angr.ailment¶
- class angr.ailment.AILBlockRewriter
Bases:
AILBlockWalker[Expression,Statement,Block]Walks all statements and expressions of an AIL node, and rebuilds expressions, statements, or blocks if needed.
If you need a pure walker without rebuilding, use AILBlockViewer instead.
- Variables:
update_block – True if the block should be updated in place, False if a new block should be created and returned as the result of walk().
replace_phi_stmt – True if you want _handle_Phi be called and vvars potentially replaced; False otherwise. Default to False because in the most majority cases you do not want vvars in a Phi variable be replaced.
- class angr.ailment.AILBlockViewer
Bases:
AILBlockWalker[None,None,None]Walks all statements and expressions of an AIL node and do nothing.
- class angr.ailment.AILBlockWalker
Bases:
GenericWalks all statements and expressions of an AIL node and construct arbitrary values based on them.
- __init__(stmt_handlers=None, expr_handlers=None)
- walk_statement(stmt, block=None, stmt_idx=0)
- walk_expression(expr, stmt_idx=None, stmt=None, block=None)
- Return type:
TypeVar(ExprType)- Parameters:
expr (Expression)
stmt_idx (int | None)
stmt (Statement | None)
block (Block | None)
- class angr.ailment.Assignment
Bases:
StatementAssignment statement: expr_a = expr_b
- __init__(idx, dst, src, **kwargs)
- Parameters:
idx (int)
dst (Atom)
src (Expression)
- dst
- src
- likes(other)
- matches(other)
- replace(old_expr, new_expr)
- Parameters:
old_expr (Expression)
new_expr (Expression)
- property depth
- copy()
- Return type:
- deep_copy(manager)
- Return type:
- class angr.ailment.BinaryOp
Bases:
Op- OPSTR_MAP = {'Add': '+', 'AddF': '+', 'AddV': '+', 'And': '&', 'Carry': 'CARRY', 'CmpEQ': '==', 'CmpF': 'CmpF', 'CmpGE': '>=', 'CmpGE (signed)': '>=s', 'CmpGT': '>', 'CmpGT (signed)': '>s', 'CmpLE': '<=', 'CmpLE (signed)': '<=s', 'CmpLT': '<', 'CmpLT (signed)': '<s', 'CmpNE': '!=', 'Concat': 'CONCAT', 'Div': '/', 'DivF': '/', 'LogicalAnd': '&&', 'LogicalOr': '||', 'Mod': '%', 'Mul': '*', 'MulF': '*', 'MulV': '*', 'Or': '|', 'Rol': 'ROL', 'Ror': 'ROR', 'SBorrow': 'SBORROW', 'SCarry': 'SCARRY', 'Sar': '>>a', 'Shl': '<<', 'Shr': '>>', 'Sub': '-', 'SubF': '-', 'Xor': '^'}¶
- COMPARISON_NEGATION = {'CmpEQ': 'CmpNE', 'CmpGE': 'CmpLT', 'CmpGT': 'CmpLE', 'CmpLE': 'CmpGT', 'CmpLT': 'CmpGE', 'CmpNE': 'CmpEQ'}¶
- __init__(idx, op, operands, signed=False, *, variable=None, variable_offset=None, bits=None, floating_point=False, rounding_mode=None, vector_count=None, vector_size=None, **kwargs)
- operands
- signed
- variable
- variable_offset
- floating_point
- vector_count
- vector_size
- likes(other)
- matches(other)
- has_atom(atom, identity=True)
- replace(old_expr, new_expr)
- Return type:
- Parameters:
old_expr (Expression)
new_expr (Expression)
- property verbose_op
- copy()
- Return type:
- deep_copy(manager)
- Return type:
- class angr.ailment.Block
Bases:
objectDescribes an AIL block.
__str__ should be fast because Phoenix uses networkx graph filters, and graph filters may print str(block) in some cases, e.g., https://github.com/networkx/networkx/blob/861718f8aadeed4f742a348f0c437396cacdf180/networkx/classes/coreviews.py#L305
- __init__(addr, original_size, statements=None, idx=None)
- addr
- original_size
- idx
- copy(statements=None)
- deep_copy(manager)
- Parameters:
manager (Manager)
- dbg_repr(indent=0)
- pp()
- Return type:
- likes(other)
- clear_hash()
- class angr.ailment.Const
Bases:
Atom- value
- property value_int: int
- property value_float: float
- likes(other)
- matches(other)
- property sign_bit
- copy()
- Return type:
- deep_copy(manager)
- Return type:
- property is_int: bool
- class angr.ailment.Expression
Bases:
TaggedObject,ABCThe base class of all AIL expressions.
- bits: int
- __init__(idx, depth, **kwargs)
- Parameters:
idx (int)
- depth
- property size
- has_atom(atom, identity=True)
- abstractmethod likes(other)
- abstractmethod matches(other)
- replace(old_expr, new_expr)
- Return type:
- Parameters:
old_expr (Expression)
new_expr (Expression)
- class angr.ailment.IRSBConverter¶
Bases:
Converter- static convert(irsb, manager)¶
Convert the given IRSB to an AIL block
- Parameters:
irsb – The IRSB to convert
manager – The manager to use
- Returns:
Returns the converted block
- class angr.ailment.Manager
Bases:
object- __init__(name=None, arch=None)
- Parameters:
name (str | None)
- next_atom()
- reset()
- class angr.ailment.PCodeIRSBConverter
Bases:
ConverterConverts a p-code IRSB to an AIL block
- static convert(irsb, manager)
Convert the given IRSB to an AIL block
- class angr.ailment.Register
Bases:
Atom- __init__(idx, variable, reg_offset, bits, **kwargs)
- reg_offset
- likes(other)
- matches(other)
- copy()
- Return type:
- deep_copy(manager)
- Return type:
- class angr.ailment.Statement
Bases:
TaggedObject,ABCThe base class of all AIL statements.
- abstractmethod replace(old_expr, new_expr)
- Return type:
- Parameters:
old_expr (Expression)
new_expr (Expression)
- eq(expr0, expr1)
- abstractmethod likes(other)
- Return type:
- abstractmethod matches(other)
- Return type:
- abstract property depth: int
- class angr.ailment.Tmp
Bases:
Atom- tmp_idx
- likes(other)
- matches(other)
- copy()
- Return type:
- deep_copy(manager)
- Return type:
- class angr.ailment.UnaryOp
Bases:
Op- __init__(idx, op, operand, variable=None, variable_offset=None, bits=None, **kwargs)
- Parameters:
idx (int)
op (str)
operand (Expression)
variable_offset (int | None)
- operand
- variable
- variable_offset
- likes(other)
- matches(other)
- replace(old_expr, new_expr)
- property operands
- copy()
- Return type:
- deep_copy(manager)
- Return type:
- has_atom(atom, identity=True)
- class angr.ailment.VEXIRSBConverter
Bases:
Converter- static convert(irsb, manager)
- Parameters:
irsb
manager
- Returns:
Submodules