Nixyri/ghidra
1
0
Fork 0
mirror of https://github.com/NationalSecurityAgency/ghidra.git synced 2025-02-18 00:20:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

GT-3149 Corrected bitfield packing for ARM/AARCH64 for Windows PE.

Browse Source 
Imposed default Thumb context setting for PE and MSCoff ARM32 imports
with addition of v8T ARM variant.  Corrected ARM pattern alignment
issues.  Corrected DBViewer long value rendering.
This commit is contained in:
ghidra1 2019-09-13 14:06:56 -04:00
parent d9da0f0b66
commit 349ef0fad2
11 changed files with 121 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Ghidra/Features/Base/src/main/java/ghidra/app/plugin/debug/DbViewerComponent.java
View File

@ -200,12 +200,12 @@ class DbViewerComponent extends JPanel {
GTable gTable = new GTable();
if (table.getRecordCount() <= 10000) {
model = new DbSmallTableModel(table);
gTable.setDefaultRenderer(Long.class, new LongRenderer());
}
else {
model = new DbLargeTableModel(table);
}
gTable.setModel(model);
gTable.setDefaultRenderer(Long.class, new LongRenderer());
JScrollPane scroll = new JScrollPane(gTable);
panel.add(scroll, BorderLayout.CENTER);

12
Ghidra/Features/Base/src/main/java/ghidra/app/plugin/debug/dbtable/LongRenderer.java
View File

@ -17,18 +17,19 @@ package ghidra.app.plugin.debug.dbtable;
import java.awt.Component;
import javax.swing.*;
import javax.swing.JLabel;
import javax.swing.SwingConstants;
import docking.widgets.table.GTableCellRenderer;
import docking.widgets.table.GTableCellRenderingData;
import ghidra.docking.settings.Settings;
public class LongRenderer extends GTableCellRenderer {
@Override
public Component getTableCellRendererComponent(GTableCellRenderingData data) {
JLabel renderer =
(JLabel) super.getTableCellRendererComponent(data);
JLabel renderer = (JLabel) super.getTableCellRendererComponent(data);
renderer.setHorizontalAlignment(SwingConstants.LEADING);
@ -39,4 +40,9 @@ public class LongRenderer extends GTableCellRenderer {
protected String getText(Object value) {
return value == null ? "" : "0x" + Long.toHexString((Long) value);
}
@Override
protected String formatNumber(Number value, Settings settings) {
return getText(value);
}
}

5
Ghidra/Framework/SoftwareModeling/src/main/java/ghidra/app/plugin/processors/sleigh/SleighLanguageProvider.java
View File

@ -369,7 +369,10 @@ public class SleighLanguageProvider implements LanguageProvider {
catch (SleighException ex) { // Error with the manual shouldn't prevent language from loading
Msg.error(this, ex.getMessage());
}
descriptions.put(id, description);
if (descriptions.put(id, description) != null) {
Msg.showError(this, null, "Duplicate Sleigh Language ID",
"Language " + id + " previously defined: " + defsFile);
}
}
parser.end(start);
}

3
Ghidra/Processors/AARCH64/data/languages/AARCH64_win.cspec
View File

@ -25,6 +25,9 @@
<entry size="8" alignment="8" />
<entry size="16" alignment="16" />
</size_alignment_map>
<bitfield_packing>
<use_MS_convention value="true"/>
</bitfield_packing>
</data_organization>
<global>

2
Ghidra/Processors/ARM/certification.manifest
View File

@ -5,7 +5,6 @@ data/languages/ARM.cspec||GHIDRA||||END|
data/languages/ARM.dwarf||GHIDRA||||END|
data/languages/ARM.ldefs||GHIDRA||||END|
data/languages/ARM.opinion||GHIDRA||||END|
data/languages/ARM.pspec||GHIDRA||||END|
data/languages/ARM.sinc||GHIDRA||||END|
data/languages/ARM4_be.slaspec||GHIDRA||||END|
data/languages/ARM4_le.slaspec||GHIDRA||||END|
@ -30,6 +29,7 @@ data/languages/ARMinstructions.sinc||GHIDRA||||END|
data/languages/ARMneon.dwarf||GHIDRA||||END|
data/languages/ARMneon.sinc||GHIDRA||||END|
data/languages/ARMt.pspec||GHIDRA||||END|
data/languages/ARMtTHUMB.pspec||GHIDRA||||END|
data/languages/ARMt_v45.pspec||GHIDRA||||END|
data/languages/ARMv8.sinc||GHIDRA||||END|
data/languages/old/ARMv5.lang||GHIDRA||||END|

33
Ghidra/Processors/ARM/data/languages/ARM.ldefs
View File

@ -18,6 +18,23 @@
<external_name tool="DWARF.register.mapping.file" name="ARMneon.dwarf"/>
</language>
<language processor="ARM"
endian="little"
size="32"
variant="v8T"
version="1.102"
slafile="ARM8_le.sla"
processorspec="ARMtTHUMB.pspec"
manualindexfile="../manuals/ARM.idx"
id="ARM:LE:32:v8T">
<description>Generic ARM/Thumb v8 little endian (Thumb is default)</description>
<compiler name="default" spec="ARM.cspec" id="default"/>
<compiler name="Visual Studio" spec="ARM_win.cspec" id="windows"/>
<external_name tool="gnu" name="iwmmxt"/>
<external_name tool="IDA-PRO" name="arm"/>
<external_name tool="DWARF.register.mapping.file" name="ARMneon.dwarf"/>
</language>
<language processor="ARM"
endian="big"
instructionEndian="little"
@ -50,6 +67,22 @@
<external_name tool="DWARF.register.mapping.file" name="ARMneon.dwarf"/>
</language>
<language processor="ARM"
endian="big"
size="32"
variant="v8T"
version="1.102"
slafile="ARM8_be.sla"
processorspec="ARMtTHUMB.pspec"
manualindexfile="../manuals/ARM.idx"
id="ARM:BE:32:v8T">
<description>Generic ARM/Thumb v8 big endian (Thumb is default)</description>
<compiler name="default" spec="ARM.cspec" id="default"/>
<external_name tool="gnu" name="iwmmxt"/>
<external_name tool="IDA-PRO" name="armb"/>
<external_name tool="DWARF.register.mapping.file" name="ARMneon.dwarf"/>
</language>
<language processor="ARM"
endian="little"
size="32"

12
Ghidra/Processors/ARM/data/languages/ARM.opinion
View File

@ -2,8 +2,8 @@
<constraint loader="Portable Executable (PE)">
<constraint compilerSpecID="windows">
<constraint primary="448" processor="ARM" endian="little" size="32" variant="v8" />
<constraint primary="450" processor="ARM" endian="little" size="32" variant="v8" /> <!-- THUMB -->
<constraint primary="452" processor="ARM" endian="little" size="32" variant="v8" /> <!-- THUMB -->
<constraint primary="450" processor="ARM" endian="little" size="32" variant="v8T" /> <!-- THUMB -->
<constraint primary="452" processor="ARM" endian="little" size="32" variant="v8T" /> <!-- THUMB -->
</constraint>
<constraint compilerSpecID="default">
<constraint primary="2560" processor="ARM" endian="big" size="32" variant="v8" />
@ -11,8 +11,8 @@
</constraint>
<constraint loader="Debug Symbols (DBG)" compilerSpecID="windows">
<constraint primary="448" processor="ARM" endian="little" size="32" variant="v8" />
<constraint primary="450" processor="ARM" endian="little" size="32" variant="v8" /> <!-- THUMB -->
<constraint primary="452" processor="ARM" endian="little" size="32" variant="v8" /> <!-- THUMB -->
<constraint primary="450" processor="ARM" endian="little" size="32" variant="v8T" /> <!-- THUMB -->
<constraint primary="452" processor="ARM" endian="little" size="32" variant="v8T" /> <!-- THUMB -->
</constraint>
<constraint loader="Executable and Linking Format (ELF)" compilerSpecID="default">
<constraint primary="40" processor="ARM" size="32" variant="v8" />
@ -32,7 +32,7 @@
</constraint>
<constraint loader="MS Common Object File Format (COFF)" compilerSpecID="windows">
<constraint primary="448" processor="ARM" endian="little" size="32" variant="v8" />
<constraint primary="450" processor="ARM" endian="little" size="32" variant="v8" />
<constraint primary="452" processor="ARM" endian="little" size="32" variant="v8" />
<constraint primary="450" processor="ARM" endian="little" size="32" variant="v8T" /> <!-- THUMB -->
<constraint primary="452" processor="ARM" endian="little" size="32" variant="v8T" /> <!-- THUMB -->
</constraint>
</opinions>

3
Ghidra/Processors/ARM/data/languages/ARM_win.cspec
View File

@ -22,6 +22,9 @@
<entry size="4" alignment="4" />
<entry size="8" alignment="8" />
</size_alignment_map>
<bitfield_packing>
<use_MS_convention value="true"/>
</bitfield_packing>
</data_organization>
<global>

26
Ghidra/Processors/ARM/data/languages/ARM.pspec → Ghidra/Processors/ARM/data/languages/ARMtTHUMB.pspec
View File

@ -1,15 +1,19 @@
<?xml version="1.0" encoding="UTF-8"?>
<processor_spec>
<!-- THIS PSPEC IS A COPY OF ARMt.pspec AND ONLY DIFFERS WITH ENABLEMENT OF THUMB AS DEFAULT CONTEXT -->
<properties>
<property key="addressesDoNotAppearDirectlyInCode" value="true"/>
<property key="allowOffcutReferencesToFunctionStarts" value="true"/>
<property key="useNewFunctionStackAnalysis" value="true"/>
<property key="emulateInstructionStateModifierClass" value="ghidra.program.emulation.ARMEmulateInstructionStateModifier"/>
<property key="assemblyRating:ARM:BE:32:v7" value="PLATINUM"/>
<property key="assemblyRating:ARM:LE:32:v7" value="PLATINUM"/>
</properties>
<programcounter register="pc"/>
<context_data>
<context_set space="ram">
<set name="TMode" val="1" description="0 for ARM 32-bit, 1 for THUMB 16-bit"/>
<set name="LRset" val="0" description="0 lr reg not set, 1 for LR set, affects BX as a call"/>
</context_set>
<tracked_set space="ram">
@ -23,6 +27,7 @@
<symbol name="SupervisorCall" address="ram:0x8" entry="true"/>
<symbol name="PrefetchAbort" address="ram:0xC" entry="true"/>
<symbol name="DataAbort" address="ram:0x10" entry="true"/>
<symbol name="NotUsed" address="ram:0x14" entry="true"/>
<symbol name="IRQ" address="ram:0x18" entry="true"/>
<symbol name="FIQ" address="ram:0x1c" entry="true"/>
@ -31,8 +36,29 @@
<symbol name="H_SupervisorCall" address="ram:0xFFFF0008" entry="true"/>
<symbol name="H_PrefetchAbort" address="ram:0xFFFF000C" entry="true"/>
<symbol name="H_DataAbort" address="ram:0xFFFF0010" entry="true"/>
<symbol name="H_NotUsed" address="ram:0xFFFF0014" entry="true"/>
<symbol name="H_IRQ" address="ram:0xFFFF0018" entry="true"/>
<symbol name="H_FIQ" address="ram:0xFFFF001c" entry="true"/>
</default_symbols>
<register_data>
<register name="q0" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q1" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q2" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q3" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q4" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q5" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q6" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q7" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q8" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q9" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q10" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q11" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q12" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q13" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q14" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q15" group="NEON" vector_lane_sizes="1,2,4"/>
</register_data>
</processor_spec>

25
Ghidra/Processors/ARM/data/patterns/ARM_BE_patterns.xml
View File

@ -63,13 +63,15 @@
<data> 11100101 00101101 1110.... ........ 0x........ 0xe24dd... </data> <!-- str lr,[sp,#...]; <instr>; sub sp,sp; -->
<data> 0xe5 0x2d 0xe0 0x08 </data> <!-- str lr,[sp,#-0x8] -->
<data> 0xe1a0c00d 0xe92d.... </data> <!-- cpy ip,sp; stmdb sp!,{} -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<funcstart/>
</postpatterns>
</patternpairs>
<pattern> <!-- 32 bit ARM -->
<data> 0xe24dd... 11101001 00101101 .1...... ....0000 </data> <!-- sub sp,sp ; stmdb sp!,{r4+,lr} -->
<data> 0xe24dd... 11101001 00101101 .1...... ....0000 </data> <!-- sub sp,sp ; stmdb sp!,{r4+,lr} -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<codeboundary /> <!-- it is at least code -->
<funcstart after="defined" /> <!-- must be something defined right before this -->
@ -77,36 +79,49 @@
<pattern> <!-- 32 bit ARM -->
<data> 11101001 00101101 .1...... ....0000 </data> <!-- stmdb sp!,{r4+,lr}; -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<funcstart after="data" isvalid="true"/> <!-- must be something defined right before this, and good code -->
</pattern>
<pattern> <!-- 32 bit ARM -->
<data> 11101001 00101101 .1...... ....0000 </data> <!-- stmdb sp!,{r4+,lr}; <valid code> -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<funcstart after="defined" isvalid="40"/> <!-- must be something defined right before this, && must be at least 40 valid instructions after it -->
</pattern>
<pattern> <!-- 32 bit ARM -->
<data> 0xe24dd... 11100101 00101101 1110.... ........ </data> <!-- sub sp,sp; str lr,[sp,#...]; -->
<data> 0xe24dd... 11100101 00101101 1110.... ........ </data> <!-- sub sp,sp; str lr,[sp,#...]; -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<funcstart after="defined" /> <!-- must be something defined right before this -->
</pattern>
<pattern> <!-- 32 bit ARM -->
<data>11100101 00101101 1110.... ........ 0xe24dd... </data> <!-- str lr,[sp,#...]; -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<funcstart after="data" /> <!-- must be something defined right before this -->
</pattern>
<pattern> <!-- 32 bit ARM -->
<data> 11101001 00101101 .1...... ....0000 0x........ 0xe24dd... </data> <!-- stmdb sp!,{r4+,lr}; <instr>; sub sp,sp -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<funcstart after="data" /> <!-- must be something defined right before this -->
</pattern>
<pattern> <!-- 32 bit ARM -->
<data>11100101 00101101 1110.... ........ 0x........ 0xe24dd... </data> <!-- str lr,[sp,#...]; <instr>; sub sp,sp; -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<funcstart after="data" /> <!-- must be something defined right before this -->
</pattern>
<pattern> <!-- 32 bit ARM -->
<data>0xe1a0c00d 0xe92d.... </data> <!-- cpy ip,sp; stmdb sp!,{} -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<codeboundary /> <!-- can't say it is a function yet, have seen instructions before -->
</pattern>
@ -183,10 +198,4 @@
</postpatterns>
</patternpairs>
<pattern> <!-- 32 bit ARM -->
<data> 11101001 00101101 .1...... ....0000 </data> <!-- stmdb sp!,{r4+,lr}; <valid code> -->
<setcontext name="TMode" value="0"/>
<funcstart after="defined" isvalid="40"/> <!-- must be something defined right before this, && must be at least 40 valid instructions after it -->
</pattern>
</patternlist>

26
Ghidra/Processors/ARM/data/patterns/ARM_LE_patterns.xml
View File

@ -64,6 +64,7 @@
<data>0x08 0xe0 0x2d 0xe5 </data> <!-- str lr,[sp,#-0x8] -->
<data>0x0dc0a0e1 0x....2de9 </data> <!-- cpy ip,sp; stmdb sp!,{} -->
<data> ........ .1...... 00101101 11101001 </data> <!-- stmdb sp!,{xxx lr}; -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<possiblefuncstart/>
</postpatterns>
@ -71,20 +72,30 @@
<pattern> <!-- 32 bit ARM -->
<data> 0x..d.4de2 ....0000 .1...... 00101101 11101001 </data> <!-- sub sp,sp ; stmdb sp!,{r4+,lr} -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<codeboundary /> <!-- it is at least code -->
<possiblefuncstart after="defined" /> <!-- must be something defined right before this -->
</pattern>
<pattern> <!-- 32 bit ARM -->
<!-- NOTE: pattern also match Thumb 'b' instruction followed by a 'push' instruction (where push is start uf Thumb function) -->
<data> ....0000 .1...... 00101101 11101001 </data> <!-- stmdb sp!,{r4+,lr}; -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<codeboundary />
<possiblefuncstart after="data" isvalid="true"/> <!-- must be something defined right before this, and good code -->
</pattern>
<pattern> <!-- 32 bit ARM -->
<data> ........ .1...... 00101101 11101001 </data> <!-- stmdb sp!,{r4+,lr}; <valid code> -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<funcstart after="defined" isvalid="40"/> <!-- must be something defined right before this, && must be at least 40 valid instructions after it -->
</pattern>
<pattern> <!-- 32 bit ARM -->
<data> 0x..d.4de2 ........ 1110.... 00101101 11100101 </data> <!-- sub sp,sp; str lr,[sp,#...]; -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<codeboundary />
<possiblefuncstart after="defined" /> <!-- must be something defined right before this -->
@ -92,6 +103,7 @@
<pattern> <!-- 32 bit ARM -->
<data>........ 1110.... 00101101 11100101 0x..d.4de2 </data> <!-- str lr,[sp,#...]; -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<codeboundary />
<possiblefuncstart after="data" /> <!-- must be data defined right before this -->
@ -99,6 +111,7 @@
<pattern> <!-- 32 bit ARM -->
<data> ....0000 .1...... 00101101 11101001 0x........ 0x..d.4de2 </data> <!-- stmdb sp!,{r4+,lr}; <instr>; sub sp,sp -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<codeboundary />
<possiblefuncstart after="data" /> <!-- must be data defined right before this -->
@ -106,12 +119,14 @@
<pattern> <!-- 32 bit ARM -->
<data>........ 1110.... 00101101 11100101 0x........ 0x..d.4de2 </data> <!-- str lr,[sp,#...]; <instr>; sub sp,sp; -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<possiblefuncstart after="data" /> <!-- must be data defined right before this -->
</pattern>
<pattern> <!-- 32 bit ARM -->
<data>0x0dc0a0e1 0x....2de9 </data> <!-- cpy ip,sp; stmdb sp!,{} -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<codeboundary /> <!-- can't say it is a function yet, have seen instructions before -->
</pattern>
@ -189,13 +204,6 @@
</postpatterns>
</patternpairs>
<pattern> <!-- 32 bit ARM -->
<data> ........ .1...... 00101101 11101001 </data> <!-- stmdb sp!,{r4+,lr}; <valid code> -->
<setcontext name="TMode" value="0"/>
<funcstart after="defined" isvalid="40"/> <!-- must be something defined right before this, && must be at least 40 valid instructions after it -->
</pattern>
<!-- Special functions with side-effects -->
<!-- -->
@ -290,6 +298,7 @@
add ip,lr,r3, lsl #0x1 | add lr,lr,r3, lsl #0x1
bx ip | bx lr
-->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<funcstart label="switch8_r3"/>
</pattern>
@ -304,6 +313,7 @@
add ip,lr,r3, lsl #0x1 | add lr,lr,r3, lsl #0x1
bx ip | bx lr
-->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<funcstart label="switch8_r3"/>
</pattern>