Merge remote-tracking branch 'origin/GP-5093_ryanmkurtz_whatsnew--SQUASHED'

This commit is contained in:
Ryan Kurtz 2024-11-05 08:31:34 -05:00
commit 91c532f6dd
7 changed files with 174 additions and 178 deletions

View File

@ -17,5 +17,6 @@ apply from: "$rootProject.projectDir/gradle/distributableGhidraModule.gradle"
apply from: "$rootProject.projectDir/gradle/javaProject.gradle" apply from: "$rootProject.projectDir/gradle/javaProject.gradle"
apply from: "$rootProject.projectDir/gradle/jacocoProject.gradle" apply from: "$rootProject.projectDir/gradle/jacocoProject.gradle"
apply from: "$rootProject.projectDir/gradle/javaTestProject.gradle" apply from: "$rootProject.projectDir/gradle/javaTestProject.gradle"
apply from: "$rootProject.projectDir/gradle/helpProject.gradle"
apply plugin: 'eclipse' apply plugin: 'eclipse'
eclipse.project.name = 'Z Public Release' eclipse.project.name = 'Z Public Release'

View File

@ -4,7 +4,7 @@ README.md||GHIDRA||||END|
data/PDB_SYMBOL_SERVER_URLS.pdburl||GHIDRA||||END| data/PDB_SYMBOL_SERVER_URLS.pdburl||GHIDRA||||END|
src/global/docs/ChangeHistory.html||GHIDRA||||END| src/global/docs/ChangeHistory.html||GHIDRA||||END|
src/global/docs/UserAgreement.html||GHIDRA||||END| src/global/docs/UserAgreement.html||GHIDRA||||END|
src/global/docs/WhatsNew.html||GHIDRA||||END| src/global/docs/WhatsNew.md||GHIDRA||||END|
src/main/resources/UserAgreement.html||GHIDRA||||END| src/main/resources/UserAgreement.html||GHIDRA||||END|
src/main/resources/defaultTools/CodeBrowser.tool||GHIDRA||||END| src/main/resources/defaultTools/CodeBrowser.tool||GHIDRA||||END|
src/main/resources/splash.txt||GHIDRA||||END| src/main/resources/splash.txt||GHIDRA||||END|

View File

@ -1,167 +0,0 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<TITLE> Ghidra What's New</TITLE>
<STYLE type="text/css" name="text/css">
body { margin-bottom: 50px; margin-left: 10px; margin-right: 10px; margin-top: 10px; } /* some padding to improve readability */
li { font-family:times new roman; font-size:14pt; margin-bottom: 8px; }
h1 { color:#000080; font-family:times new roman; font-size:36pt; font-style:italic; font-weight:bold; text-align:center; }
h2 { margin: 10px; margin-top: 20px; color:#984c4c; font-family:times new roman; font-size:18pt; font-weight:bold; }
h3 { margin-left: 10px; margin-top: 20px; color:#0000ff; font-family:times new roman; `font-size:14pt; font-weight:bold; }
h4 { margin-left: 10px; margin-top: 20px; font-family:times new roman; font-size:14pt; font-style:italic; }
p { margin-left: 40px; font-family:times new roman; font-size:14pt; }
blockquote p { margin-left: 10px; }
table { margin-left: 20px; margin-top: 10px; width: 80%;}
td { font-family:times new roman; font-size:14pt; vertical-align: top; }
th { font-family:times new roman; font-size:14pt; font-weight:bold; background-color: #EDF3FE; }
code { color:black; font-family:courier new; font-size: 12pt; }
span.code { font-family:courier new font-size: 14pt; color:#000000; }
.gcode { font-family: courier new; font-weight: bold; font-size: 85%; }
.gtitle { font-style: italic; font-weight: bold; font-size: 95%; }
</STYLE>
</HEAD>
<BODY>
<H1>Ghidra: NSA Reverse Engineering Software</H2>
<P>
Ghidra is a software reverse engineering (SRE) framework developed by NSA's Research Directorate.
This framework includes a suite of full-featured, high-end software analysis tools that enable
users to analyze compiled code on a variety of platforms including Windows, MacOS, and Linux.
Capabilities include disassembly, assembly, decompilation, debugging, emulation, graphing, and scripting, along with
hundreds of other features. Ghidra supports a wide variety of processor instruction sets and
executable formats and can be run in both user-interactive and automated modes. Users may also
develop their own Ghidra plug-in components and/or scripts using the exposed API. In addition there are
numerous ways to extend Ghidra such as new processors, loaders/exporters, automated analyzers,
and new visualizations.
</P>
<P>
In support of NSA's Cybersecurity mission, Ghidra was built to solve scaling and teaming problems
on complex SRE efforts and to provide a customizable and extensible SRE research platform. NSA
has applied Ghidra SRE capabilities to a variety of problems that involve analyzing malicious
code and generating deep insights for NSA analysts who seek a better understanding of potential
vulnerabilities in networks and systems.
</P>
<hr>
<H1>What's New in Ghidra 11.2</H1>
<P>This release includes new features, enhancements, performance improvements, quite a few bug fixes, and many pull-request
contributions. Thanks to all those who have contributed their time, thoughts, and code. The Ghidra user community thanks you too!</P>
<H2>The not-so-fine print: Please Read!</H2>
<P>Ghidra 11.2 is fully backward compatible with project data from previous releases.
However, programs and data type archives which are created or modified in 11.2 will not be usable by an earlier Ghidra version.</P>
<P><span class="gtitle">IMPORTANT:</span> Ghidra 11.2 requires at minimum JDK 21 to run.</P>
<P><span class="gtitle">IMPORTANT:</span> To use the Debugger or do a full source distribution build, you will need Python3 (3.9 to 3.12 supported) installed on your system.</P>
<P><span class="gtitle">NOTE:</span> There have been reports of certain features causing the XWindows server to crash. A fix for
CVE-2024-31083 in X.org software in April 2024 introduced a regression, which has been fixed in xwayland 23.2.6 and xorg-server 21.1.13. If you experience
any crashing of Ghidra, most likely causing a full logout, check if your xorg-server has been updated to at least the noted version.</P>
<P><span class="gtitle">NOTE:</span> Each build distribution will include native components (e.g., decompiler) for at least one platform (e.g., Windows x86-64).
If you have another platform that is not included in the build distribution, you can build
native components for your platform directly from the distribution.
See the <a href="InstallationGuide.html">Ghidra Installation Guide</a> for additional information.
Users running with older shared libraries and operating systems (e.g., CentOS 7.x) may also run into
compatibility errors when launching native executables such as the Decompiler and GNU Demangler which
may necessitate a rebuild of native components.</P>
<P><span class="gtitle">NOTE:</span> Ghidra Server: The Ghidra 11.x server is compatible with Ghidra 9.2 and later Ghidra clients. Ghidra 11.x
clients are compatible with all 10.x and 9.x servers. Although, due to potential Java version differences, it is recommended
that Ghidra Server installations older than 10.2 be upgraded. Those using 10.2 and newer should not need a server upgrade.</P>
<P><span class="gtitle">NOTE:</span> Any programs imported with a Ghidra beta version or code built directly from source code outside of a release tag may not be compatible,
and may have flaws that won't be corrected by using this new release. Any programs analyzed from a beta or other local master source build should be considered
experimental and re-imported and analyzed with a release version.</P>
<P>Programs imported with previous release versions should upgrade correctly through various
automatic upgrade mechanisms. However, there may be improvements or bug fixes in the import and analysis process that will provide better results than prior
Ghidra versions. You might consider comparing a fresh import of any program you will continue to reverse engineer to see if the latest Ghidra
provides better results.</P>
<H2>Memory Search</H2>
<P>The <span class="gtitle">Search Memory</span> feature in Ghidra has been updated substantially to provide two new features:</P>
<BLOCKQUOTE>
<UL>
<LI>The ability to perform set operations on successive searches</LI>
<LI>The ability to (re)scan memory for changes in value</LI>
</UL>
</BLOCKQUOTE>
<P>Set operations, accessible from the pull-down menu under <span class="gtitle">Search</span>, allow you to augment
results by performing boolean operations on an existing search. For example, you might search for the hex pattern "DE AD" using <span class="gtitle">Search</span>,
add "BE EF" to the pattern field, and then select "A-B" to retrieve a list of byte sequences that begin with "DE AD" but do not include "DE AD BE EF".
Scanning for changes is most useful in a dynamic environment, such as the Debugger. Given an existing search, you can look for values that have changed,
increased, decreased, or remained the same. Simple examples might include looking for counters while a process is running, checking for areas of decompressed
memory, or identifying active areas of the heap.</P>
<H2>PDB</H2>
<P>The PDB Symbol Server Search Config dialog has been changed, allowing the user to mark symbol servers as trusted or untrusted.
This is an improvement over the previous mechanism that based trust on the symbol server's connection type.</P>
<H2>Debugger</H2>
<P><span class="gtitle">ATTENTION:</span> Please either delete and re-import the default Emulator tool, or
manually remove the TraceRmiPlugin from your EmulatorTool!</P>
<P>There are new launchers/features for the traceRMI version of dbgeng, including extended launch options, kernel debugging, and
remote process server connections.</P>
<H2>Decompiler</H2>
<P>The Decompiler can now automatically recover strings built on the stack and initial support for optimized heap strings has been added.
Stack strings are typically found in optimized code and obfuscated malware.</P>
<P>A new Search All action has been added which displays a table containing the results found within the current function.</P>
<H2>Programming Languages</H2>
<P>Golang support for versions 1.15 and 1.16 have been added. This brings the supported Golang versions to 1.15 thru 1.22.</P>
<H2>Processors</H2>
<P>There have been quite a few improvements to the Sparc processor specification, including additional instructions, 64-bit relocation support, and better
handling of call/return detection through tracking of the o7 link register. In addition, the calling convention for both sparc 32 and 64 bit binaries
have had an overhaul to support hidden structure return and much improved parameter allocation of floating point and general data types.</P>
<P>The Intel M16C/60/80 sleigh processor specifications have been added. In addition, there have been numerous fixes to the
ARM, RX, M68000, PIC16, PPC, and x86 processor specifications.</P>
<H2>Other Improvements</H2>
<P>Actions have been added to compare functions directly from the Listing, Decompiler, or Functions Table via popup menu items. If there
is already a Function Comparison window showing, there are two actions: one to add the selected function(s) to the existing comparison, and
one to create a new Function Comparison Window. This allows a workflow where users can build up a set of functions to compare as they browse
around instead of having to select them all at once.</P>
<P>For Ghidra script and plugin developers who would prefer to use Visual Studio Code, a new script VSCodeProjectScript will create a new
Visual Studio Code project that is setup to do Ghidra scripting and module development. The capabilities are similar to the Eclipse
GhidraDev plugin.</P>
<P>There have been major speed improvements when creating or modifying large structures within the structure editor. In general large structure manipulation
should perform fluidly no matter the size of the structure. If the structure contains a large number of defined data, there could still be some degradation in
speed. Some fixed performance issues include: resizing a structure smaller or larger, clicking on an item to select a row, and defining a data type either with keyboard actions or dragging
and dropping from the data type manager. In addition, the behavior of automatically growing the size of a structure has been made consistent. Defining data on the last element of a structure
is allowed to automatically grow the structure to fit the data type. Defining data anywhere other than the last element isn't allowed if the data type does not fit because
of defined data that would need to be cleared, or there are not enough undefined bytes.</P>
<H2>Additional Bug Fixes and Enhancements</H2>
<P> Numerous other new features, improvements, and bug fixes are fully listed in the <a href="ChangeHistory.html">ChangeHistory</a> file.</P>
<div align="center">
<B><a href="https://www.nsa.gov/ghidra"> https://www.nsa.gov/ghidra</a></B>
<BR><BR>
</div>
</BODY>
</HTML>

View File

@ -0,0 +1,118 @@
# What's New in Ghidra 11.2
This release includes new features, enhancements, performance improvements, quite a few bug fixes,
and many pull-request contributions. Thanks to all those who have contributed their time, thoughts,
and code. The Ghidra user community thanks you too!
### The not-so-fine print: Please Read!
Ghidra 11.2 is fully backward compatible with project data from previous releases. However, programs
and data type archives which are created or modified in 11.2 will not be usable by an earlier Ghidra
version.
__IMPORTANT:__ Ghidra 11.2 requires at minimum JDK 21 to run.
__IMPORTANT:__ To use the Debugger or do a full source distribution build, you will need Python3
(3.9 to 3.12 supported) installed on your system.
__NOTE:__ There have been reports of certain features causing the XWindows server to crash. A fix
for `CVE-2024-31083` in X.org software in April 2024 introduced a regression, which has been fixed
in xwayland 23.2.6 and xorg-server 21.1.13. If you experience any crashing of Ghidra, most likely
causing a full logout, check if your xorg-server has been updated to at least the noted version.
__NOTE:__ Each build distribution will include native components (e.g., decompiler) for at least one
platform (e.g., Windows x86-64). If you have another platform that is not included in the build
distribution, you can build native components for your platform directly from the distribution.
See the `Installation Guide` for additional information. Users running with older shared libraries
and operating systems (e.g., CentOS 7.x) may also run into compatibility errors when launching
native executables such as the Decompiler and GNU Demangler which may necessitate a rebuild of
native components.
__NOTE:__ Ghidra Server: The Ghidra 11.x server is compatible with Ghidra 9.2 and later Ghidra
clients. Ghidra 11.x clients are compatible with all 10.x and 9.x servers. Although, due to
potential Java version differences, it is recommended that Ghidra Server installations older than
10.2 be upgraded. Those using 10.2 and newer should not need a server upgrade.
__NOTE:__ Any programs imported with a Ghidra beta version or code built directly from source code
outside of a release tag may not be compatible, and may have flaws that won't be corrected by using
this new release. Any programs analyzed from a beta or other local master source build should be
considered experimental and re-imported and analyzed with a release version.
Programs imported with previous release versions should upgrade correctly through various automatic
upgrade mechanisms. However, there may be improvements or bug fixes in the import and analysis
process that will provide better results than prior Ghidra versions. You might consider comparing a
fresh import of any program you will continue to reverse engineer to see if the latest Ghidra
provides better results.
## Memory Search
The __Search Memory__ feature in Ghidra has been updated substantially to provide two new features:
* The ability to perform set operations on successive searches
* The ability to (re)scan memory for changes in value
Set operations, accessible from the pull-down menu under `Search`, allow you to augment results by
performing boolean operations on an existing search. For example, you might search for the hex
pattern `DE AD` using `Search`, add `BE EF` to the pattern field, and then select `A-B` to retrieve
a list of byte sequences that begin with `DE AD` but do not include `DE AD BE EF`. Scanning for
changes is most useful in a dynamic environment, such as the Debugger. Given an existing search,
you can look for values that have changed, increased, decreased, or remained the same. Simple
examples might include looking for counters while a process is running, checking for areas of
decompressed memory, or identifying active areas of the heap.
## PDB
The `PDB Symbol Server Search Config` dialog has been changed, allowing the user to mark symbol
servers as trusted or untrusted. This is an improvement over the previous mechanism that based trust
on the symbol server's connection type.
## Debugger
__ATTENTION:__ Please either delete and re-import the default `Emulator` tool, or manually remove
the `TraceRmiPlugin` from your EmulatorTool!
There are new launchers/features for the traceRMI version of dbgeng, including extended launch
options, kernel debugging, and remote process server connections.
## Decompiler
* The Decompiler can now automatically recover strings built on the stack and initial support for
optimized heap strings has been added. Stack strings are typically found in optimized code and
obfuscated malware.
* A new Search All action has been added which displays a table containing the results found within
the current function.
## Programming Languages
Golang support for versions `1.15` and `1.16` have been added. This brings the supported Golang
versions to `1.15` through `1.22`.
## Processors
* There have been quite a few improvements to the `Sparc` processor specification, including
additional instructions, 64-bit relocation support, and better handling of call/return detection
through tracking of the `o7` link register. In addition, the calling convention for both
sparc 32 and 64 bit binaries have had an overhaul to support hidden structure return and much
improved parameter allocation of floating point and general data types.
* The `Intel M16C/60/80` sleigh processor specifications have been added. In addition, there have
been numerous fixes to the `ARM`, `RX`, `M68000`, `PIC16`, `PPC`, and `x86` processor
specifications.
## Other Improvements
* Actions have been added to compare functions directly from the Listing, Decompiler, or Functions
Table via popup menu items. If there is already a Function Comparison window showing, there are
two actions: one to add the selected function(s) to the existing comparison, and one to create a
new Function Comparison Window. This allows a workflow where users can build up a set of functions
to compare as they browse around instead of having to select them all at once.
* For Ghidra script and plugin developers who would prefer to use Visual Studio Code, a new script
`VSCodeProjectScript.java` will create a new Visual Studio Code project that is setup to do Ghidra
scripting and module development. The capabilities are similar to the Eclipse GhidraDev plugin.
* There have been major speed improvements when creating or modifying large structures within the
structure editor. In general large structure manipulation should perform fluidly no matter the
size of the structure. If the structure contains a large number of defined data, there could
still be some degradation in speed. Some fixed performance issues include: resizing a structure
smaller or larger, clicking on an item to select a row, and defining a data type either with
keyboard actions or dragging and dropping from the data type manager. In addition, the behavior
of automatically growing the size of a structure has been made consistent. Defining data on the
last element of a structure is allowed to automatically grow the structure to fit the data type.
Defining data anywhere other than the last element isn't allowed if the data type does not fit
because of defined data that would need to be cleared, or there are not enough undefined bytes.
## Additional Bug Fixes and Enhancements
Numerous other new features, improvements, and bug fixes are fully listed in the
[Change History](ChangeHistory.html) file.

View File

@ -207,8 +207,13 @@ public class HelpBuildUtils {
ResourceFile file = null; ResourceFile file = null;
if (SystemUtilities.isInDevelopmentMode()) { if (SystemUtilities.isInDevelopmentMode()) {
// example: "docs/WhatsNew.html", which lives in a source dir in dev mode // Look for HTML files that live in global docs dir, such as 'docs/README_PDB.html'.
file = findModuleFile("src/global/" + updatedPath); file = findModuleFile("src/global/" + updatedPath);
if (file == null) {
// Look for HTML files that get built to the global docs dir (such as
// 'docs/WhatsNew.md' -> 'WhatsNew.html')
file = findModuleFile("build/src/global/" + updatedPath);
}
} }
else { else {
// //

View File

@ -98,8 +98,18 @@ rootProject.assembleDistribution {
// //
fileTree.each { File file -> fileTree.each { File file ->
String filePath = getGlobalFilePathSubDirName(file) String filePath = getGlobalFilePathSubDirName(file)
from (file) {
into filePath if (file.name.toLowerCase().endsWith(".md")) {
rootProject.assembleMarkdownToHtml {
from (file) {
into filePath
}
}
}
else {
from (file) {
into filePath
}
} }
} }
} }
@ -194,7 +204,7 @@ plugins.withType(JavaPlugin) {
into { zipPath + "/ghidra_scripts" } into { zipPath + "/ghidra_scripts" }
} }
// External Libraries // External Libraries
gradle.taskGraph.whenReady { taskGraph -> gradle.taskGraph.whenReady { taskGraph ->
List<String> externalPaths = getExternalRuntimeDependencies(p) List<String> externalPaths = getExternalRuntimeDependencies(p)
externalPaths.each { path -> externalPaths.each { path ->
@ -203,8 +213,6 @@ plugins.withType(JavaPlugin) {
} }
} }
} }
} }
} }

View File

@ -235,6 +235,8 @@ tasks.register('indexHelp', JavaExec) {
File helpRootDir = file('src/main/help/help') File helpRootDir = file('src/main/help/help')
File outputFile = file("build/help/main/help/${project.name}_JavaHelpSearch") File outputFile = file("build/help/main/help/${project.name}_JavaHelpSearch")
onlyIf ("There is no help root directory") { helpRootDir.exists() }
inputs.dir helpRootDir inputs.dir helpRootDir
outputs.dir outputFile outputs.dir outputFile
@ -282,11 +284,37 @@ tasks.register('indexHelp', JavaExec) {
} }
} }
// Task for building Markdown in src/global/docs to HTML
// - the files generated will be placed in a build directory usable during development mode
tasks.register('buildGlobalMarkdown') {
group "private"
dependsOn ':MarkdownSupport:classes'
FileTree markdownFiles = this.project.fileTree('src/global/docs') {
include '*.md'
}
onlyIf ("There are no markdown files") { !markdownFiles.isEmpty() }
inputs.files markdownFiles
doFirst {
markdownFiles.each { f ->
def htmlName = f.name[0..-3] + "html"
javaexec {
classpath = project(':MarkdownSupport').sourceSets.main.runtimeClasspath
mainClass = 'ghidra.markdown.MarkdownToHtml'
args f
args file("build/src/global/docs/${htmlName}")
}
}
}
}
// Task for building Ghidra help files // Task for building Ghidra help files
// - depends on the output from the help indexer // - depends on the output from the help indexer
// - validates help // - validates help
// - the files generated will be placed in a diretory usable during development mode and will // - the files generated will be placed in a directory usable during development mode and will
// eventually be placed in: // eventually be placed in:
// - the <Module>.jar file in production mode, or // - the <Module>.jar file in production mode, or
// - the <Module>-help.jar file in development mode // - the <Module>-help.jar file in development mode
@ -306,6 +334,8 @@ tasks.register('buildHelpFiles', JavaExec) {
File helpRootDir = file('src/main/help/help') File helpRootDir = file('src/main/help/help')
File outputDir = file('build/help/main/help') File outputDir = file('build/help/main/help')
onlyIf ("There is no help root directory") { helpRootDir.exists() }
// //
// Inputs (used for incremental building): // Inputs (used for incremental building):
// 1) Java files in the Help module used to build help // 1) Java files in the Help module used to build help
@ -397,6 +427,7 @@ tasks.register('buildHelp', Jar) {
description " Builds the help for this module. [gradle/helpProject.gradle]\n" description " Builds the help for this module. [gradle/helpProject.gradle]\n"
dependsOn tasks.named('buildHelpFiles') dependsOn tasks.named('buildHelpFiles')
dependsOn tasks.named('buildGlobalMarkdown')
duplicatesStrategy 'exclude' duplicatesStrategy 'exclude'
from "build/help/main" // include the generated help and index files from "build/help/main" // include the generated help and index files