Nixyri/ghidra
1
0
Fork 0
mirror of https://github.com/NationalSecurityAgency/ghidra.git synced 2024-11-25 13:42:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/GT-3149_ghidra1_PE_ARM'

Browse Source
This commit is contained in:
ghidra1 2019-09-17 11:42:50 -04:00
commit bc76ea6ae5
11 changed files with 121 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Ghidra/Features/Base/src/main/java/ghidra/app/plugin/debug/DbViewerComponent.java
View File

@ -200,12 +200,12 @@ class DbViewerComponent extends JPanel {
GTable gTable = new GTable();
if (table.getRecordCount() <= 10000) {
model = new DbSmallTableModel(table);
gTable.setDefaultRenderer(Long.class, new LongRenderer());
}
else {
model = new DbLargeTableModel(table);
}
gTable.setModel(model);
gTable.setDefaultRenderer(Long.class, new LongRenderer());
JScrollPane scroll = new JScrollPane(gTable);
panel.add(scroll, BorderLayout.CENTER);

12
Ghidra/Features/Base/src/main/java/ghidra/app/plugin/debug/dbtable/LongRenderer.java
View File

@ -17,18 +17,19 @@ package ghidra.app.plugin.debug.dbtable;
import java.awt.Component;
import javax.swing.*;
import javax.swing.JLabel;
import javax.swing.SwingConstants;
import docking.widgets.table.GTableCellRenderer;
import docking.widgets.table.GTableCellRenderingData;
import ghidra.docking.settings.Settings;
public class LongRenderer extends GTableCellRenderer {
@Override
public Component getTableCellRendererComponent(GTableCellRenderingData data) {
JLabel renderer =
(JLabel) super.getTableCellRendererComponent(data);
JLabel renderer = (JLabel) super.getTableCellRendererComponent(data);
renderer.setHorizontalAlignment(SwingConstants.LEADING);
@ -39,4 +40,9 @@ public class LongRenderer extends GTableCellRenderer {
protected String getText(Object value) {
return value == null ? "" : "0x" + Long.toHexString((Long) value);
}
@Override
protected String formatNumber(Number value, Settings settings) {
return getText(value);
}
}

5
Ghidra/Framework/SoftwareModeling/src/main/java/ghidra/app/plugin/processors/sleigh/SleighLanguageProvider.java
View File

@ -369,7 +369,10 @@ public class SleighLanguageProvider implements LanguageProvider {
catch (SleighException ex) { // Error with the manual shouldn't prevent language from loading
Msg.error(this, ex.getMessage());
}
descriptions.put(id, description);
if (descriptions.put(id, description) != null) {
Msg.showError(this, null, "Duplicate Sleigh Language ID",
"Language " + id + " previously defined: " + defsFile);
}
}
parser.end(start);
}

3
Ghidra/Processors/AARCH64/data/languages/AARCH64_win.cspec
View File

@ -25,6 +25,9 @@
<entry size="8" alignment="8" />
<entry size="16" alignment="16" />
</size_alignment_map>
<bitfield_packing>
<use_MS_convention value="true"/>
</bitfield_packing>
</data_organization>
<global>

2
Ghidra/Processors/ARM/certification.manifest
View File

@ -5,7 +5,6 @@ data/languages/ARM.cspec||GHIDRA||||END|
data/languages/ARM.dwarf||GHIDRA||||END|
data/languages/ARM.ldefs||GHIDRA||||END|
data/languages/ARM.opinion||GHIDRA||||END|
data/languages/ARM.pspec||GHIDRA||||END|
data/languages/ARM.sinc||GHIDRA||||END|
data/languages/ARM4_be.slaspec||GHIDRA||||END|
data/languages/ARM4_le.slaspec||GHIDRA||||END|
@ -30,6 +29,7 @@ data/languages/ARMinstructions.sinc||GHIDRA||||END|
data/languages/ARMneon.dwarf||GHIDRA||||END|
data/languages/ARMneon.sinc||GHIDRA||||END|
data/languages/ARMt.pspec||GHIDRA||||END|
data/languages/ARMtTHUMB.pspec||GHIDRA||||END|
data/languages/ARMt_v45.pspec||GHIDRA||||END|
data/languages/ARMv8.sinc||GHIDRA||||END|
data/languages/old/ARMv5.lang||GHIDRA||||END|

33
Ghidra/Processors/ARM/data/languages/ARM.ldefs
View File

@ -18,6 +18,23 @@
<external_name tool="DWARF.register.mapping.file" name="ARMneon.dwarf"/>
</language>
<language processor="ARM"
endian="little"
size="32"
variant="v8T"
version="1.102"
slafile="ARM8_le.sla"
processorspec="ARMtTHUMB.pspec"
manualindexfile="../manuals/ARM.idx"
id="ARM:LE:32:v8T">
<description>Generic ARM/Thumb v8 little endian (Thumb is default)</description>
<compiler name="default" spec="ARM.cspec" id="default"/>
<compiler name="Visual Studio" spec="ARM_win.cspec" id="windows"/>
<external_name tool="gnu" name="iwmmxt"/>
<external_name tool="IDA-PRO" name="arm"/>
<external_name tool="DWARF.register.mapping.file" name="ARMneon.dwarf"/>
</language>
<language processor="ARM"
endian="big"
instructionEndian="little"
@ -50,6 +67,22 @@
<external_name tool="DWARF.register.mapping.file" name="ARMneon.dwarf"/>
</language>
<language processor="ARM"
endian="big"
size="32"
variant="v8T"
version="1.102"
slafile="ARM8_be.sla"
processorspec="ARMtTHUMB.pspec"
manualindexfile="../manuals/ARM.idx"
id="ARM:BE:32:v8T">
<description>Generic ARM/Thumb v8 big endian (Thumb is default)</description>
<compiler name="default" spec="ARM.cspec" id="default"/>
<external_name tool="gnu" name="iwmmxt"/>
<external_name tool="IDA-PRO" name="armb"/>
<external_name tool="DWARF.register.mapping.file" name="ARMneon.dwarf"/>
</language>
<language processor="ARM"
endian="little"
size="32"

12
Ghidra/Processors/ARM/data/languages/ARM.opinion
View File

@ -2,8 +2,8 @@
<constraint loader="Portable Executable (PE)">
<constraint compilerSpecID="windows">
<constraint primary="448" processor="ARM" endian="little" size="32" variant="v8" />
<constraint primary="450" processor="ARM" endian="little" size="32" variant="v8" /> <!-- THUMB -->
<constraint primary="452" processor="ARM" endian="little" size="32" variant="v8" /> <!-- THUMB -->
<constraint primary="450" processor="ARM" endian="little" size="32" variant="v8T" /> <!-- THUMB -->
<constraint primary="452" processor="ARM" endian="little" size="32" variant="v8T" /> <!-- THUMB -->
</constraint>
<constraint compilerSpecID="default">
<constraint primary="2560" processor="ARM" endian="big" size="32" variant="v8" />
@ -11,8 +11,8 @@
</constraint>
<constraint loader="Debug Symbols (DBG)" compilerSpecID="windows">
<constraint primary="448" processor="ARM" endian="little" size="32" variant="v8" />
<constraint primary="450" processor="ARM" endian="little" size="32" variant="v8" /> <!-- THUMB -->
<constraint primary="452" processor="ARM" endian="little" size="32" variant="v8" /> <!-- THUMB -->
<constraint primary="450" processor="ARM" endian="little" size="32" variant="v8T" /> <!-- THUMB -->
<constraint primary="452" processor="ARM" endian="little" size="32" variant="v8T" /> <!-- THUMB -->
</constraint>
<constraint loader="Executable and Linking Format (ELF)" compilerSpecID="default">
<constraint primary="40" processor="ARM" size="32" variant="v8" />
@ -32,7 +32,7 @@
</constraint>
<constraint loader="MS Common Object File Format (COFF)" compilerSpecID="windows">
<constraint primary="448" processor="ARM" endian="little" size="32" variant="v8" />
<constraint primary="450" processor="ARM" endian="little" size="32" variant="v8" />
<constraint primary="452" processor="ARM" endian="little" size="32" variant="v8" />
<constraint primary="450" processor="ARM" endian="little" size="32" variant="v8T" /> <!-- THUMB -->
<constraint primary="452" processor="ARM" endian="little" size="32" variant="v8T" /> <!-- THUMB -->
</constraint>
</opinions>

3
Ghidra/Processors/ARM/data/languages/ARM_win.cspec
View File

@ -22,6 +22,9 @@
<entry size="4" alignment="4" />
<entry size="8" alignment="8" />
</size_alignment_map>
<bitfield_packing>
<use_MS_convention value="true"/>
</bitfield_packing>
</data_organization>
<global>

26
Ghidra/Processors/ARM/data/languages/ARM.pspec → Ghidra/Processors/ARM/data/languages/ARMtTHUMB.pspec
View File

@ -1,15 +1,19 @@
<?xml version="1.0" encoding="UTF-8"?>
<processor_spec>
<!-- THIS PSPEC IS A COPY OF ARMt.pspec AND ONLY DIFFERS WITH ENABLEMENT OF THUMB AS DEFAULT CONTEXT -->
<properties>
<property key="addressesDoNotAppearDirectlyInCode" value="true"/>
<property key="allowOffcutReferencesToFunctionStarts" value="true"/>
<property key="useNewFunctionStackAnalysis" value="true"/>
<property key="emulateInstructionStateModifierClass" value="ghidra.program.emulation.ARMEmulateInstructionStateModifier"/>
<property key="assemblyRating:ARM:BE:32:v7" value="PLATINUM"/>
<property key="assemblyRating:ARM:LE:32:v7" value="PLATINUM"/>
</properties>
<programcounter register="pc"/>
<context_data>
<context_set space="ram">
<set name="TMode" val="1" description="0 for ARM 32-bit, 1 for THUMB 16-bit"/>
<set name="LRset" val="0" description="0 lr reg not set, 1 for LR set, affects BX as a call"/>
</context_set>
<tracked_set space="ram">
@ -23,6 +27,7 @@
<symbol name="SupervisorCall" address="ram:0x8" entry="true"/>
<symbol name="PrefetchAbort" address="ram:0xC" entry="true"/>
<symbol name="DataAbort" address="ram:0x10" entry="true"/>
<symbol name="NotUsed" address="ram:0x14" entry="true"/>
<symbol name="IRQ" address="ram:0x18" entry="true"/>
<symbol name="FIQ" address="ram:0x1c" entry="true"/>
@ -31,8 +36,29 @@
<symbol name="H_SupervisorCall" address="ram:0xFFFF0008" entry="true"/>
<symbol name="H_PrefetchAbort" address="ram:0xFFFF000C" entry="true"/>
<symbol name="H_DataAbort" address="ram:0xFFFF0010" entry="true"/>
<symbol name="H_NotUsed" address="ram:0xFFFF0014" entry="true"/>
<symbol name="H_IRQ" address="ram:0xFFFF0018" entry="true"/>
<symbol name="H_FIQ" address="ram:0xFFFF001c" entry="true"/>
</default_symbols>
<register_data>
<register name="q0" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q1" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q2" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q3" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q4" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q5" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q6" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q7" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q8" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q9" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q10" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q11" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q12" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q13" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q14" group="NEON" vector_lane_sizes="1,2,4"/>
<register name="q15" group="NEON" vector_lane_sizes="1,2,4"/>
</register_data>
</processor_spec>

25
Ghidra/Processors/ARM/data/patterns/ARM_BE_patterns.xml
View File

@ -63,13 +63,15 @@
<data> 11100101 00101101 1110.... ........ 0x........ 0xe24dd... </data> <!-- str lr,[sp,#...]; <instr>; sub sp,sp; -->
<data> 0xe5 0x2d 0xe0 0x08 </data> <!-- str lr,[sp,#-0x8] -->
<data> 0xe1a0c00d 0xe92d.... </data> <!-- cpy ip,sp; stmdb sp!,{} -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<funcstart/>
</postpatterns>
</patternpairs>
<pattern> <!-- 32 bit ARM -->
<data> 0xe24dd... 11101001 00101101 .1...... ....0000 </data> <!-- sub sp,sp ; stmdb sp!,{r4+,lr} -->
<data> 0xe24dd... 11101001 00101101 .1...... ....0000 </data> <!-- sub sp,sp ; stmdb sp!,{r4+,lr} -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<codeboundary /> <!-- it is at least code -->
<funcstart after="defined" /> <!-- must be something defined right before this -->
@ -77,36 +79,49 @@
<pattern> <!-- 32 bit ARM -->
<data> 11101001 00101101 .1...... ....0000 </data> <!-- stmdb sp!,{r4+,lr}; -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<funcstart after="data" isvalid="true"/> <!-- must be something defined right before this, and good code -->
</pattern>
<pattern> <!-- 32 bit ARM -->
<data> 11101001 00101101 .1...... ....0000 </data> <!-- stmdb sp!,{r4+,lr}; <valid code> -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<funcstart after="defined" isvalid="40"/> <!-- must be something defined right before this, && must be at least 40 valid instructions after it -->
</pattern>
<pattern> <!-- 32 bit ARM -->
<data> 0xe24dd... 11100101 00101101 1110.... ........ </data> <!-- sub sp,sp; str lr,[sp,#...]; -->
<data> 0xe24dd... 11100101 00101101 1110.... ........ </data> <!-- sub sp,sp; str lr,[sp,#...]; -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<funcstart after="defined" /> <!-- must be something defined right before this -->
</pattern>
<pattern> <!-- 32 bit ARM -->
<data>11100101 00101101 1110.... ........ 0xe24dd... </data> <!-- str lr,[sp,#...]; -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<funcstart after="data" /> <!-- must be something defined right before this -->
</pattern>
<pattern> <!-- 32 bit ARM -->
<data> 11101001 00101101 .1...... ....0000 0x........ 0xe24dd... </data> <!-- stmdb sp!,{r4+,lr}; <instr>; sub sp,sp -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<funcstart after="data" /> <!-- must be something defined right before this -->
</pattern>
<pattern> <!-- 32 bit ARM -->
<data>11100101 00101101 1110.... ........ 0x........ 0xe24dd... </data> <!-- str lr,[sp,#...]; <instr>; sub sp,sp; -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<funcstart after="data" /> <!-- must be something defined right before this -->
</pattern>
<pattern> <!-- 32 bit ARM -->
<data>0xe1a0c00d 0xe92d.... </data> <!-- cpy ip,sp; stmdb sp!,{} -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<codeboundary /> <!-- can't say it is a function yet, have seen instructions before -->
</pattern>
@ -183,10 +198,4 @@
</postpatterns>
</patternpairs>
<pattern> <!-- 32 bit ARM -->
<data> 11101001 00101101 .1...... ....0000 </data> <!-- stmdb sp!,{r4+,lr}; <valid code> -->
<setcontext name="TMode" value="0"/>
<funcstart after="defined" isvalid="40"/> <!-- must be something defined right before this, && must be at least 40 valid instructions after it -->
</pattern>
</patternlist>

26
Ghidra/Processors/ARM/data/patterns/ARM_LE_patterns.xml
View File

@ -64,6 +64,7 @@
<data>0x08 0xe0 0x2d 0xe5 </data> <!-- str lr,[sp,#-0x8] -->
<data>0x0dc0a0e1 0x....2de9 </data> <!-- cpy ip,sp; stmdb sp!,{} -->
<data> ........ .1...... 00101101 11101001 </data> <!-- stmdb sp!,{xxx lr}; -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<possiblefuncstart/>
</postpatterns>
@ -71,20 +72,30 @@
<pattern> <!-- 32 bit ARM -->
<data> 0x..d.4de2 ....0000 .1...... 00101101 11101001 </data> <!-- sub sp,sp ; stmdb sp!,{r4+,lr} -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<codeboundary /> <!-- it is at least code -->
<possiblefuncstart after="defined" /> <!-- must be something defined right before this -->
</pattern>
<pattern> <!-- 32 bit ARM -->
<!-- NOTE: pattern also match Thumb 'b' instruction followed by a 'push' instruction (where push is start uf Thumb function) -->
<data> ....0000 .1...... 00101101 11101001 </data> <!-- stmdb sp!,{r4+,lr}; -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<codeboundary />
<possiblefuncstart after="data" isvalid="true"/> <!-- must be something defined right before this, and good code -->
</pattern>
<pattern> <!-- 32 bit ARM -->
<data> ........ .1...... 00101101 11101001 </data> <!-- stmdb sp!,{r4+,lr}; <valid code> -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<funcstart after="defined" isvalid="40"/> <!-- must be something defined right before this, && must be at least 40 valid instructions after it -->
</pattern>
<pattern> <!-- 32 bit ARM -->
<data> 0x..d.4de2 ........ 1110.... 00101101 11100101 </data> <!-- sub sp,sp; str lr,[sp,#...]; -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<codeboundary />
<possiblefuncstart after="defined" /> <!-- must be something defined right before this -->
@ -92,6 +103,7 @@
<pattern> <!-- 32 bit ARM -->
<data>........ 1110.... 00101101 11100101 0x..d.4de2 </data> <!-- str lr,[sp,#...]; -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<codeboundary />
<possiblefuncstart after="data" /> <!-- must be data defined right before this -->
@ -99,6 +111,7 @@
<pattern> <!-- 32 bit ARM -->
<data> ....0000 .1...... 00101101 11101001 0x........ 0x..d.4de2 </data> <!-- stmdb sp!,{r4+,lr}; <instr>; sub sp,sp -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<codeboundary />
<possiblefuncstart after="data" /> <!-- must be data defined right before this -->
@ -106,12 +119,14 @@
<pattern> <!-- 32 bit ARM -->
<data>........ 1110.... 00101101 11100101 0x........ 0x..d.4de2 </data> <!-- str lr,[sp,#...]; <instr>; sub sp,sp; -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<possiblefuncstart after="data" /> <!-- must be data defined right before this -->
</pattern>
<pattern> <!-- 32 bit ARM -->
<data>0x0dc0a0e1 0x....2de9 </data> <!-- cpy ip,sp; stmdb sp!,{} -->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<codeboundary /> <!-- can't say it is a function yet, have seen instructions before -->
</pattern>
@ -189,13 +204,6 @@
</postpatterns>
</patternpairs>
<pattern> <!-- 32 bit ARM -->
<data> ........ .1...... 00101101 11101001 </data> <!-- stmdb sp!,{r4+,lr}; <valid code> -->
<setcontext name="TMode" value="0"/>
<funcstart after="defined" isvalid="40"/> <!-- must be something defined right before this, && must be at least 40 valid instructions after it -->
</pattern>
<!-- Special functions with side-effects -->
<!-- -->
@ -290,6 +298,7 @@
add ip,lr,r3, lsl #0x1 | add lr,lr,r3, lsl #0x1
bx ip | bx lr
-->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<funcstart label="switch8_r3"/>
</pattern>
@ -304,6 +313,7 @@
add ip,lr,r3, lsl #0x1 | add lr,lr,r3, lsl #0x1
bx ip | bx lr
-->
<align mark="0" bits="3"/>
<setcontext name="TMode" value="0"/>
<funcstart label="switch8_r3"/>
</pattern>