angr.analyses.calling_convention

class angr.analyses.calling_convention.CallingConventionAnalysis

Bases: Analysis

Analyze the calling convention of a function and guess a probable prototype.

The calling convention of a function can be inferred at both its call sites and the function itself. At call sites, we consider all register and stack variables that are not alive after the function call as parameters to this function. In the function itself, we consider all register and stack variables that are read but without initialization as parameters. Then we synthesize the information from both locations and make a reasonable inference of calling convention of this function.

Variables:

  • _function – The function to recover calling convention for.

  • _variable_manager – A handy accessor to the variable manager.

  • _cfg – A reference of the CFGModel of the current binary. It is used to discover call sites of the current function in order to perform analysis at call sites.

  • analyze_callsites – True if we should analyze all call sites of the current function to determine the calling convention and arguments. This can be time-consuming if there are many call sites to analyze.

  • cc (SimCC | None) – The recovered calling convention for the function.

  • _collect_facts – True if we should run FunctionFactCollector to collect input arguments and return value size. False if input arguments and return value size are provided by the user.

__init__(func, cfg=None, analyze_callsites=False, caller_func_addr=None, callsite_block_addr=None, callsite_insn_addr=None, func_graph=None, input_args=None, retval_size=None, extra_pop=None, collect_facts=False, collect_facts_arg_uses=False, collect_facts_arg_passthru=False)
Parameters:

  • func (Function | int | str | None)

  • cfg (CFGModel | None)

  • analyze_callsites (bool)

  • caller_func_addr (int | None)

  • callsite_block_addr (int | None)

  • callsite_insn_addr (int | None)

  • func_graph (DiGraph | None)

  • input_args (list[SimRegArg | SimStackArg] | None)

  • retval_size (int | None)

  • extra_pop (int | None)

  • collect_facts (bool)

  • collect_facts_arg_uses (bool)

  • collect_facts_arg_passthru (bool)

is_va_start_amd64(func)
Return type:

tuple[bool, int | None]

Parameters:

func (Function)

class angr.analyses.calling_convention.FactCollector

Bases: Analysis

An extremely fast analysis that extracts necessary facts of a function for CallingConventionAnalysis to make decision on the calling convention and prototype of a function.

__init__(func, max_depth=100, track_arg_uses=False, track_arg_passthru=False)
Parameters:

Submodules

calling_convention

fact_collector

utils