angr.analyses.cfg.indirect_jump_resolvers.const_resolver¶

angr.analyses.cfg.indirect_jump_resolvers.const_resolver.exists_in_replacements(replacements, block_loc, tmp_var)¶

class angr.analyses.cfg.indirect_jump_resolvers.const_resolver.ConstantResolver¶

Bases: IndirectJumpResolver

Resolve an indirect jump by running a constant propagation on the entire function and check if the indirect jump can be resolved to a constant value. This resolver must be run after all other more specific resolvers.

__init__(project, max_func_nodes=512)¶

Parameters:: max_func_nodes (int)

resolve(cfg, addr, func_addr, block, jumpkind, func_graph_complete=True, **kwargs)¶

This function does the actual resolve. Our process is easy: Propagate all values inside the function specified, then extract the tmp_var used for the indirect jump from the basic block. Use the tmp var to locate the constant value stored in the replacements. If not present, returns False tuple.

Parameters:

cfg – CFG with specified function
addr (int) – Address of indirect jump
func_addr (int) – Address of function of indirect jump
block (Block) – Block of indirect jump (Block object)
jumpkind (str) – VEX jumpkind (Ijk_Boring or Ijk_Call)
func_graph_complete (bool)

Returns:

Bool tuple with replacement address