angr.state_plugins.callstack

class angr.state_plugins.callstack.CallStack

Bases: SimStatePlugin

Stores the address of the function you’re in and the value of SP at the VERY BOTTOM of the stack, i.e. points to the return address.

__init__(call_site_addr=0, func_addr=0, stack_ptr=0, ret_addr=0, jumpkind='Ijk_Call', next_frame=None, invoke_return_variable=None)
Parameters:

next_frame (Self | None)

copy_without_tail(memo)
property current_function_address

Address of the current function.

Returns:

the address of the function

Return type:

int

property current_stack_pointer

Get the value of the stack pointer.

Returns:

Value of the stack pointer

Return type:

int

property current_return_target

Get the return target.

Returns:

The address of return target.

Return type:

int

static stack_suffix_to_string(stack_suffix)

Convert a stack suffix to a human-readable string representation. :type tuple stack_suffix: :param tuple stack_suffix: The stack suffix. :return: A string representation :rtype: str

property top: Self

Returns the element at the top of the callstack without removing it.

Returns:

A CallStack.

push(cf)

Push the frame cf onto the stack. Return the new stack.

Return type:

Self

Parameters:

cf (Self)

pop()

Pop the top frame from the stack. Return the new stack.

call(callsite_addr, addr, retn_target=None, stack_pointer=None)

Push a stack frame into the call stack. This method is called when calling a function in CFG recovery.

Parameters:

  • callsite_addr (int) – Address of the call site

  • addr (int) – Address of the call target

  • retn_target (int or None) – Address of the return target

  • stack_pointer (int) – Value of the stack pointer

Returns:

None

ret(retn_target=None)

Pop one or many call frames from the stack. This method is called when returning from a function in CFG recovery.

Parameters:

retn_target (int) – The target to return to.

Returns:

None

dbg_repr()

Debugging representation of this CallStack object.

Returns:

Details of this CalLStack

Return type:

str

stack_suffix(context_sensitivity_level)

Generate the stack suffix. A stack suffix can be used as the key to a SimRun in CFG recovery.

Parameters:

context_sensitivity_level (int) – Level of context sensitivity.

Returns:

A tuple of stack suffix.

Return type:

tuple[int | None, ...]

class angr.state_plugins.callstack.CallStackAction

Bases: object

Used in callstack backtrace, which is a history of callstacks along a path, to record individual actions occurred each time the callstack is changed.

__init__(callstack_hash, callstack_depth, action, callframe=None, ret_site_addr=None)