Skip to main content
The Block class represents a basic block in a binary program, providing access to disassembly, VEX IR translation, and instruction information.

Class Signature

class Block(Serializable):
    def __init__(
        self,
        addr,
        project=None,
        arch: Arch | None = None,
        size=None,
        max_size=None,
        byte_string=None,
        thumb=False,
        backup_state=None,
        extra_stop_points=None,
        opt_level=None,
        num_inst=None,
        traceflags=0,
        strict_block_end=None,
        collect_data_refs=False,
        cross_insn_opt=True,
        load_from_ro_regions=False,
        const_prop=False,
        initial_regs=None,
        skip_stmts=False,
    )

Parameters

addr
int
The address of the start of the block.
project
Project
The angr project this block belongs to.
arch
Arch
The architecture of the block. Either project or arch must be specified.
size
int
The size of the block in bytes.
max_size
int
default:"4096"
The maximum size of the block in bytes.
byte_string
bytes
The bytes to lift instead of reading from project memory.
thumb
bool
default:"False"
Whether this is ARM Thumb mode.
backup_state
SimState
A state to read bytes from instead of using project memory.
extra_stop_points
list[int]
Additional addresses where the block should stop.
opt_level
int
The VEX optimization level (0-2).
num_inst
int
The maximum number of instructions to lift.
traceflags
int
default:"0"
Traceflags to pass to VEX.
strict_block_end
bool
Whether to strictly adhere to block end conditions.
collect_data_refs
bool
default:"False"
Whether to collect data references during lifting.
cross_insn_opt
bool
default:"True"
Whether to perform cross-instruction optimization.
load_from_ro_regions
bool
default:"False"
Whether to load from read-only memory regions.
const_prop
bool
default:"False"
Whether to perform constant propagation during lifting.
skip_stmts
bool
default:"False"
Whether to skip generating VEX statements (faster for metadata only).

Attributes

addr
int
The address of the block.
arch
Arch
The architecture of the block.
size
int
The size of the block in bytes.
thumb
bool
Whether this block is in ARM Thumb mode.
BLOCK_MAX_SIZE
int
default:"4096"
Class constant for maximum block size.

Properties

Type: IRSB | PcodeIRSBThe VEX or Pcode intermediate representation of this block.
block = proj.factory.block(0x400000)
print(block.vex.pp())  # Pretty-print the VEX IR
Type: IRSB | PcodeIRSBThe VEX IR without statements (faster, for metadata only).
Type: CapstoneBlockThe Capstone disassembly of this block.
for insn in block.capstone.insns:
    print(f"{insn.address:#x}: {insn.mnemonic} {insn.op_str}")
Type: PCodeBlockThe P-Code disassembly of this block (for P-Code architectures).
Type: DisassemblerBlockA disassembly using whatever disassembler is available (Capstone or P-Code).
Type: bytes | NoneThe raw bytes of the block.
print(block.bytes.hex())
Type: intThe number of instructions in the block.
Type: list[int]List of addresses for each instruction in the block.
for addr in block.instruction_addrs:
    print(f"Instruction at {addr:#x}")
Type: BlockNodeA CodeNode representation of this block for use in CFG.

Methods

Signature:
def pp(self, **kwargs)
Pretty-print a disassembly of the block.
block = proj.factory.block(0x400000)
block.pp()
Signature:
def set_initial_regs(self)
Set up initial registers for data reference collection.
Signature:
@staticmethod
def reset_initial_regs()
Reset the initial register values.

DisassemblerBlock Classes

These helper classes represent disassembled blocks:

DisassemblerBlock

class DisassemblerBlock:
    addr: int
    arch: Arch
    insns: list[DisassemblerInsn]
    thumb: bool
Print the block to stdout.

DisassemblerInsn

class DisassemblerInsn:
    @property
    def size(self) -> int
    @property
    def address(self) -> int
    @property
    def mnemonic(self) -> str
    @property
    def op_str(self) -> str

CapstoneBlock

A Capstone-specific implementation of DisassemblerBlock.

CapstoneInsn

A Capstone-specific implementation of DisassemblerInsn. 
class CapstoneInsn(DisassemblerInsn):
    insn: capstone.CsInsn

SootBlock

For Java/Soot analysis, there’s a separate SootBlock class: 
class SootBlock:
    def __init__(self, addr, *, project: Project, arch: Arch)
addr
SootAddressDescriptor
The Soot address descriptor.
arch
Arch
The architecture (ArchSoot).
soot
SootIRSB
The Soot IR representation.
size
int
The number of Soot statements.

Example Usage

import angr

proj = angr.Project('/bin/ls')

# Create a block at the entry point
block = proj.factory.block(proj.entry)

# Basic information
print(f"Block at {block.addr:#x}")
print(f"Size: {block.size} bytes")
print(f"Instructions: {block.instructions}")

# Disassembly
print("\nDisassembly:")
block.pp()

# Alternative: Capstone disassembly
for insn in block.capstone.insns:
    print(f"{insn.address:#x}: {insn.mnemonic} {insn.op_str}")

# VEX IR
print("\nVEX IR:")
print(block.vex.pp())

# Get instruction addresses
for i, addr in enumerate(block.instruction_addrs):
    print(f"Instruction {i} at {addr:#x}")

# Get raw bytes
print(f"\nBytes: {block.bytes.hex()}")

# Create block from custom bytes
custom_block = proj.factory.block(
    addr=0x1000,
    byte_string=b'\x90\x90\x90',  # NOP instructions
    size=3
)

# Limit number of instructions
limited_block = proj.factory.block(
    addr=proj.entry,
    num_inst=5  # Only lift first 5 instructions
)

print(f"Limited block has {limited_block.instructions} instructions")

Advanced Usage

# Use optimization levels
optimized_block = proj.factory.block(
    addr=0x400000,
    opt_level=2  # Maximum VEX optimization
)

# Collect data references
data_ref_block = proj.factory.block(
    addr=0x400000,
    collect_data_refs=True
)

# Use a backup state for patched code
state = proj.factory.blank_state()
state.memory.store(0x400000, b'\x90\x90\x90\x90')
patched_block = proj.factory.block(
    addr=0x400000,
    backup_state=state
)

# Skip VEX statements for faster metadata access
fast_block = proj.factory.block(
    addr=0x400000,
    skip_stmts=True
)
print(f"Instructions: {fast_block.instructions}")
print(f"Addrs: {fast_block.instruction_addrs}")
# fast_block.vex would still trigger full lifting

Build docs developers (and LLMs) love

Get started for freeTalk to us