PyPI - smallworld-re - Versions diffs - 1.0.0__py3-none-any.whl - Mend

smallworld-re 1.0.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (166) hide show

smallworld/__init__.py +35 -0
smallworld/analyses/__init__.py +14 -0
smallworld/analyses/analysis.py +88 -0
smallworld/analyses/code_coverage.py +31 -0
smallworld/analyses/colorizer.py +682 -0
smallworld/analyses/colorizer_summary.py +100 -0
smallworld/analyses/field_detection/__init__.py +14 -0
smallworld/analyses/field_detection/field_analysis.py +536 -0
smallworld/analyses/field_detection/guards.py +26 -0
smallworld/analyses/field_detection/hints.py +133 -0
smallworld/analyses/field_detection/malloc.py +211 -0
smallworld/analyses/forced_exec/__init__.py +3 -0
smallworld/analyses/forced_exec/forced_exec.py +87 -0
smallworld/analyses/underlays/__init__.py +4 -0
smallworld/analyses/underlays/basic.py +13 -0
smallworld/analyses/underlays/underlay.py +31 -0
smallworld/analyses/unstable/__init__.py +4 -0
smallworld/analyses/unstable/angr/__init__.py +0 -0
smallworld/analyses/unstable/angr/base.py +12 -0
smallworld/analyses/unstable/angr/divergence.py +274 -0
smallworld/analyses/unstable/angr/model.py +383 -0
smallworld/analyses/unstable/angr/nwbt.py +63 -0
smallworld/analyses/unstable/angr/typedefs.py +170 -0
smallworld/analyses/unstable/angr/utils.py +25 -0
smallworld/analyses/unstable/angr/visitor.py +315 -0
smallworld/analyses/unstable/angr_nwbt.py +106 -0
smallworld/analyses/unstable/code_coverage.py +54 -0
smallworld/analyses/unstable/code_reachable.py +44 -0
smallworld/analyses/unstable/control_flow_tracer.py +71 -0
smallworld/analyses/unstable/pointer_finder.py +90 -0
smallworld/arch/__init__.py +0 -0
smallworld/arch/aarch64_arch.py +286 -0
smallworld/arch/amd64_arch.py +86 -0
smallworld/arch/i386_arch.py +44 -0
smallworld/emulators/__init__.py +14 -0
smallworld/emulators/angr/__init__.py +7 -0
smallworld/emulators/angr/angr.py +1652 -0
smallworld/emulators/angr/default.py +15 -0
smallworld/emulators/angr/exceptions.py +7 -0
smallworld/emulators/angr/exploration/__init__.py +9 -0
smallworld/emulators/angr/exploration/bounds.py +27 -0
smallworld/emulators/angr/exploration/default.py +17 -0
smallworld/emulators/angr/exploration/terminate.py +22 -0
smallworld/emulators/angr/factory.py +55 -0
smallworld/emulators/angr/machdefs/__init__.py +35 -0
smallworld/emulators/angr/machdefs/aarch64.py +292 -0
smallworld/emulators/angr/machdefs/amd64.py +192 -0
smallworld/emulators/angr/machdefs/arm.py +387 -0
smallworld/emulators/angr/machdefs/i386.py +221 -0
smallworld/emulators/angr/machdefs/machdef.py +138 -0
smallworld/emulators/angr/machdefs/mips.py +184 -0
smallworld/emulators/angr/machdefs/mips64.py +189 -0
smallworld/emulators/angr/machdefs/ppc.py +101 -0
smallworld/emulators/angr/machdefs/riscv.py +261 -0
smallworld/emulators/angr/machdefs/xtensa.py +255 -0
smallworld/emulators/angr/memory/__init__.py +7 -0
smallworld/emulators/angr/memory/default.py +10 -0
smallworld/emulators/angr/memory/fixups.py +43 -0
smallworld/emulators/angr/memory/memtrack.py +105 -0
smallworld/emulators/angr/scratch.py +43 -0
smallworld/emulators/angr/simos.py +53 -0
smallworld/emulators/angr/utils.py +70 -0
smallworld/emulators/emulator.py +1013 -0
smallworld/emulators/hookable.py +252 -0
smallworld/emulators/panda/__init__.py +5 -0
smallworld/emulators/panda/machdefs/__init__.py +28 -0
smallworld/emulators/panda/machdefs/aarch64.py +93 -0
smallworld/emulators/panda/machdefs/amd64.py +71 -0
smallworld/emulators/panda/machdefs/arm.py +89 -0
smallworld/emulators/panda/machdefs/i386.py +36 -0
smallworld/emulators/panda/machdefs/machdef.py +86 -0
smallworld/emulators/panda/machdefs/mips.py +94 -0
smallworld/emulators/panda/machdefs/mips64.py +91 -0
smallworld/emulators/panda/machdefs/ppc.py +79 -0
smallworld/emulators/panda/panda.py +575 -0
smallworld/emulators/unicorn/__init__.py +13 -0
smallworld/emulators/unicorn/machdefs/__init__.py +28 -0
smallworld/emulators/unicorn/machdefs/aarch64.py +310 -0
smallworld/emulators/unicorn/machdefs/amd64.py +326 -0
smallworld/emulators/unicorn/machdefs/arm.py +321 -0
smallworld/emulators/unicorn/machdefs/i386.py +137 -0
smallworld/emulators/unicorn/machdefs/machdef.py +117 -0
smallworld/emulators/unicorn/machdefs/mips.py +202 -0
smallworld/emulators/unicorn/unicorn.py +684 -0
smallworld/exceptions/__init__.py +5 -0
smallworld/exceptions/exceptions.py +85 -0
smallworld/exceptions/unstable/__init__.py +1 -0
smallworld/exceptions/unstable/exceptions.py +25 -0
smallworld/extern/__init__.py +4 -0
smallworld/extern/ctypes.py +94 -0
smallworld/extern/unstable/__init__.py +1 -0
smallworld/extern/unstable/ghidra.py +129 -0
smallworld/helpers.py +107 -0
smallworld/hinting/__init__.py +8 -0
smallworld/hinting/hinting.py +214 -0
smallworld/hinting/hints.py +427 -0
smallworld/hinting/unstable/__init__.py +2 -0
smallworld/hinting/utils.py +19 -0
smallworld/instructions/__init__.py +18 -0
smallworld/instructions/aarch64.py +20 -0
smallworld/instructions/arm.py +18 -0
smallworld/instructions/bsid.py +67 -0
smallworld/instructions/instructions.py +258 -0
smallworld/instructions/mips.py +21 -0
smallworld/instructions/x86.py +100 -0
smallworld/logging.py +90 -0
smallworld/platforms.py +95 -0
smallworld/py.typed +0 -0
smallworld/state/__init__.py +6 -0
smallworld/state/cpus/__init__.py +32 -0
smallworld/state/cpus/aarch64.py +563 -0
smallworld/state/cpus/amd64.py +676 -0
smallworld/state/cpus/arm.py +630 -0
smallworld/state/cpus/cpu.py +71 -0
smallworld/state/cpus/i386.py +239 -0
smallworld/state/cpus/mips.py +374 -0
smallworld/state/cpus/mips64.py +372 -0
smallworld/state/cpus/powerpc.py +229 -0
smallworld/state/cpus/riscv.py +357 -0
smallworld/state/cpus/xtensa.py +80 -0
smallworld/state/memory/__init__.py +7 -0
smallworld/state/memory/code.py +70 -0
smallworld/state/memory/elf/__init__.py +3 -0
smallworld/state/memory/elf/elf.py +564 -0
smallworld/state/memory/elf/rela/__init__.py +32 -0
smallworld/state/memory/elf/rela/aarch64.py +27 -0
smallworld/state/memory/elf/rela/amd64.py +32 -0
smallworld/state/memory/elf/rela/arm.py +51 -0
smallworld/state/memory/elf/rela/i386.py +32 -0
smallworld/state/memory/elf/rela/mips.py +45 -0
smallworld/state/memory/elf/rela/ppc.py +45 -0
smallworld/state/memory/elf/rela/rela.py +63 -0
smallworld/state/memory/elf/rela/riscv64.py +27 -0
smallworld/state/memory/elf/rela/xtensa.py +15 -0
smallworld/state/memory/elf/structs.py +55 -0
smallworld/state/memory/heap.py +85 -0
smallworld/state/memory/memory.py +181 -0
smallworld/state/memory/stack/__init__.py +31 -0
smallworld/state/memory/stack/aarch64.py +22 -0
smallworld/state/memory/stack/amd64.py +42 -0
smallworld/state/memory/stack/arm.py +66 -0
smallworld/state/memory/stack/i386.py +22 -0
smallworld/state/memory/stack/mips.py +34 -0
smallworld/state/memory/stack/mips64.py +34 -0
smallworld/state/memory/stack/ppc.py +34 -0
smallworld/state/memory/stack/riscv.py +22 -0
smallworld/state/memory/stack/stack.py +127 -0
smallworld/state/memory/stack/xtensa.py +34 -0
smallworld/state/models/__init__.py +6 -0
smallworld/state/models/mmio.py +186 -0
smallworld/state/models/model.py +163 -0
smallworld/state/models/posix.py +455 -0
smallworld/state/models/x86/__init__.py +2 -0
smallworld/state/models/x86/microsoftcdecl.py +35 -0
smallworld/state/models/x86/systemv.py +240 -0
smallworld/state/state.py +962 -0
smallworld/state/unstable/__init__.py +0 -0
smallworld/state/unstable/elf.py +393 -0
smallworld/state/x86_registers.py +30 -0
smallworld/utils.py +935 -0
smallworld_re-1.0.0.dist-info/LICENSE.txt +21 -0
smallworld_re-1.0.0.dist-info/METADATA +189 -0
smallworld_re-1.0.0.dist-info/RECORD +166 -0
smallworld_re-1.0.0.dist-info/WHEEL +5 -0
smallworld_re-1.0.0.dist-info/entry_points.txt +2 -0
smallworld_re-1.0.0.dist-info/top_level.txt +1 -0

smallworld/emulators/angr/machdefs/arm.py ADDED Viewed

@@ -0,0 +1,387 @@
+import archinfo
+from ....platforms import Architecture, Byteorder
+from .machdef import AngrMachineDef
+class ARMMachineDef(AngrMachineDef):
+    pc_reg = "pc"
+    def __init__(self):
+        self._registers = {
+            # *** General-purpose registers ***
+            "r0": "r0",
+            "r1": "r1",
+            "r2": "r2",
+            "r3": "r3",
+            "r4": "r4",
+            "r5": "r5",
+            "r6": "r6",
+            "r7": "r7",
+            "r8": "r8",
+            # r9 doubles as the Static base pointer
+            "r9": "r9",
+            "sb": "sb",
+            # r10 doubles as the Stack Limit pointer
+            "r10": "r10",
+            "sl": "sl",
+            # r11 doubles as the Frame Pointer, if desired.
+            "r11": "r11",
+            "fp": "fp",
+            # r12 doubles as the Intra-call scratch register
+            "r12": "r12",
+            "ip": "ip",
+            "sp": "sp",
+            "lr": "lr",
+            "pc": "pc",
+        }
+class ARMMachineMixinM:
+    """Mixin class for M-series CPUs.
+    The main difference between M and R/A
+    is the available system status registers.
+    """
+    def __init__(self):
+        super().__init__()
+        self._registers.update(
+            {
+                # *** Special Registers ***
+                # Program Status Register
+                # NOTE: PSR can be accessed through several masked aliases.
+                # These are read-only, so I'm not including them.
+                # - apsr: Just the condition flags
+                # - ipsr: Just exception information
+                # - epsr: Just execution state info
+                # - iapsr: apsr | ipsr
+                # - eapsr: apsr | epsr
+                # - iepsr: ipsr | epsr
+                # - xpsr: apsr | ipsr | epsr
+                "psr": "cpsr",
+                # Exception Mask Register
+                "primask": "primask",
+                # Base Priority Mask Register
+                "basepri": "basepri",
+                # Fault Mask Register
+                "faultmask": "faultmask",
+                # Control register; includes a lot of flags.
+                "control": "control",
+                # *** Stack Pointer Bank ***
+                # sp is actually an alias to one of these two.
+                # Exactly which one depends on a bit in control.
+                # Emulators that care should be careful when loading state.
+                # Main Stack Pointer
+                "msp": "msp",
+                # Process Stack Pointer
+                "psp": "psp",
+            }
+        )
+class ARMMachineMixinRA:
+    """Mixin for ARM series A and R CPUs"""
+    def __init__(self):
+        super().__init__()
+        self._registers.update(
+            {
+                # *** Special Registers ***
+                # Current Program Status Register
+                # NOTE: CPSR can be accessed through several masked aliases.
+                # These are read-only, so I'm not including them.
+                # - isetstate: Just includes instruction set control bits
+                # - itstate: Just includes state bits for Thumb IT instruction
+                "cpsr": "cpsr",
+                # Saved Program Status Register
+                "spsr": "spsr",
+                # *** Register Banks ***
+                # sp, lr, and spsr are actually aliases to one of these.
+                # Which one they reference depends on execution mode.
+                # Emulators that care should be careful when loading state.
+                # NOTE: Use User-mode copies of registers unless the mode has its own.
+                # User-mode Stack Pointer
+                "sp_usr": "sp_usr",
+                # User-mode Link Register
+                "lr_usr": "lr_usr",
+                # User-mode r8
+                "r8_usr": "r8_usr",
+                # User-mode r9
+                "r9_usr": "r9_usr",
+                # User-mode r10
+                "r10_usr": "r10_usr",
+                # User-mode r11
+                "r11_usr": "r11_usr",
+                # User-mode r12
+                "r12_usr": "r12_usr",
+                # Hypervisor Stack Pointer
+                "sp_hyp": "sp_hyp",
+                # Hypervisor Saved PSR
+                "spsr_hyp": "spsr_hyp",
+                # Hypervisor Exception Link Register
+                # NOTE: This isn't so much banked, as it only exists in hypervisor mode.
+                "elr_hyp": "elr_hyp",
+                # Supervisor Stack Pointer
+                "sp_svc": "sp_svc",
+                # Supervisor Link Register
+                "lr_svc": "lr_svc",
+                # Supervisor Saved PSR
+                "spsr_svc": "spsr_svc",
+                # Abort-state Stack Pointer
+                "sp_abt": "sp_abt",
+                # Abort-state Link Register
+                "lr_abt": "lr_abt",
+                # Abort-state Saved PSR
+                "spsr_abt": "spsr_abt",
+                # Undefined-mode Stack Pointer
+                "sp_und": "sp_und",
+                # Undefined-mode Link Register
+                "lr_und": "lr_und",
+                # Undefined-mode Saved PSR
+                "spsr_und": "spsr_und",
+                # Monitor-mode Stack Pointer
+                "sp_mon": "sp_mon",
+                # Monitor-mode Link Register
+                "lr_mon": "lr_mon",
+                # Monitor-mode Saved PSR
+                "spsr_mon": "spsr_mon",
+                # IRQ-mode Stack Pointer
+                "sp_irq": "sp_irq",
+                # IRQ-mode Link Register
+                "lr_irq": "lr_irq",
+                # IRQ-mode Saved PSR
+                "spsr_irq": "spsr_irq",
+                # FIQ-mode Stack Pointer
+                "sp_fiq": "sp_fiq",
+                # FIQ-mode Link Register
+                "lr_fiq": "lr_fiq",
+                # FIQ-mode Saved PSR
+                "spsr_fiq": "spsr_fiq",
+                # FIQ-mode r8
+                "r8_fiq": "r8_fiq",
+                # FIQ-mode r9
+                "r9_fiq": "r9_fiq",
+                # FIQ-mode r10
+                "r10_fiq": "r10_fiq",
+                # FIQ-mode r11
+                "r11_fiq": "r11_fiq",
+                # FIQ-mode r12
+                "r12_fiq": "r12_fiq",
+            }
+        )
+class ARMMachineMixinFP:
+    """Mixin for ARM CPUs with FP extensions
+    This is one kind of floating-point extension
+    which offers 64-bit scalar operations.
+    """
+    def __init__(self):
+        super().__init__()
+        self._registers.update(
+            {
+                # *** Floating point control registers ***
+                # Floating-point Status and Control Register
+                "fpscr": "fpscr",
+                # Floating-point Exception Control Register
+                "fpexc": "fpexc",
+                # Floating-point System ID Register
+                "fpsid": "fpsid",
+                # Media and VFP Feature Register 0
+                "mvfr0": "mvfr0",
+                # Media and VFP Feature Register 1
+                "mvfr1": "mvfr1",
+                # *** Floating point registers ***
+                "d0": "d0",
+                "s0": "s0",
+                "s1": "s1",
+                "d1": "d1",
+                "s2": "s2",
+                "s3": "s3",
+                "d2": "d2",
+                "s4": "s4",
+                "s5": "s5",
+                "d3": "d3",
+                "s6": "s6",
+                "s7": "s7",
+                "d4": "d4",
+                "s8": "s8",
+                "s9": "s9",
+                "d5": "d5",
+                "s10": "s10",
+                "s11": "s11",
+                "d6": "d6",
+                "s12": "s12",
+                "s13": "s13",
+                "d7": "d7",
+                "s14": "s14",
+                "s15": "s15",
+                "d8": "d8",
+                "s16": "s16",
+                "s17": "s17",
+                "d9": "d9",
+                "s18": "s18",
+                "s19": "s19",
+                "d10": "d10",
+                "s20": "s20",
+                "s21": "s21",
+                "d11": "d11",
+                "s22": "s22",
+                "s23": "s23",
+                "d12": "d12",
+                "s24": "s24",
+                "s25": "s25",
+                "d13": "d13",
+                "s26": "s26",
+                "s27": "s27",
+                "d14": "d14",
+                "s28": "s28",
+                "s29": "s29",
+                "d15": "d15",
+                "s30": "s30",
+                "s31": "s31",
+            }
+        )
+class ARMMachineMixinVFPEL:
+    def __init__(self):
+        super().__init__()
+        self._registers.update(
+            {
+                # *** Floating-point Control Registers ***
+                # Floating-point Status and Control Register
+                "fpscr": "fpscr",
+                # Floating-point Exception Control Register
+                "fpexc": "fpexc",
+                # Floating-point System ID Register
+                "fpsid": "fpsid",
+                # Media and VFP Feature Register 0
+                "mvfr0": "mvfr0",
+                # Media and VFP Feature Register 1
+                "mvfr1": "mvfr1",
+                # *** Floating-point Registers ****
+                "q0": "q0",
+                "d0": "d0",
+                "s0": "s0",
+                "s1": "s1",
+                "d1": "d1",
+                "s2": "s2",
+                "s3": "s3",
+                "q1": "q1",
+                "d2": "d2",
+                "s4": "s4",
+                "s5": "s5",
+                "d3": "d3",
+                "s6": "s6",
+                "s7": "s7",
+                "q2": "q2",
+                "d4": "d4",
+                "s8": "s8",
+                "s9": "s9",
+                "d5": "d5",
+                "s10": "s10",
+                "s11": "s11",
+                "q3": "q3",
+                "d6": "d6",
+                "s12": "s12",
+                "s13": "s13",
+                "d7": "d7",
+                "s14": "s14",
+                "s15": "s15",
+                "q4": "q4",
+                "d8": "d8",
+                "s16": "s16",
+                "s17": "s17",
+                "d9": "d9",
+                "s18": "s18",
+                "s19": "s19",
+                "q5": "q5",
+                "d10": "d10",
+                "s20": "s20",
+                "s21": "s21",
+                "d11": "d11",
+                "s22": "s22",
+                "s23": "s23",
+                "q6": "q6",
+                "d12": "d12",
+                "s24": "s24",
+                "s25": "s25",
+                "d13": "d13",
+                "s26": "s26",
+                "s27": "s27",
+                "q7": "q7",
+                "d14": "d14",
+                "s28": "s28",
+                "s29": "s29",
+                "d15": "d15",
+                "s30": "s30",
+                "s31": "s31",
+                # NOTE: This isn't a typo; there are only 32 single-precision sX registers
+                # This does mean that only half the VFP register space can be used
+                # for single-precision arithmetic.
+                "q8": "q8",
+                "d16": "d16",
+                "d17": "d17",
+                "q9": "q9",
+                "d18": "d18",
+                "d19": "d19",
+                "q10": "q10",
+                "d20": "d20",
+                "d21": "d21",
+                "q11": "q11",
+                "d22": "d22",
+                "d23": "d23",
+                "q12": "q12",
+                "d24": "d24",
+                "d25": "d25",
+                "q13": "q13",
+                "d26": "d26",
+                "d27": "d27",
+                "q14": "q14",
+                "d28": "d28",
+                "d29": "d29",
+                "q15": "q15",
+                "d30": "d30",
+                "d31": "d31",
+            }
+        )
+class ARMv5TMachineDef(ARMMachineMixinM, ARMMachineDef):
+    angr_arch = archinfo.arch_arm.ArchARMEL()
+    arch = Architecture.ARM_V5T
+    byteorder = Byteorder.LITTLE
+class ARMv6MMachineDef(ARMMachineMixinFP, ARMMachineMixinM, ARMMachineDef):
+    angr_arch = archinfo.arch_arm.ArchARMEL()
+    arch = Architecture.ARM_V6M
+    byteorder = Byteorder.LITTLE
+class ARMv6MThumbMachineDef(ARMv6MMachineDef):
+    angr_arch = archinfo.arch_arm.ArchARMCortexM()
+    arch = Architecture.ARM_V6M_THUMB
+    byteorder = Byteorder.LITTLE
+    is_thumb = True
+class ARMv7MMachineDef(ARMMachineMixinFP, ARMMachineMixinM, ARMMachineDef):
+    angr_arch = archinfo.arch_arm.ArchARMHF()
+    arch = Architecture.ARM_V7M
+    byteorder = Byteorder.LITTLE
+class ARMv7AMachineDef(ARMMachineMixinVFPEL, ARMMachineMixinRA, ARMMachineDef):
+    # TODO: This is a user-space integer only model
+    angr_arch = archinfo.arch_arm.ArchARMHF()
+    arch = Architecture.ARM_V7A
+    byteorder = Byteorder.LITTLE
+# angr does not have good enough R- or A- series support,
+# or any support for NEON that I can see.

smallworld/emulators/angr/machdefs/i386.py ADDED Viewed

@@ -0,0 +1,221 @@
+import typing
+import angr
+import archinfo
+import pyvex
+from ....platforms import Architecture, Byteorder
+from .machdef import AngrMachineDef
+class i386MachineDef(AngrMachineDef):
+    arch = Architecture.X86_32
+    byteorder = Byteorder.LITTLE
+    angr_arch = archinfo.arch_x86.ArchX86()
+    pc_reg = "eip"
+    _registers = {
+        # *** General Purpose Registers ***
+        "eax": "eax",
+        "ax": "ax",
+        "al": "al",
+        "ah": "ah",
+        "ebx": "ebx",
+        "bx": "bx",
+        "bl": "bl",
+        "bh": "bh",
+        "ecx": "ecx",
+        "cx": "cx",
+        "cl": "cl",
+        "ch": "ch",
+        "edx": "edx",
+        "dx": "dx",
+        "dl": "dl",
+        "dh": "dh",
+        "esi": "esi",
+        "si": "si",
+        "sil": "sil",
+        "edi": "edi",
+        "di": "di",
+        "dil": "dil",
+        "ebp": "ebp",
+        "bp": "bp",
+        "bpl": "bpl",
+        "esp": "esp",
+        "sp": "sp",
+        "spl": "spl",
+        # *** Instruction Pointer ***
+        "eip": "eip",
+        "ip": "ip",
+        # *** Segment Registers ***
+        "cs": "cs",
+        "ds": "ds",
+        "es": "es",
+        "fs": "fs",
+        "gs": "gs",
+        "ss": "ss",
+        # *** Flags Register ***
+        "eflags": "eflags",
+        "flags": "flags",
+        # *** Control Registers ***
+        "cr0": "",
+        "cr1": "",
+        "cr2": "",
+        "cr3": "",
+        "cr4": "",
+        "cr8": "",
+        # *** Debug Registers ***
+        "dr0": "",
+        "dr1": "",
+        "dr2": "",
+        "dr3": "",
+        "dr6": "",
+        "dr7": "",
+        # *** Descriptor Table Registers ***
+        "gdtr": "gdt",
+        "idtr": "idt",
+        "ldtr": "ldt",
+        # *** Task Register ***
+        "tr": "",
+        # *** x87 Registers ***
+        # TODO: angr seems to support x87, but I have no idea how its register file works
+        # I can't find most of the control registers,
+        # and there don't seem to be separate "fprN" registers; just one giant blob
+        "fpr0": "",
+        "fpr1": "",
+        "fpr2": "",
+        "fpr3": "",
+        "fpr4": "",
+        "fpr5": "",
+        "fpr6": "",
+        "fpr7": "",
+        "fctrl": "",
+        "fstat": "",
+        "ftag": "fptag",
+        "fip": "",
+        "fdp": "",
+        "fop": "",
+        # *** MMX Registers ***
+        "mm0": "mm0",
+        "mm1": "mm1",
+        "mm2": "mm2",
+        "mm3": "mm3",
+        "mm4": "mm4",
+        "mm5": "mm5",
+        "mm6": "mm6",
+        "mm7": "mm7",
+        # *** SSE Registers ***
+        "xmm0": "xmm0",
+        "xmm1": "xmm1",
+        "xmm2": "xmm2",
+        "xmm3": "xmm3",
+        "xmm4": "xmm4",
+        "xmm5": "xmm5",
+        "xmm6": "xmm6",
+        "xmm7": "xmm7",
+    }
+    def rebuild_irsb(self, addr, good_bytes):
+        # Lift good_bytes to an IRSB
+        return pyvex.lift(good_bytes, addr, self.angr_arch)
+    def build_sysexit_irsb(self, insn, good_bytes):
+        # Build a new IRSB just containing sysexit:
+        # 0: IMARK (addr, 2, 0)
+        # 1: t0 = GET:I32(ecx)
+        # 2: t1 = GET:I32(edx)
+        # 3: PUT(esp) = t0
+        # NEXT: PUT(eip) = t1; Iji_Sys_sysexit
+        # Get the offsetfs of ecd and edx
+        ecx_off, _ = self.angr_arch.registers["ecx"]
+        edx_off, _ = self.angr_arch.registers["edx"]
+        esp_off, _ = self.angr_arch.registers["esp"]
+        # Type environment; we need two variables of type int32
+        irsb_tyenv = pyvex.IRTypeEnv(self.angr_arch, ["Ity_I32", "Ity_I32"])
+        # Statements
+        irsb_stmts = [
+            # Statement 0: Instruction mark
+            pyvex.stmt.IMark(insn.address, 2, 0),
+            # Statement 1: Load ecx into t0
+            pyvex.stmt.WrTmp(
+                0,  # Load into t0
+                pyvex.expr.Get(  # Get a register
+                    ecx_off,
+                    "Ity_I32",
+                ),
+            ),
+            # Statement 2: Load edx into t1
+            pyvex.stmt.WrTmp(
+                1,  # Load into t1
+                pyvex.expr.Get(  # Get a register
+                    edx_off,
+                    "Ity_I32",
+                ),
+            ),
+            # Statement 3: Load t0 into esp
+            pyvex.stmt.Put(pyvex.expr.RdTmp.get_instance(0), esp_off),
+        ]
+        # "next" expression; Value of t1
+        irsb_next = pyvex.expr.RdTmp.get_instance(1)
+        # Jump kind
+        irsb_jumpkind = "Ijk_Boring"
+        irsb = pyvex.IRSB.from_py(
+            irsb_tyenv,
+            irsb_stmts,
+            irsb_next,
+            irsb_jumpkind,
+            insn.address,
+            self.angr_arch,
+        )
+        if len(good_bytes) > 0:
+            prefix = self.rebuild_irsb(insn.address - len(good_bytes), good_bytes)
+            # Fuse the two together
+            irsb = prefix.extend(irsb)
+        return irsb
+    def successors(self, state: angr.SimState, **kwargs) -> typing.Any:
+        # VEX doesn't correctly model SYSENTER and SYSEXIT
+        # Fetch or compute the IR block for our state
+        if "irsb" in kwargs and kwargs["irsb"] is not None:
+            # Someone's already specified an IR block.
+            irsb = kwargs["irsb"]
+        else:
+            # Disable optimization; it doesn't work
+            # Compute the block from the state
+            # Pray to the Powers that kwargs are compatible.
+            irsb = state.block(**kwargs).vex
+        if irsb.jumpkind == "Ijk_NoDecode":
+            # VEX is stumped regarding this instruction.
+            # Unfortunately, this also means basic block detection failed.
+            irsb = None
+            disas = state.block(**kwargs).disassembly
+            good_bytes = b""
+            for insn in disas.insns:
+                if insn.mnemonic == "sysexit":
+                    irsb = self.build_sysexit_irsb(insn, good_bytes)
+                    break
+                else:
+                    good_bytes += insn.insn.bytes
+            if irsb is None:
+                irsb = self.rebuild_irsb(disas.insns[0].address, good_bytes)
+        # Force the engine to use our IR block
+        kwargs["irsb"] = irsb
+        # Turn the crank on the engine
+        try:
+            return super().successors(state, **kwargs)
+        except angr.errors.SimIRSBNoDecodeError as e:
+            print(f"Bad IRSB:\n{irsb}")
+            raise e