angr.analyses.decompiler.clinic

class angr.analyses.decompiler.clinic.BlockCache

Bases: tuple

BlockCache(rd, prop)

static __new__(_cls, rd, prop)

Create new instance of BlockCache(rd, prop)

prop

Alias for field number 1

rd

Alias for field number 0

class angr.analyses.decompiler.clinic.ClinicMode

Bases: Enum

Analysis mode for Clinic.

DECOMPILE = 1
COLLECT_DATA_REFS = 2
class angr.analyses.decompiler.clinic.DataRefDesc

Bases: object

The fields of this class is compatible with items inside IRSB.data_refs.

data_addr: int
data_size: int
block_addr: int
stmt_idx: int
ins_addr: int
data_type_str: str
__init__(data_addr, data_size, block_addr, stmt_idx, ins_addr, data_type_str)
Parameters:

  • data_addr (int)

  • data_size (int)

  • block_addr (int)

  • stmt_idx (int)

  • ins_addr (int)

  • data_type_str (str)

Return type:

None

class angr.analyses.decompiler.clinic.ClinicStage

Bases: IntEnum

Different stages of treating an ailment.

INITIALIZATION = 0
AIL_GRAPH_CONVERSION = 1
MAKE_RETURN_SITES = 2
MAKE_ARGUMENT_LIST = 3
TRACK_STACK_POINTERS = 4
CONSTANT_PROPAGATION = 5
MAKE_CALLSITES = 6
POST_CALLSITES = 7
PRE_SSA_LEVEL0_FIXUPS = 8
SSA_LEVEL0_TRANSFORMATION = 9
PRE_SSA_LEVEL1_SIMPLIFICATIONS = 10
SSA_LEVEL1_TRANSFORMATION = 11
POST_SSA_LEVEL1_SIMPLIFICATIONS = 12
RECOVER_VARIABLES = 13
SEMANTIC_VARIABLE_NAMING = 14
COLLECT_EXTERNS = 15
__new__(value)
class angr.analyses.decompiler.clinic.ComboRegReferenceWalker

Bases: AILBlockRewriter

Rewrite references to combo registers to load from the combo register.

__init__(project, ail_manager)
class angr.analyses.decompiler.clinic.Clinic

Bases: Analysis

A Clinic deals with AILments.

__init__(func, remove_dead_memdefs=False, exception_edges=False, sp_tracker_track_memory=True, fold_expressions=True, fold_callexprs_into_conditions=False, insert_labels=True, optimization_passes=None, cfg=None, peephole_optimizations=None, must_struct=None, variable_kb=None, reset_variable_names=False, rewrite_ites_to_diamonds=True, cache=None, mode=ClinicMode.DECOMPILE, sp_shift=0, inline_functions=None, inlined_counts=None, inlining_parents=None, vvar_id_start=0, optimization_scratch=None, desired_variables=None, force_loop_single_exit=True, refine_loops_with_single_successor=False, complete_successors=False, typehoon_cls=<class 'angr.analyses.typehoon.typehoon.Typehoon'>, max_type_constraints=100000, type_constraint_set_degradation_threshold=150, ail_graph=None, arg_vvars=None, start_stage=ClinicStage.INITIALIZATION, end_stage=None, skip_stages=(), notes=None, static_vvars=None, static_buffers=None, flatten_args=False, constrain_callee_prototypes=False, semvar_naming=True, flavor='pseudocode')
Parameters:
cc_graph: DiGraph | None
unoptimized_graph: DiGraph | None
arg_vvars: dict[int, tuple[VirtualVariable, SimVariable]] | None
externs: set[SimMemoryVariable]
data_refs: dict[int, list[DataRefDesc]]
entry_node_addr: Address
reaching_definitions: SRDAModel | None
vvar_to_vvar: dict[int, int] | None
secondary_stackvars: set[int]
edges_to_remove: list[tuple[Address, Address]]
copied_var_ids: set[int]
typehoon: Typehoon | None
stack_items: dict[int, StackItem]
block(addr, size)

Get the converted block at the given specific address with the given size.

Parameters:
Returns:

dbg_repr()
Returns:

calculate_stack_depth()
copy_graph(graph=None)
Return type:

DiGraph

parse_variable_addr(addr)
Return type:

tuple[Any, Any]

Parameters:

addr (Expression)

new_block_addr()

Return a block address that does not conflict with any existing blocks.

Return type:

int

Returns:

The block address.

static remove_empty_nodes(graph)
Return type:

DiGraph

Parameters:

graph (DiGraph)

constrain_callee_prototypes()

Constrain the types of callee function arguments based on facts that are observed at call sites. Note that this function will change the prototypes of (callee) functions in the knowledge base, which means it may affect the decompilation output of the current function if it is decompiled again.