angr.analyses.decompiler.utils

angr.analyses.decompiler.utils.remove_last_statement(node)

angr.analyses.decompiler.utils.remove_last_statements(node)

Return type:

bool

angr.analyses.decompiler.utils.append_statement(node, stmt)

angr.analyses.decompiler.utils.replace_last_statement(node, old_stmt, new_stmt)

angr.analyses.decompiler.utils.extract_jump_targets(stmt)

Extract concrete goto targets from a Jump or a ConditionalJump statement.

Parameters:

stmt – The statement to analyze.

Returns:

A list of known concrete jump targets.

Return type:

list

angr.analyses.decompiler.utils.switch_extract_cmp_bounds(last_stmt)

Check the last statement of the switch-case header node, and extract lower+upper bounds for the comparison.

Parameters:

last_stmt (ConditionalJump | Statement) – The last statement of the switch-case header node.

Return type:

tuple[Any, int, int] | None

Returns:

A tuple of (comparison expression, lower bound, upper bound), or None

angr.analyses.decompiler.utils.switch_extract_cmp_bounds_from_condition(cond)

Return type:

tuple[Any, int, int] | None

Parameters:

cond (Expression)

angr.analyses.decompiler.utils.switch_extract_switch_expr_from_jump_target(target)

Extract the switch expression from the indirect jump target expression.

Parameters:

target (Expression) – The target of the indirect jump statement.

Return type:

Expression | None

Returns:

The extracted expression if successful, or None otherwise.

angr.analyses.decompiler.utils.switch_extract_bitwiseand_jumptable_info(last_stmt)

Check the last statement of the switch-case header node (whose address is loaded from a jump table and computed using an index) and extract necessary information for rebuilding the switch-case construct.

An example of the statement:

Goto(Conv(32->s64, (
    Load(addr=(0x4530e4<64> + (Conv(32->64, (Conv(64->32, vvar_287{reg 32}) & 0x3<32>)) * 0x4<64>)),
         size=4, endness=Iend_LE) + 0x4530e4<32>))
)

Another example:

Load(addr=(((vvar_9{reg 36} & 0x3<32>) * 0x4<32>) + 0x42cd28<32>), size=4, endness=Iend_LE)

Parameters:

last_stmt (Jump) – The last statement of the switch-case header node.

Return type:

tuple[Any, int, int] | None

Returns:

A tuple of (index expression, lower bound, upper bound), or None.

angr.analyses.decompiler.utils.get_ast_subexprs(claripy_ast)

angr.analyses.decompiler.utils.insert_node(parent, insert_location, node, node_idx, label=None)

Parameters:

• insert_location (str)

• node_idx (int)

angr.analyses.decompiler.utils.to_ail_supergraph(transition_graph, allow_fake=False)

Takes an AIL graph and converts it into a AIL graph that treats calls and redundant jumps as parts of a bigger block instead of transitions. Calls to returning functions do not terminate basic blocks.

Based on region_identifier super_graph

Return type:

DiGraph

Returns:

A converted super transition graph

Parameters:

transition_graph (DiGraph)

angr.analyses.decompiler.utils.is_empty_node(node)

Return type:

bool

angr.analyses.decompiler.utils.is_empty_or_label_only_node(node)

Return type:

bool

angr.analyses.decompiler.utils.has_nonlabel_statements(block)

Return type:

bool

Parameters:

block (Block)

angr.analyses.decompiler.utils.has_nonlabel_nonphi_statements(block)

Return type:

bool

Parameters:

block (Block)

angr.analyses.decompiler.utils.first_nonlabel_statement(block)

Return type:

Statement | None

Parameters:

block (Block | MultiNode)

angr.analyses.decompiler.utils.first_nonlabel_statement_id(block)

Return type:

int | None

Parameters:

block (Block)

angr.analyses.decompiler.utils.first_nonlabel_nonphi_statement(block)

Return type:

Statement | None

Parameters:

block (Block | MultiNode)

angr.analyses.decompiler.utils.last_nonlabel_statement(block)

Return type:

Statement | None

Parameters:

block (Block)

angr.analyses.decompiler.utils.last_node(node)

Get the last node in a sequence or code node.

Return type:

BaseNode | Block | None

Parameters:

node (BaseNode)

angr.analyses.decompiler.utils.first_nonlabel_node(seq)

Return type:

BaseNode | Block | None

Parameters:

seq (SequenceNode)

angr.analyses.decompiler.utils.first_nonlabel_nonphi_node(seq)

Return type:

BaseNode | Block | None

Parameters:

seq (SequenceNode)

angr.analyses.decompiler.utils.remove_labels(graph)

Parameters:

graph (DiGraph)

angr.analyses.decompiler.utils.add_labels(graph, ail_manager)

Parameters:

• graph (DiGraph)

• ail_manager (Manager)

angr.analyses.decompiler.utils.update_labels(graph, ail_manager)

A utility function to recreate the labels for every node in an AIL graph. This useful when you are working with a graph where only _some_ of the nodes have labels.

Parameters:

• graph (DiGraph)

• ail_manager (Manager)

angr.analyses.decompiler.utils.structured_node_has_multi_predecessors(node, graph)

Return type:

bool

Parameters:

• node (SequenceNode | MultiNode | Block)

• graph (DiGraph)

angr.analyses.decompiler.utils.structured_node_is_simple_return(node, graph, use_packed_successors=False)

Check if a “simple return” is contained within the node. A simple return looks like this:

if (cond) {
  // simple return
  ...
  return 0;
}
...

Returns true on any block ending in linear statements and a return.

Return type:

bool

Parameters:

• node (SequenceNode | MultiNode)

• graph (DiGraph)

angr.analyses.decompiler.utils.structured_node_is_simple_return_strict(node)

Returns True iff the node exclusively contains a return statement.

Return type:

bool

Parameters:

node (BaseNode | SequenceNode | MultiNode | Block)

angr.analyses.decompiler.utils.is_statement_terminating(stmt, functions)

Return type:

bool

Parameters:

stmt (Statement)

angr.analyses.decompiler.utils.peephole_optimize_exprs(block, expr_opts)

angr.analyses.decompiler.utils.peephole_optimize_expr(expr, expr_opts)

Parameters:

• expr (Expression)

• expr_opts (list[PeepholeOptimizationExprBase])

angr.analyses.decompiler.utils.copy_graph(graph)

Copy AIL Graph.

Returns:

A copy of the AIl graph.

angr.analyses.decompiler.utils.peephole_optimize_stmts(block, stmt_opts)

angr.analyses.decompiler.utils.match_stmt_classes(all_stmts, idx, stmt_class_seq)

Return type:

bool

Parameters:

• all_stmts (list)

• idx (int)

• stmt_class_seq (Iterable[type])

angr.analyses.decompiler.utils.peephole_optimize_multistmts(block, stmt_opts)

Parameters:

stmt_opts (list[PeepholeOptimizationMultiStmtBase])

angr.analyses.decompiler.utils.decompile_functions(path, functions=None, structurer=None, catch_errors=False, show_casts=True, base_address=None, preset=None, cca=False, cca_callsites=True, llm=False, progressbar=False, postmortem=False)

Decompile a binary into a set of functions.

Parameters:

• path – The path to the binary to decompile.

• functions (list[int | str] | None) – The functions to decompile. If None, all functions will be decompiled.

• structurer (str | None) – The structuring algorithms to use.

• catch_errors (bool) – The structuring algorithms to use.

• show_casts (bool) – Whether to show casts in the decompiled output.

• base_address (int | None) – The base address of the binary.

• preset (str | None) – The configuration preset to use during decompilation.

• cca (bool)

• cca_callsites (bool)

• llm (bool)

• progressbar (bool)

• postmortem (bool)

Return type:

str

Returns:

The decompilation of all functions appended in order.

angr.analyses.decompiler.utils.calls_in_graph(graph, consider_conditions=False)

Counts the number of calls in a graph full of AIL Blocks

Return type:

int

Parameters:

• graph (DiGraph)

• consider_conditions (bool)

angr.analyses.decompiler.utils.call_exprs_in_graph(graph, consider_conditions=False)

Return a list of all call expressions in a given AIL graph.

Return type:

list[tuple[tuple[tuple[int, int | None], int], Call]]

Parameters:

• graph (DiGraph)

• consider_conditions (bool)

angr.analyses.decompiler.utils.has_addr_dups(graph)

Parameters:

graph (networkx.DiGraph[Block])

Return type:

bool

angr.analyses.decompiler.utils.find_block_by_addr(graph, addr, insn_addr=False)

Return type:

Block

Parameters:

graph (DiGraph)

angr.analyses.decompiler.utils.find_block_by_addr_and_idx(graph, addr, idx)

Return type:

Block

Parameters:

• graph (DiGraph)

• addr (int)

• idx (int | None)

angr.analyses.decompiler.utils.sequence_to_blocks(seq)

Converts a sequence node (BaseNode) to a list of ailment blocks contained in it and all its children.

Return type:

list[Block]

Parameters:

seq (BaseNode)

angr.analyses.decompiler.utils.sequence_to_statements(seq, exclude=(<class 'angr.ailment.statement.Jump'>, <class 'angr.ailment.statement.Jump'>))

Converts a sequence node (BaseNode) to a list of ailment Statements contained in it and all its children. May exclude certain types of statements.

Return type:

list[Statement]

Parameters:

seq (BaseNode)

angr.analyses.decompiler.utils.remove_edges_in_ailgraph(ail_graph, edges_to_remove)

Return type:

None

Parameters:

• ail_graph (DiGraph)

• edges_to_remove (list[tuple[tuple[int, int | None], tuple[int, int | None]]])