angr.procedures.stubs.format_parser¶

class angr.procedures.stubs.format_parser.FormatString¶

Bases: object

Describes a format string.

SCANF_DELIMITERS = [b'\t', b'\n', b'\x0b', b'\r', b' ']¶

__init__(parser, components)¶: Takes a list of components which are either just strings or a FormatSpecifier.

property state¶

replace(va_arg)¶

Implement printf - based on the stored format specifier information, format the values from the arg getter function args into a string.

Parameters:: va_arg – A function which takes a type and returns the next argument of that type
Returns:: The result formatted string

interpret(va_arg, addr=None, simfd=None)¶

implement scanf - extract formatted data from memory or a file according to the stored format specifiers and store them into the pointers extracted from args.

Parameters:

va_arg – A function which, given a type, returns the next argument of that type
addr – The address in the memory to extract data from, or…
simfd – A file descriptor to use for reading data from

Returns:

The number of arguments parsed

class angr.procedures.stubs.format_parser.FormatSpecifier¶

Bases: object

Describes a format specifier within a format string.

__init__(sss, length_spec, pad_chr, ty)¶

Parameters:: ty (SimType)

string

ty

length_spec

pad_chr

property signed¶

property size¶

property spec_type¶

class angr.procedures.stubs.format_parser.FormatParser¶

Bases: SimProcedure

For SimProcedures relying on printf-style format strings.

ARGS_MISMATCH = True¶

basic_spec = {b'A': double, b'E': double, b'F': double, b'G': double, b'X': unsigned int, b'a': double, b'c': char, b'd': int, b'e': double, b'f': double, b'g': double, b'i': int, b'n': unsigned int*, b'o': unsigned int, b'p': unsigned int*, b's': char*, b'u': unsigned int, b'x': unsigned int}¶

int_sign = {'signed': [b'd', b'i'], 'unsigned': [b'o', b'u', b'x', b'X']}¶

int_len_mod = {b'h': (short, unsigned short), b'hh': (char, char), b'j': (long long, unsigned long long), b'l': (long, unsigned long), b'll': (long long, unsigned long long), b't': (long, long), b'z': (size_t, size_t)}¶

other_types = {('string',): <function FormatParser.<lambda>>}¶

flags = ['#', '0', '\\-', ' ', '\\+', "\\'", 'I']¶

extract_components(fmt)¶

Extract the actual formats from the format string fmt.

Parameters:: fmt (list) – A list of format chars.
Return type:: list[bytes | FormatSpecifier]
Returns:: a FormatString object

class angr.procedures.stubs.format_parser.ScanfFormatParser¶

Bases: FormatParser

For SimProcedures relying on scanf-style format strings.

basic_spec = {b'A': float, b'E': float, b'F': float, b'G': float, b'X': unsigned int, b'a': float, b'c': char, b'd': int, b'e': float, b'f': float, b'g': float, b'i': int, b'n': unsigned int*, b'o': unsigned int, b'p': unsigned int*, b's': char*, b'u': unsigned int, b'x': unsigned int}¶

float_spec = [b'e', b'E', b'f', b'F', b'g', b'G', b'a', b'A']¶

float_len_mod = {b'l': <class 'angr.sim_type.SimTypeDouble'>, b'll': <class 'angr.sim_type.SimTypeDouble'>}¶