mirror of
https://github.com/NationalSecurityAgency/ghidra.git
synced 2024-10-23 05:31:02 +00:00
GT-2 - Documentation - fixed missing help links in Decompiler; fixed
script categories
This commit is contained in:
parent
f0832a6e9d
commit
85d1ab7d51
|
@ -1,81 +0,0 @@
|
|||
/* ###
|
||||
* IP: GHIDRA
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
//Test script to lay down known RTTI structures in a file with applied pdb symbols to test the 32 and 64 bit RTTI structures
|
||||
//@author
|
||||
//@category Test
|
||||
//@keybinding
|
||||
//@menupath
|
||||
//@toolbar
|
||||
|
||||
import ghidra.app.script.GhidraScript;
|
||||
import ghidra.app.util.datatype.microsoft.*;
|
||||
import ghidra.program.model.data.DataType;
|
||||
import ghidra.program.model.data.DataUtilities;
|
||||
import ghidra.program.model.data.DataUtilities.ClearDataMode;
|
||||
import ghidra.program.model.symbol.*;
|
||||
import ghidra.util.exception.CancelledException;
|
||||
|
||||
public class ApplyRTTITestScript extends GhidraScript {
|
||||
|
||||
@Override
|
||||
protected void run() throws Exception {
|
||||
|
||||
SymbolTable symbolTable = currentProgram.getSymbolTable();
|
||||
|
||||
//Find RTTI0 using symbol names pdb put on - symbol contains text: Type_Descriptor
|
||||
SymbolIterator symbolIterator = symbolTable.getSymbolIterator("*Type_Descriptor*", true);
|
||||
RTTI0DataType dt0 = new RTTI0DataType();
|
||||
createRTTIDataType(symbolIterator, dt0);
|
||||
|
||||
//Next find RTTI1 using symbol names pdb put on - symbol contains text: Base_Class_Descriptor
|
||||
symbolIterator = symbolTable.getSymbolIterator("*Base_Class_Descriptor*", true);
|
||||
RTTI1DataType dt1 = new RTTI1DataType();
|
||||
createRTTIDataType(symbolIterator, dt1);
|
||||
|
||||
//Next find RTTI2 using symbol names pdb put on - symbol contains text: Base_Class_Array
|
||||
symbolIterator = symbolTable.getSymbolIterator("*Base_Class_Array*", true);
|
||||
RTTI2DataType dt2 = new RTTI2DataType();
|
||||
createRTTIDataType(symbolIterator, dt2);
|
||||
|
||||
|
||||
//Next find RTTI3 using symbol names pdb put on - symbol contains text: Class_Hierarchy_Descriptor
|
||||
symbolIterator = symbolTable.getSymbolIterator("*Class_Hierarchy_Descriptor*", true);
|
||||
RTTI3DataType dt3 = new RTTI3DataType();
|
||||
createRTTIDataType(symbolIterator, dt3);
|
||||
|
||||
|
||||
//Next find RTTI4 using symbol names pdb put on - symbol contains text: Complete_Object_Locator
|
||||
symbolIterator = symbolTable.getSymbolIterator("*Complete_Object_Locator*", true);
|
||||
RTTI4DataType dt4 = new RTTI4DataType();
|
||||
createRTTIDataType(symbolIterator, dt4);
|
||||
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
private void createRTTIDataType(SymbolIterator symbolIterator, DataType dt)
|
||||
throws CancelledException, Exception {
|
||||
|
||||
while (symbolIterator.hasNext()) {
|
||||
monitor.checkCanceled();
|
||||
Symbol sym = symbolIterator.next();
|
||||
DataUtilities.createData(currentProgram, sym.getAddress(), dt, -1, false,
|
||||
ClearDataMode.CLEAR_ALL_CONFLICT_DATA);
|
||||
println("Created " + dt.getName() + " at " + sym.getAddress().toString());
|
||||
}
|
||||
}
|
||||
|
||||
}
|
|
@ -14,7 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
//Script to compare analysis between current and chosen program.
|
||||
//@category Testing
|
||||
//@category Analysis
|
||||
|
||||
import java.util.Iterator;
|
||||
|
||||
|
@ -399,8 +399,8 @@ public class CompareAnalysisScript extends GhidraScript {
|
|||
}
|
||||
|
||||
boolean isSwitch(Symbol[] syms, String name) {
|
||||
for (int i = 0; i < syms.length; i++) {
|
||||
if (syms[i].getName().startsWith(name)) {
|
||||
for (Symbol sym : syms) {
|
||||
if (sym.getName().startsWith(name)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -14,7 +14,6 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
//Creates a template help file by reading all of the actions from a selected plugin.
|
||||
//@category HELP
|
||||
|
||||
import java.io.*;
|
||||
import java.util.*;
|
||||
|
@ -102,7 +101,8 @@ public class CreateHelpTemplateScript extends GhidraScript {
|
|||
}
|
||||
|
||||
private List<DockingActionIf> getActions(PluginTool tool, Plugin plugin) {
|
||||
Set<DockingActionIf> actions = KeyBindingUtils.getKeyBindingActionsForOwner(tool, plugin.getName());
|
||||
Set<DockingActionIf> actions =
|
||||
KeyBindingUtils.getKeyBindingActionsForOwner(tool, plugin.getName());
|
||||
List<DockingActionIf> list = new ArrayList<>(actions);
|
||||
Comparator<DockingActionIf> comparator = (action1, action2) -> {
|
||||
try {
|
||||
|
|
|
@ -13,10 +13,10 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
//This script asks for a name and value for an equate and applies it at all scalar operands in the current selection (if applicable) or the entire program if
|
||||
//no selection is made
|
||||
//This script asks for a name and value for an equate and applies it at all scalar operands
|
||||
// in the current selection (if applicable) or the entire program if no selection is made
|
||||
//@author
|
||||
//@category _NEW_
|
||||
//@category
|
||||
//@keybinding
|
||||
//@menupath
|
||||
//@toolbar
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
//Converts subroutines to functions.
|
||||
//Subroutines are located using the active
|
||||
//subroutine model on the BlockModelService.
|
||||
//@category Subroutines
|
||||
//@category Functions
|
||||
|
||||
import ghidra.app.script.GhidraScript;
|
||||
import ghidra.app.services.BlockModelService;
|
||||
|
@ -27,9 +27,6 @@ import ghidra.program.model.listing.Listing;
|
|||
import ghidra.program.model.symbol.SourceType;
|
||||
import ghidra.program.model.symbol.Symbol;
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public class SubsToFuncsScript extends GhidraScript {
|
||||
|
||||
@Override
|
||||
|
|
|
@ -81,7 +81,7 @@
|
|||
sub-functions it calls, provide type information. If the function contains references to
|
||||
global memory locations that have a data type applied to them, these will also be used, and
|
||||
any local variables of the function can be annotated directly with data types. The user can
|
||||
provide data-type information to the decompiler by annotating all these sources. The more
|
||||
provide data type information to the decompiler by annotating all these sources. The more
|
||||
information that can be provided the better the produced C-code will be.</P>
|
||||
|
||||
<P>Variables not labeled directly are assigned types by analyzing local type propagation.
|
||||
|
@ -334,7 +334,7 @@
|
|||
</LI>
|
||||
|
||||
<LI><SPAN style="font-weight: bold;">Infer constant pointers</SPAN> - allows the decompiler
|
||||
to infer a data-type for constants it determines are likely pointers. In the basic heuristic,
|
||||
to infer a data type for constants it determines are likely pointers. In the basic heuristic,
|
||||
each constant is treated as an address, and if that address starts a known data or function element
|
||||
in the program, the constant is assumed to be a pointer.<BR>
|
||||
<BR>
|
||||
|
@ -794,21 +794,75 @@
|
|||
<BR>
|
||||
<BR>
|
||||
|
||||
|
||||
<H3><A name="Rename_Field"></A>Rename Field</H3>
|
||||
|
||||
<BLOCKQUOTE>
|
||||
<P>
|
||||
Action triggered from a specific token in the decompiler window to rename a field within
|
||||
a structure data type. If the field already exists within the specific structure, it is
|
||||
simply renamed. Otherwise, if the decompiler has discovered an undefined structure offset, a new
|
||||
field is added to the structure with this offset and the user selected name. In either case,
|
||||
the altered structure is committed permanently to the program's database.
|
||||
</P>
|
||||
</BLOCKQUOTE>
|
||||
|
||||
<H3><A name="Rename_Variable"></A>Rename Variable</H3>
|
||||
|
||||
<BLOCKQUOTE>
|
||||
<P><FONT color="#000000">Any parameter or local variable can be renamed. Just place the
|
||||
<P>Any parameter or local variable can be renamed. Just place the
|
||||
cursor over a variable definition, or any use of the variable and choose <B>Rename
|
||||
Variable</B> from the popup menu. The name will now be saved for this function, so the next
|
||||
time the decompiler displays the code for the function, the same name is used.</FONT></P>
|
||||
time the decompiler displays the code for the function, the same name is used.</P>
|
||||
<P>
|
||||
If a matching variable in the database already exists, it is simply renamed. Otherwise
|
||||
a new variable is added to the database. In this case the new variable is assigned
|
||||
an "undefined" datatype, which leaves it un-typelocked, and the decompiler will take
|
||||
the name but lets the data type continue to "float" and can speculatively merge the
|
||||
variable with others.
|
||||
</P>
|
||||
<P>
|
||||
If the selected variable is an input parameter, other input parameters within the decompiler
|
||||
model will need to be committed, if they do not already exist in the database, as any parameters
|
||||
committed to the database are forcing on the decompiler. Any new parameters committed this way
|
||||
inherit their name from the decompiler model, but the parameters will not be type-locked, allowing
|
||||
their data type to "float".
|
||||
</P>
|
||||
</BLOCKQUOTE>
|
||||
|
||||
|
||||
<H3><A name="Rename_Global"></A>Rename Global</H3>
|
||||
|
||||
<BLOCKQUOTE>
|
||||
<P>
|
||||
Action triggered from a specific token in the decompiler window to rename a global variable.
|
||||
The variable is associated with an address. There may already be a symbol in the database
|
||||
there, in which case the symbol is simply renamed. Otherwise a new symbol is added.
|
||||
</P>
|
||||
</BLOCKQUOTE>
|
||||
|
||||
|
||||
<H3><A name="Rename_Function"></A>Rename Function</H3>
|
||||
|
||||
<BLOCKQUOTE>
|
||||
<P>A shortcut for renaming the function from within the decompiler window.</P>
|
||||
</BLOCKQUOTE>
|
||||
|
||||
|
||||
<H3><A name="Retype_Field"></A>Retype Field</H3>
|
||||
|
||||
<BLOCKQUOTE>
|
||||
<P>
|
||||
Changes the data type of the selected field within a structure data type. The field must
|
||||
already exist, except in the case of a completely undefined structure. The data type of the
|
||||
field is changed according to the user selection. If the size of the selected data type
|
||||
is bigger, this can trigger other fields in the structure to be removed and may change
|
||||
the size of the structure. The modified data type is permanently committed to the
|
||||
program's database.
|
||||
</P>
|
||||
</BLOCKQUOTE>
|
||||
|
||||
|
||||
<H3><A name="Retype_Variable"></A>Retype Variable</H3>
|
||||
|
||||
<BLOCKQUOTE>
|
||||
|
@ -818,7 +872,7 @@
|
|||
the type of a parameter variable will affect the display for every place the function is
|
||||
called.</P>
|
||||
|
||||
<P>To change a variables data type; place the cursor over the variable definition or use of
|
||||
<P>To change a variable's data type; place the cursor over the variable definition or use of
|
||||
the variable, select <B>Retype Variable</B> from the popup menu, and then enter the name of
|
||||
the type. The name of any data type known to the program can be used.</P>
|
||||
|
||||
|
@ -827,6 +881,36 @@
|
|||
the passed parameter as a character "string".</P>
|
||||
</BLOCKQUOTE>
|
||||
|
||||
|
||||
<H3><A name="Retype_Return"></A>Retype Return</H3>
|
||||
|
||||
<BLOCKQUOTE>
|
||||
<P>
|
||||
Action triggered from a specific token in the decompiler window to change the return type of
|
||||
the function. The user selected data type is permanently set as the return type. As the
|
||||
return type is part of the function prototype and is forcing on the decompiler,
|
||||
this action may trigger input parameters to be committed to the database as well. This situation
|
||||
currently triggers a confirmation dialog. If new input parameters need to be committed, their
|
||||
name and data-type are taken from the decompiler model.
|
||||
</P>
|
||||
</BLOCKQUOTE>
|
||||
|
||||
|
||||
<H3><A name="Retype_Global"></A>Retype Global</H3>
|
||||
|
||||
<BLOCKQUOTE>
|
||||
<P>
|
||||
Action triggered from a specific token in the decompiler window to change the data type
|
||||
associated with a global variable. If the variable does not already exist in the program
|
||||
database, it will be created using storage address the decompiler has assigned to the
|
||||
variable within its model. In either case, there is a preexisting notion of variable
|
||||
storage. This action may allow the newly selected data type to be of a different size
|
||||
relative to this preexisting storage, constrained by other global variables that might
|
||||
already consume storage.
|
||||
</P>
|
||||
</BLOCKQUOTE>
|
||||
|
||||
|
||||
<H3><A name="Edit_Data_Type"></A>Edit Data Type of Variable<BR>
|
||||
</H3>
|
||||
|
||||
|
@ -909,6 +993,15 @@
|
|||
<P>This action allows you to remove a previously added function signature override.</P>
|
||||
</BLOCKQUOTE>
|
||||
|
||||
<H3><A name="Split_Out_As_New_Variable"></A>Split Out As High Variable</H3>
|
||||
|
||||
<BLOCKQUOTE>
|
||||
<P>Create multiple variables from the selected variable. If a
|
||||
<CODE>HighVariable</CODE> consists of
|
||||
more than one (forced) merge group, split out the group
|
||||
that contains <CODE>varnode</CODE> as a separate <CODE>HighVariable</CODE>. </P>
|
||||
</BLOCKQUOTE>
|
||||
|
||||
<H3><A name="Find"></A>Find...</H3>
|
||||
|
||||
<BLOCKQUOTE>
|
||||
|
|
|
@ -26,9 +26,8 @@ import ghidra.util.UndefinedFunction;
|
|||
public class IsolateVariableAction extends AbstractDecompilerAction {
|
||||
|
||||
public IsolateVariableAction() {
|
||||
super("Split out as New Variable");
|
||||
setPopupMenuData(new MenuData(new String[] { "Split out as New Variable" }, "Decompile"));
|
||||
// setKeyBindingData(new KeyBindingData(KeyEvent.VK_L, 0));
|
||||
super("Split Out As New Variable");
|
||||
setPopupMenuData(new MenuData(new String[] { "Split Out As New Variable" }, "Decompile"));
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
@ -41,7 +41,6 @@ import ghidra.util.UndefinedFunction;
|
|||
* committed to the database are forcing on the decompiler. Any new parameters committed this way
|
||||
* inherit their name from the decompiler model, but the parameters will not be type-locked, allowing
|
||||
* their data-type to "float".
|
||||
|
||||
*/
|
||||
public class RenameLocalAction extends AbstractDecompilerAction {
|
||||
|
||||
|
|
|
@ -34,7 +34,7 @@ import ghidra.util.UndefinedFunction;
|
|||
* Action triggered from a specific token in the decompiler window to change the data-type of
|
||||
* a field within a structure data-type. The field must already exist, except in the case of a
|
||||
* completely undefined structure. The data-type of the field is changed according to the user
|
||||
* selection. If the size of the seleted data-type is bigger, this can trigger other fields in
|
||||
* selection. If the size of the selected data-type is bigger, this can trigger other fields in
|
||||
* the structure to be removed and may change the size of the structure. The modified data-type
|
||||
* is permanently committed to the program's database.
|
||||
*/
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
//Developer script
|
||||
//@category Developer Scripts
|
||||
//@category Symbol
|
||||
import ghidra.app.script.GhidraScript;
|
||||
import ghidra.app.util.demangler.DemangledObject;
|
||||
import ghidra.app.util.demangler.microsoft.MicrosoftDemangler;
|
||||
|
|
Loading…
Reference in New Issue
Block a user