Skip to content

Commit fba8231

Browse files
mborgersonmborgerson
committed
Migrate away from deprecated angr CFG model API
1 parent c7de71d commit fba8231

File tree

9 files changed

+37
-31
lines changed

9 files changed

+37
-31
lines changed

patcherex/techniques/indirectcfi.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,7 @@ def is_mainbin_call(self,addr,ff):
4848
# but we do not apply indirectcfi if we find an allocate of executable memory
4949
return True
5050

51-
baddr = self.patcher.cfg.get_any_node(addr,anyaddr=True).addr
51+
baddr = self.patcher.cfg.model.get_any_node(addr,anyaddr=True).addr
5252
if baddr == None:
5353
return False
5454
call_sites = ff.get_call_sites()

patcherex/techniques/malloc_ext_patcher.py

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -70,7 +70,7 @@ def get_reg_free_map(self):
7070
# map all basic block addresses in the function to which regs are read or written
7171
reg_free_map = dict()
7272
reg_not_free_map = dict()
73-
for n in self.patcher.cfg.nodes():
73+
for n in self.patcher.cfg.model.nodes():
7474
assert n.addr not in reg_free_map #no duplicated nodes
7575
assert n.addr != 0 #no weird nodes
7676

@@ -118,7 +118,7 @@ def is_reg_free(self,addr,reg,ignore_current_bb,debug=False):
118118
return False
119119

120120
def is_last_returning_block(self,node):
121-
node = self.patcher.cfg.get_any_node(node.addr)
121+
node = self.patcher.cfg.model.get_any_node(node.addr)
122122
try:
123123
function = self.patcher.cfg.functions[node.function_address]
124124
except KeyError:
@@ -129,7 +129,7 @@ def is_last_returning_block(self,node):
129129
return False
130130

131131
def last_block_to_return_locations(self,addr):
132-
node = self.patcher.cfg.get_any_node(addr)
132+
node = self.patcher.cfg.model.get_any_node(addr)
133133
if node is None:
134134
return []
135135
function = self.patcher.cfg.functions[node.function_address]
@@ -138,14 +138,14 @@ def last_block_to_return_locations(self,addr):
138138

139139
return_locations = []
140140
for site in self.inv_callsites[function.addr]:
141-
node = self.patcher.cfg.get_any_node(site)
142-
nlist = self.patcher.cfg.get_successors_and_jumpkind(node, excluding_fakeret=False)
141+
node = self.patcher.cfg.model.get_any_node(site)
142+
nlist = self.patcher.cfg.model.get_successors_and_jumpkind(node, excluding_fakeret=False)
143143
return_locations.extend([n[0] for n in nlist if n[1]=='Ijk_FakeRet'])
144144
return return_locations
145145

146146
def get_all_succ(self,addr):
147147
cfg = self.patcher.cfg
148-
all_nodes = cfg.get_all_nodes(addr)
148+
all_nodes = cfg.model.get_all_nodes(addr)
149149
if len(all_nodes) != 1:
150150
raise CfgError()
151151
n = all_nodes[0]
@@ -155,7 +155,7 @@ def get_all_succ(self,addr):
155155
return [n.addr for n in self.last_block_to_return_locations(addr)], False
156156

157157
all_succ = set()
158-
for s, jk in cfg.get_successors_and_jumpkind(n):
158+
for s, jk in cfg.model.get_successors_and_jumpkind(n):
159159
if not jk.startswith("Ijk_Sys"):
160160
all_succ.add(s.addr)
161161
# a syscall writes in eax, I do not handle it explicitly

patcherex/techniques/noflagprintf.py

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -60,7 +60,8 @@ def hash_str(tstr):
6060
def ro_segments(self):
6161
if self._ro_segments is None:
6262
self._ro_segments = tuple(
63-
seg for seg in self.patcher.project.loader.main_object.segments if seg.is_readable and not seg.is_writable
63+
seg for seg in self.patcher.project.loader.main_object.segments
64+
if seg.is_readable and not seg.is_writable
6465
)
6566

6667
return self._ro_segments
@@ -79,7 +80,8 @@ def get_patches(self):
7980
continue
8081

8182
fmt_arg_pos = PRINTF_VARIANTS[func_name]
82-
callers = set.union(set(), *(cfg.get_predecessors(node) for node in cfg.get_all_nodes(func.addr)))
83+
callers = set.union(set(), *(cfg.model.get_predecessors(node)
84+
for node in cfg.model.get_all_nodes(func.addr)))
8385

8486
handled_addrs = set()
8587
func_to_cfg = {}

patcherex/techniques/simple_ptr_enc.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1172,7 +1172,7 @@ def _generate_syscall_patches(self, cfg, syscall_name, argument_indices_in, argu
11721172
if syscall is None:
11731173
return patches
11741174

1175-
predecessors = cfg.get_any_node(syscall.addr).predecessors
1175+
predecessors = cfg.model.get_any_node(syscall.addr).predecessors
11761176
for pred in predecessors:
11771177
# it must ends with int 80h
11781178
last_instr_addr = pred.instruction_addrs[-1]

patcherex/techniques/stackretencryption.py

Lines changed: 10 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -176,7 +176,7 @@ def add_stackretencryption_to_function(self,start,ends):
176176

177177
tailp = []
178178
for i,e in enumerate(ends):
179-
bb_addr = self.patcher.cfg.get_any_node(e,anyaddr=True).addr
179+
bb_addr = self.patcher.cfg.model.get_any_node(e,anyaddr=True).addr
180180
code = self.add_patch_at_bb(bb_addr,is_tail=True)
181181
tailp.append(InsertCodePatch(e,code,name="stackretencryption_tail_%d_%d_%#x"%(self.npatch,i,start),priority=100))
182182

@@ -216,7 +216,7 @@ def function_to_patch_locations(self,ff):
216216
return None, None
217217

218218
def is_last_returning_block(self,node):
219-
node = self.patcher.cfg.get_any_node(node.addr)
219+
node = self.patcher.cfg.model.get_any_node(node.addr)
220220
try:
221221
function = self.patcher.cfg.functions[node.function_address]
222222
except KeyError:
@@ -227,7 +227,7 @@ def is_last_returning_block(self,node):
227227
return False
228228

229229
def last_block_to_return_locations(self,addr):
230-
node = self.patcher.cfg.get_any_node(addr)
230+
node = self.patcher.cfg.model.get_any_node(addr)
231231
if node == None:
232232
return []
233233
function = self.patcher.cfg.functions[node.function_address]
@@ -236,8 +236,8 @@ def last_block_to_return_locations(self,addr):
236236

237237
return_locations = []
238238
for site in self.inv_callsites[function.addr]:
239-
node = self.patcher.cfg.get_any_node(site)
240-
nlist = self.patcher.cfg.get_successors_and_jumpkind(node, excluding_fakeret=False)
239+
node = self.patcher.cfg.model.get_any_node(site)
240+
nlist = self.patcher.cfg.model.get_successors_and_jumpkind(node, excluding_fakeret=False)
241241
return_locations.extend([n[0] for n in nlist if n[1]=='Ijk_FakeRet'])
242242
return return_locations
243243

@@ -264,7 +264,7 @@ def get_reg_free_map(self):
264264
# map all basic block addresses in the function to which regs are read or written
265265
reg_free_map = dict()
266266
reg_not_free_map = dict()
267-
for n in self.patcher.cfg.nodes():
267+
for n in self.patcher.cfg.model.nodes():
268268

269269
if self.patcher.project.is_hooked(n.addr):
270270
continue
@@ -302,7 +302,7 @@ def get_reg_free_map(self):
302302

303303
def get_all_succ(self,addr):
304304
cfg = self.patcher.cfg
305-
all_nodes = cfg.get_all_nodes(addr)
305+
all_nodes = cfg.model.get_all_nodes(addr)
306306
if len(all_nodes) != 1:
307307
raise CfgError()
308308
n = all_nodes[0]
@@ -312,7 +312,7 @@ def get_all_succ(self,addr):
312312
return [n.addr for n in self.last_block_to_return_locations(addr)], False
313313

314314
all_succ = set()
315-
for s, jk in cfg.get_successors_and_jumpkind(n):
315+
for s, jk in cfg.model.get_successors_and_jumpkind(n):
316316
if not jk.startswith("Ijk_Sys"):
317317
all_succ.add(s.addr)
318318
# a syscall writes in eax, I do not handle it explicitly
@@ -370,7 +370,8 @@ def _func_is_safe(self, ident, func):
370370
return True
371371

372372
# skip functions that have enough predecessors
373-
if len(self.patcher.cfg.get_predecessors(self.patcher.cfg.get_any_node(func.addr))) > self.safe_calls_limit:
373+
predecessors = self.patcher.cfg.model.get_predecessors(self.patcher.cfg.model.get_any_node(func.addr))
374+
if len(predecessors) > self.safe_calls_limit:
374375
return True
375376

376377
is_safe = True

patcherex/techniques/transmitprotection.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -139,7 +139,7 @@ def get_patches(self):
139139
l.warning("Found %d transmit_wrapper... better not to touch anything"%len(transmit_wrapper))
140140
return []
141141
transmit_wrapper = transmit_wrapper[0]
142-
victim_node = cfg.get_any_node(transmit_wrapper.addr)
142+
victim_node = cfg.model.get_any_node(transmit_wrapper.addr)
143143
victim_addr = int(victim_node.instruction_addrs[-1])
144144

145145
patches.extend(self.compute_patches(victim_addr))

patcherex/techniques/uninitialized_patcher.py

Lines changed: 10 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -72,7 +72,7 @@ def get_reg_free_map(self):
7272
# map all basic block addresses in the function to which regs are read or written
7373
reg_free_map = dict()
7474
reg_not_free_map = dict()
75-
for n in self.patcher.cfg.nodes():
75+
for n in self.patcher.cfg.model.nodes():
7676

7777
if self.patcher.project.is_hooked(n.addr):
7878
continue
@@ -113,7 +113,8 @@ def _should_skip(self, ff):
113113
return True
114114
if cfg_utils.is_floatingpoint_function(self.patcher, ff):
115115
return True
116-
all_pred_addrs = set(x.addr for x in self.patcher.cfg.get_predecessors(self.patcher.cfg.get_any_node(ff.addr)))
116+
predecessors = self.patcher.cfg.model.get_predecessors(self.patcher.cfg.model.get_any_node(ff.addr))
117+
all_pred_addrs = set(x.addr for x in predecessors)
117118
if len(all_pred_addrs) > 5:
118119
return True
119120

@@ -143,7 +144,7 @@ def is_reg_free(self,addr,reg,ignore_current_bb,debug=False):
143144
return False
144145

145146
def is_last_returning_block(self,node):
146-
node = self.patcher.cfg.get_any_node(node.addr)
147+
node = self.patcher.cfg.model.get_any_node(node.addr)
147148
try:
148149
function = self.patcher.cfg.functions[node.function_address]
149150
except KeyError:
@@ -154,7 +155,7 @@ def is_last_returning_block(self,node):
154155
return False
155156

156157
def last_block_to_return_locations(self,addr):
157-
node = self.patcher.cfg.get_any_node(addr)
158+
node = self.patcher.cfg.model.get_any_node(addr)
158159
if node is None:
159160
return []
160161
function = self.patcher.cfg.functions[node.function_address]
@@ -163,14 +164,14 @@ def last_block_to_return_locations(self,addr):
163164

164165
return_locations = []
165166
for site in self.inv_callsites[function.addr]:
166-
node = self.patcher.cfg.get_any_node(site)
167-
nlist = self.patcher.cfg.get_successors_and_jumpkind(node, excluding_fakeret=False)
167+
node = self.patcher.cfg.model.get_any_node(site)
168+
nlist = self.patcher.cfg.model.get_successors_and_jumpkind(node, excluding_fakeret=False)
168169
return_locations.extend([n[0] for n in nlist if n[1]=='Ijk_FakeRet'])
169170
return return_locations
170171

171172
def get_all_succ(self,addr):
172173
cfg = self.patcher.cfg
173-
all_nodes = cfg.get_all_nodes(addr)
174+
all_nodes = cfg.model.get_all_nodes(addr)
174175
if len(all_nodes) != 1:
175176
raise CfgError()
176177
n = all_nodes[0]
@@ -180,7 +181,7 @@ def get_all_succ(self,addr):
180181
return [n.addr for n in self.last_block_to_return_locations(addr)], False
181182

182183
all_succ = set()
183-
for s, jk in cfg.get_successors_and_jumpkind(n):
184+
for s, jk in cfg.model.get_successors_and_jumpkind(n):
184185
if not jk.startswith("Ijk_Sys"):
185186
all_succ.add(s.addr)
186187
# a syscall writes in eax, I do not handle it explicitly
@@ -278,7 +279,7 @@ def _handle_func(self, ff):
278279
bl, seen, written = to_process.pop()
279280
seen.add(bl)
280281

281-
cfg_node = self.patcher.cfg.get_any_node(bl.addr)
282+
cfg_node = self.patcher.cfg.model.get_any_node(bl.addr)
282283
if not cfg_node:
283284
continue
284285
insts = cfg_node.instruction_addrs

tests/test_cfg.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -59,7 +59,7 @@ def last_block_to_callers(addr,cfg,inv_callsites):
5959
return_locations = []
6060
for site in inv_callsites[function.addr]:
6161
node = cfg.model.get_any_node(site)
62-
nlist = cfg.get_successors_and_jumpkind(node, excluding_fakeret=False)
62+
nlist = cfg.model.get_successors_and_jumpkind(node, excluding_fakeret=False)
6363
return_locations.extend([n[0] for n in nlist if n[1]=='Ijk_FakeRet'])
6464
return return_locations
6565

tests/test_techniques.py

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1324,6 +1324,8 @@ def test_countdown_1(BackendClass, data_fallback, try_pdf_removal):
13241324
pipe = subprocess.PIPE
13251325
p = subprocess.Popen([tmp_file], stdin=pipe, stdout=pipe, stderr=pipe)
13261326
res = p.communicate(b"foo\ntest\n")
1327+
print(f'got: {res[0]}')
1328+
print(f'expected: {expected_output}')
13271329
assert expected_output == res[0]
13281330

13291331

0 commit comments

Comments
 (0)