Add MLIL_ADDRESS_OF_SSA and MLIL_ADDRESS_OF_FIELD_SSA operations

[joshwatson]

The MediumLevelILOperation.MLIL_ADDRESS_OF operation has a Variable operand, but in SSA form, this omits information about the version of the Variable in question. Take the following:

In order to identify where the value of the address esp#4 is being set is instruction 116, one must do something like the following:

stack_var = il.src.src # il is esp#4 = &var_4
ssa_version = il.get_ssa_var_version(stack_var)
ssa_var = SSAVariable(stack_var, ssa_version)
definition = mlil.get_ssa_var_definition(ssa_var)

With an MLIL_ADDRESS_OF_SSA operation, it would be as simple as:

stack_var = il.src.src #il is esp#4 = &var_4#3
definition = mlil.get_ssa_var_definition(ssa_var)

Similarly, an MLIL_ADDRESS_OF_FIELD_SSA operation would be useful.

[D0ntPanic]

Taking the address of a variable gives you the address of the variable's location in memory. This does not have any actual association to the version of the variable. The only meaningful version of the variable is where the pointer is being dereferenced or stored to, which may be multiple times and is likely different from the version where the address was originally taken. In the case of your example the pointer is never referenced directly, (the real issue is not recognizing that the top of the stack isn't actually a return) so it would be up to you to determine which context the deference should occur in (here, the return, but in general there is no defined context).

This is intentional design and will not be changed.