clean up reg_setter

angrop/chain_builder/builder.py

@@ -226,15 +226,16 @@ def map_stack_var(ast, value):
             if sym_var in stack_var_to_value:
                 val = stack_var_to_value[sym_var]
                 if isinstance(val, RopGadget):
-                    chain._add_gadget_value(val)
+                    # this is special, we know this won't be "next_pc", so don't try
+                    # to take "next_pc"'s position
+                    value = RopValue(val.addr, self.project)
+                    value.rebase_analysis(chain=chain)
+                    chain.add_value(value)
                 else:
                     # HACK: Because angrop appears to have originally been written
                     # with assumptions around x86 ret gadgets, the target of the final jump
                     # is not included in the chain if it is the last value.
-                    if (
-                        offset == stack_change - bytes_per_pop
-                        and val is next_pc_val
-                    ):
+                    if offset == stack_change - bytes_per_pop and val is next_pc_val:
                         break
                     chain.add_value(val)
             else:

angrop/chain_builder/mem_changer.py

@@ -96,7 +96,7 @@ def add_to_mem(self, addr, value, data_size=None):
         # get the data from trying to set all the registers
         registers = dict((reg, 0x41) for reg in self.chain_builder.arch.reg_set)
         l.debug("getting reg data for mem adds")
-        _, _, reg_data = self.chain_builder._reg_setter._find_reg_setting_gadgets(max_stack_change=0x50, **registers)
+        _, _, reg_data = self.chain_builder._reg_setter.find_candidate_chains_graph_search(max_stack_change=0x50, **registers)
         l.debug("trying mem_add gadgets")
 
         # filter out gadgets that certainly cannot be used for add_mem

angrop/chain_builder/mem_writer.py

@@ -52,7 +52,7 @@ def _gen_mem_write_gadgets(self, string_data):
             registers = dict((reg, 0x41) for reg in self.arch.reg_set)
             l.debug("getting reg data for mem writes")
             reg_setter = self.chain_builder._reg_setter
-            _, _, reg_data = reg_setter._find_reg_setting_gadgets(max_stack_change=0x50, **registers)
+            _, _, reg_data = reg_setter.find_candidate_chains_graph_search(max_stack_change=0x50, **registers)
             l.debug("trying mem_write gadgets")
 
             # limit the maximum size of the chain
@@ -79,7 +79,7 @@ def _gen_mem_write_gadgets(self, string_data):
                 use_partial_controllers = True
                 l.warning("Trying to use partial controllers for memory write")
                 l.debug("getting reg data for mem writes")
-                _, _, reg_data = self.chain_builder._reg_setter._find_reg_setting_gadgets(max_stack_change=0x50,
+                _, _, reg_data = self.chain_builder._reg_setter.find_candidate_chains_graph_search(max_stack_change=0x50,
                                                                 use_partial_controllers=True,
                                                                 **registers)
                 l.debug("trying mem_write gadgets")