.py +0 -0
  125. tests/factory/block/__init__.py +0 -0
  126. tests/factory/block/test_block_cache.py +0 -33
  127. tests/factory/block/test_keystone.py +0 -106
  128. tests/factory/test_argc.py +0 -101
  129. tests/factory/test_argc_sym.py +0 -110
  130. tests/factory/test_argv.py +0 -158
  131. tests/factory/test_callable.py +0 -266
  132. tests/factory/test_windows_args.py +0 -36
  133. tests/knowledge_plugins/__init__.py +0 -0
  134. tests/knowledge_plugins/cfg/__init__.py +0 -0
  135. tests/knowledge_plugins/cfg/test_cfg_manager.py +0 -36
  136. tests/knowledge_plugins/functions/__init__.py +0 -0
  137. tests/knowledge_plugins/functions/test_function.py +0 -91
  138. tests/knowledge_plugins/functions/test_function2.py +0 -79
  139. tests/knowledge_plugins/functions/test_function_manager.py +0 -139
  140. tests/knowledge_plugins/functions/test_prototypes.py +0 -53
  141. tests/knowledge_plugins/key_definitions/__init__.py +0 -0
  142. tests/knowledge_plugins/key_definitions/test_atoms.py +0 -24
  143. tests/knowledge_plugins/key_definitions/test_environment.py +0 -126
  144. tests/knowledge_plugins/key_definitions/test_heap_address.py +0 -27
  145. tests/knowledge_plugins/key_definitions/test_live_definitions.py +0 -72
  146. tests/knowledge_plugins/test_dwarf_variables.py +0 -240
  147. tests/knowledge_plugins/test_kb_plugins.py +0 -91
  148. tests/knowledge_plugins/test_kb_plugins_dwarf.py +0 -36
  149. tests/knowledge_plugins/test_patches.py +0 -48
  150. tests/misc/__init__.py +0 -0
  151. tests/misc/test_hookset.py +0 -57
  152. tests/perf/__init__.py +0 -0
  153. tests/perf/perf_cfgemulated.py +0 -19
  154. tests/perf/perf_cfgfast.py +0 -18
  155. tests/perf/perf_concrete_execution.py +0 -41
  156. tests/perf/perf_siminspect_nop.py +0 -36
  157. tests/perf/perf_state_copy.py +0 -33
  158. tests/perf/perf_unicorn_0.py +0 -27
  159. tests/perf/perf_unicorn_1.py +0 -23
  160. tests/procedures/__init__.py +0 -0
  161. tests/procedures/glibc/__init__.py +0 -0
  162. tests/procedures/glibc/test_ctype_locale.py +0 -164
  163. tests/procedures/libc/__init__.py +0 -0
  164. tests/procedures/libc/test_fgets.py +0 -53
  165. tests/procedures/libc/test_scanf.py +0 -205
  166. tests/procedures/libc/test_sprintf.py +0 -44
  167. tests/procedures/libc/test_sscanf.py +0 -63
  168. tests/procedures/libc/test_strcasecmp.py +0 -37
  169. tests/procedures/libc/test_string.py +0 -1102
  170. tests/procedures/libc/test_strtol.py +0 -78
  171. tests/procedures/linux_kernel/__init__.py +0 -0
  172. tests/procedures/linux_kernel/test_lseek.py +0 -174
  173. tests/procedures/posix/__init__.py +0 -0
  174. tests/procedures/posix/test_chroot.py +0 -33
  175. tests/procedures/posix/test_getenv.py +0 -78
  176. tests/procedures/posix/test_pwrite_pread.py +0 -57
  177. tests/procedures/posix/test_sim_time.py +0 -46
  178. tests/procedures/posix/test_unlink.py +0 -46
  179. tests/procedures/test_project_resolve_simproc.py +0 -43
  180. tests/procedures/test_sim_procedure.py +0 -117
  181. tests/procedures/test_stub_procedure_args.py +0 -53
  182. tests/serialization/__init__.py +0 -0
  183. tests/serialization/test_db.py +0 -197
  184. tests/serialization/test_pickle.py +0 -95
  185. tests/serialization/test_serialization.py +0 -132
  186. tests/serialization/test_vault.py +0 -169
  187. tests/sim/__init__.py +0 -3
  188. tests/sim/exec_func/__init__.py +0 -0
  189. tests/sim/exec_func/test_mem_funcs.py +0 -55
  190. tests/sim/exec_func/test_str_funcs.py +0 -93
  191. tests/sim/exec_func/test_syscall_result.py +0 -39
  192. tests/sim/exec_insn/__init__.py +0 -0
  193. tests/sim/exec_insn/test_adc.py +0 -44
  194. tests/sim/exec_insn/test_ops.py +0 -83
  195. tests/sim/exec_insn/test_rcr.py +0 -26
  196. tests/sim/exec_insn/test_rol.py +0 -51
  197. tests/sim/exec_insn/test_signed_div.py +0 -34
  198. tests/sim/exec_insn/test_sqrt.py +0 -56
  199. tests/sim/options/__init__.py +0 -0
  200. tests/sim/options/test_0div.py +0 -54
  201. tests/sim/options/test_symbolic_fd.py +0 -59
  202. tests/sim/options/test_unsupported.py +0 -34
  203. tests/sim/test_accuracy.py +0 -137
  204. tests/sim/test_checkbyte.py +0 -53
  205. tests/sim/test_echo.py +0 -36
  206. tests/sim/test_fauxware.py +0 -202
  207. tests/sim/test_self_modifying_code.py +0 -65
  208. tests/sim/test_simple_api.py +0 -36
  209. tests/sim/test_simulation_manager.py +0 -147
  210. tests/sim/test_stack_alignment.py +0 -65
  211. tests/sim/test_state.py +0 -303
  212. tests/sim/test_state_customization.py +0 -54
  213. tests/sim/test_symbol_hooked_by.py +0 -49
  214. tests/simos/__init__.py +0 -0
  215. tests/simos/windows/__init__.py +0 -0
  216. tests/simos/windows/test_windows_stack_cookie.py +0 -58
  217. tests/state_plugins/__init__.py +0 -0
  218. tests/state_plugins/inspect/__init__.py +0 -0
  219. tests/state_plugins/inspect/test_inspect.py +0 -310
  220. tests/state_plugins/inspect/test_syscall_override.py +0 -90
  221. tests/state_plugins/posix/__init__.py +0 -0
  222. tests/state_plugins/posix/test_file_struct_funcs.py +0 -56
  223. tests/state_plugins/posix/test_files.py +0 -69
  224. tests/state_plugins/posix/test_posix.py +0 -72
  225. tests/state_plugins/solver/__init__.py +0 -0
  226. tests/state_plugins/solver/test_simsolver.py +0 -58
  227. tests/state_plugins/solver/test_symbolic.py +0 -153
  228. tests/state_plugins/solver/test_variable_registration.py +0 -46
  229. tests/state_plugins/test_callstack.py +0 -54
  230. tests/state_plugins/test_gdb_plugin.py +0 -35
  231. tests/state_plugins/test_multi_open_file.py +0 -47
  232. tests/state_plugins/test_symbolization.py +0 -38
  233. tests/storage/__init__.py +0 -0
  234. tests/storage/test_memory.py +0 -960
  235. tests/storage/test_memory_merge.py +0 -114
  236. tests/storage/test_memview.py +0 -205
  237. tests/storage/test_mmap.py +0 -26
  238. tests/storage/test_multivalues.py +0 -44
  239. tests/storage/test_permissions.py +0 -32
  240. tests/storage/test_ptmalloc.py +0 -291
  241. tests/storage/test_relro_perm.py +0 -49
  242. tests/test_calling_conventions.py +0 -86
  243. tests/test_types.py +0 -329
  244. tests/utils/__init__.py +0 -0
  245. tests/utils/test_graph.py +0 -41
  246. {angr-9.2.87.dist-info → angr-9.2.89.dist-info}/LICENSE +0 -0
  247. {angr-9.2.87.dist-info → angr-9.2.89.dist-info}/WHEEL +0 -0
  248. {angr-9.2.87.dist-info → angr-9.2.89.dist-info}/entry_points.txt +0 -0
tests/analyses/cfg/test_jumptables.py DELETED
@@ -1,3008 +0,0 @@
1
- #!/usr/bin/env python3
2
- __package__ = __package__ or "tests.analyses.cfg" # pylint:disable=redefined-builtin
3
-
4
- from typing import Set, Sequence, Optional, Mapping, Any, TYPE_CHECKING
5
- import logging
6
- import unittest
7
- import os
8
-
9
- import pyvex
10
-
11
- import angr
12
- from angr.knowledge_plugins.cfg import IndirectJumpType
13
- from angr.analyses.cfg import CFGFast
14
- from angr.analyses.cfg.indirect_jump_resolvers import JumpTableResolver
15
-
16
- if TYPE_CHECKING:
17
- from angr.knowledge_plugins.cfg import IndirectJump
18
-
19
- from ...common import bin_location, compile_c, has_32_bit_compiler_support, skip_if_not_linux, slow_test
20
-
21
-
22
- test_location = os.path.join(bin_location, "tests")
23
- l = logging.getLogger("angr.tests.test_jumptables")
24
-
25
-
26
- def compile_c_to_angr_project(
27
- c_code: str, cflags: Optional[Sequence[str]] = None, project_kwargs: Optional[Mapping[str, Any]] = None
28
- ):
29
- # pylint:disable=consider-using-with
30
- """
31
- Compile `c_code` and return an angr project with the resulting binary.
32
- """
33
- if cflags and "-m32" in cflags and not has_32_bit_compiler_support():
34
- raise unittest.SkipTest("No 32-bit compiler support detected")
35
- dst = compile_c(c_code, cflags)
36
- try:
37
- return angr.Project(dst.name, **(project_kwargs or {}))
38
- finally:
39
- os.remove(dst.name)
40
-
41
-
42
- class J:
43
- """
44
- Simple jumptable wrapper for comparison.
45
- """
46
-
47
- def __init__(self, baddr, taddr, ents):
48
- self.block_addr = baddr
49
- self.table_addr = taddr
50
- self.entries = ents
51
-
52
- def __hash__(self):
53
- return hash((self.block_addr, self.table_addr, len(self.entries)))
54
-
55
-
56
- # pylint:disable=line-too-long,no-self-use
57
- class TestJumpTableResolver(unittest.TestCase):
58
- """
59
- Test cases for JumpTableResolver
60
- """
61
-
62
- @staticmethod
63
- def _compare(jump_tables, groundtruth):
64
- for j in groundtruth:
65
- assert j.block_addr in jump_tables, "Jump table @ block %#x is not found in CFG." % j.block_addr
66
- jumptable_addr = jump_tables[j.block_addr].jumptable_addr
67
- assert j.table_addr == jumptable_addr, "Mismatch jump table addresses (expecting {}, got {}).".format(
68
- ("%#x" % j.table_addr) if j.table_addr is not None else "None",
69
- ("%#x" % jumptable_addr) if jumptable_addr is not None else "None",
70
- )
71
- expected = set(j.entries)
72
- recovered = set(jump_tables[j.block_addr].jumptable_entries)
73
-
74
- if expected != recovered:
75
- missing = expected - recovered
76
- l.error(
77
- "Expected table %#x referenced from %#x to have %d entries, it has %d:",
78
- j.table_addr,
79
- j.block_addr,
80
- len(expected),
81
- len(recovered),
82
- )
83
- if len(missing):
84
- l.error("- Missing (%d): %s", len(missing), ", ".join([hex(a) for a in missing]))
85
- extra = recovered - expected
86
- if extra:
87
- l.error("- Extra (%d): %s", len(extra), ", ".join([hex(a) for a in extra]))
88
-
89
- assert j.entries == jump_tables[j.block_addr].jumptable_entries
90
-
91
- def test_amd64_dir_gcc_O0(self):
92
- p = angr.Project(os.path.join(test_location, "x86_64", "dir_gcc_-O0"), auto_load_libs=False)
93
- cfg = p.analyses.CFGFast()
94
-
95
- all_jumptables = {
96
- J(
97
- 0x40404C,
98
- 0x41B0A0,
99
- [
100
- 0x404741,
101
- 0x404737,
102
- 0x4047AD,
103
- 0x4047AD,
104
- 0x4047AD,
105
- 0x4047AD,
106
- 0x4047AD,
107
- 0x4047AD,
108
- 0x4047AD,
109
- 0x4047AD,
110
- 0x4047AD,
111
- 0x4047AD,
112
- 0x4047AD,
113
- 0x4047AD,
114
- 0x4047AD,
115
- 0x4047AD,
116
- 0x4047AD,
117
- 0x4047AD,
118
- 0x4047AD,
119
- 0x4047AD,
120
- 0x4047AD,
121
- 0x4047AD,
122
- 0x4047AD,
123
- 0x4047AD,
124
- 0x4047AD,
125
- 0x4047AD,
126
- 0x4047AD,
127
- 0x4047AD,
128
- 0x4047AD,
129
- 0x4047AD,
130
- 0x4047AD,
131
- 0x4047AD,
132
- 0x4047AD,
133
- 0x4047AD,
134
- 0x4047AD,
135
- 0x4047AD,
136
- 0x4047AD,
137
- 0x4047AD,
138
- 0x4047AD,
139
- 0x4047AD,
140
- 0x4047AD,
141
- 0x4047AD,
142
- 0x4047AD,
143
- 0x4047AD,
144
- 0x4047AD,
145
- 0x4047AD,
146
- 0x4047AD,
147
- 0x4047AD,
148
- 0x4047AD,
149
- 0x4047AD,
150
- 0x4047AD,
151
- 0x4047AD,
152
- 0x4047AD,
153
- 0x4047AD,
154
- 0x4047AD,
155
- 0x4047AD,
156
- 0x4047AD,
157
- 0x4047AD,
158
- 0x4047AD,
159
- 0x4047AD,
160
- 0x4047AD,
161
- 0x4047AD,
162
- 0x4047AD,
163
- 0x4047AD,
164
- 0x4047AD,
165
- 0x4047AD,
166
- 0x4047AD,
167
- 0x4047AD,
168
- 0x4047AD,
169
- 0x4047AD,
170
- 0x4047AD,
171
- 0x4047AD,
172
- 0x4047AD,
173
- 0x4047AD,
174
- 0x4047AD,
175
- 0x4047AD,
176
- 0x4047AD,
177
- 0x4047AD,
178
- 0x4047AD,
179
- 0x4047AD,
180
- 0x4047AD,
181
- 0x4047AD,
182
- 0x4047AD,
183
- 0x4047AD,
184
- 0x4047AD,
185
- 0x4047AD,
186
- 0x4047AD,
187
- 0x4047AD,
188
- 0x4047AD,
189
- 0x4047AD,
190
- 0x4047AD,
191
- 0x4047AD,
192
- 0x4047AD,
193
- 0x4047AD,
194
- 0x4047AD,
195
- 0x4047AD,
196
- 0x4047AD,
197
- 0x4047AD,
198
- 0x4047AD,
199
- 0x4047AD,
200
- 0x4047AD,
201
- 0x4047AD,
202
- 0x4047AD,
203
- 0x4047AD,
204
- 0x4047AD,
205
- 0x4047AD,
206
- 0x4047AD,
207
- 0x4047AD,
208
- 0x4047AD,
209
- 0x4047AD,
210
- 0x4047AD,
211
- 0x4047AD,
212
- 0x4047AD,
213
- 0x4047AD,
214
- 0x4047AD,
215
- 0x4047AD,
216
- 0x4047AD,
217
- 0x4047AD,
218
- 0x4047AD,
219
- 0x4047AD,
220
- 0x4047AD,
221
- 0x4047AD,
222
- 0x4047AD,
223
- 0x4047AD,
224
- 0x4047AD,
225
- 0x4047AD,
226
- 0x4047AD,
227
- 0x4047AD,
228
- 0x4047AD,
229
- 0x4047AD,
230
- 0x4047AD,
231
- 0x4047AD,
232
- 0x4047AD,
233
- 0x4047AD,
234
- 0x4047AD,
235
- 0x4047AD,
236
- 0x4047AD,
237
- 0x4047AD,
238
- 0x4047AD,
239
- 0x4047AD,
240
- 0x4047AD,
241
- 0x4047AD,
242
- 0x4047AD,
243
- 0x4047AD,
244
- 0x4047AD,
245
- 0x4047AD,
246
- 0x4047AD,
247
- 0x4047AD,
248
- 0x4047AD,
249
- 0x4047AD,
250
- 0x4047AD,
251
- 0x4047AD,
252
- 0x4047AD,
253
- 0x4047AD,
254
- 0x4047AD,
255
- 0x4047AD,
256
- 0x4047AD,
257
- 0x4047AD,
258
- 0x4047AD,
259
- 0x4047AD,
260
- 0x4047AD,
261
- 0x4047AD,
262
- 0x4047AD,
263
- 0x4047AD,
264
- 0x4047AD,
265
- 0x4047AD,
266
- 0x4047AD,
267
- 0x4047AD,
268
- 0x4047AD,
269
- 0x4047AD,
270
- 0x4047AD,
271
- 0x4047AD,
272
- 0x4047AD,
273
- 0x4047AD,
274
- 0x4047AD,
275
- 0x4047AD,
276
- 0x4047AD,
277
- 0x4047AD,
278
- 0x4047AD,
279
- 0x4047AD,
280
- 0x4043EF,
281
- 0x4047AD,
282
- 0x4047AD,
283
- 0x4047AD,
284
- 0x4047AD,
285
- 0x4047AD,
286
- 0x4047AD,
287
- 0x4047AD,
288
- 0x4047AD,
289
- 0x4047AD,
290
- 0x4047AD,
291
- 0x4047AD,
292
- 0x4047AD,
293
- 0x4047AD,
294
- 0x4047AD,
295
- 0x4047AD,
296
- 0x404280,
297
- 0x40429D,
298
- 0x4042B6,
299
- 0x4042C5,
300
- 0x4047AD,
301
- 0x4042D1,
302
- 0x4042E0,
303
- 0x4042EC,
304
- 0x40430A,
305
- 0x4047AD,
306
- 0x4047AD,
307
- 0x40431E,
308
- 0x4047AD,
309
- 0x40432D,
310
- 0x4047AD,
311
- 0x4047AD,
312
- 0x404341,
313
- 0x404355,
314
- 0x404361,
315
- 0x404377,
316
- 0x4043C3,
317
- 0x4047AD,
318
- 0x4047AD,
319
- 0x4043D9,
320
- 0x4047AD,
321
- 0x40472B,
322
- 0x4047AD,
323
- 0x4047AD,
324
- 0x4047AD,
325
- 0x4047AD,
326
- 0x4047AD,
327
- 0x4047AD,
328
- 0x404058,
329
- 0x404067,
330
- 0x40407B,
331
- 0x40408A,
332
- 0x4047AD,
333
- 0x404096,
334
- 0x4040FD,
335
- 0x404113,
336
- 0x404147,
337
- 0x4047AD,
338
- 0x404153,
339
- 0x40415F,
340
- 0x40416E,
341
- 0x40417D,
342
- 0x404193,
343
- 0x4041A9,
344
- 0x4041B8,
345
- 0x4041C4,
346
- 0x4041D0,
347
- 0x4041DC,
348
- 0x4041F2,
349
- 0x404201,
350
- 0x404217,
351
- 0x404271,
352
- 0x4047AD,
353
- 0x4047AD,
354
- 0x4047AD,
355
- 0x4047AD,
356
- 0x4047AD,
357
- 0x4047AD,
358
- 0x4047AD,
359
- 0x40440C,
360
- 0x40468C,
361
- 0x404543,
362
- 0x4042FB,
363
- 0x4040EE,
364
- 0x4044E6,
365
- 0x404526,
366
- 0x40449A,
367
- 0x404418,
368
- 0x4045EA,
369
- 0x40462A,
370
- 0x404680,
371
- 0x4046F7,
372
- 0x404453,
373
- 0x4044A6,
374
- 0x404670,
375
- ],
376
- ),
377
- J(0x404D53, 0x41B938, [0x404D60, 0x404DE7, 0x404EA3, 0x404F00, 0x404FA5]),
378
- J(
379
- 0x404DF6,
380
- 0x41B960,
381
- [
382
- 0x404E61,
383
- 0x404E6A,
384
- 0x404E6A,
385
- 0x404E6A,
386
- 0x404E6A,
387
- 0x404E6A,
388
- 0x404E6A,
389
- 0x404E6A,
390
- 0x404E6A,
391
- 0x404E6A,
392
- 0x404E6A,
393
- 0x404E6A,
394
- 0x404E6A,
395
- 0x404E6A,
396
- 0x404E6A,
397
- 0x404E6A,
398
- 0x404E6A,
399
- 0x404E6A,
400
- 0x404E6A,
401
- 0x404E6A,
402
- 0x404E6A,
403
- 0x404E6A,
404
- 0x404E6A,
405
- 0x404E6A,
406
- 0x404E6A,
407
- 0x404E6A,
408
- 0x404E6A,
409
- 0x404E6A,
410
- 0x404E6A,
411
- 0x404E6A,
412
- 0x404E6A,
413
- 0x404E6A,
414
- 0x404E6A,
415
- 0x404E6A,
416
- 0x404E6A,
417
- 0x404E6A,
418
- 0x404E6A,
419
- 0x404E6A,
420
- 0x404E6A,
421
- 0x404E6A,
422
- 0x404E6A,
423
- 0x404E6A,
424
- 0x404E6A,
425
- 0x404E6A,
426
- 0x404E6A,
427
- 0x404E6A,
428
- 0x404E6A,
429
- 0x404E6A,
430
- 0x404E02,
431
- 0x404E02,
432
- 0x404E02,
433
- 0x404E02,
434
- 0x404E02,
435
- 0x404E02,
436
- 0x404E02,
437
- 0x404E02,
438
- 0x404E6A,
439
- 0x404E6A,
440
- 0x404E6A,
441
- 0x404E6A,
442
- 0x404E6A,
443
- 0x404E6A,
444
- 0x404E6A,
445
- 0x404E55,
446
- 0x404E6A,
447
- 0x404E6A,
448
- 0x404E6A,
449
- 0x404E6A,
450
- 0x404E6A,
451
- 0x404E6A,
452
- 0x404E6A,
453
- 0x404E6A,
454
- 0x404E6A,
455
- 0x404E6A,
456
- 0x404E6A,
457
- 0x404E6A,
458
- 0x404E6A,
459
- 0x404E6A,
460
- 0x404E6A,
461
- 0x404E6A,
462
- 0x404E6A,
463
- 0x404E6A,
464
- 0x404E6A,
465
- 0x404E6A,
466
- 0x404E6A,
467
- 0x404E6A,
468
- 0x404E6A,
469
- 0x404E6A,
470
- 0x404E18,
471
- 0x404E6A,
472
- 0x404E6A,
473
- 0x404E6A,
474
- 0x404E6A,
475
- 0x404E6A,
476
- 0x404E6A,
477
- 0x404E5B,
478
- 0x404E6A,
479
- 0x404E25,
480
- 0x404E2B,
481
- 0x404E6A,
482
- 0x404E6A,
483
- 0x404E31,
484
- 0x404E37,
485
- 0x404E6A,
486
- 0x404E6A,
487
- 0x404E6A,
488
- 0x404E6A,
489
- 0x404E6A,
490
- 0x404E6A,
491
- 0x404E6A,
492
- 0x404E3D,
493
- 0x404E6A,
494
- 0x404E6A,
495
- 0x404E6A,
496
- 0x404E43,
497
- 0x404E6A,
498
- 0x404E49,
499
- 0x404E6A,
500
- 0x404E4F,
501
- 0x404E6A,
502
- 0x404E18,
503
- ],
504
- ),
505
- J(
506
- 0x404F12,
507
- 0x41BD28,
508
- [
509
- 0x404F1E,
510
- 0x404F1E,
511
- 0x404F1E,
512
- 0x404F1E,
513
- 0x404F1E,
514
- 0x404F1E,
515
- 0x404F1E,
516
- 0x404F1E,
517
- 0x404F1E,
518
- 0x404F1E,
519
- 0x404F84,
520
- 0x404F84,
521
- 0x404F84,
522
- 0x404F84,
523
- 0x404F84,
524
- 0x404F84,
525
- 0x404F84,
526
- 0x404F62,
527
- 0x404F62,
528
- 0x404F62,
529
- 0x404F62,
530
- 0x404F62,
531
- 0x404F62,
532
- 0x404F84,
533
- 0x404F84,
534
- 0x404F84,
535
- 0x404F84,
536
- 0x404F84,
537
- 0x404F84,
538
- 0x404F84,
539
- 0x404F84,
540
- 0x404F84,
541
- 0x404F84,
542
- 0x404F84,
543
- 0x404F84,
544
- 0x404F84,
545
- 0x404F84,
546
- 0x404F84,
547
- 0x404F84,
548
- 0x404F84,
549
- 0x404F84,
550
- 0x404F84,
551
- 0x404F84,
552
- 0x404F84,
553
- 0x404F84,
554
- 0x404F84,
555
- 0x404F84,
556
- 0x404F84,
557
- 0x404F84,
558
- 0x404F40,
559
- 0x404F40,
560
- 0x404F40,
561
- 0x404F40,
562
- 0x404F40,
563
- 0x404F40,
564
- ],
565
- ),
566
- J(0x4051B0, 0x41BF58, [0x405412, 0x4051BD, 0x40528B, 0x4052C0, 0x4053B5, 0x405412, 0x40541D]),
567
- J(
568
- 0x405B34,
569
- 0x41C088,
570
- [
571
- 0x405B9F,
572
- 0x405B64,
573
- 0x405B4C,
574
- 0x405B9F,
575
- 0x405B58,
576
- 0x405B9F,
577
- 0x405B40,
578
- 0x405B9F,
579
- 0x405B7C,
580
- 0x405B9F,
581
- 0x405B70,
582
- 0x405B9F,
583
- 0x405B88,
584
- 0x405B9F,
585
- 0x405B94,
586
- ],
587
- ),
588
- J(0x408899, 0x41C380, [0x408942, 0x4088A5, 0x4088F2, 0x408917, 0x408936]),
589
- J(
590
- 0x410B5B,
591
- 0x41E410,
592
- [
593
- 0x410CC9,
594
- 0x410C72,
595
- 0x410C85,
596
- 0x410C6E,
597
- 0x410C76,
598
- 0x410B79,
599
- 0x410B6B,
600
- 0x410BBA,
601
- 0x410BC7,
602
- 0x410BC7,
603
- 0x410BC7,
604
- ],
605
- ),
606
- J(
607
- 0x410DA4,
608
- 0x41E468,
609
- [
610
- 0x410DB0,
611
- 0x411195,
612
- 0x411195,
613
- 0x411195,
614
- 0x411195,
615
- 0x411195,
616
- 0x411195,
617
- 0x41103C,
618
- 0x411042,
619
- 0x41105A,
620
- 0x41104E,
621
- 0x411060,
622
- 0x411048,
623
- 0x411054,
624
- 0x411195,
625
- 0x411195,
626
- 0x411195,
627
- 0x411195,
628
- 0x411195,
629
- 0x411195,
630
- 0x411195,
631
- 0x411195,
632
- 0x411195,
633
- 0x411195,
634
- 0x411195,
635
- 0x411195,
636
- 0x411195,
637
- 0x411195,
638
- 0x411195,
639
- 0x411195,
640
- 0x411195,
641
- 0x411195,
642
- 0x411102,
643
- 0x411102,
644
- 0x411102,
645
- 0x4110F7,
646
- 0x411102,
647
- 0x41155C,
648
- 0x411102,
649
- 0x41111E,
650
- 0x411102,
651
- 0x411102,
652
- 0x411102,
653
- 0x41155C,
654
- 0x41155C,
655
- 0x41155C,
656
- 0x41155C,
657
- 0x41155C,
658
- 0x41155C,
659
- 0x41155C,
660
- 0x41155C,
661
- 0x41155C,
662
- 0x41155C,
663
- 0x41155C,
664
- 0x41155C,
665
- 0x41155C,
666
- 0x41155C,
667
- 0x41155C,
668
- 0x41155C,
669
- 0x411102,
670
- 0x411102,
671
- 0x411102,
672
- 0x411102,
673
- 0x410EF9,
674
- 0x411195,
675
- 0x41155C,
676
- 0x41155C,
677
- 0x41155C,
678
- 0x41155C,
679
- 0x41155C,
680
- 0x41155C,
681
- 0x41155C,
682
- 0x41155C,
683
- 0x41155C,
684
- 0x41155C,
685
- 0x41155C,
686
- 0x41155C,
687
- 0x41155C,
688
- 0x41155C,
689
- 0x41155C,
690
- 0x41155C,
691
- 0x41155C,
692
- 0x41155C,
693
- 0x41155C,
694
- 0x41155C,
695
- 0x41155C,
696
- 0x41155C,
697
- 0x41155C,
698
- 0x41155C,
699
- 0x41155C,
700
- 0x41155C,
701
- 0x411102,
702
- 0x411066,
703
- 0x41155C,
704
- 0x411102,
705
- 0x41155C,
706
- 0x411102,
707
- 0x41155C,
708
- 0x41155C,
709
- 0x41155C,
710
- 0x41155C,
711
- 0x41155C,
712
- 0x41155C,
713
- 0x41155C,
714
- 0x41155C,
715
- 0x41155C,
716
- 0x41155C,
717
- 0x41155C,
718
- 0x41155C,
719
- 0x41155C,
720
- 0x41155C,
721
- 0x41155C,
722
- 0x41155C,
723
- 0x41155C,
724
- 0x41155C,
725
- 0x41155C,
726
- 0x41155C,
727
- 0x41155C,
728
- 0x41155C,
729
- 0x41155C,
730
- 0x41155C,
731
- 0x41155C,
732
- 0x41155C,
733
- 0x4110C5,
734
- 0x411102,
735
- 0x4110C5,
736
- 0x4110F7,
737
- ],
738
- ),
739
- J(
740
- 0x410F84,
741
- 0x41E860,
742
- [
743
- 0x410F90,
744
- 0x41102D,
745
- 0x41102D,
746
- 0x41102D,
747
- 0x41102D,
748
- 0x41102D,
749
- 0x410F90,
750
- 0x410F90,
751
- 0x410F90,
752
- 0x41102D,
753
- 0x41102D,
754
- 0x41102D,
755
- 0x410F90,
756
- 0x41102D,
757
- 0x410F90,
758
- 0x41102D,
759
- 0x41102D,
760
- 0x41102D,
761
- 0x41102D,
762
- 0x41102D,
763
- 0x41102D,
764
- 0x41102D,
765
- 0x41102D,
766
- 0x41102D,
767
- 0x41102D,
768
- 0x41102D,
769
- 0x41102D,
770
- 0x410F90,
771
- 0x410F90,
772
- 0x410F90,
773
- ],
774
- ),
775
- J(
776
- 0x411300,
777
- 0x41E950,
778
- [
779
- 0x4117B2,
780
- 0x4117B2,
781
- 0x41130C,
782
- 0x4117B2,
783
- 0x41130C,
784
- 0x4117B2,
785
- 0x41130C,
786
- 0x41130C,
787
- 0x41130C,
788
- 0x41130C,
789
- 0x41130C,
790
- 0x41130C,
791
- 0x41130C,
792
- 0x41130C,
793
- 0x41130C,
794
- 0x41130C,
795
- 0x41130C,
796
- 0x41130C,
797
- 0x41130C,
798
- 0x41130C,
799
- 0x41130C,
800
- 0x41130C,
801
- 0x41130C,
802
- 0x41130C,
803
- 0x41130C,
804
- 0x41130C,
805
- 0x41130C,
806
- 0x41130C,
807
- 0x41130C,
808
- 0x41130C,
809
- 0x41130C,
810
- 0x41130C,
811
- 0x41130C,
812
- 0x4117B2,
813
- ],
814
- ),
815
- J(
816
- 0x412AAE,
817
- 0x41EA88,
818
- [
819
- 0x414B93,
820
- 0x414BE3,
821
- 0x414BE3,
822
- 0x414BE3,
823
- 0x414BE3,
824
- 0x414BE3,
825
- 0x414BE3,
826
- 0x414BE3,
827
- 0x414BE3,
828
- 0x414BE3,
829
- 0x414BE3,
830
- 0x414BE3,
831
- 0x414BE3,
832
- 0x414BE3,
833
- 0x414BE3,
834
- 0x414BE3,
835
- 0x414BE3,
836
- 0x414BE3,
837
- 0x414BE3,
838
- 0x414BE3,
839
- 0x414BE3,
840
- 0x414BE3,
841
- 0x414BE3,
842
- 0x414BE3,
843
- 0x414BE3,
844
- 0x414BE3,
845
- 0x414BE3,
846
- 0x414BE3,
847
- 0x414BE3,
848
- 0x414BE3,
849
- 0x414BE3,
850
- 0x414BE3,
851
- 0x414BE3,
852
- 0x414BE3,
853
- 0x414BE3,
854
- 0x414BE3,
855
- 0x414BE3,
856
- 0x412ABE,
857
- 0x414BE3,
858
- 0x414BE3,
859
- 0x414BE3,
860
- 0x414BE3,
861
- 0x414BE3,
862
- 0x414BE3,
863
- 0x414BE3,
864
- 0x414BE3,
865
- 0x414BE3,
866
- 0x414BE3,
867
- 0x414BE3,
868
- 0x414BE3,
869
- 0x414BE3,
870
- 0x414BE3,
871
- 0x414BE3,
872
- 0x414BE3,
873
- 0x414BE3,
874
- 0x414BE3,
875
- 0x414BE3,
876
- 0x414BE3,
877
- 0x414905,
878
- 0x414BE3,
879
- 0x414BE3,
880
- 0x414BE3,
881
- 0x414BE3,
882
- 0x414BE3,
883
- 0x414BE3,
884
- 0x412C2F,
885
- 0x412C85,
886
- 0x413105,
887
- 0x4131D1,
888
- 0x414BE3,
889
- 0x413BB4,
890
- 0x414295,
891
- 0x413BD1,
892
- 0x413BFD,
893
- 0x414BE3,
894
- 0x414BE3,
895
- 0x414BE3,
896
- 0x413CBE,
897
- 0x413D2F,
898
- 0x414BE3,
899
- 0x413ED8,
900
- 0x414BE3,
901
- 0x413F09,
902
- 0x413F19,
903
- 0x4140B6,
904
- 0x41423E,
905
- 0x414295,
906
- 0x4145B5,
907
- 0x4140A4,
908
- 0x414660,
909
- 0x414749,
910
- 0x414BE3,
911
- 0x414BE3,
912
- 0x414BE3,
913
- 0x414BE3,
914
- 0x414BE3,
915
- 0x414BE3,
916
- 0x412C02,
917
- 0x412C5C,
918
- 0x412CB2,
919
- 0x4131EE,
920
- 0x413217,
921
- 0x414BE3,
922
- 0x414295,
923
- 0x412C5C,
924
- 0x414BE3,
925
- 0x413C79,
926
- 0x413C25,
927
- 0x413C51,
928
- 0x413CEA,
929
- 0x413DAA,
930
- 0x414BE3,
931
- 0x413EE9,
932
- 0x414BE3,
933
- 0x412E7D,
934
- 0x413F44,
935
- 0x4140C6,
936
- 0x4141F4,
937
- 0x414BE3,
938
- 0x414634,
939
- 0x4131BF,
940
- 0x4146B6,
941
- 0x41495E,
942
- ],
943
- ),
944
- J(
945
- 0x415060,
946
- 0x41F0D8,
947
- [0x415073, 0x415078, 0x4150A8, 0x4150E3, 0x41512C, 0x415183, 0x4151EF, 0x415269, 0x4152F9, 0x415397],
948
- ),
949
- J(
950
- 0x415FAA,
951
- 0x41F268,
952
- [
953
- 0x415FCF,
954
- 0x4160EE,
955
- 0x4160EE,
956
- 0x415FF4,
957
- 0x4160EE,
958
- 0x416012,
959
- 0x4160EE,
960
- 0x4160EE,
961
- 0x4160EE,
962
- 0x416030,
963
- 0x4160EE,
964
- 0x41604E,
965
- 0x4160EE,
966
- 0x4160EE,
967
- 0x41606C,
968
- 0x4160EE,
969
- 0x4160EE,
970
- 0x4160EE,
971
- 0x416087,
972
- 0x4160EE,
973
- 0x4160EE,
974
- 0x4160EE,
975
- 0x4160EE,
976
- 0x4160B8,
977
- 0x4160D3,
978
- 0x4160EE,
979
- 0x4160EE,
980
- 0x4160EE,
981
- 0x4160EE,
982
- 0x4160EE,
983
- 0x4160EE,
984
- 0x4160EE,
985
- 0x415FB6,
986
- 0x415FE8,
987
- 0x4160EE,
988
- 0x4160EE,
989
- 0x4160EE,
990
- 0x416012,
991
- 0x4160EE,
992
- 0x4160EE,
993
- 0x4160EE,
994
- 0x416030,
995
- 0x4160EE,
996
- 0x41604E,
997
- 0x4160EE,
998
- 0x4160EE,
999
- 0x4160EE,
1000
- 0x4160EE,
1001
- 0x4160EE,
1002
- 0x4160EE,
1003
- 0x416087,
1004
- 0x4160EE,
1005
- 0x4160EE,
1006
- 0x4160A2,
1007
- ],
1008
- ),
1009
- J(
1010
- 0x416586,
1011
- 0x41F4C8,
1012
- [
1013
- 0x4165AB,
1014
- 0x4166CA,
1015
- 0x4166CA,
1016
- 0x4165D0,
1017
- 0x4166CA,
1018
- 0x4165EE,
1019
- 0x4166CA,
1020
- 0x4166CA,
1021
- 0x4166CA,
1022
- 0x41660C,
1023
- 0x4166CA,
1024
- 0x41662A,
1025
- 0x4166CA,
1026
- 0x4166CA,
1027
- 0x416648,
1028
- 0x4166CA,
1029
- 0x4166CA,
1030
- 0x4166CA,
1031
- 0x416663,
1032
- 0x4166CA,
1033
- 0x4166CA,
1034
- 0x4166CA,
1035
- 0x4166CA,
1036
- 0x416694,
1037
- 0x4166AF,
1038
- 0x4166CA,
1039
- 0x4166CA,
1040
- 0x4166CA,
1041
- 0x4166CA,
1042
- 0x4166CA,
1043
- 0x4166CA,
1044
- 0x4166CA,
1045
- 0x416592,
1046
- 0x4165C4,
1047
- 0x4166CA,
1048
- 0x4166CA,
1049
- 0x4166CA,
1050
- 0x4165EE,
1051
- 0x4166CA,
1052
- 0x4166CA,
1053
- 0x4166CA,
1054
- 0x41660C,
1055
- 0x4166CA,
1056
- 0x41662A,
1057
- 0x4166CA,
1058
- 0x4166CA,
1059
- 0x4166CA,
1060
- 0x4166CA,
1061
- 0x4166CA,
1062
- 0x4166CA,
1063
- 0x416663,
1064
- 0x4166CA,
1065
- 0x4166CA,
1066
- 0x41667E,
1067
- ],
1068
- ),
1069
- J(
1070
- 0x4177EC,
1071
- 0x41F6B0,
1072
- [
1073
- 0x4177F8,
1074
- 0x4177F8,
1075
- 0x4177F8,
1076
- 0x4177F8,
1077
- 0x4177F8,
1078
- 0x4177F8,
1079
- 0x4177F8,
1080
- 0x4177F8,
1081
- 0x4177F8,
1082
- 0x4177F8,
1083
- 0x4177FF,
1084
- 0x4177FF,
1085
- 0x4177FF,
1086
- 0x4177FF,
1087
- 0x4177FF,
1088
- 0x4177FF,
1089
- 0x4177FF,
1090
- 0x4177F8,
1091
- 0x4177F8,
1092
- 0x4177F8,
1093
- 0x4177F8,
1094
- 0x4177F8,
1095
- 0x4177F8,
1096
- 0x4177FF,
1097
- 0x4177FF,
1098
- 0x4177FF,
1099
- 0x4177FF,
1100
- 0x4177FF,
1101
- 0x4177FF,
1102
- 0x4177FF,
1103
- 0x4177FF,
1104
- 0x4177FF,
1105
- 0x4177FF,
1106
- 0x4177FF,
1107
- 0x4177FF,
1108
- 0x4177FF,
1109
- 0x4177FF,
1110
- 0x4177FF,
1111
- 0x4177FF,
1112
- 0x4177FF,
1113
- 0x4177FF,
1114
- 0x4177FF,
1115
- 0x4177FF,
1116
- 0x4177FF,
1117
- 0x4177FF,
1118
- 0x4177FF,
1119
- 0x4177FF,
1120
- 0x4177FF,
1121
- 0x4177FF,
1122
- 0x4177F8,
1123
- 0x4177F8,
1124
- 0x4177F8,
1125
- 0x4177F8,
1126
- 0x4177F8,
1127
- 0x4177F8,
1128
- ],
1129
- ),
1130
- }
1131
-
1132
- self._compare(cfg.jump_tables, all_jumptables)
1133
-
1134
- def test_amd64_chmod_gcc_O1(self):
1135
- p = angr.Project(os.path.join(test_location, "x86_64", "chmod_gcc_-O1"), auto_load_libs=False)
1136
- cfg = p.analyses.CFGFast()
1137
-
1138
- all_jumptables = {
1139
- J(
1140
- 0x402322,
1141
- 0x4095A0,
1142
- [
1143
- 0x40246D,
1144
- 0x4024BF,
1145
- 0x4023D9,
1146
- 0x4024BF,
1147
- 0x40288B,
1148
- 0x4023A5,
1149
- 0x4024BF,
1150
- 0x4024BF,
1151
- 0x40232C,
1152
- 0x4024BF,
1153
- 0x4024BF,
1154
- 0x402422,
1155
- ],
1156
- ),
1157
- J(
1158
- 0x402FC1,
1159
- 0x409778,
1160
- [
1161
- 0x402FF2,
1162
- 0x402FFD,
1163
- 0x402FFD,
1164
- 0x402FFD,
1165
- 0x402FFD,
1166
- 0x402FFD,
1167
- 0x402FFD,
1168
- 0x402FFD,
1169
- 0x402FFD,
1170
- 0x402FFD,
1171
- 0x402FFD,
1172
- 0x402FFD,
1173
- 0x402FFD,
1174
- 0x402FFD,
1175
- 0x402FFD,
1176
- 0x402FFD,
1177
- 0x402FFD,
1178
- 0x402FFD,
1179
- 0x402FFD,
1180
- 0x402FFD,
1181
- 0x402FFD,
1182
- 0x402FFD,
1183
- 0x402FFD,
1184
- 0x402FFD,
1185
- 0x402FFD,
1186
- 0x402FFD,
1187
- 0x402FCB,
1188
- 0x402FE0,
1189
- 0x402FE9,
1190
- 0x402FFD,
1191
- 0x402FFD,
1192
- 0x402FD4,
1193
- 0x402FDA,
1194
- ],
1195
- ),
1196
- J(
1197
- 0x40360A,
1198
- 0x409920,
1199
- [0x403614, 0x403F96, 0x403723, 0x40363C, 0x403F66, 0x403769, 0x40367D, 0x40367D, 0x40367D],
1200
- ),
1201
- J(
1202
- 0x4038D0,
1203
- 0x409968,
1204
- [
1205
- 0x4038EF,
1206
- 0x403B48,
1207
- 0x403B48,
1208
- 0x403B48,
1209
- 0x403B48,
1210
- 0x403B48,
1211
- 0x403B48,
1212
- 0x403A91,
1213
- 0x4038E5,
1214
- 0x403A56,
1215
- 0x403A76,
1216
- 0x403A5D,
1217
- 0x403A4F,
1218
- 0x4038DB,
1219
- 0x403B48,
1220
- 0x403B48,
1221
- 0x403B48,
1222
- 0x403B48,
1223
- 0x403B48,
1224
- 0x403B48,
1225
- 0x403B48,
1226
- 0x403B48,
1227
- 0x403B48,
1228
- 0x403B48,
1229
- 0x403B48,
1230
- 0x403B48,
1231
- 0x403B48,
1232
- 0x403B48,
1233
- 0x403B48,
1234
- 0x403B48,
1235
- 0x403B48,
1236
- 0x403B48,
1237
- 0x403AD2,
1238
- 0x403AD2,
1239
- 0x403AD2,
1240
- 0x403AC9,
1241
- 0x403AD2,
1242
- 0x403DF3,
1243
- 0x403AD2,
1244
- 0x403AF0,
1245
- 0x403AD2,
1246
- 0x403AD2,
1247
- 0x403AD2,
1248
- 0x403DF3,
1249
- 0x403DF3,
1250
- 0x403DF3,
1251
- 0x403DF3,
1252
- 0x403DF3,
1253
- 0x403DF3,
1254
- 0x403DF3,
1255
- 0x403DF3,
1256
- 0x403DF3,
1257
- 0x403DF3,
1258
- 0x403DF3,
1259
- 0x403DF3,
1260
- 0x403DF3,
1261
- 0x403DF3,
1262
- 0x403DF3,
1263
- 0x403DF3,
1264
- 0x403AD2,
1265
- 0x403AD2,
1266
- 0x403AD2,
1267
- 0x403AD2,
1268
- 0x40397C,
1269
- 0x403B48,
1270
- 0x403DF3,
1271
- 0x403DF3,
1272
- 0x403DF3,
1273
- 0x403DF3,
1274
- 0x403DF3,
1275
- 0x403DF3,
1276
- 0x403DF3,
1277
- 0x403DF3,
1278
- 0x403DF3,
1279
- 0x403DF3,
1280
- 0x403DF3,
1281
- 0x403DF3,
1282
- 0x403DF3,
1283
- 0x403DF3,
1284
- 0x403DF3,
1285
- 0x403DF3,
1286
- 0x403DF3,
1287
- 0x403DF3,
1288
- 0x403DF3,
1289
- 0x403DF3,
1290
- 0x403DF3,
1291
- 0x403DF3,
1292
- 0x403DF3,
1293
- 0x403DF3,
1294
- 0x403DF3,
1295
- 0x403DF3,
1296
- 0x403AD2,
1297
- 0x403A64,
1298
- 0x403DF3,
1299
- 0x403AD2,
1300
- 0x403DF3,
1301
- 0x403AD2,
1302
- 0x403DF3,
1303
- 0x403DF3,
1304
- 0x403DF3,
1305
- 0x403DF3,
1306
- 0x403DF3,
1307
- 0x403DF3,
1308
- 0x403DF3,
1309
- 0x403DF3,
1310
- 0x403DF3,
1311
- 0x403DF3,
1312
- 0x403DF3,
1313
- 0x403DF3,
1314
- 0x403DF3,
1315
- 0x403DF3,
1316
- 0x403DF3,
1317
- 0x403DF3,
1318
- 0x403DF3,
1319
- 0x403DF3,
1320
- 0x403DF3,
1321
- 0x403DF3,
1322
- 0x403DF3,
1323
- 0x403DF3,
1324
- 0x403DF3,
1325
- 0x403DF3,
1326
- 0x403DF3,
1327
- 0x403DF3,
1328
- 0x403AA4,
1329
- 0x403AD2,
1330
- 0x403AA4,
1331
- 0x403AC9,
1332
- ],
1333
- ),
1334
- J(
1335
- 0x4039DC,
1336
- 0x409D60,
1337
- [
1338
- 0x4039E6,
1339
- 0x403DF3,
1340
- 0x403DF3,
1341
- 0x403DF3,
1342
- 0x403DF3,
1343
- 0x403DF3,
1344
- 0x4039E6,
1345
- 0x4039E6,
1346
- 0x4039E6,
1347
- 0x403DF3,
1348
- 0x403DF3,
1349
- 0x403DF3,
1350
- 0x4039E6,
1351
- 0x403DF3,
1352
- 0x4039E6,
1353
- 0x403DF3,
1354
- 0x403DF3,
1355
- 0x403DF3,
1356
- 0x403DF3,
1357
- 0x403DF3,
1358
- 0x403DF3,
1359
- 0x403DF3,
1360
- 0x403DF3,
1361
- 0x403DF3,
1362
- 0x403DF3,
1363
- 0x403DF3,
1364
- 0x403DF3,
1365
- 0x4039E6,
1366
- 0x4039E6,
1367
- 0x4039E6,
1368
- ],
1369
- ),
1370
- J(
1371
- 0x403C83,
1372
- 0x409E50,
1373
- [
1374
- 0x403F0D,
1375
- 0x403F0D,
1376
- 0x403C8D,
1377
- 0x403F0D,
1378
- 0x403C8D,
1379
- 0x403F0D,
1380
- 0x403C8D,
1381
- 0x403C8D,
1382
- 0x403C8D,
1383
- 0x403C8D,
1384
- 0x403C8D,
1385
- 0x403C8D,
1386
- 0x403C8D,
1387
- 0x403C8D,
1388
- 0x403C8D,
1389
- 0x403C8D,
1390
- 0x403C8D,
1391
- 0x403C8D,
1392
- 0x403C8D,
1393
- 0x403C8D,
1394
- 0x403C8D,
1395
- 0x403C8D,
1396
- 0x403C8D,
1397
- 0x403C8D,
1398
- 0x403C8D,
1399
- 0x403C8D,
1400
- 0x403C8D,
1401
- 0x403C8D,
1402
- 0x403C8D,
1403
- 0x403C8D,
1404
- 0x403C8D,
1405
- 0x403C8D,
1406
- 0x403C8D,
1407
- 0x403F0D,
1408
- ],
1409
- ),
1410
- J(
1411
- 0x4048CA,
1412
- 0x40A250,
1413
- [0x4048D2, 0x4048D7, 0x40490B, 0x404946, 0x404988, 0x4049D8, 0x404A2A, 0x404A8C, 0x404AF7, 0x404B73],
1414
- ),
1415
- J(
1416
- 0x406325,
1417
- 0x40A310,
1418
- [
1419
- 0x405FD8,
1420
- 0x405F8C,
1421
- 0x405FEB,
1422
- 0x405FD8,
1423
- 0x405F79,
1424
- 0x405FD8,
1425
- 0x406300,
1426
- 0x405FD8,
1427
- 0x405FB2,
1428
- 0x405FD8,
1429
- 0x405F9F,
1430
- 0x405FD8,
1431
- 0x405FC5,
1432
- ],
1433
- ),
1434
- J(
1435
- 0x406399,
1436
- 0x40A378,
1437
- [
1438
- 0x405FDF,
1439
- 0x405F93,
1440
- 0x406374,
1441
- 0x405FDF,
1442
- 0x405F80,
1443
- 0x405FDF,
1444
- 0x406331,
1445
- 0x405FDF,
1446
- 0x405FB9,
1447
- 0x405FDF,
1448
- 0x405FA6,
1449
- 0x405FDF,
1450
- 0x405FCC,
1451
- ],
1452
- ),
1453
- }
1454
-
1455
- self._compare(cfg.jump_tables, all_jumptables)
1456
-
1457
- def test_amd64_hostname_gcc_O2(self):
1458
- p = angr.Project(os.path.join(test_location, "x86_64", "hostname"), auto_load_libs=False)
1459
- cfg = p.analyses.CFGFast()
1460
-
1461
- all_jumptables = {
1462
- J(
1463
- 0x4025F5,
1464
- 0x40476C,
1465
- [
1466
- 0x4027AD,
1467
- 0x402739,
1468
- 0x402664,
1469
- 0x402739,
1470
- 0x402739,
1471
- 0x402739,
1472
- 0x402739,
1473
- 0x402658,
1474
- 0x402739,
1475
- 0x402739,
1476
- 0x40264D,
1477
- 0x402739,
1478
- 0x402739,
1479
- 0x402739,
1480
- 0x402739,
1481
- 0x402739,
1482
- 0x402739,
1483
- 0x402739,
1484
- 0x402739,
1485
- 0x402739,
1486
- 0x402739,
1487
- 0x402739,
1488
- 0x402739,
1489
- 0x40260F,
1490
- 0x402739,
1491
- 0x402739,
1492
- 0x402739,
1493
- 0x402739,
1494
- 0x402739,
1495
- 0x402739,
1496
- 0x402739,
1497
- 0x402739,
1498
- 0x402739,
1499
- 0x402739,
1500
- 0x402607,
1501
- 0x402642,
1502
- 0x402739,
1503
- 0x40263A,
1504
- 0x402739,
1505
- 0x4025FF,
1506
- 0x402739,
1507
- 0x4027AD,
1508
- 0x402685,
1509
- 0x402739,
1510
- 0x402739,
1511
- 0x402739,
1512
- 0x402739,
1513
- 0x402739,
1514
- 0x402739,
1515
- 0x402739,
1516
- 0x402739,
1517
- 0x402739,
1518
- 0x40267A,
1519
- 0x402739,
1520
- 0x402739,
1521
- 0x402739,
1522
- 0x402739,
1523
- 0x402739,
1524
- 0x40266F,
1525
- ],
1526
- ),
1527
- J(
1528
- 0x402D1F,
1529
- 0x404744,
1530
- [0x402EE0, 0x402E10, 0x402E10, 0x402EF8, 0x402E10, 0x402E10, 0x402EC8, 0x402EB0, 0x402D38, 0x402D38],
1531
- ),
1532
- }
1533
-
1534
- self._compare(cfg.jump_tables, all_jumptables)
1535
-
1536
- def test_amd64_cfgswitches_gcc(self):
1537
- p = angr.Project(os.path.join(test_location, "x86_64", "cfg_switches"), auto_load_libs=False)
1538
- cfg = p.analyses.CFGFast()
1539
-
1540
- all_jumptables = {
1541
- J(
1542
- 0x4006E1,
1543
- 0x400A40,
1544
- [
1545
- 0x40075B,
1546
- 0x4006EE,
1547
- 0x4006FA,
1548
- 0x4006EE,
1549
- 0x40070B,
1550
- 0x4006EE,
1551
- 0x40071C,
1552
- 0x4006EE,
1553
- 0x40072D,
1554
- 0x4006EE,
1555
- 0x40073E,
1556
- 0x40075B,
1557
- 0x40075B,
1558
- 0x40075B,
1559
- 0x40075B,
1560
- 0x40075B,
1561
- 0x40075B,
1562
- 0x40075B,
1563
- 0x40075B,
1564
- 0x40075B,
1565
- 0x40075B,
1566
- 0x40075B,
1567
- 0x40075B,
1568
- 0x40075B,
1569
- 0x40075B,
1570
- 0x40075B,
1571
- 0x40075B,
1572
- 0x40075B,
1573
- 0x40075B,
1574
- 0x40075B,
1575
- 0x40075B,
1576
- 0x40075B,
1577
- 0x40075B,
1578
- 0x40075B,
1579
- 0x40075B,
1580
- 0x40075B,
1581
- 0x40075B,
1582
- 0x40075B,
1583
- 0x40075B,
1584
- 0x40075B,
1585
- 0x40075B,
1586
- 0x40075B,
1587
- 0x40075B,
1588
- 0x40075B,
1589
- 0x40075B,
1590
- 0x40074F,
1591
- ],
1592
- ),
1593
- J(
1594
- 0x4005BC,
1595
- 0x4008C0,
1596
- [
1597
- 0x4006B0,
1598
- 0x4006B0,
1599
- 0x4005C9,
1600
- 0x4006B0,
1601
- 0x4006B0,
1602
- 0x4006B0,
1603
- 0x4006B0,
1604
- 0x4006B0,
1605
- 0x4006B0,
1606
- 0x4006B0,
1607
- 0x4005D8,
1608
- 0x4006B0,
1609
- 0x4005E7,
1610
- 0x4006B0,
1611
- 0x4005F6,
1612
- 0x400605,
1613
- 0x400614,
1614
- 0x4006B0,
1615
- 0x4006B0,
1616
- 0x4006B0,
1617
- 0x4006B0,
1618
- 0x4006B0,
1619
- 0x400623,
1620
- 0x4006B0,
1621
- 0x400632,
1622
- 0x4006B0,
1623
- 0x4006B0,
1624
- 0x4006B0,
1625
- 0x40063E,
1626
- 0x4006B0,
1627
- 0x4006B0,
1628
- 0x4006B0,
1629
- 0x4006B0,
1630
- 0x4006B0,
1631
- 0x4006B0,
1632
- 0x4006B0,
1633
- 0x4006B0,
1634
- 0x4006B0,
1635
- 0x40064A,
1636
- ],
1637
- ),
1638
- J(
1639
- 0x40053A,
1640
- 0x4007F8,
1641
- [
1642
- 0x40058D,
1643
- 0x400547,
1644
- 0x40058D,
1645
- 0x400552,
1646
- 0x40058D,
1647
- 0x40055D,
1648
- 0x40058D,
1649
- 0x400568,
1650
- 0x40058D,
1651
- 0x400573,
1652
- 0x40058D,
1653
- 0x40058D,
1654
- 0x400580,
1655
- ],
1656
- ),
1657
- J(0x40065A, 0x4009F8, [0x4006A3, 0x400667, 0x400673, 0x40067F, 0x40068B, 0x400697]),
1658
- }
1659
-
1660
- self._compare(cfg.jump_tables, all_jumptables)
1661
-
1662
- def test_i386_cfgswitches_gcc_O0(self):
1663
- p = angr.Project(os.path.join(test_location, "i386", "cfg_switches_O0"), auto_load_libs=False)
1664
- cfg = p.analyses.CFGFast()
1665
-
1666
- all_jumptables = {
1667
- J(
1668
- 0x8048432,
1669
- 0x8048770,
1670
- [
1671
- 0x8048487,
1672
- 0x8048441,
1673
- 0x8048487,
1674
- 0x804844C,
1675
- 0x8048487,
1676
- 0x8048457,
1677
- 0x8048487,
1678
- 0x8048462,
1679
- 0x8048487,
1680
- 0x804846D,
1681
- 0x8048487,
1682
- 0x8048487,
1683
- 0x804847A,
1684
- ],
1685
- ),
1686
- J(
1687
- 0x80484B4,
1688
- 0x8048804,
1689
- [
1690
- 0x8048612,
1691
- 0x8048612,
1692
- 0x80484C3,
1693
- 0x8048612,
1694
- 0x8048612,
1695
- 0x8048612,
1696
- 0x8048612,
1697
- 0x8048612,
1698
- 0x8048612,
1699
- 0x8048612,
1700
- 0x80484D8,
1701
- 0x8048612,
1702
- 0x80484ED,
1703
- 0x8048612,
1704
- 0x8048502,
1705
- 0x8048517,
1706
- 0x804852C,
1707
- 0x8048612,
1708
- 0x8048612,
1709
- 0x8048612,
1710
- 0x8048612,
1711
- 0x8048612,
1712
- 0x8048541,
1713
- 0x8048612,
1714
- 0x8048556,
1715
- 0x8048612,
1716
- 0x8048612,
1717
- 0x8048612,
1718
- 0x804856B,
1719
- 0x8048612,
1720
- 0x8048612,
1721
- 0x8048612,
1722
- 0x8048612,
1723
- 0x8048612,
1724
- 0x8048612,
1725
- 0x8048612,
1726
- 0x8048612,
1727
- 0x8048612,
1728
- 0x8048580,
1729
- ],
1730
- ),
1731
- J(0x8048596, 0x80488A0, [0x80485FF, 0x80485A5, 0x80485B7, 0x80485C9, 0x80485DB, 0x80485ED]),
1732
- J(
1733
- 0x8048654,
1734
- 0x80488CC,
1735
- [
1736
- 0x80486D5,
1737
- 0x8048662,
1738
- 0x8048671,
1739
- 0x8048662,
1740
- 0x8048682,
1741
- 0x8048662,
1742
- 0x8048693,
1743
- 0x8048662,
1744
- 0x80486A4,
1745
- 0x8048662,
1746
- 0x80486B5,
1747
- 0x80486D5,
1748
- 0x80486D5,
1749
- 0x80486D5,
1750
- 0x80486D5,
1751
- 0x80486D5,
1752
- 0x80486D5,
1753
- 0x80486D5,
1754
- 0x80486D5,
1755
- 0x80486D5,
1756
- 0x80486D5,
1757
- 0x80486D5,
1758
- 0x80486D5,
1759
- 0x80486D5,
1760
- 0x80486D5,
1761
- 0x80486D5,
1762
- 0x80486D5,
1763
- 0x80486D5,
1764
- 0x80486D5,
1765
- 0x80486D5,
1766
- 0x80486D5,
1767
- 0x80486D5,
1768
- 0x80486D5,
1769
- 0x80486D5,
1770
- 0x80486D5,
1771
- 0x80486D5,
1772
- 0x80486D5,
1773
- 0x80486D5,
1774
- 0x80486D5,
1775
- 0x80486D5,
1776
- 0x80486D5,
1777
- 0x80486D5,
1778
- 0x80486D5,
1779
- 0x80486D5,
1780
- 0x80486D5,
1781
- 0x80486C6,
1782
- ],
1783
- ),
1784
- }
1785
-
1786
- self._compare(cfg.jump_tables, all_jumptables)
1787
-
1788
- def test_i386_cfgswitches_gcc_O1(self):
1789
- p = angr.Project(os.path.join(test_location, "i386", "cfg_switches_O1"), auto_load_libs=False)
1790
- cfg = p.analyses.CFGFast()
1791
-
1792
- all_jumptables = {
1793
- J(
1794
- 0x804842F,
1795
- 0x8048700,
1796
- [
1797
- 0x804845A,
1798
- 0x8048436,
1799
- 0x804845A,
1800
- 0x804843C,
1801
- 0x804845A,
1802
- 0x8048442,
1803
- 0x804845A,
1804
- 0x8048448,
1805
- 0x804845A,
1806
- 0x804844E,
1807
- 0x804845A,
1808
- 0x804845A,
1809
- 0x8048454,
1810
- ],
1811
- ),
1812
- J(
1813
- 0x804847E,
1814
- 0x8048734,
1815
- [
1816
- 0x80485D5,
1817
- 0x80485D5,
1818
- 0x8048485,
1819
- 0x80485D5,
1820
- 0x80485D5,
1821
- 0x80485D5,
1822
- 0x80485D5,
1823
- 0x80485D5,
1824
- 0x80485D5,
1825
- 0x80485D5,
1826
- 0x804849F,
1827
- 0x80485D5,
1828
- 0x80484B1,
1829
- 0x80485D5,
1830
- 0x80484C3,
1831
- 0x80484D5,
1832
- 0x80484E7,
1833
- 0x80485D5,
1834
- 0x80485D5,
1835
- 0x80485D5,
1836
- 0x80485D5,
1837
- 0x80485D5,
1838
- 0x80484F9,
1839
- 0x80485D5,
1840
- 0x804850B,
1841
- 0x80485D5,
1842
- 0x80485D5,
1843
- 0x80485D5,
1844
- 0x8048520,
1845
- 0x80485D5,
1846
- 0x80485D5,
1847
- 0x80485D5,
1848
- 0x80485D5,
1849
- 0x80485D5,
1850
- 0x80485D5,
1851
- 0x80485D5,
1852
- 0x80485D5,
1853
- 0x80485D5,
1854
- 0x8048535,
1855
- ],
1856
- ),
1857
- J(0x804854C, 0x80487D0, [0x80485C0, 0x8048557, 0x804856C, 0x8048581, 0x8048596, 0x80485AB]),
1858
- J(
1859
- 0x8048610,
1860
- 0x80487E8,
1861
- [
1862
- 0x8048626,
1863
- 0x8048626,
1864
- 0x8048617,
1865
- 0x8048626,
1866
- 0x8048635,
1867
- 0x8048626,
1868
- 0x8048646,
1869
- 0x8048626,
1870
- 0x8048657,
1871
- 0x8048626,
1872
- 0x8048668,
1873
- ],
1874
- ),
1875
- }
1876
-
1877
- self._compare(cfg.jump_tables, all_jumptables)
1878
-
1879
- def test_i386_cfgswitches_gcc_O2(self):
1880
- p = angr.Project(os.path.join(test_location, "i386", "cfg_switches_O2"), auto_load_libs=False)
1881
- cfg = p.analyses.CFGFast()
1882
-
1883
- all_jumptables = {
1884
- J(
1885
- 0x8048336,
1886
- 0x8048888,
1887
- [
1888
- 0x804834B,
1889
- 0x804834B,
1890
- 0x804833D,
1891
- 0x804834B,
1892
- 0x8048377,
1893
- 0x804834B,
1894
- 0x8048387,
1895
- 0x804834B,
1896
- 0x8048357,
1897
- 0x804834B,
1898
- 0x8048367,
1899
- ],
1900
- ),
1901
- J(
1902
- 0x80484C9,
1903
- 0x80487A0,
1904
- [
1905
- 0x8048530,
1906
- 0x80484E0,
1907
- 0x8048530,
1908
- 0x80484F0,
1909
- 0x8048530,
1910
- 0x8048500,
1911
- 0x8048530,
1912
- 0x8048510,
1913
- 0x8048530,
1914
- 0x8048520,
1915
- 0x8048530,
1916
- 0x8048530,
1917
- 0x80484D0,
1918
- ],
1919
- ),
1920
- J(
1921
- 0x804855E,
1922
- 0x80487D4,
1923
- [
1924
- 0x8048670,
1925
- 0x8048670,
1926
- 0x8048590,
1927
- 0x8048670,
1928
- 0x8048670,
1929
- 0x8048670,
1930
- 0x8048670,
1931
- 0x8048670,
1932
- 0x8048670,
1933
- 0x8048670,
1934
- 0x80485B0,
1935
- 0x8048670,
1936
- 0x80485C8,
1937
- 0x8048670,
1938
- 0x80485E0,
1939
- 0x80485F8,
1940
- 0x8048610,
1941
- 0x8048670,
1942
- 0x8048670,
1943
- 0x8048670,
1944
- 0x8048670,
1945
- 0x8048670,
1946
- 0x8048628,
1947
- 0x8048670,
1948
- 0x8048640,
1949
- 0x8048670,
1950
- 0x8048670,
1951
- 0x8048670,
1952
- 0x8048658,
1953
- 0x8048670,
1954
- 0x8048670,
1955
- 0x8048670,
1956
- 0x8048670,
1957
- 0x8048670,
1958
- 0x8048670,
1959
- 0x8048670,
1960
- 0x8048670,
1961
- 0x8048670,
1962
- 0x8048568,
1963
- ],
1964
- ),
1965
- J(0x8048583, 0x8048870, [0x8048700, 0x80486E8, 0x80486D0, 0x80486B8, 0x80486A0, 0x8048688]),
1966
- }
1967
-
1968
- self._compare(cfg.jump_tables, all_jumptables)
1969
-
1970
- def test_kprca_00009(self):
1971
- p = angr.Project(os.path.join(test_location, "cgc", "KPRCA_00009"), auto_load_libs=False)
1972
- cfg = p.analyses.CFGFast()
1973
-
1974
- all_jumptables = {
1975
- J(
1976
- 0x804919A,
1977
- 0x804B890,
1978
- [0x80491A4, 0x80494F9, 0x80494FE, 0x8049503, 0x8049508, 0x804950D, 0x8049512, 0x804951A],
1979
- ),
1980
- J(
1981
- 0x8049295,
1982
- 0x804B870,
1983
- [0x804929F, 0x8049561, 0x8049566, 0x804956B, 0x8049570, 0x8049575, 0x804957A, 0x8049582],
1984
- ),
1985
- J(
1986
- 0x8048282,
1987
- 0x804B638,
1988
- [
1989
- 0x8048289,
1990
- 0x8048CC9,
1991
- 0x80483C3,
1992
- 0x80485F6,
1993
- 0x80483D5,
1994
- 0x8048CC9,
1995
- 0x80483F0,
1996
- 0x8048CC9,
1997
- 0x8048436,
1998
- 0x80485AD,
1999
- 0x8048448,
2000
- 0x804845A,
2001
- 0x8048487,
2002
- 0x80484A2,
2003
- 0x80484CA,
2004
- 0x8048CC9,
2005
- 0x8048520,
2006
- 0x8048CC9,
2007
- 0x804852F,
2008
- 0x8048CC9,
2009
- 0x8048541,
2010
- 0x8048CC9,
2011
- 0x804855C,
2012
- 0x8048CC9,
2013
- 0x80485A0,
2014
- 0x80485CB,
2015
- 0x80485ED,
2016
- 0x8048CC9,
2017
- 0x8048611,
2018
- 0x8048CC9,
2019
- 0x804864D,
2020
- 0x8048CC9,
2021
- 0x80486A3,
2022
- 0x8048CC9,
2023
- 0x80486C1,
2024
- 0x8048CC9,
2025
- 0x8048CC9,
2026
- 0x8048CC9,
2027
- 0x80486D4,
2028
- 0x8048CC9,
2029
- 0x80486ED,
2030
- 0x8048714,
2031
- 0x8048726,
2032
- 0x8048CC9,
2033
- 0x8048CC9,
2034
- 0x8048CC9,
2035
- 0x8048741,
2036
- 0x8048CC9,
2037
- 0x804876D,
2038
- 0x8048CC9,
2039
- 0x804878D,
2040
- 0x804879D,
2041
- 0x8048CC9,
2042
- 0x8048CC9,
2043
- 0x80487A4,
2044
- 0x8048CC9,
2045
- 0x80487BC,
2046
- 0x80487E3,
2047
- 0x80487FA,
2048
- 0x8048817,
2049
- 0x8048CC9,
2050
- 0x8048CC9,
2051
- 0x804882B,
2052
- ],
2053
- ),
2054
- J(
2055
- 0x8049211,
2056
- 0x804B850,
2057
- [0x804921B, 0x8049533, 0x8049538, 0x804953D, 0x8049542, 0x8049547, 0x804954C, 0x8049554],
2058
- ),
2059
- J(
2060
- 0x80492BD,
2061
- 0x804B830,
2062
- [0x80492C7, 0x80495A1, 0x80495A6, 0x80495AB, 0x80495B0, 0x80495B5, 0x80495BA, 0x80495C2],
2063
- ),
2064
- J(0x8048CD8, 0x804B77C, [0x8048CDF, 0x8048CFD, 0x8048DEA, 0x8048E11, 0x8048E38]),
2065
- J(0x8048D48, 0x804B800, [0x8048D52, 0x8048F12, 0x8048F17, 0x8048F1C]),
2066
- J(
2067
- 0x8049EBC,
2068
- 0x804BA58,
2069
- [
2070
- 0x8049F0A,
2071
- 0x8049F68,
2072
- 0x8049EC3,
2073
- 0x8049F68,
2074
- 0x8049F68,
2075
- 0x8049F18,
2076
- 0x8049F68,
2077
- 0x8049F68,
2078
- 0x8049F68,
2079
- 0x8049F68,
2080
- 0x8049F1E,
2081
- 0x8049F24,
2082
- 0x8049F2A,
2083
- ],
2084
- ),
2085
- J(0x8048D20, 0x804B820, [0x8048D2A, 0x8048EEE, 0x8048EF3, 0x8048EF8]),
2086
- J(
2087
- 0x8049EEC,
2088
- 0x804B9FC,
2089
- [
2090
- 0x8049EF3,
2091
- 0x8049F68,
2092
- 0x8049F68,
2093
- 0x8049F30,
2094
- 0x8049F68,
2095
- 0x8049F68,
2096
- 0x8049F68,
2097
- 0x8049F0A,
2098
- 0x8049F36,
2099
- 0x8049F3C,
2100
- 0x8049F42,
2101
- 0x8049F68,
2102
- 0x8049F68,
2103
- 0x8049F68,
2104
- 0x8049F68,
2105
- 0x8049F68,
2106
- 0x8049F48,
2107
- 0x8049F68,
2108
- 0x8049F58,
2109
- 0x8049F68,
2110
- 0x8049F5E,
2111
- 0x8049F68,
2112
- 0x8049F64,
2113
- ],
2114
- ),
2115
- J(0x8048D70, 0x804B810, [0x8048D7A, 0x8048FC9, 0x8048FD1, 0x8048FD9]),
2116
- J(0x8048D9B, 0x804B7F0, [0x8048DA5, 0x8048FE1, 0x8048FE9, 0x8048FF1]),
2117
- J(
2118
- 0x8048DD8,
2119
- 0x804B950,
2120
- [0x8048DE2, 0x804913C, 0x8049141, 0x8049146, 0x804914B, 0x8049150, 0x8049155, 0x804915D],
2121
- ),
2122
- J(
2123
- 0x8049169,
2124
- 0x804B970,
2125
- [0x8049173, 0x80491AC, 0x80491B1, 0x80491B6, 0x80491BB, 0x80491C0, 0x80491C5, 0x80491CD],
2126
- ),
2127
- J(
2128
- 0x80489DA,
2129
- 0x804B734,
2130
- [
2131
- 0x80489E1,
2132
- 0x8048B46,
2133
- 0x8048CC9,
2134
- 0x8048CC9,
2135
- 0x8048CC9,
2136
- 0x8048CC9,
2137
- 0x8048CC9,
2138
- 0x8048CC9,
2139
- 0x8048B5E,
2140
- 0x8048B6D,
2141
- ],
2142
- ),
2143
- J(
2144
- 0x8048E85,
2145
- 0x804B910,
2146
- [0x8048E8F, 0x8049223, 0x8049228, 0x804922D, 0x8049232, 0x8049237, 0x804923C, 0x8049244],
2147
- ),
2148
- J(
2149
- 0x8048EDC,
2150
- 0x804B8F0,
2151
- [0x8048EE6, 0x8049387, 0x804938C, 0x8049391, 0x8049396, 0x804939B, 0x80493A0, 0x80493A8],
2152
- ),
2153
- J(
2154
- 0x8048F81,
2155
- 0x804B8D0,
2156
- [0x8048F8B, 0x804942B, 0x8049430, 0x8049435, 0x804943A, 0x804943F, 0x8049444, 0x804944C],
2157
- ),
2158
- J(0x8049327, 0x804B930, [0x8049331, 0x8049600, 0x8049605, 0x804960A]),
2159
- J(
2160
- 0x804902B,
2161
- 0x804B8B0,
2162
- [0x8049035, 0x8049482, 0x8049487, 0x804948C, 0x8049491, 0x8049496, 0x804949B, 0x80494A3],
2163
- ),
2164
- J(0x8049375, 0x804B940, [0x804937F, 0x8049627, 0x804962C, 0x8049631]),
2165
- J(
2166
- 0x8048E49,
2167
- 0x804B790,
2168
- [0x8048E53, 0x80490FC, 0x8049101, 0x8049106, 0x804910B, 0x8049110, 0x8049115, 0x804911D],
2169
- ),
2170
- J(
2171
- 0x8048E26,
2172
- 0x804B7B0,
2173
- [0x8048E30, 0x804908F, 0x8049094, 0x8049099, 0x804909E, 0x80490A3, 0x80490A8, 0x80490B0],
2174
- ),
2175
- J(
2176
- 0x8048DFF,
2177
- 0x804B7D0,
2178
- [0x8048E09, 0x804903D, 0x8049042, 0x8049047, 0x804904C, 0x8049051, 0x8049056, 0x804905E],
2179
- ),
2180
- J(
2181
- 0x8048473,
2182
- 0x804B75C,
2183
- [0x804847F, 0x8048A11, 0x8048A16, 0x8048A1B, 0x8048A20, 0x8048A25, 0x8048A2A, 0x8048A32],
2184
- ),
2185
- }
2186
-
2187
- self._compare(cfg.jump_tables, all_jumptables)
2188
-
2189
- def test_armel_cfgswitches_gcc(self):
2190
- p = angr.Project(os.path.join(test_location, "armel", "cfg_switches"), auto_load_libs=False)
2191
- cfg = p.analyses.CFGFast()
2192
-
2193
- all_jumptables = {
2194
- J(
2195
- 0x10734,
2196
- 0x10748,
2197
- [
2198
- 0x107FC,
2199
- 0x10808,
2200
- 0x107FC,
2201
- 0x10818,
2202
- 0x107FC,
2203
- 0x10828,
2204
- 0x107FC,
2205
- 0x10838,
2206
- 0x107FC,
2207
- 0x10848,
2208
- 0x10864,
2209
- 0x10864,
2210
- 0x10864,
2211
- 0x10864,
2212
- 0x10864,
2213
- 0x10864,
2214
- 0x10864,
2215
- 0x10864,
2216
- 0x10864,
2217
- 0x10864,
2218
- 0x10864,
2219
- 0x10864,
2220
- 0x10864,
2221
- 0x10864,
2222
- 0x10864,
2223
- 0x10864,
2224
- 0x10864,
2225
- 0x10864,
2226
- 0x10864,
2227
- 0x10864,
2228
- 0x10864,
2229
- 0x10864,
2230
- 0x10864,
2231
- 0x10864,
2232
- 0x10864,
2233
- 0x10864,
2234
- 0x10864,
2235
- 0x10864,
2236
- 0x10864,
2237
- 0x10864,
2238
- 0x10864,
2239
- 0x10864,
2240
- 0x10864,
2241
- 0x10864,
2242
- 0x10858,
2243
- ],
2244
- ),
2245
- J(
2246
- 0x10434,
2247
- 0x10458,
2248
- [
2249
- 0x10488,
2250
- 0x104E8,
2251
- 0x10498,
2252
- 0x104E8,
2253
- 0x104A8,
2254
- 0x104E8,
2255
- 0x104B8,
2256
- 0x104E8,
2257
- 0x104C8,
2258
- 0x104E8,
2259
- 0x104E8,
2260
- 0x104D8,
2261
- ],
2262
- ),
2263
- J(
2264
- 0x10524,
2265
- 0x10538,
2266
- [
2267
- 0x105CC,
2268
- 0x106B4,
2269
- 0x106B4,
2270
- 0x106B4,
2271
- 0x106B4,
2272
- 0x106B4,
2273
- 0x106B4,
2274
- 0x106B4,
2275
- 0x105D8,
2276
- 0x106B4,
2277
- 0x105E4,
2278
- 0x106B4,
2279
- 0x105F0,
2280
- 0x105FC,
2281
- 0x10608,
2282
- 0x106B4,
2283
- 0x106B4,
2284
- 0x106B4,
2285
- 0x106B4,
2286
- 0x106B4,
2287
- 0x10614,
2288
- 0x106B4,
2289
- 0x10620,
2290
- 0x106B4,
2291
- 0x106B4,
2292
- 0x106B4,
2293
- 0x1062C,
2294
- 0x106B4,
2295
- 0x106B4,
2296
- 0x106B4,
2297
- 0x106B4,
2298
- 0x106B4,
2299
- 0x106B4,
2300
- 0x106B4,
2301
- 0x106B4,
2302
- 0x106B4,
2303
- 0x10638,
2304
- ],
2305
- ),
2306
- J(0x10640, 0x10654, [0x10668, 0x10674, 0x10680, 0x1068C, 0x10698]),
2307
- }
2308
-
2309
- self._compare(cfg.jump_tables, all_jumptables)
2310
-
2311
- def test_armel_lwip_tcpecho_bm(self):
2312
- p = angr.Project(os.path.join(test_location, "armel", "lwip_tcpecho_bm.elf"), auto_load_libs=False)
2313
- cfg = p.analyses.CFGFast()
2314
-
2315
- all_jumptables = {
2316
- J(
2317
- 0x14FB,
2318
- 0x14FE,
2319
- [
2320
- 0x1519,
2321
- 0x1519,
2322
- 0x152F,
2323
- 0x1541,
2324
- 0x1553,
2325
- 0x159D,
2326
- 0x1565,
2327
- 0x156D,
2328
- 0x1575,
2329
- 0x159D,
2330
- 0x159D,
2331
- 0x157D,
2332
- 0x1585,
2333
- 0x158D,
2334
- 0x1595,
2335
- 0x159D,
2336
- 0x159D,
2337
- 0x159D,
2338
- 0x15A1,
2339
- 0x1513,
2340
- ],
2341
- ),
2342
- J(0x2D45, 0x2D48, [0x2D8D, 0x2D4F, 0x2D91, 0x2D7F, 0x2D7F]),
2343
- J(0x2E8D, 0x2E90, [0x2EB3, 0x2E97, 0x2EB7, 0x2EA7, 0x2EA7]),
2344
- J(0x2E9F, 0x2EA2, [0x2F93, 0x2FC9, 0x2FC9, 0x2EBB]),
2345
- J(0x4B63, 0x4B66, [0x4B91, 0x4C81, 0x4D53, 0x4D5B, 0x4DED, 0x4D53, 0x4E21, 0x4E5F]),
2346
- }
2347
-
2348
- self._compare(cfg.jump_tables, all_jumptables)
2349
-
2350
- def test_s390x_cfgswitches(self):
2351
- p = angr.Project(os.path.join(test_location, "s390x", "cfg_switches"), auto_load_libs=False)
2352
- cfg = p.analyses.CFGFast()
2353
-
2354
- all_jumptables = {
2355
- J(
2356
- 0x400638,
2357
- 0x400C00,
2358
- [0x40064E, 0x40065C, 0x400692, 0x40065C, 0x4006A4, 0x40065C, 0x40066E, 0x40065C, 0x400680],
2359
- ),
2360
- J(
2361
- 0x4007D4,
2362
- 0x400A50,
2363
- [
2364
- 0x4007EA,
2365
- 0x4007CA,
2366
- 0x4007F4,
2367
- 0x4007CA,
2368
- 0x4007FE,
2369
- 0x4007CA,
2370
- 0x400808,
2371
- 0x4007CA,
2372
- 0x400812,
2373
- 0x4007CA,
2374
- 0x4007CA,
2375
- 0x40081C,
2376
- ],
2377
- ),
2378
- J(
2379
- 0x400872,
2380
- 0x400AB0,
2381
- [
2382
- 0x4008AE,
2383
- 0x400854,
2384
- 0x400854,
2385
- 0x400854,
2386
- 0x400854,
2387
- 0x400854,
2388
- 0x400854,
2389
- 0x400854,
2390
- 0x4008BE,
2391
- 0x400854,
2392
- 0x4008CE,
2393
- 0x400854,
2394
- 0x4008DE,
2395
- 0x4008EE,
2396
- 0x4008FE,
2397
- 0x400854,
2398
- 0x400854,
2399
- 0x400854,
2400
- 0x400854,
2401
- 0x400854,
2402
- 0x40090E,
2403
- 0x400854,
2404
- 0x40091E,
2405
- 0x400854,
2406
- 0x400854,
2407
- 0x400854,
2408
- 0x40092E,
2409
- 0x400854,
2410
- 0x400854,
2411
- 0x400854,
2412
- 0x400854,
2413
- 0x400854,
2414
- 0x400854,
2415
- 0x400854,
2416
- 0x400854,
2417
- 0x400854,
2418
- 0x400888,
2419
- ],
2420
- ),
2421
- J(0x40093E, 0x400BD8, [0x400984, 0x400974, 0x400964, 0x400954, 0x400994]),
2422
- }
2423
-
2424
- self._compare(cfg.jump_tables, all_jumptables)
2425
-
2426
- def test_arm_libsoap(self):
2427
- # This is the ADDLS type of jump table (IndirectJumpType.JumpTable_AddressComputed) where no actual table is
2428
- # used libsoap.so seems to be compiled from gSOAP, which is an open-source product
2429
-
2430
- p = angr.Project(os.path.join(test_location, "armel", "libsoap.so"), auto_load_libs=False)
2431
- cfg = p.analyses.CFGFast(data_references=True)
2432
-
2433
- all_jumptabes = {
2434
- J(
2435
- 0x411C8C,
2436
- None,
2437
- [
2438
- 0x411C9C,
2439
- 0x411CA0,
2440
- 0x411CA4,
2441
- 0x411CA8,
2442
- 0x411CAC,
2443
- 0x411CB0,
2444
- 0x411CB4,
2445
- 0x411CB8,
2446
- 0x411CBC,
2447
- 0x411CC0,
2448
- 0x411CC4,
2449
- 0x411CC8,
2450
- 0x411CCC,
2451
- 0x411CD0,
2452
- 0x411CD4,
2453
- 0x411CD8,
2454
- 0x411CDC,
2455
- 0x411CE0,
2456
- 0x411CE4,
2457
- 0x411CE8,
2458
- 0x411CEC,
2459
- 0x411CF0,
2460
- 0x411CF4,
2461
- 0x411CF8,
2462
- 0x411CFC,
2463
- 0x411D00,
2464
- 0x411D04,
2465
- 0x411D08,
2466
- 0x411D0C,
2467
- 0x411D10,
2468
- 0x411D14,
2469
- 0x411D18,
2470
- 0x411D1C,
2471
- 0x411D20,
2472
- 0x411D24,
2473
- 0x411D28,
2474
- 0x411D2C,
2475
- 0x411D30,
2476
- 0x411D34,
2477
- 0x411D38,
2478
- 0x411D3C,
2479
- 0x411D40,
2480
- 0x411D44,
2481
- 0x411D48,
2482
- 0x411D4C,
2483
- 0x411D50,
2484
- 0x411D54,
2485
- 0x411D58,
2486
- 0x411D5C,
2487
- 0x411D60,
2488
- 0x411D64,
2489
- 0x411D68,
2490
- 0x411D6C,
2491
- 0x411D70,
2492
- ],
2493
- ),
2494
- J(
2495
- 0x411F54,
2496
- None,
2497
- [
2498
- 0x411F64,
2499
- 0x411F68,
2500
- 0x411F6C,
2501
- 0x411F70,
2502
- 0x411F74,
2503
- 0x411F78,
2504
- 0x411F7C,
2505
- 0x411F80,
2506
- 0x411F84,
2507
- 0x411F88,
2508
- 0x411F8C,
2509
- 0x411F90,
2510
- 0x411F94,
2511
- 0x411F98,
2512
- 0x411F9C,
2513
- 0x411FA0,
2514
- 0x411FA4,
2515
- 0x411FA8,
2516
- 0x411FAC,
2517
- 0x411FB0,
2518
- 0x411FB4,
2519
- 0x411FB8,
2520
- 0x411FBC,
2521
- 0x411FC0,
2522
- 0x411FC4,
2523
- 0x411FC8,
2524
- 0x411FCC,
2525
- 0x411FD0,
2526
- 0x411FD4,
2527
- 0x411FD8,
2528
- 0x411FDC,
2529
- 0x411FE0,
2530
- 0x411FE4,
2531
- 0x411FE8,
2532
- 0x411FEC,
2533
- 0x411FF0,
2534
- 0x411FF4,
2535
- 0x411FF8,
2536
- 0x411FFC,
2537
- 0x412000,
2538
- 0x412004,
2539
- 0x412008,
2540
- 0x41200C,
2541
- 0x412010,
2542
- 0x412014,
2543
- 0x412018,
2544
- 0x41201C,
2545
- 0x412020,
2546
- 0x412024,
2547
- 0x412028,
2548
- 0x41202C,
2549
- 0x412030,
2550
- 0x412034,
2551
- 0x412038,
2552
- ],
2553
- ),
2554
- J(0x41B0B4, None, [0x41B0C4, 0x41B0C8, 0x41B0CC, 0x41B0D0, 0x41B0D4]),
2555
- # 0x41d0e8 and 0x41d0fc are the same jump table - they appear twice because the CFG is not normalized
2556
- # (the two blocks 0x41d0e8 and 0x41d0fc overlap and end at the same instruction)
2557
- J(
2558
- 0x41D0E8,
2559
- None,
2560
- [
2561
- 0x41D10C,
2562
- 0x41D110,
2563
- 0x41D114,
2564
- 0x41D118,
2565
- 0x41D11C,
2566
- 0x41D120,
2567
- 0x41D124,
2568
- 0x41D128,
2569
- 0x41D12C,
2570
- 0x41D130,
2571
- 0x41D134,
2572
- 0x41D138,
2573
- 0x41D13C,
2574
- 0x41D140,
2575
- 0x41D144,
2576
- 0x41D148,
2577
- 0x41D14C,
2578
- 0x41D150,
2579
- 0x41D154,
2580
- 0x41D158,
2581
- 0x41D15C,
2582
- 0x41D160,
2583
- 0x41D164,
2584
- 0x41D168,
2585
- 0x41D16C,
2586
- 0x41D170,
2587
- 0x41D174,
2588
- 0x41D178,
2589
- 0x41D17C,
2590
- ],
2591
- ),
2592
- J(
2593
- 0x41D0FC,
2594
- None,
2595
- [
2596
- 0x41D10C,
2597
- 0x41D110,
2598
- 0x41D114,
2599
- 0x41D118,
2600
- 0x41D11C,
2601
- 0x41D120,
2602
- 0x41D124,
2603
- 0x41D128,
2604
- 0x41D12C,
2605
- 0x41D130,
2606
- 0x41D134,
2607
- 0x41D138,
2608
- 0x41D13C,
2609
- 0x41D140,
2610
- 0x41D144,
2611
- 0x41D148,
2612
- 0x41D14C,
2613
- 0x41D150,
2614
- 0x41D154,
2615
- 0x41D158,
2616
- 0x41D15C,
2617
- 0x41D160,
2618
- 0x41D164,
2619
- 0x41D168,
2620
- 0x41D16C,
2621
- 0x41D170,
2622
- 0x41D174,
2623
- 0x41D178,
2624
- 0x41D17C,
2625
- ],
2626
- ),
2627
- J(
2628
- 0x41D9D0,
2629
- None,
2630
- [
2631
- 0x41D9E0,
2632
- 0x41D9E4,
2633
- 0x41D9E8,
2634
- 0x41D9EC,
2635
- 0x41D9F0,
2636
- 0x41D9F4,
2637
- 0x41D9F8,
2638
- 0x41D9FC,
2639
- 0x41DA00,
2640
- 0x41DA04,
2641
- 0x41DA08,
2642
- 0x41DA0C,
2643
- 0x41DA10,
2644
- 0x41DA14,
2645
- 0x41DA18,
2646
- 0x41DA1C,
2647
- 0x41DA20,
2648
- 0x41DA24,
2649
- 0x41DA28,
2650
- 0x41DA2C,
2651
- 0x41DA30,
2652
- 0x41DA34,
2653
- 0x41DA38,
2654
- 0x41DA3C,
2655
- 0x41DA40,
2656
- 0x41DA44,
2657
- 0x41DA48,
2658
- 0x41DA4C,
2659
- 0x41DA50,
2660
- 0x41DA54,
2661
- 0x41DA58,
2662
- 0x41DA5C,
2663
- 0x41DA60,
2664
- 0x41DA64,
2665
- 0x41DA68,
2666
- 0x41DA6C,
2667
- 0x41DA70,
2668
- 0x41DA74,
2669
- 0x41DA78,
2670
- 0x41DA7C,
2671
- 0x41DA80,
2672
- 0x41DA84,
2673
- 0x41DA88,
2674
- 0x41DA8C,
2675
- 0x41DA90,
2676
- 0x41DA94,
2677
- 0x41DA98,
2678
- 0x41DA9C,
2679
- 0x41DAA0,
2680
- 0x41DAA4,
2681
- 0x41DAA8,
2682
- 0x41DAAC,
2683
- 0x41DAB0,
2684
- 0x41DAB4,
2685
- ],
2686
- ),
2687
- J(
2688
- 0x41E070,
2689
- None,
2690
- [
2691
- 0x41E080,
2692
- 0x41E084,
2693
- 0x41E088,
2694
- 0x41E08C,
2695
- 0x41E090,
2696
- 0x41E094,
2697
- 0x41E098,
2698
- 0x41E09C,
2699
- 0x41E0A0,
2700
- 0x41E0A4,
2701
- 0x41E0A8,
2702
- 0x41E0AC,
2703
- 0x41E0B0,
2704
- 0x41E0B4,
2705
- 0x41E0B8,
2706
- 0x41E0BC,
2707
- 0x41E0C0,
2708
- 0x41E0C4,
2709
- 0x41E0C8,
2710
- 0x41E0CC,
2711
- 0x41E0D0,
2712
- 0x41E0D4,
2713
- 0x41E0D8,
2714
- 0x41E0DC,
2715
- 0x41E0E0,
2716
- 0x41E0E4,
2717
- 0x41E0E8,
2718
- 0x41E0EC,
2719
- 0x41E0F0,
2720
- 0x41E0F4,
2721
- 0x41E0F8,
2722
- 0x41E0FC,
2723
- 0x41E100,
2724
- 0x41E104,
2725
- 0x41E108,
2726
- 0x41E10C,
2727
- 0x41E110,
2728
- 0x41E114,
2729
- 0x41E118,
2730
- 0x41E11C,
2731
- 0x41E120,
2732
- 0x41E124,
2733
- 0x41E128,
2734
- 0x41E12C,
2735
- 0x41E130,
2736
- 0x41E134,
2737
- 0x41E138,
2738
- 0x41E13C,
2739
- 0x41E140,
2740
- 0x41E144,
2741
- 0x41E148,
2742
- 0x41E14C,
2743
- 0x41E150,
2744
- 0x41E154,
2745
- 0x41E158,
2746
- 0x41E15C,
2747
- 0x41E160,
2748
- 0x41E164,
2749
- 0x41E168,
2750
- 0x41E16C,
2751
- 0x41E170,
2752
- 0x41E174,
2753
- 0x41E178,
2754
- 0x41E17C,
2755
- 0x41E180,
2756
- 0x41E184,
2757
- 0x41E188,
2758
- 0x41E18C,
2759
- 0x41E190,
2760
- ],
2761
- ),
2762
- }
2763
-
2764
- self._compare(cfg.jump_tables, all_jumptabes)
2765
-
2766
- assert 0x41D0E8 in cfg.model.jump_tables
2767
- # normalizing the CFG should remove 0x41d0e8
2768
- cfg.normalize()
2769
- assert 0x41D0E8 not in cfg.model.jump_tables
2770
-
2771
- #
2772
- # The jump table should be occupied and marked as data
2773
- #
2774
-
2775
- def test_jumptable_occupied_as_data(self):
2776
- # GitHub issue #1671
2777
-
2778
- p = angr.Project(os.path.join(test_location, "i386", "windows", "printenv.exe"), auto_load_libs=False)
2779
- cfg = p.analyses.CFGFast()
2780
-
2781
- # it has a jump table at 0x402e4d with 10 entries
2782
- assert 0x402E4D in cfg.indirect_jumps
2783
- assert cfg.indirect_jumps[0x402E4D].jumptable is True
2784
- assert cfg.indirect_jumps[0x402E4D].jumptable_addr == 0x402E54
2785
- assert cfg.indirect_jumps[0x402E4D].jumptable_size == 4 * 10
2786
- assert cfg.indirect_jumps[0x402E4D].jumptable_entry_size == 4
2787
-
2788
- # 40 bytes starting at 0x402e4d should be marked as "data"
2789
- for addr in range(0x402E54, 0x402E54 + 40, 4):
2790
- assert cfg._seg_list.occupied_by_sort(addr) == "pointer-array"
2791
-
2792
- # node 0x402e4d should have 10 successors
2793
- assert len(cfg.model.get_any_node(0x402E4D).successors) == 10
2794
-
2795
- #
2796
- # Some jump tables are in fact vtables
2797
- #
2798
-
2799
- @slow_test
2800
- def test_vtable_amd64_libc_ubuntu_2004(self):
2801
- p = angr.Project(
2802
- os.path.join(test_location, "x86_64", "elf_with_static_libc_ubuntu_2004_stripped"), auto_load_libs=False
2803
- )
2804
- cfg = p.analyses.CFGFast()
2805
-
2806
- assert 0x46D710 in cfg.indirect_jumps
2807
- ij: "IndirectJump" = cfg.indirect_jumps[0x46D710]
2808
- assert ij.type == IndirectJumpType.Vtable
2809
- assert len(ij.jumptable_entries) == 213
2810
-
2811
- # all non-zero entries in a vtable should be made functions
2812
- for entry in ij.jumptable_entries:
2813
- if entry != 0:
2814
- assert entry in cfg.functions
2815
-
2816
- def test_mips_jumptable0(self):
2817
- p = angr.Project(os.path.join(test_location, "mipsel", "jumptable_0"), auto_load_libs=False)
2818
- cfg = p.analyses[CFGFast].prep()()
2819
-
2820
- assert 0x40D1A4 in cfg.model.jump_tables
2821
- jumptable = cfg.model.jump_tables[0x40D1A4]
2822
- assert len(jumptable.jumptable_entries) == 19
2823
- assert jumptable.jumptable_entries == [
2824
- 0x40D1E0,
2825
- 0x40D278,
2826
- 0x40D200,
2827
- 0x40D278,
2828
- 0x40D278,
2829
- 0x40D278,
2830
- 0x40D278,
2831
- 0x40D278,
2832
- 0x40D278,
2833
- 0x40D278,
2834
- 0x40D1C8,
2835
- 0x40D278,
2836
- 0x40D278,
2837
- 0x40D278,
2838
- 0x40D278,
2839
- 0x40D250,
2840
- 0x40D270,
2841
- 0x40D278,
2842
- 0x40D1F8,
2843
- ]
2844
-
2845
- def test_amd64_fmt0_with_constant_propagation_r12(self):
2846
- p = angr.Project(os.path.join(test_location, "x86_64", "fmt_0"), auto_load_libs=False)
2847
- cfg = p.analyses[CFGFast].prep()()
2848
-
2849
- assert 0x401ACC in cfg.model.jump_tables
2850
- jumptable = cfg.model.jump_tables[0x401ACC]
2851
- assert len(jumptable.jumptable_entries) == 21
2852
- assert jumptable.jumptable_entries == [
2853
- 0x401B48,
2854
- 0x401D6A,
2855
- 0x401D6A,
2856
- 0x401D6A,
2857
- 0x401B30,
2858
- 0x401D6A,
2859
- 0x401D6A,
2860
- 0x401D6A,
2861
- 0x401D6A,
2862
- 0x401D6A,
2863
- 0x401D6A,
2864
- 0x401D6A,
2865
- 0x401D6A,
2866
- 0x401B18,
2867
- 0x401D6A,
2868
- 0x401D6A,
2869
- 0x401B08,
2870
- 0x401AF8,
2871
- 0x401AE8,
2872
- 0x401D6A,
2873
- 0x401AD8,
2874
- ]
2875
-
2876
-
2877
- @skip_if_not_linux
2878
- class TestJumpTableResolverCallTables(unittest.TestCase):
2879
- """
2880
- Call table tests for JumpTableResolver
2881
- """
2882
-
2883
- @staticmethod
2884
- def _make_call_graph_edge_set_by_name(proj: angr.Project, src: str, dsts: Set[str]):
2885
- """
2886
- Create set of edges {src->dsts : for d in dsts} by name
2887
- """
2888
- return {(proj.kb.labels.lookup(src), proj.kb.labels.lookup(dst), 0) for dst in dsts}
2889
-
2890
- def _run_calltable_test(self, c_code: str, src: str, dsts: Set[str], cflags: Optional[Sequence[str]] = None):
2891
- """
2892
- Compile `c_code`, load the binary in a project, check JumpTableResolver can properly recover jump targets
2893
- """
2894
- proj = compile_c_to_angr_project(c_code, cflags, dict(auto_load_libs=False))
2895
-
2896
- # Run initial CFG, without attempting indirect jump resolve
2897
- cfg = proj.analyses.CFGFast(resolve_indirect_jumps=False)
2898
-
2899
- # Check that CFG analysis was unable to resolve these jumps
2900
- expected_edges = self._make_call_graph_edge_set_by_name(proj, src, dsts)
2901
- assert len(expected_edges.intersection(set(cfg.functions.callgraph.edges))) == 0
2902
-
2903
- func = proj.kb.functions[src]
2904
- if l.level == logging.DEBUG:
2905
- l.debug("Function Disassembly:\n%s", proj.analyses.Disassembly(func).render())
2906
-
2907
- # Verify exactly 1 block with an indirect Ijk_[Call|Boring] jumpkind
2908
- blocks = [
2909
- b
2910
- for b in func.blocks
2911
- if b.vex.jumpkind in ("Ijk_Call", "Ijk_Boring") and not isinstance(b.vex.next, pyvex.expr.Const)
2912
- ]
2913
- assert len(blocks) == 1, f"Expected 1 block with indirect Ijk_[Call|Boring] jumpkind, got {len(blocks)}"
2914
-
2915
- block = blocks[0]
2916
- irsb = block.vex
2917
- jtr = JumpTableResolver(proj)
2918
-
2919
- # Verify JumpTableResolver accepts this job
2920
- assert jtr.filter(cfg, block.addr, func.addr, block, irsb.jumpkind), "JumpTableResolver denied solving"
2921
-
2922
- # Verify JumpTableResolver is correctly resolving table
2923
- r, t = jtr.resolve(cfg, block.addr, func.addr, block, irsb.jumpkind)
2924
- assert r, "JumpTableResolver failed"
2925
- l.debug("JumpTableResolver returned %d targets: %s", len(t), ", ".join([hex(n) for n in t]))
2926
- assert set(t) == {proj.kb.labels.lookup(d) for d in dsts}
2927
-
2928
- # Check that CFG analysis is able to correctly resolve the indirect jumps with JumpTableResolver
2929
- cfg = proj.analyses.CFGFast(indirect_jump_resolvers=[jtr])
2930
- expected_edges = self._make_call_graph_edge_set_by_name(proj, src, dsts)
2931
- assert expected_edges.issubset(set(cfg.functions.callgraph.edges))
2932
-
2933
- def _run_common_test_matrix(self, c_code):
2934
- # XXX: On x86 with PIE, call get_pc_thunk() is used to calculate table address. Can't handle it yet.
2935
- cflags = []
2936
- for arch_flags in [[], ["-m32", "-fno-pie"]]: # AMD64, x86
2937
- for opt_level in range(0, 3):
2938
- subtest_cflags = cflags + [f"-O{opt_level}"] + arch_flags
2939
- with self.subTest(cflags=subtest_cflags):
2940
- self._run_calltable_test(
2941
- c_code, "src_func", {f"dst_func_{i}" for i in range(4)}, cflags=subtest_cflags
2942
- )
2943
-
2944
- calltable_common_code = """
2945
- #include <stdlib.h>
2946
-
2947
- int dst_func_0(int x, int y) { return x + y; }
2948
- int dst_func_1(int x, int y) { return x - y; }
2949
- int dst_func_2(int x, int y) { return x * y; }
2950
- int dst_func_3(int x, int y) { return x / y; }
2951
-
2952
- typedef int (*calltable_entry_t)(int x, int y);
2953
- calltable_entry_t table[] = {dst_func_0, dst_func_1, dst_func_2, dst_func_3};
2954
-
2955
- int src_func(int i, int x, int y);
2956
-
2957
- int main(int argc, char *argv[]) {
2958
- return src_func(atoi(argv[1]), atoi(argv[2]), atoi(argv[3]));
2959
- }
2960
- """
2961
-
2962
- # Force compiler emitting calls for all optimization levels via return value mutation
2963
-
2964
- def test_calltable_resolver_without_check(self):
2965
- self._run_common_test_matrix(
2966
- self.calltable_common_code
2967
- + """
2968
- int src_func(int i, int x, int y) {
2969
- return table[i](x, y) & 0xff;
2970
- }"""
2971
- )
2972
-
2973
- def test_calltable_resolver_with_check(self):
2974
- self._run_common_test_matrix(
2975
- self.calltable_common_code
2976
- + """
2977
- int src_func(int i, int x, int y) {
2978
- return ( (i < 4) ? table[i](x, y) : 0 ) & 0xff;
2979
- }"""
2980
- )
2981
-
2982
- # Expect tail-call optimization to the jump target for the following tests on higher optimization levels
2983
-
2984
- def test_calltable_resolver_without_check_tailcall(self):
2985
- self._run_common_test_matrix(
2986
- self.calltable_common_code
2987
- + """
2988
- int src_func(int i, int x, int y) {
2989
- return table[i](x, y);
2990
- }"""
2991
- )
2992
-
2993
- def test_calltable_resolver_with_check_tailcall(self):
2994
- self._run_common_test_matrix(
2995
- self.calltable_common_code
2996
- + """
2997
- int src_func(int i, int x, int y) {
2998
- if (i < 4) {
2999
- return table[i](x, y);
3000
- } else {
3001
- return 0;
3002
- }
3003
- }"""
3004
- )
3005
-
3006
-
3007
- if __name__ == "__main__":
3008
- unittest.main()