angr.engines.vex¶
- class angr.engines.vex.ClaripyDataMixin
Bases:
VEXMixinThis mixin provides methods that makes the vex engine process guest code using claripy ASTs as the data domain.
- class angr.engines.vex.HeavyResilienceMixin
Bases:
VEXResilienceMixin,ClaripyDataMixin
- class angr.engines.vex.HeavyVEXMixin
Bases:
SuccessorsEngine,ClaripyDataMixin,SimStateStorageMixin,VEXMixin,VEXLifterExecution engine based on VEX, Valgrind’s IR.
Responds to the following parameters to the step stack:
irsb: The PyVEX IRSB object to use for execution. If not provided one will be lifted.
skip_stmts: The number of statements to skip in processing
last_stmt: Do not execute any statements after this statement
whitelist: Only execute statements in this set
thumb: Whether the block should be force to be lifted in ARM’s THUMB mode.
- extra_stop_points:
An extra set of points at which to break basic blocks
opt_level: The VEX optimization level to use.
insn_bytes: A string of bytes to use for the block instead of the project.
size: The maximum size of the block, in bytes.
num_inst: The maximum number of instructions.
traceflags: traceflags to be passed to VEX. (default: 0)
- class angr.engines.vex.SimInspectMixin
Bases:
VEXMixin- handle_vex_block(irsb)
- class angr.engines.vex.SuperFastpathMixin
Bases:
VEXSlicingMixinThis mixin implements the superfastpath execution mode, which skips all but the last four instructions.
- handle_vex_block(irsb)
- class angr.engines.vex.TrackActionsMixin
Bases:
HeavyVEXMixin- __init__(*args, **kwargs)
- handle_vex_block(irsb)
- class angr.engines.vex.VEXLifter
Bases:
SimEngineImplements the VEX lifter engine mixin.
- __init__(project, use_cache=None, cache_size=5000, default_opt_level=1, selfmodifying_code=None, single_step=False, default_strict_block_end=False, **kwargs)
- clear_cache()
- lift_vex(addr=None, state=None, clemory=None, insn_bytes=None, offset=None, arch=None, size=None, num_inst=None, traceflags=0, thumb=False, extra_stop_points=None, opt_level=None, strict_block_end=None, skip_stmts=False, collect_data_refs=False, cross_insn_opt=None, load_from_ro_regions=False, const_prop=False)
Lift an IRSB.
There are many possible valid sets of parameters. You at the very least must pass some source of data, some source of an architecture, and some source of an address.
Sources of data in order of priority: insn_bytes, clemory, state
Sources of an address, in order of priority: addr, state
Sources of an architecture, in order of priority: arch, clemory, state
- Parameters:
state – A state to use as a data source.
clemory (
Clemory|ClemoryReadOnlyView|None) – A cle.memory.Clemory object to use as a data source.addr – The address at which to start the block.
thumb – Whether the block should be lifted in ARM’s THUMB mode.
opt_level – The VEX optimization level to use. The final IR optimization level is determined by (ordered by priority): - Argument opt_level - opt_level is set to 1 if OPTIMIZE_IR exists in state options - self._default_opt_level
insn_bytes (
bytes|None) – A string of bytes to use as a data source.offset – If using insn_bytes, the number of bytes in it to skip over.
size – The maximum size of the block, in bytes.
num_inst – The maximum number of instructions.
traceflags – traceflags to be passed to VEX. (default: 0)
strict_block_end – Whether to force blocks to end at all conditional branches (default: false)
- Return type:
- class angr.engines.vex.VEXMixin
Bases:
SimEngine- __init__(project, **kwargs)
- handle_vex_block(irsb)
- Parameters:
irsb (IRSB)
- class angr.engines.vex.VEXResilienceMixin
Bases:
VEXMixin
- class angr.engines.vex.VEXSlicingMixin
Bases:
VEXMixin- __init__(*args, **kwargs)
- process(state, block=None, skip_stmts=0, last_stmt=None, whitelist=None, **kwargs)
- handle_vex_block(irsb)
Submodules