diff --git a/typetapper/analysis.py b/typetapper/analysis.py index d82d8f8..a9be2ba 100644 --- a/typetapper/analysis.py +++ b/typetapper/analysis.py @@ -56,15 +56,23 @@ class TypeTapperAnalysis(angr.Analysis): pred_addr = pred.addr pred_blockinfo = self.manager.block_info[pred_addr] callsite_addr = fakeret_addr if attrs['jumpkind'] == 'Ijk_Ret' else pred_addr if attrs['jumpkind'] in ('Ijk_Call', 'Ijk_FakeRet') else None + if attrs['jumpkind'] == 'Ijk_FakeRet': + func_addr = next((succ.function_address for succ, attrs in self._cfg.graph.succ[pred].items() if attrs['jumpkind'] == 'Ijk_Call'), None) + elif attrs['jumpkind'] == 'Ijk_Call': + func_addr = node.function_address + elif attrs['jumpkind'] == 'Ijk_Ret': + func_addr = pred.function_address + else: + func_addr = None # TAKE IT BACK NOW Y'ALL for name in node_blockinfo.ready_inputs: input_atom = node_blockinfo.inputs[name] - if attrs['jumpkind'] == 'Ijk_FakeRet': + if func_addr is not None: # determine which registers are clobbered; determine the cc - func_addr: CFGNode = next((succ.addr for succ, attrs in self._cfg.graph.succ[pred].items() if attrs['jumpkind'] == 'Ijk_Call'), None) function = self.kb.functions[func_addr] - if function.calling_convention is None or input_atom.slot_name in function.calling_convention.CALLER_SAVED_REGS: + # cc is None --> assume everything goes in and nothing goes through + if (function.calling_convention is None or input_atom.slot_name in function.calling_convention.CALLER_SAVED_REGS) ^ (attrs['jumpkind'] in ('Ijk_Call', 'Ijk_Ret')): continue output_atom = pred_blockinfo.outputs.get(input_atom.slot_name, None)