angr 9.2.87__py3-none-manylinux2014_x86_64.whl → 9.2.89__py3-none-manylinux2014_x86_64.whl

tests/analyses/test_block_simplifier.py

@@ -1,112 +0,0 @@
-#!/usr/bin/env python3
-__package__ = __package__ or "tests.analyses"  # pylint:disable=redefined-builtin
-
-import logging
-import unittest
-import os
-from itertools import count
-
-import archinfo
-import ailment
-
-import angr
-
-from ..common import bin_location
-
-
-test_location = os.path.join(bin_location, "tests")
-
-
-def block_simplify(block):
-    p = angr.Project(
-        os.path.join(test_location, "x86_64", "fauxware"),
-        auto_load_libs=False,
-    )
-    bsimp = p.analyses.AILBlockSimplifier(block, 0x1337)
-    return bsimp.result_block
-
-
-# pylint: disable=missing-class-docstring
-# pylint: disable=no-self-use
-class TestBlockSimplifier(unittest.TestCase):
-    def test_simplify_pointless_assign(self):
-        arch = archinfo.arch_from_id("AMD64")
-        block = ailment.Block(0x1337, 10)
-        block.statements.append(
-            ailment.Assignment(
-                0,
-                ailment.Register(1, None, arch.registers["rax"][0], 64),
-                ailment.Register(2, None, arch.registers["rax"][0], 64),
-                ins_addr=0x1337,
-            )
-        )
-        block.statements.append(
-            ailment.Assignment(
-                3,
-                ailment.Register(4, None, arch.registers["rbx"][0], 64),
-                ailment.Register(5, None, arch.registers["rcx"][0], 64),
-                ins_addr=0x1338,
-            )
-        )
-
-        b = block_simplify(block)
-        assert len(b.statements) == 1
-        assert b.statements[0].idx == 3
-
-    def test_simplify_dead_assign_0(self):
-        block = ailment.Block(0x1337, 10)
-        n = count()
-        important = 0x999
-        block.statements.extend(
-            [
-                ailment.Assignment(
-                    next(n),
-                    ailment.Register(next(n), None, 1, 64),
-                    ailment.Const(next(n), None, 100, 64),
-                    ins_addr=0x1337,
-                ),
-                ailment.Assignment(
-                    important,
-                    ailment.Register(next(n), None, 1, 64),
-                    ailment.Const(next(n), None, 101, 64),
-                    ins_addr=0x1338,
-                ),
-                ailment.Stmt.Jump(next(n), ailment.Expr.Const(None, None, 0x3333, 64), ins_addr=0x1338),
-            ]
-        )
-
-        b = block_simplify(block)
-        assert len(b.statements) == 2
-        assert b.statements[0].idx == important
-
-    def test_simplify_dead_assign_1(self):
-        # if a register is used ever, it should not be simplified away
-        arch = archinfo.arch_from_id("AMD64")
-        block = ailment.Block(0x1337, 10)
-        n = count(start=1)
-        important = 0x999
-        block.statements.extend(
-            [
-                ailment.Assignment(
-                    next(n),
-                    ailment.Register(next(n), None, arch.registers["rdi"][0], 64),
-                    ailment.Const(next(n), None, 0x13371337, 64),
-                    ins_addr=0x1337,
-                ),  # rdi = 0x13371337
-                ailment.Stmt.Call(
-                    important,
-                    ailment.Const(next(n), None, 0x400080, 64),
-                    ins_addr=0x1338,
-                ),  # Call(0x400080), which uses rdi but also overwrites rdi (since it is a caller-saved argument)
-            ]
-        )
-
-        b = block_simplify(block)
-        assert len(b.statements) == 2
-        assert b.statements[0].idx == 1
-        assert b.statements[1].idx == important
-
-
-if __name__ == "__main__":
-    logging.getLogger("angr.analyses.decompiler.block_simplifier").setLevel(logging.DEBUG)
-    unittest.main()

tests/analyses/test_boyscout.py

@@ -1,104 +0,0 @@
-#!/usr/bin/env python3
-# pylint: disable=missing-class-docstring,no-self-use
-__package__ = __package__ or "tests.analyses"  # pylint:disable=redefined-builtin
-
-import logging
-import os
-import unittest
-
-import angr
-
-from ..common import bin_location
-
-
-test_location = os.path.join(bin_location, "tests")
-l = logging.getLogger("angr.test_boyscout")
-
-entries = [
-    ("i386/all", "X86", "Iend_LE"),
-    ("i386/fauxware", "X86", "Iend_LE"),
-    ("x86_64/all", "AMD64", "Iend_LE"),
-    ("x86_64/basic_buffer_overflows", "AMD64", "Iend_LE"),
-    ("x86_64/cfg_0", "AMD64", "Iend_LE"),
-    ("x86_64/cfg_1", "AMD64", "Iend_LE"),
-    ("armel/fauxware", "ARM", "Iend_LE"),
-    ("armel/test_division", "ARM", "Iend_LE"),
-    ("armhf/fauxware", "ARM", "Iend_LE"),
-    ("mips/allcmps", "MIPS32", "Iend_BE"),
-    ("mips/manysum", "MIPS32", "Iend_BE"),
-    ("mipsel/busybox", "MIPS32", "Iend_LE"),
-    ("mipsel/fauxware", "MIPS32", "Iend_LE"),
-    # TODO: PPC tests are commented out for now. They will be uncommented when Amat's branch is
-    # TODO: merged back in
-    # ("ppc/fauxware", "PPC", "Iend_BE"),
-    # ("ppc64/fauxware", "PPC64", "Iend_BE"),
-]
-
-
-class TestBoyScout(unittest.TestCase):
-    def test_i386_all(self):
-        self._main("i386/all", "X86", "Iend_LE")
-
-    def test_i386_fauxware(self):
-        self._main("i386/fauxware", "X86", "Iend_LE")
-
-    def test_x86_64_all(self):
-        self._main("x86_64/all", "AMD64", "Iend_LE")
-
-    def test_x86_64_basic_buffer_overflows(self):
-        self._main("x86_64/basic_buffer_overflows", "AMD64", "Iend_LE")
-
-    def test_x86_64_cfg_0(self):
-        self._main("x86_64/cfg_0", "AMD64", "Iend_LE")
-
-    def test_x86_64_cfg_1(self):
-        self._main("x86_64/cfg_1", "AMD64", "Iend_LE")
-
-    def test_armel_fauxware(self):
-        self._main("armel/fauxware", "ARM", "Iend_LE")
-
-    def test_armel_test_division(self):
-        self._main("armel/test_division", "ARM", "Iend_LE")
-
-    def test_armhf_fauxware(self):
-        self._main("armhf/fauxware", "ARM", "Iend_LE")
-
-    def test_mips_allcmps(self):
-        self._main("mips/allcmps", "MIPS32", "Iend_BE")
-
-    def test_mips_manysum(self):
-        self._main("mips/manysum", "MIPS32", "Iend_BE")
-
-    def test_mipsel_busybox(self):
-        self._main("mipsel/busybox", "MIPS32", "Iend_LE")
-
-    def test_mipsel_fauxware(self):
-        self._main("mipsel/fauxware", "MIPS32", "Iend_LE")
-
-    def _main(self, file_path, arch, endianness):
-        f = os.path.join(test_location, file_path)
-        l.debug("Processing %s", f)
-
-        p = angr.Project(
-            f,
-            load_options={
-                "main_opts": {
-                    "backend": "blob",
-                    "base_addr": 0x10000,
-                    "entry_point": 0x10000,
-                    "arch": "ARM",
-                    "offset": 0,
-                }
-            },
-            auto_load_libs=False,
-        )
-        # Call Scout
-        # p.analyses.Scout(start=0x16353c)
-        bs = p.analyses.BoyScout()
-
-        assert arch in bs.arch
-        assert bs.endianness == endianness
-
-
-if __name__ == "__main__":
-    unittest.main()

tests/analyses/test_calling_convention_analysis.py

@@ -1,352 +0,0 @@
-#!/usr/bin/env python3
-__package__ = __package__ or "tests.analyses"  # pylint:disable=redefined-builtin
-
-import logging
-import os
-import unittest
-
-import archinfo
-
-import angr
-from angr.calling_conventions import (
-    SimStackArg,
-    SimRegArg,
-    SimCCCdecl,
-    SimCCSystemVAMD64,
-)
-from angr.sim_type import SimTypeFunction, SimTypeInt, SimTypeLongLong, SimTypeBottom
-
-from ..common import bin_location, requires_binaries_private
-
-
-test_location = os.path.join(bin_location, "tests")
-
-
-# pylint: disable=missing-class-docstring
-# pylint: disable=no-self-use
-class TestCallingConventionAnalysis(unittest.TestCase):
-    def _run_fauxware(self, arch, function_and_cc_list):
-        binary_path = os.path.join(test_location, arch, "fauxware")
-        fauxware = angr.Project(binary_path, auto_load_libs=False)
-
-        cfg = fauxware.analyses.CFG()
-
-        for func_name, expected_cc in function_and_cc_list:
-            authenticate = cfg.functions[func_name]
-            _ = fauxware.analyses.VariableRecoveryFast(authenticate)
-
-            cc_analysis = fauxware.analyses.CallingConvention(authenticate, cfg=cfg, analyze_callsites=True)
-            cc = cc_analysis.cc
-
-            assert cc == expected_cc
-
-    def _run_cgc(self, binary_name):
-        pass
-        # binary_path = os.path.join(bin_location, '..', 'binaries-private', 'cgc_qualifier_event', 'cgc', binary_name)
-        # project = angr.Project(binary_path, auto_load_libs=False)
-        #
-        # categorization = project.analyses.FunctionCategorizationAnalysis()
-
-        # tag_manager = categorization.function_tag_manager
-        # print "INPUT:", map(hex, tag_manager.input_functions())
-        # print "OUTPUT:", map(hex, tag_manager.output_functions())
-
-    def test_fauxware_i386(self):
-        self._run_fauxware("i386", [("authenticate", SimCCCdecl(archinfo.arch_from_id("i386")))])
-
-    def test_fauxware_x86_64(self):
-        amd64 = archinfo.arch_from_id("amd64")
-        self._run_fauxware(
-            "x86_64",
-            [
-                (
-                    "authenticate",
-                    SimCCSystemVAMD64(
-                        amd64,
-                    ),
-                ),
-            ],
-        )
-
-    @requires_binaries_private
-    def test_cgc_binary1(self):
-        self._run_cgc("002ba801_01")
-
-    @requires_binaries_private
-    def test_cgc_binary2(self):
-        self._run_cgc("01cf6c01_01")
-
-    #
-    # Full-binary calling convention analysis
-    #
-
-    def check_arg(self, arg, expected_str):
-        if isinstance(arg, SimRegArg):
-            arg_str = "r_%s" % (arg.reg_name)
-        else:
-            raise TypeError("Unsupported argument type %s." % type(arg))
-        return arg_str == expected_str
-
-    def check_args(self, func_name, args, expected_arg_strs):
-        assert len(args) == len(expected_arg_strs), "Wrong number of arguments for function %s. Got %d, expect %d." % (
-            func_name,
-            len(args),
-            len(expected_arg_strs),
-        )
-
-        for idx, (arg, expected_arg_str) in enumerate(zip(args, expected_arg_strs)):
-            r = self.check_arg(arg, expected_arg_str)
-            assert r, "Incorrect argument %d for function %s. Got %s, expect %s." % (
-                idx,
-                func_name,
-                arg,
-                expected_arg_str,
-            )
-
-    def _a(self, funcs, func_name):
-        func = funcs[func_name]
-        return func.calling_convention.arg_locs(func.prototype)
-
-    def test_x8664_dir_gcc_O0(self):
-        binary_path = os.path.join(test_location, "x86_64", "dir_gcc_-O0")
-        proj = angr.Project(binary_path, auto_load_libs=False, load_debug_info=False)
-
-        cfg = proj.analyses.CFG()  # fill in the default kb
-
-        proj.analyses.CompleteCallingConventions(recover_variables=True)
-
-        funcs = cfg.kb.functions
-
-        # check args
-        expected_args = {
-            "c_ispunct": ["r_rdi"],
-            "file_failure": ["r_rdi", "r_rsi", "r_rdx"],
-            "to_uchar": ["r_rdi"],
-            "dot_or_dotdot": ["r_rdi"],
-            "emit_mandatory_arg_note": [],
-            "emit_size_note": [],
-            "emit_ancillary_info": ["r_rdi"],
-            "emit_try_help": [],
-            "dev_ino_push": ["r_rdi", "r_rsi"],
-            "main": ["r_rdi", "r_rsi"],
-            "queue_directory": ["r_rdi", "r_rsi", "r_rdx"],
-        }
-
-        for func_name, args in expected_args.items():
-            self.check_args(func_name, self._a(funcs, func_name), args)
-
-    def test_armel_fauxware(self):
-        binary_path = os.path.join(test_location, "armel", "fauxware")
-        proj = angr.Project(binary_path, auto_load_libs=False, load_debug_info=False)
-
-        cfg = proj.analyses.CFG()  # fill in the default kb
-
-        proj.analyses.CompleteCallingConventions(recover_variables=True)
-
-        funcs = cfg.kb.functions
-
-        # check args
-        expected_args = {
-            "main": ["r_r0", "r_r1"],
-            "accepted": ["r_r0", "r_r1", "r_r2", "r_r3"],
-            "rejected": [],
-            "authenticate": ["r_r0", "r_r1", "r_r2"],  # TECHNICALLY WRONG but what are you gonna do about it
-            # details: open(3) can take either 2 or 3 args. we use the 2 arg version but we have the 3 arg version
-            # hardcoded in angr. the third arg is still "live" from the function start.
-        }
-
-        for func_name, args in expected_args.items():
-            self.check_args(func_name, self._a(funcs, func_name), args)
-
-    def test_x8664_void(self):
-        binary_path = os.path.join(test_location, "x86_64", "types", "void")
-        proj = angr.Project(binary_path, auto_load_libs=False, load_debug_info=False)
-
-        cfg = proj.analyses.CFG()
-
-        proj.analyses.CompleteCallingConventions(recover_variables=True, cfg=cfg.model, analyze_callsites=True)
-
-        funcs = cfg.kb.functions
-
-        groundtruth = {
-            "func_1": None,
-            "func_2": None,
-            "func_3": "rax",
-            "func_4": None,
-            "func_5": None,
-            "func_6": "rax",
-        }
-
-        for func in funcs.values():
-            if func.is_simprocedure or func.alignment:
-                continue
-            if func.calling_convention is None:
-                continue
-            if func.name in groundtruth:
-                r = groundtruth[func.name]
-                if r is None:
-                    assert isinstance(func.prototype.returnty, SimTypeBottom)
-                else:
-                    ret_val = func.calling_convention.return_val(func.prototype.returnty)
-                    assert isinstance(ret_val, SimRegArg)
-                    assert ret_val.reg_name == r
-
-    def test_x86_saved_regs(self):
-        # Calling convention analysis should be able to determine calling convention of functions with registers
-        # saved on the stack.
-        binary_path = os.path.join(test_location, "cgc", "NRFIN_00036")
-        proj = angr.Project(binary_path, auto_load_libs=False)
-
-        cfg = proj.analyses.CFG()
-        func = cfg.functions[0x80494F0]  # int2str
-
-        proj.analyses.VariableRecoveryFast(func)
-        cca = proj.analyses.CallingConvention(func)
-        cc = cca.cc
-        prototype = cca.prototype
-
-        assert cc is not None, (
-            "Calling convention analysis failed to determine the calling convention of function " "0x80494f0."
-        )
-        assert isinstance(cc, SimCCCdecl)
-        assert len(prototype.args) == 3
-        arg_locs = cc.arg_locs(prototype)
-        assert arg_locs[0] == SimStackArg(4, 4)
-        assert arg_locs[1] == SimStackArg(8, 4)
-        assert arg_locs[2] == SimStackArg(12, 4)
-
-        func_exit = cfg.functions[0x804A1A9]  # exit
-
-        proj.analyses.VariableRecoveryFast(func_exit)
-        cca = proj.analyses.CallingConvention(func_exit)
-        cc = cca.cc
-        prototype = cca.prototype
-
-        assert func_exit.returning is False
-        assert cc is not None, (
-            "Calling convention analysis failed to determine the calling convention of function " "0x804a1a9."
-        )
-        assert isinstance(cc, SimCCCdecl)
-        assert len(prototype.args) == 1
-        assert cc.arg_locs(prototype)[0] == SimStackArg(4, 4)
-
-    def test_callsite_inference_amd64(self):
-        # Calling convention analysis should be able to determine calling convention of a library function by
-        # analyzing its callsites.
-        binary_path = os.path.join(test_location, "x86_64", "decompiler", "morton")
-        proj = angr.Project(binary_path, auto_load_libs=False)
-        cfg = proj.analyses.CFG(data_references=True, normalize=True)
-
-        func = cfg.functions.function(name="mosquitto_publish", plt=True)
-        proj.analyses.VariableRecoveryFast(func)
-        cca = proj.analyses.CallingConvention(func, analyze_callsites=True)
-        assert len(cca.prototype.args) == 6
-
-    def test_x64_return_value_used(self):
-        binary_path = os.path.join(test_location, "x86_64", "cwebp-0.3.1-feh-original")
-        proj = angr.Project(binary_path, auto_load_libs=False)
-        cfg = proj.analyses.CFGFast(normalize=True, data_references=True, force_complete_scan=False)
-        func = proj.kb.functions.get_by_addr(0x4046E0)
-        proj.analyses.VariableRecoveryFast(func)
-        cca = proj.analyses.CallingConvention(func=func, cfg=cfg, analyze_callsites=True)
-
-        assert cca.prototype is not None
-        assert cca.prototype.returnty is not None
-
-    def test_armhf_thumb_movcc(self):
-        binary_path = os.path.join(test_location, "armhf", "amp_challenge_07.gcc")
-        proj = angr.Project(binary_path, auto_load_libs=False)
-        _ = proj.analyses.CFGFast(normalize=True, data_references=True, regions=[(0xFEC94, 0xFEF60)])
-        f = proj.kb.functions[0xFEC95]
-        proj.analyses.VariableRecoveryFast(f)
-        cca = proj.analyses.CallingConvention(f)
-
-        assert cca.prototype is not None
-        assert cca.cc is not None
-        assert isinstance(cca.prototype, SimTypeFunction)
-        assert len(cca.prototype.args) == 2
-
-    def manual_test_workers(self):
-        binary_path = os.path.join(test_location, "x86_64", "1after909")
-        proj = angr.Project(binary_path, auto_load_libs=False, load_debug_info=False)
-
-        cfg = proj.analyses.CFG(normalize=True)  # fill in the default kb
-
-        _ = proj.analyses.CompleteCallingConventions(
-            cfg=cfg.model, recover_variables=True, workers=4, show_progressbar=True
-        )
-
-        for func in cfg.functions.values():
-            assert func.is_prototype_guessed is True
-
-    def test_tail_calls(self):
-        for opt_level in (1, 2):
-            binary_path = os.path.join(test_location, "x86_64", "tailcall-O%d" % opt_level)
-            proj = angr.Project(binary_path, auto_load_libs=False)
-
-            proj.analyses.CFG(normalize=True)
-            proj.analyses.CompleteCallingConventions(recover_variables=True)
-
-            for func in ["target", "direct", "plt"]:
-                # expected prototype: (int) -> long long
-                # technically should be (int) -> int, but the compiler loads all 64 bits and then truncates
-                proto = proj.kb.functions[func].prototype
-                assert len(proto.args) == 1
-                assert isinstance(proto.args[0], SimTypeInt)
-                assert isinstance(proto.returnty, SimTypeLongLong)
-
-    def test_ls_gcc_O0_timespec_cmp(self):
-        binary_path = os.path.join(test_location, "x86_64", "decompiler", "ls_gcc_O0")
-        proj = angr.Project(binary_path, auto_load_libs=False)
-
-        proj.analyses.CFG(normalize=True)
-        proj.analyses.VariableRecoveryFast(proj.kb.functions["timespec_cmp"])
-        cca = proj.analyses.CallingConvention(proj.kb.functions["timespec_cmp"])
-
-        assert len(cca.prototype.args) == 4
-
-    def test_run_multiple_times(self):
-        binary_path = os.path.join(test_location, "x86_64", "fauxware")
-        proj = angr.Project(binary_path, auto_load_libs=False)
-
-        proj.analyses.CFG(normalize=True)
-        proj.analyses.CompleteCallingConventions(recover_variables=True)
-
-        expected_prototype = proj.kb.functions["main"].prototype
-        proj.analyses.CompleteCallingConventions(recover_variables=True)
-        assert proj.kb.functions["main"].prototype == expected_prototype
-
-        proj.analyses.CFG(normalize=True)
-        proj.analyses.CompleteCallingConventions(recover_variables=True)
-        assert proj.kb.functions["main"].prototype == expected_prototype
-
-    def test_test_three_arguments(self):
-        binary_path = os.path.join(test_location, "x86_64", "test.o")
-        proj = angr.Project(binary_path, auto_load_libs=False)
-
-        cfg = proj.analyses.CFG(normalize=True)
-        # the node 0x401226 must be in its own function
-        assert cfg.model.get_any_node(0x401226).function_address == 0x401226
-
-        proj.analyses.CompleteCallingConventions(recover_variables=True)
-
-        assert proj.kb.functions["test_syntax_error"].prototype.variadic is True
-        assert len(proj.kb.functions["expr"].prototype.args) == 0
-
-    def test_windows_partial_input_variable_overwrite(self):
-        binary_path = os.path.join(test_location, "x86_64", "netfilter_b64.sys")
-        proj = angr.Project(binary_path, auto_load_libs=False)
-
-        cfg = proj.analyses.CFG(normalize=True)
-        proj.analyses.VariableRecoveryFast(proj.kb.functions[0x140001A90])
-        cc = proj.analyses.CallingConvention(cfg.kb.functions[0x140001A90])
-        assert cc.cc is not None
-        assert cc.prototype is not None
-        print(cc.prototype.args)
-        assert len(cc.prototype.args) == 3
-
-
-if __name__ == "__main__":
-    # logging.getLogger("angr.analyses.variable_recovery.variable_recovery_fast").setLevel(logging.DEBUG)
-    logging.getLogger("angr.analyses.calling_convention").setLevel(logging.INFO)
-    unittest.main()

tests/analyses/test_callsite_maker.py

@@ -1,60 +0,0 @@
-#!/usr/bin/env python3
-__package__ = __package__ or "tests.analyses"  # pylint:disable=redefined-builtin
-
-import os
-import unittest
-
-import ailment
-
-import angr
-
-from ..common import bin_location
-
-
-test_location = os.path.join(bin_location, "tests")
-
-
-# pylint: disable=missing-class-docstring
-# pylint: disable=no-self-use
-class TestCallsiteMaker(unittest.TestCase):
-    def test_callsite_maker(self):
-        project = angr.Project(
-            os.path.join(test_location, "x86_64", "all"),
-            auto_load_libs=False,
-        )
-
-        manager = ailment.Manager(arch=project.arch)
-
-        # Generate a CFG
-        cfg = project.analyses.CFG()
-
-        new_cc_found = True
-        while new_cc_found:
-            new_cc_found = False
-            for func in cfg.kb.functions.values():
-                if func.calling_convention is None:
-                    # determine the calling convention of each function
-                    project.analyses.VariableRecoveryFast(func)
-                    cc_analysis = project.analyses.CallingConvention(func)
-                    if cc_analysis.cc is not None:
-                        func.calling_convention = cc_analysis.cc
-                        func.prototype = cc_analysis.prototype
-                        new_cc_found = True
-
-        main_func = cfg.kb.functions["main"]
-
-        for block in sorted(main_func.blocks, key=lambda x: x.addr):
-            print(block.vex.pp())
-            ail_block = ailment.IRSBConverter.convert(block.vex, manager)
-            simp = project.analyses.AILBlockSimplifier(ail_block, main_func.addr)
-
-            csm = project.analyses.AILCallSiteMaker(simp.result_block)
-            if csm.result_block:
-                ail_block = csm.result_block
-                simp = project.analyses.AILBlockSimplifier(ail_block, main_func.addr)
-
-            print(simp.result_block)
-
-
-if __name__ == "__main__":
-    unittest.main()