angr 9.2.97__py3-none-win_amd64.whl → 9.2.99__py3-none-win_amd64.whl

angr/__init__.py

@@ -1,7 +1,7 @@
 # pylint: disable=wildcard-import
 # pylint: disable=wrong-import-position
 
-__version__ = "9.2.97"
+__version__ = "9.2.99"
 
 if bytes is str:
     raise Exception(

angr/analyses/cfg/cfg_base.py

@@ -8,7 +8,7 @@ from sortedcontainers import SortedDict
 
 import pyvex
 from claripy.utils.orderedset import OrderedSet
-from cle import ELF, PE, Blob, TLSObject, MachO, ExternObject, KernelObject, FunctionHintSource, Hex, Coff, SRec
+from cle import ELF, PE, Blob, TLSObject, MachO, ExternObject, KernelObject, FunctionHintSource, Hex, Coff, SRec, XBE
 from cle.backends import NamedRegion
 import archinfo
 from archinfo.arch_soot import SootAddressDescriptor
@@ -778,6 +778,17 @@ class CFGBase(Analysis):
                         tpl = (section.min_addr, section.max_addr + 1)
                         memory_regions.append(tpl)
 
+            elif isinstance(b, XBE):
+                # some XBE files will mark the data sections as executable
+                for section in b.sections:
+                    if (
+                        section.is_executable
+                        and not section.is_writable
+                        and section.name not in {".data", ".rdata", ".rodata"}
+                    ):
+                        tpl = (section.min_addr, section.max_addr + 1)
+                        memory_regions.append(tpl)
+
             elif isinstance(b, MachO):
                 if b.segments:
                     # Get all executable segments
@@ -797,9 +808,11 @@ class CFGBase(Analysis):
                 # a blob is entirely executable
                 tpl = (b.min_addr, b.max_addr + 1)
                 memory_regions.append(tpl)
+
             elif isinstance(b, NamedRegion):
                 # NamedRegions have no content! Ignore
                 pass
+
             elif isinstance(b, self._cle_pseudo_objects):
                 pass
 

angr/analyses/cfg/cfg_fast.py

@@ -3287,7 +3287,7 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase):  # pylin
 
         removed_nodes = set()
 
-        a = None  # it always hold the very recent non-removed node
+        a = None  # it always holds the very recent non-removed node
         is_arm = is_arm_arch(self.project.arch)
 
         for i in range(len(sorted_nodes)):  # pylint:disable=consider-using-enumerate
@@ -3341,7 +3341,7 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase):  # pylin
                 # but somehow we thought b is the beginning
                 if a.addr + a.size == b.addr + b.size:
                     in_edges = len([_ for _, _, data in self.graph.in_edges([b], data=True)])
-                    if in_edges == 0:
+                    if in_edges == 0 and b in self.graph:
                         # we use node a to replace node b
                         # link all successors of b to a
                         for _, dst, data in self.graph.out_edges([b], data=True):
@@ -3360,7 +3360,7 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase):  # pylin
 
                 # next case - if b is directly from function prologue detection, or a basic block that is a successor of
                 # a wrongly identified basic block, we might be totally misdecoding b
-                if b.instruction_addrs[0] not in a.instruction_addrs:
+                if b.instruction_addrs[0] not in a.instruction_addrs and b in self.graph:
                     # use a, truncate b
 
                     new_b_addr = a.addr + a.size  # b starts right after a terminates

angr/analyses/cfg/indirect_jump_resolvers/propagator_utils.py

@@ -13,10 +13,14 @@ class PropagatorLoadCallback:
         # only allow loading if the address falls into a read-only region
         if isinstance(addr, claripy.ast.BV) and addr.op == "BVV":
             addr_v = addr.args[0]
-            section = self.project.loader.find_section_containing(addr_v)
-            if section is not None:
-                return section.is_readable and not section.is_writable
-            segment = self.project.loader.find_segment_containing(addr_v)
-            if segment is not None:
-                return segment.is_readable and not segment.is_writable
+        elif isinstance(addr, int):
+            addr_v = addr
+        else:
+            return False
+        section = self.project.loader.find_section_containing(addr_v)
+        if section is not None:
+            return section.is_readable and not section.is_writable
+        segment = self.project.loader.find_segment_containing(addr_v)
+        if segment is not None:
+            return segment.is_readable and not segment.is_writable
         return False

angr/analyses/decompiler/clinic.py

@@ -33,6 +33,7 @@ from ...procedures.stubs.UnresolvableJumpTarget import UnresolvableJumpTarget
 from .. import Analysis, register_analysis
 from ..cfg.cfg_base import CFGBase
 from ..reaching_definitions import ReachingDefinitionsAnalysis
+from .return_maker import ReturnMaker
 from .ailgraph_walker import AILGraphWalker, RemoveNodeNotice
 from .optimization_passes import (
     get_default_optimization_passes,
@@ -1054,46 +1055,7 @@ class Clinic(Analysis):
             # unknown calling convention. cannot do much about return expressions.
             return ail_graph
 
-        # Block walker
-
-        def _handle_Return(
-            stmt_idx: int, stmt: ailment.Stmt.Return, block: Optional[ailment.Block]
-        ):  # pylint:disable=unused-argument
-            if (
-                block is not None
-                and not stmt.ret_exprs
-                and self.function.prototype is not None
-                and self.function.prototype.returnty is not None
-                and type(self.function.prototype.returnty) is not SimTypeBottom
-            ):
-                new_stmt = stmt.copy()
-                ret_val = self.function.calling_convention.return_val(self.function.prototype.returnty)
-                if isinstance(ret_val, SimRegArg):
-                    reg = self.project.arch.registers[ret_val.reg_name]
-                    new_stmt.ret_exprs.append(
-                        ailment.Expr.Register(
-                            self._next_atom(),
-                            None,
-                            reg[0],
-                            ret_val.size * self.project.arch.byte_width,
-                            reg_name=self.project.arch.translate_register_name(reg[0], ret_val.size),
-                        )
-                    )
-                else:
-                    l.warning("Unsupported type of return expression %s.", type(ret_val))
-                block.statements[stmt_idx] = new_stmt
-
-        def _handler(block):
-            walker = ailment.AILBlockWalker()
-            # we don't need to handle any statement besides Returns
-            walker.stmt_handlers.clear()
-            walker.expr_handlers.clear()
-            walker.stmt_handlers[ailment.Stmt.Return] = _handle_Return
-            walker.walk(block)
-
-        # Graph walker
-
-        AILGraphWalker(ail_graph, _handler, replace_nodes=True).walk()
+        ReturnMaker(self._ail_manager, self.project.arch, self.function, ail_graph)
 
         return ail_graph
 

angr/analyses/decompiler/optimization_passes/__init__.py

@@ -25,6 +25,7 @@ from .win_stack_canary_simplifier import WinStackCanarySimplifier
 from .cross_jump_reverter import CrossJumpReverter
 from .code_motion import CodeMotionOptimization
 from .switch_default_case_duplicator import SwitchDefaultCaseDuplicator
+from .inlined_string_transformation_simplifier import InlinedStringTransformationSimplifier
 
 # order matters!
 _all_optimization_passes = [
@@ -49,6 +50,7 @@ _all_optimization_passes = [
     (CodeMotionOptimization, True),
     (CrossJumpReverter, True),
     (FlipBooleanCmp, True),
+    (InlinedStringTransformationSimplifier, True),
 ]
 
 # these passes may duplicate code to remove gotos or improve the structure of the graph

angr/analyses/decompiler/optimization_passes/inlined_string_transformation_simplifier.py

@@ -0,0 +1,380 @@
+# pylint:disable=arguments-renamed,too-many-boolean-expressions,no-self-use
+from __future__ import annotations
+from typing import Any, DefaultDict
+from collections import defaultdict
+
+from archinfo import Endness
+from ailment.expression import Const, Register, Load, StackBaseOffset, Convert, BinaryOp
+from ailment.statement import Store, ConditionalJump, Jump
+import claripy
+
+from angr.engines.light import SimEngineLightAILMixin
+from angr.storage.memory_mixins import (
+    SimpleInterfaceMixin,
+    DefaultFillerMixin,
+    PagedMemoryMixin,
+    UltraPagesMixin,
+)
+from angr.code_location import CodeLocation
+from angr.errors import SimMemoryMissingError
+from .optimization_pass import OptimizationPass, OptimizationPassStage
+
+
+class FasterMemory(
+    SimpleInterfaceMixin,
+    DefaultFillerMixin,
+    UltraPagesMixin,
+    PagedMemoryMixin,
+):
+    """
+    A fast memory model used in InlinedStringTransformationState.
+    """
+
+
+class InlinedStringTransformationState:
+    """
+    The abstract state used in InlinedStringTransformationAILEngine.
+    """
+
+    def __init__(self, project):
+        self.arch = project.arch
+        self.project = project
+
+        self.registers = FasterMemory(memory_id="reg")
+        self.memory = FasterMemory(memory_id="mem")
+
+        self.registers.set_state(self)
+        self.memory.set_state(self)
+
+    def _get_weakref(self):
+        return self
+
+    def reg_store(self, reg: Register, value: claripy.Bits) -> None:
+        self.registers.store(
+            reg.reg_offset, value, size=value.size() // self.arch.byte_width, endness=str(self.arch.register_endness)
+        )
+
+    def reg_load(self, reg: Register) -> claripy.Bits | None:
+        try:
+            return self.registers.load(
+                reg.reg_offset, size=reg.size, endness=self.arch.register_endness, fill_missing=False
+            )
+        except SimMemoryMissingError:
+            return None
+
+    def mem_store(self, addr: int, value: claripy.Bits, endness: str) -> None:
+        self.memory.store(addr, value, size=value.size() // self.arch.byte_width, endness=endness)
+
+    def mem_load(self, addr: int, size: int, endness) -> claripy.Bits | None:
+        try:
+            return self.memory.load(addr, size=size, endness=str(endness), fill_missing=False)
+        except SimMemoryMissingError:
+            return None
+
+
+class InlinedStringTransformationAILEngine(SimEngineLightAILMixin):
+    """
+    A simple AIL execution engine
+    """
+
+    def __init__(self, project, nodes: dict[int, Any], start: int, end: int, step_limit: int):
+        super().__init__()
+
+        self.arch = project.arch
+        self.nodes: dict[int, Any] = nodes
+        self.start: int = start
+        self.end: int = end
+        self.step_limit: int = step_limit
+
+        self.STACK_BASE = 0x7FFF_FFF0 if self.arch.bits == 32 else 0x7FFF_FFFF_F000
+        self.MASK = 0xFFFF_FFFF if self.arch.bits == 32 else 0xFFFF_FFFF_FFFF_FFFF
+
+        state = InlinedStringTransformationState(project)
+        self.stack_accesses: DefaultDict[int, list[tuple[str, CodeLocation, claripy.Bits]]] = defaultdict(list)
+        self.finished: bool = False
+
+        i = 0
+        self.pc = self.start
+        while i < self.step_limit:
+            if self.pc not in self.nodes:
+                # jumped to a node that we do not know about
+                break
+            block = self.nodes[self.pc]
+            self._process(state, None, block=block)
+            if self.pc is None:
+                # not sure where to jump...
+                break
+            if self.pc == self.end:
+                # we reach the end of execution!
+                self.finished = True
+                break
+            i += 1
+
+    def _process_address(self, addr: Const | StackBaseOffset) -> tuple[int, str] | None:
+        if isinstance(addr, Const):
+            return addr.value, "mem"
+        if isinstance(addr, StackBaseOffset):
+            return (addr.offset + self.STACK_BASE) & self.MASK, "stack"
+        if isinstance(addr, BinaryOp) and isinstance(addr.operands[0], StackBaseOffset):
+            v0_and_type = self._process_address(addr.operands[0])
+            if v0_and_type is not None:
+                v0 = v0_and_type[0]
+                v1 = self._expr(addr.operands[1])
+                if isinstance(v1, claripy.Bits) and v1.concrete:
+                    return (v0 + v1.concrete_value) & self.MASK, "stack"
+        return None
+
+    def _handle_Assignment(self, stmt):
+        if isinstance(stmt.dst, Register):
+            val = self._expr(stmt.src)
+            if isinstance(val, claripy.Bits):
+                self.state.reg_store(stmt.dst, val)
+
+    def _handle_Store(self, stmt):
+        addr_and_type = self._process_address(stmt.addr)
+        if addr_and_type is not None:
+            addr, addr_type = addr_and_type
+            val = self._expr(stmt.data)
+            if isinstance(val, claripy.ast.BV):
+                self.state.mem_store(addr, val, stmt.endness)
+                # log it
+                if addr_type == "stack":
+                    for i in range(0, val.size() // self.arch.byte_width):
+                        byte_off = i
+                        if self.arch.memory_endness == Endness.LE:
+                            byte_off = val.size() // self.arch.byte_width - i - 1
+                        self.stack_accesses[addr + i].append(("store", self._codeloc(), val.get_byte(byte_off)))
+
+    def _handle_Jump(self, stmt):
+        if isinstance(stmt.target, Const):
+            self.pc = stmt.target.value
+        else:
+            self.pc = None
+
+    def _handle_ConditionalJump(self, stmt):
+        self.pc = None
+        if isinstance(stmt.true_target, Const) and isinstance(stmt.false_target, Const):
+            cond = self._expr(stmt.condition)
+            if cond is not None:
+                if isinstance(cond, claripy.Bits) and cond.concrete_value == 1:
+                    self.pc = stmt.true_target.value
+                elif isinstance(cond, claripy.Bits) and cond.concrete_value == 0:
+                    self.pc = stmt.false_target.value
+
+    def _handle_Const(self, expr):
+        return claripy.BVV(expr.value, expr.bits)
+
+    def _handle_Load(self, expr: Load):
+        addr_and_type = self._process_address(expr.addr)
+        if addr_and_type is not None:
+            addr, addr_type = addr_and_type
+            v = self.state.mem_load(addr, expr.size, expr.endness)
+            # log it
+            if addr_type == "stack" and isinstance(v, claripy.ast.BV):
+                for i in range(0, expr.size):
+                    byte_off = i
+                    if self.arch.memory_endness == Endness.LE:
+                        byte_off = expr.size - i - 1
+                    self.stack_accesses[addr + i].append(("load", self._codeloc(), v.get_byte(byte_off)))
+            return v
+        return None
+
+    def _handle_Register(self, expr: Register):
+        return self.state.reg_load(expr)
+
+    def _handle_Convert(self, expr: Convert):
+        v = self._expr(expr.operand)
+        if isinstance(v, claripy.Bits):
+            if expr.to_bits > expr.from_bits:
+                if not expr.is_signed:
+                    return claripy.ZeroExt(expr.to_bits - expr.from_bits, v)
+                return claripy.SignExt(expr.to_bits - expr.from_bits, v)
+            elif expr.to_bits < expr.from_bits:
+                return claripy.Extract(expr.to_bits - 1, 0, v)
+            else:
+                return v
+        return None
+
+    def _handle_CmpEQ(self, expr):
+        op0, op1 = self._expr(expr.operands[0]), self._expr(expr.operands[1])
+        if isinstance(op0, claripy.Bits) and isinstance(op1, claripy.Bits) and op0.concrete and op1.concrete:
+            return claripy.BVV(1, 1) if op0.concrete_value == op1.concrete_value else claripy.BVV(0, 1)
+        return None
+
+    def _handle_CmpNE(self, expr):
+        op0, op1 = self._expr(expr.operands[0]), self._expr(expr.operands[1])
+        if isinstance(op0, claripy.Bits) and isinstance(op1, claripy.Bits) and op0.concrete and op1.concrete:
+            return claripy.BVV(1, 1) if op0.concrete_value != op1.concrete_value else claripy.BVV(0, 1)
+        return None
+
+    def _handle_CmpLT(self, expr):
+        op0, op1 = self._expr(expr.operands[0]), self._expr(expr.operands[1])
+        if isinstance(op0, claripy.Bits) and isinstance(op1, claripy.Bits) and op0.concrete and op1.concrete:
+            return claripy.BVV(1, 1) if op0.concrete_value < op1.concrete_value else claripy.BVV(0, 1)
+        return None
+
+    def _handle_CmpLE(self, expr):
+        op0, op1 = self._expr(expr.operands[0]), self._expr(expr.operands[1])
+        if isinstance(op0, claripy.Bits) and isinstance(op1, claripy.Bits) and op0.concrete and op1.concrete:
+            return claripy.BVV(1, 1) if op0.concrete_value <= op1.concrete_value else claripy.BVV(0, 1)
+        return None
+
+    def _handle_CmpGT(self, expr):
+        op0, op1 = self._expr(expr.operands[0]), self._expr(expr.operands[1])
+        if isinstance(op0, claripy.Bits) and isinstance(op1, claripy.Bits) and op0.concrete and op1.concrete:
+            return claripy.BVV(1, 1) if op0.concrete_value > op1.concrete_value else claripy.BVV(0, 1)
+        return None
+
+    def _handle_CmpGE(self, expr):
+        op0, op1 = self._expr(expr.operands[0]), self._expr(expr.operands[1])
+        if isinstance(op0, claripy.Bits) and isinstance(op1, claripy.Bits) and op0.concrete and op1.concrete:
+            return claripy.BVV(1, 1) if op0.concrete_value >= op1.concrete_value else claripy.BVV(0, 1)
+        return None
+
+
+class InlineStringTransformationDescriptor:
+    """
+    Describes an instance of inline string transformation.
+    """
+
+    def __init__(self, store_block, loop_body, stack_accesses, beginning_stack_offset):
+        self.store_block = store_block
+        self.loop_body = loop_body
+        self.stack_accesses = stack_accesses
+        self.beginning_stack_offset = beginning_stack_offset
+
+
+class InlinedStringTransformationSimplifier(OptimizationPass):
+    """
+    Simplifies inlined string transformation routines.
+    """
+
+    ARCHES = None
+    PLATFORMS = None
+    STAGE = OptimizationPassStage.AFTER_GLOBAL_SIMPLIFICATION
+    NAME = "Simplify string transformations"
+    DESCRIPTION = "Simplify string transformations that are commonly used in obfuscated functions."
+
+    def __init__(self, func, **kwargs):
+        super().__init__(func, **kwargs)
+        self.analyze()
+
+    def _check(self):
+        string_transformation_descs = self._find_string_transformation_loops()
+
+        return bool(string_transformation_descs), {"descs": string_transformation_descs}
+
+    def _analyze(self, cache=None):
+        if not cache or "descs" not in cache:
+            return
+
+        for desc in cache["descs"]:
+            desc: InlineStringTransformationDescriptor
+
+            # remove the original statements
+            skip_stmt_indices = set()
+            for stack_accesses in desc.stack_accesses:
+                # the first element is the initial storing statement
+                codeloc = stack_accesses[0][1]
+                assert codeloc.block_addr == desc.store_block.addr
+                skip_stmt_indices.add(codeloc.stmt_idx)
+            new_statements = [
+                stmt for idx, stmt in enumerate(desc.store_block.statements) if idx not in skip_stmt_indices
+            ]
+
+            # add new statements
+            store_statements = []
+            for off, stack_accesses in enumerate(desc.stack_accesses):
+                # the last element is the final storing statement
+                stack_addr = StackBaseOffset(None, self.project.arch.bits, desc.beginning_stack_offset + off)
+                new_value_ast = stack_accesses[-1][2]
+                new_value = Const(None, None, new_value_ast.concrete_value, self.project.arch.byte_width)
+                stmt = Store(
+                    None,
+                    stack_addr,
+                    new_value,
+                    1,
+                    "Iend_LE",
+                    ins_addr=desc.store_block.addr + desc.store_block.original_size - 1,
+                )
+                store_statements.append(stmt)
+            if new_statements and isinstance(new_statements[-1], (ConditionalJump, Jump)):
+                new_statements = new_statements[:-1] + store_statements + new_statements[-1:]
+            else:
+                new_statements += store_statements
+
+            new_store_block = desc.store_block.copy(statements=new_statements)
+            self._update_block(desc.store_block, new_store_block)
+
+            # remote the loop node
+            # since the loop node has exactly one external predecessor and one external successor, we can get rid of it
+            pred = next(iter(nn for nn in self.out_graph.predecessors(desc.loop_body) if nn is not desc.loop_body))
+            succ = next(iter(nn for nn in self.out_graph.successors(desc.loop_body) if nn is not desc.loop_body))
+
+            self.out_graph.remove_node(desc.loop_body)
+            self.out_graph.add_edge(pred, succ)
+
+            if pred.statements and isinstance(pred.statements[-1], ConditionalJump):
+                pred.statements[-1] = Jump(
+                    None,
+                    Const(None, None, succ.addr, self.project.arch.bits),
+                    succ.idx,
+                    **pred.statements[-1].tags,
+                )
+
+    def _find_string_transformation_loops(self):
+        # find self loops
+        self_loops = []
+        for node in self._graph.nodes:
+            preds = list(self._graph.predecessors(node))
+            succs = list(self._graph.successors(node))
+            if len(preds) == 2 and len(succs) == 2 and node in preds and node in succs:
+                pred = next(iter(nn for nn in preds if nn is not node))
+                succ = next(iter(nn for nn in succs if nn is not node))
+                if (
+                    self._graph.out_degree[pred] == 1
+                    and self._graph.in_degree[succ] == 1
+                    or self._graph.out_degree[pred] == 2
+                    and self._graph.in_degree[succ] == 2
+                    and self._graph.has_edge(pred, succ)
+                ):
+                    # found it
+                    self_loops.append(node)
+
+        if not self_loops:
+            return []
+
+        descs = []
+        for loop_node in self_loops:
+            pred = next(iter(nn for nn in self._graph.predecessors(loop_node) if nn is not loop_node))
+            succ = next(iter(nn for nn in self._graph.successors(loop_node) if nn is not loop_node))
+            engine = InlinedStringTransformationAILEngine(
+                self.project, {pred.addr: pred, loop_node.addr: loop_node}, pred.addr, succ.addr, 1024
+            )
+            if engine.finished:
+                # find the longest slide where the stack accesses are like the following:
+                #   "store", code_location_a, value_a
+                #   "load", code_location_b, value_a
+                #   "store", code_location_b, value_b
+                # where value_a and value_b may be the same
+                candidate_stack_addrs = []
+                for stack_addr in sorted(engine.stack_accesses.keys()):
+                    stack_accesses = engine.stack_accesses[stack_addr]
+                    if len(stack_accesses) == 3:
+                        item0, item1, item2 = stack_accesses
+                        if item0[0] == "store" and item1[0] == "load" and item2[0] == "store":
+                            if item0[1] != item1[1] and item1[1] == item2[1]:
+                                if item0[2] is item1[2]:
+                                    # found one!
+                                    candidate_stack_addrs.append(stack_addr)
+
+                if (
+                    len(candidate_stack_addrs) >= 2
+                    and candidate_stack_addrs[-1] == candidate_stack_addrs[0] + len(candidate_stack_addrs) - 1
+                ):
+                    filtered_stack_accesses = [engine.stack_accesses[a] for a in candidate_stack_addrs]
+                    stack_offset = candidate_stack_addrs[0] - engine.STACK_BASE
+                    info = InlineStringTransformationDescriptor(pred, loop_node, filtered_stack_accesses, stack_offset)
+                    descs.append(info)
+
+        return descs

angr/analyses/decompiler/optimization_passes/ite_region_converter.py

@@ -2,7 +2,7 @@
 import logging
 
 from ailment.statement import ConditionalJump, Assignment, Jump
-from ailment.expression import ITE
+from ailment.expression import ITE, Const
 
 from ....utils.graph import subgraph_between_nodes
 from ..utils import remove_labels, to_ail_supergraph
@@ -146,10 +146,11 @@ class ITERegionConverter(OptimizationPass):
         #
 
         new_region_head = region_head.copy()
+        conditional_jump: ConditionalJump = region_head.statements[-1]
         addr_obj = true_stmt.src if "ins_addr" in true_stmt.src.tags else true_stmt
         ternary_expr = ITE(
             None,
-            region_head.statements[-1].condition,
+            conditional_jump.condition,
             true_stmt.src,
             false_stmt.src,
             ins_addr=addr_obj.ins_addr,
@@ -160,6 +161,13 @@ class ITERegionConverter(OptimizationPass):
         new_assignment.src = ternary_expr
         new_region_head.statements[-1] = new_assignment
 
+        # add a goto statement to the region tail so it can be transformed into a break or other types of control-flow
+        # transitioning statement in the future
+        goto_stmt = Jump(
+            None, Const(None, None, region_tail.addr, self.project.arch.bits), region_tail.idx, **conditional_jump.tags
+        )
+        new_region_head.statements.append(goto_stmt)
+
         #
         # destroy all the old region blocks
         #

angr/analyses/decompiler/optimization_passes/x86_gcc_getpc_simplifier.py

@@ -76,7 +76,10 @@ class X86GccGetPcSimplifier(OptimizationPass):
                 and isinstance(block.statements[-1].target, ailment.Expr.Const)
             ):
                 call_func_addr = block.statements[-1].target.value
-                call_func = self.kb.functions.get_by_addr(call_func_addr)
+                try:
+                    call_func = self.kb.functions.get_by_addr(call_func_addr)
+                except KeyError:
+                    continue
                 if "get_pc" in call_func.info:
                     results.append(
                         (key, len(block.statements) - 1, call_func.info["get_pc"], block.addr + block.original_size),

angr/analyses/decompiler/peephole_optimizations/__init__.py

@@ -42,6 +42,7 @@ from .invert_negated_logical_conjuction_disjunction import InvertNegatedLogicalC
 from .rol_ror import RolRorRewriter
 from .inlined_strcpy import InlinedStrcpy
 from .inlined_strcpy_consolidation import InlinedStrcpyConsolidation
+from .inlined_wstrcpy import InlinedWstrcpy
 
 from .base import PeepholeOptimizationExprBase, PeepholeOptimizationStmtBase, PeepholeOptimizationMultiStmtBase