Nixyri/ghidra
1
0
Fork 0
mirror of https://github.com/NationalSecurityAgency/ghidra.git synced 2024-11-24 13:11:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/Ghidra_11.2'

Browse Source
This commit is contained in:
ghidra1 2024-09-26 18:04:51 -04:00
commit c9016b7ebe
2 changed files with 246 additions and 149 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

164
Ghidra/Configurations/Public_Release/src/global/docs/ChangeHistory.html
View File

@ -22,6 +22,170 @@
<BODY>
<H1 align="center">Ghidra 11.2 Change History (September 2024)</H1>
<blockquote><p><u><B>New Features</B></u></p>
<ul>
<li><I>Basic Infrastructure</I>. Ghidra now requires JDK 21 to run. (GP-4122)</li>
<li><I>Build</I>. A Gradle wrapper script is now included at <span class="gcode">support/gradle/gradlew(.bat)</span> which can be used to perform all Gradle commands without the need for prior Gradle installation. The Gradle wrapper requires an Internet connection to work. Offline Gradle installations on the PATH continue to work the same way as before. (GP-4486, Issue #455)</li>
<li><I>Debugger</I>. Provided new launchers/features for the traceRMI version of dbgeng, including extended launch options, kernel debugging, and remote process server connections. (GP-4686)</li>
<li><I>Debugger</I>. The Debugger Python components now require Python 3.9 to Python 3.12. (GP-4842)</li>
<li><I>Decompiler</I>. The Decompiler now supports the automatic recovery of <em>stack strings</em>. (GP-3307, Issue #1380, #2285, #6431, #6592)</li>
<li><I>Decompiler</I>. Added a <span class="gtitle">Search All</span> button to the Decompiler <span class="gtitle">Find</span> dialog. This button will show all results of the search in a table. (GP-3491, Issue #5317, #538)</li>
<li><I>GUI</I>. Added <span class="gtitle">Create Table</span> action to the <span class="gtitle">Symbol Tree</span> and <span class="gtitle">Symbol Table</span> to create a new temporary table of symbols. (GP-4574)</li>
<li><I>GUI</I>. Added a <span class="gtitle">Find Uses of</span> field action to the Enum Editor. (GP-4577, Issue #6475)</li>
<li><I>GUI</I>. Added support for <span class="gcode">Ctrl-A</span> to select <em>all</em> in the Python window. (GP-4605, Issue #6502)</li>
<li><I>Headless</I>. Added a JShell launcher with the full Ghidra classpath. (GP-4876)</li>
<li><I>Processors</I>. Added Intel MC16/60 and MC16/80 processor specifications. (GP-4879)</li>
<li><I>Scripting</I>. Added <span class="gcode">VSCodeProjectScript</span>, which can create a new Visual Studio Code project that is setup to do Ghidra scripting and module development, with similar capabilities to the Eclipse GhidraDev plugin. (GP-4795)</li>
<li><I>Search</I>. Updated the Memory Search feature to show results in the query window and added two new features: (1) dynamic updating of results that change, stay the same, increment, or decrement; and (2) combining results from successive searches using boolean set operations. (GP-4559)</li>
</ul>
</blockquote>
<blockquote><p><u><B>Improvements</B></u></p>
<ul>
<li><I>Analysis</I>. Refactored Sparc processor detection and mitigation of Call/Return behavior due to an instruction in the delay slot that changes the <span class="gcode">o7</span> link register. Also fixed 64/32 relocations, sparc calling conventions, and added several missing instructions and hidden structure return pointer location. (GP-3808, Issue #5646, #6300)</li>
<li><I>Analysis</I>. Added support for Golang 1.15 and 1.16. Versions supported are now 1.15-1.22. (GP-4482)</li>
<li><I>Analysis</I>. Added a new <span class="gcode">MIDIDataType</span> and audio player for embedded MIDI scores. (GP-4516, Issue #6337)</li>
<li><I>Analysis</I>. Refactored eBPF analyzers and expanded on applied BPF Helper functions. (GP-4682)</li>
<li><I>Analysis</I>. Updated the <span class="gcode">RTTIAnalyzer</span> to improve its determination of the end of virtual function tables. (GP-4748)</li>
<li><I>BSim</I>. Added BSim database <span class="gcode">connect</span>/<span class="gcode">disconnect</span> actions to BSim Server Manager. This will allow an idle connection to be disconnected without the need to exit Ghidra or removing a server entry, which, in the case of a local H2 database, will allow another process to use it. (GP-4867, Issue #6703)</li>
<li><I>Byte Viewer</I>. Extended HexInteger to other integral data types. (GP-4709, Issue #6658, #6659)</li>
<li><I>CodeCompare</I>. Added ability to add functions to the last function comparison window. (GP-4634)</li>
<li><I>Data Types</I>. Added <span class="gtitle">Edit Data Type</span> action that allows users to edit a chosen data type from anywhere in the tool by using the <span class="gcode">Ctrl-Shift-D</span> keyboard shortcut. (GP-4148, Issue #5975, #6576)</li>
<li><I>Data Types</I>. Added <span class="gtitle">Undo</span>/<span class="gtitle">Redo</span> popup menu actions for Archives within datatype tree. (GP-4719)</li>
<li><I>Data Types</I>. Added <span class="gtitle">Undo</span>/<span class="gtitle">Redo</span> support to the structure and union datatype editors as well as other minor improvements. (GP-4740)</li>
<li><I>Data Types</I>. Improved performance of various structure editor behaviors including setting the structure size. (GP-4949, Issue #6504, #6936)</li>
<li><I>Debugger</I>. Provided more complete compiler matching using <span class="gcode">ldefs</span> language definition files. (GP-4675)</li>
<li><I>Debugger:Agents</I>. Deprecated Framework-Debugging module and Model-based debug connectors, moving toward removal. (GP-4801)</li>
<li><I>Debugger:Agents</I>. User may now use binary (0b prefix), octal (0 prefix), or hex (0x prefix) in integer-valued launcher option fields. (GP-4847)</li>
<li><I>Debugger:Registers</I>. Changed how <span class="gtitle">Go To [address]</span> actions are presented with regard to <span class="gtitle">Force Full View</span>. (GP-3898, Issue #5817)</li>
<li><I>Decompiler</I>. Added <span class="gtitle">Go To Next/Previous Highlight</span> actions to allow navigating Decompiler middle-mouse highlights. (GP-3494, Issue #538)</li>
<li><I>Decompiler</I>. Improved Function Editor to facilitate partial changes which limit impact to Decompiler results (e.g., only change calling convention) and avoid locking full function signature. (GP-4324)</li>
<li><I>Decompiler</I>. Improved multi-threaded decompilation performance and possibly disassembly by removing some unnecessary locking. (GP-4712, Issue #6649, #6650)</li>
<li><I>Decompiler</I>. Provided initial support for recovering optimized heap strings in the Decompiler. (GP-4733)</li>
<li><I>Decompiler</I>. The Decompiler now forces casting to a signed value when converting integers to floating-point. (GP-4871, Issue #6760)</li>
<li><I>Demangler</I>. Added support for GNU Demangler output simplification. (GP-3810, Issue #5725)</li>
<li><I>Demangler</I>. Improved Microsoft Demangler to include handling of <span class="gcode">noexcept</span> attributes and certain type name suffixes. (GP-4626)</li>
<li><I>Demangler</I>. Modified MDMang: added calling conventions and custom data type; added end, empty parameter, and unnamed template types; modified reference modifiers and guard name processing; fixed empty member pointer qualification; and worked around LLVM embedded object issue. (GP-4663)</li>
<li><I>Demangler</I>. Changed application of MDMang <span class="gcode">`anonymous namespace'</span> strings to their underlying anonymous name to avoid namespace conflicts. (GP-4717, Issue #6661)</li>
<li><I>Demangler</I>. Added <span class="gcode">char8_t</span> primitive type to DemangledDataType. (GP-4823)</li>
<li><I>Demangler</I>. Updated the GNU Demangler to support global constructors and destructors. (GP-4825, Issue #6791)</li>
<li><I>Documentation</I>. Added discussions of program specification extensions and instruction length modification to the advanced Ghidra class slides, along with miscellaneous clarifications and improvements. (GP-3774, Issue #5667, #5702)</li>
<li><I>DWARF</I>. Added DWARF analyzer option to ignore parameter storage location info and to use calling convention default layout instead. Also added DWARF analyzer option to specify the calling convention name for functions created by the analyzer. (GP-4150)</li>
<li><I>Eclipse Integration</I>. The latest Eclipse GhidraDev plugin (4.0.0) now requires Eclipse 2023-12 or later running under JDK 21 or later. (GP-4846)</li>
<li><I>Function Compare</I>. Added actions to compare functions from the Listing, Decompiler, and Functions Table. (GP-4619)</li>
<li><I>GUI</I>. Updated the Listing and Byte Viewer title bars to show the number of addresses or bytes selected while dragging. (GP-1359, Issue #2482)</li>
<li><I>GUI</I>. Added <span class="gtitle">Show Namespace</span> action to the Function Call Trees to display the function's namespace in each node. (GP-3251, Issue #5115)</li>
<li><I>GUI</I>. Add <span class="gtitle">Filter Thunks</span> action to the Function Call Trees to hide think functions. (GP-3252, Issue #5116)</li>
<li><I>GUI</I>. Added the <span class="gtitle">Simplified Name</span> column to the Symbol Table. (GP-3377, Issue #6125)</li>
<li><I>GUI</I>. Added the ability to Snapshot the Symbol Tree. (GP-3849)</li>
<li><I>GUI</I>. Added the structure member comment to the Decompiler tooltip window. (GP-4661)</li>
<li><I>GUI</I>. Added single option in the Front End Tool to control whether or not cursors blink in any field panel or text component. (GP-4676, Issue #6570)</li>
<li><I>GUI</I>. The <span class="gtitle">Edit Data Type</span> action in the Decompiler will now select the structure field row when launching the editor. (GP-4728, Issue #5717)</li>
<li><I>GUI</I>. New Listing fields and <span class="gcode">Copy Special</span> actions have been added for imagebase offset, memory block offset, and function offset (disabled by default). (GP-4855, Issue #6794)</li>
<li><I>Headless</I>. Improved handling of headless command-line arguments when the optional list of arguments passed to a pre/post script contain arguments that start with a dash. (GP-4707, Issue #6639)</li>
<li><I>Importer</I>. Added a new <span class="gtitle">Add Library Search Path</span> action to files and folders in the File System Browser that will allow library files to be loaded from within a GFileSystem. (GP-4563)</li>
<li><I>Importer</I>. Added a new <span class="gcode">-librarySearchPaths</span> command line argument to the headless analyzer, which allows a semicolon-delimited list of library search paths to be specified. (GP-4564)</li>
<li><I>Importer</I>. OMF records are now marked up. (GP-4722)</li>
<li><I>Importer:ELF</I>. Improved ELF handling of unresolved symbols during relocation-processing to prevent import failure. (GP-4737, Issue #6673)</li>
<li><I>Multi-User</I>. Upgraded <span class="gcode">yajsw</span> to 13.12. (GP-4860)</li>
<li><I>PDB</I>. Changed the PDB symbol server search config dialog to allow marking symbol servers as trusted/untrusted instead of using the symbol server's connection type. (GP-4735)</li>
<li><I>PDB</I>. Improved PDB class namespaces determination and standardized some naming between PDB and MDMang. (GP-4773)</li>
<li><I>PDB</I>. Added <span class="gcode">char8_t</span> primitive type to PDB Universal analyzer. (GP-4822)</li>
<li><I>PDB</I>. Modified PDB MSDIA interpretation of malformed datatype fields with no underlying datatype. (GP-4827, Issue #6744)</li>
<li><I>Processors</I>. Fixed several PPC EVX instructions that were not affecting the destination register as a return value assigned from a pseudoOp call. (GP-4702)</li>
<li><I>Processors</I>. Added PSPEC label description tag and <span class="gcode">addr="next"</span> which allows for a large number of contiguous labels placed at an address based on the previous label without specifying the exact address of each label. (GP-4742)</li>
<li><I>Processors</I>. Processor specs now accept the <span class="gcode">volatile</span> attribute in <register> tags. (GP-4849, Issue #6755)</li>
<li><I>ProgramTree</I>. Updated the Program Tree default double-click behavior. Double-clicking now navigates instead of replacing the view. This can be changed in the tool options. (GP-4691)</li>
<li><I>Scripting</I>. GhidraScripts can now declare an <span class="gcode">@runtime</span> metadata comment to specify which GhidraScriptProvider is required to run them (e.g., <span class="gcode">Jython</span>). This will allow different GhidraScriptProviders that use the same script file extension (e.g., <span class="gcode">.py</span>) to coexist. (GP-4706)</li>
<li><I>Scripting</I>. Improved <span class="gcode">RecoverClassesFromRTTIScript</span> heuristics for determining class constructors and destructors. (GP-4764)</li>
<li><I>Scripting</I>. Changed <span class="gcode">RecoverClassesFromRTTIScript</span> virtual function definitions from using the formal signature (i.e., no <span class="gcode">this</span> param) to using <span class="gcode">void *this</span> param. This will improve the Decompiler output while continuing to not force a particular class structure on the generic definition's <span class="gcode">this</span> param. (GP-4812)</li>
<li><I>Scripting</I>. <span class="gcode">RecoverClassesFromRTTIScript</span> now caches <span class="gcode">vfunction</span> list in order to speed up processing. (GP-4863, Issue #6834)</li>
<li><I>Scripting</I>. Fixed a recursion issue in RecoverClassesFromRTTIScript. (GP-4865, Issue #6832, #6833)</li>
<li><I>Scripting</I>. Changed PasteCopiedListingBytesScript to handle hexdump format and listing bytes field split to multiple lines. (GP-4928)</li>
<li><I>Terminal</I>. Added <span class="gtitle">Select All</span> action to <span class="gtitle">Terminal</span> window. (GP-4631, Issue #6502)</li>
<li><I>Version Tracking</I>. The Version Tracking Matches table now has table column filters and now allows users to delete matches from the table (although this is not recommended). (GP-4410, Issue #6066, #6281)</li>
</ul>
</blockquote>
<blockquote><p><u><B>Bugs</B></u></p>
<ul>
<li><I>Basic Infrastructure</I>. Fixed a ClassSearcher exception that could occur when launching Ghidra in <span class="gcode">single jar mode</span>. (GP-4844, Issue #6809)</li>
<li><I>Data Types</I>. Corrected concurrency exception related to use of <span class="gcode">EnumDataType.getNames()</span> method. (GP-4797, Issue #6765)</li>
<li><I>Data Types</I>. Fixed <span class="gcode">StructureDB.delete(Set ordinals)</span> and <span class="gcode">UnionDB.delete(Set ordinals)</span> method implementations which failed to properly remove component records from database and update remaining components correctly. This method is used by the Structure and Union editors when removing components. (GP-4814)</li>
<li><I>Data Types</I>. Fixed issue in the Data Type Chooser dialog that caused inconsistent auto-complete behavior. (GP-4854)</li>
<li><I>Debugger</I>. Fixed catchpoint-related errors in GDB versions &lt;= 10. (GP-4745, Issue #6666)</li>
<li><I>Debugger</I>. Provided an initial fix for dealing with error induced by the occurrence of <span class="gcode">continue</span> during another GDB command. (GP-4750, Issue #6678)</li>
<li><I>Debugger</I>. Fixed potential register description errors when <span class="gcode">info registers all</span> or <span class="gcode">info registers general</span> are invalid. (GP-4757)</li>
<li><I>Debugger</I>. Added <span class="gcode">attach</span> script for dbgeng (WinDbg). (GP-4784, Issue #6735)</li>
<li><I>Debugger</I>. Fixed an issue with Listing display when trace overlay spaces are present. This issue had affected the dbgmodel connector. (GP-4788)</li>
<li><I>Debugger</I>. Removed test logic that was accidentally left in place. (GP-4841, Issue #6802)</li>
<li><I>Debugger</I>. Fix for potentially missing <span class="gcode">Attributes</span> field from older versions of dbgmodel. (GP-4856, Issue #6825)</li>
<li><I>Debugger</I>. The default Emulator was updated to remove TraceRmi launchers. Users should delete and re-import Emulator.tool, or remove the TraceRmiPlugin manually. (GP-4953)</li>
<li><I>Debugger:Emulator</I>. Fixed memory-space issues, especially in RegistersProvider. (GP-4781)</li>
<li><I>Debugger:Emulator</I>. Changed stack allocation to adhere to SP in program register context at PC. (GP-4834, Issue #6427)</li>
<li><I>Debugger:GDB</I>. Fixed issue with GDB continuing instead of stepping over (or out of) library function calls. (GP-4858, Issue #6822)</li>
<li><I>Debugger:Mappings</I>. Fixed launchers to adhere to <span class="gtitle">Modules</span> window's <span class="gtitle">Auto-Map</span> setting. Fixed <span class="gcode">DebuggerStaticMappingService</span> to update properly on changes. (GP-4713, Issue #6662)</li>
<li><I>Debugger:Mappings</I>. Fixed/rewrote buggy <span class="gcode">StaticMappingService</span>. (GP-4868)</li>
<li><I>Debugger:Memory</I>. Fixed stale <span class="gtitle">Force Full View</span> menu toggle when tabbing between traces. (GP-4835)</li>
<li><I>Debugger:Registers</I>. Fixed issue preventing <span class="gtitle">Registers</span> panel from displaying frames other than 0. (GP-4850)</li>
<li><I>Debugger:Watches</I>. Fixed issue in Watches where evaluation of concatenations failed. The error reported was <em>"index -1 in array of size 2"</em> or similar. (GP-4952)</li>
<li><I>Decompiler</I>. Fixed analysis of floating-point expressions in the Decompiler that could sometimes cause loss of precision in constants. (GP-2559, Issue #4586, #5785, #6708)</li>
<li><I>Decompiler</I>. Fixed a bug causing the Decompiler to fail to resolve array references properly in nested structures. (GP-4887)</li>
<li><I>Decompiler</I>. Fixed a corner case in the Decompiler for optimized division simplification where the division operands are extended from different-sized variables. (GP-4890, Issue #6648)</li>
<li><I>Decompiler</I>. Corrected a use after free vulnerability in Sleigh decompiler backend. (GP-4929, Issue #6890)</li>
<li><I>Diff Tool</I>. Fixed the <span class="gtitle">Save Default Diff Apply Settings</span> action in the <span class="gtitle">Diff Apply Settings</span> window. (GP-4670)</li>
<li><I>Eclipse Integration</I>. Fixed a GhidraDev issue that could result in a <span class="gcode">NullPointerException</span> within <span class="gcode">GhidraHelpService</span> when launching Ghidra. (GP-3490, Issue #6734)</li>
<li><I>Function</I>. Fixed an issue with incomplete function body creation due to the removal of a branching reference when the branch destination was to the next instruction and the instruction flowType had no fallthrough. (GP-4926)</li>
<li><I>GUI</I>. Fixed the Structure Editor <span class="gcode">Tab</span> key traversal. (GP-4716, Issue #5738)</li>
<li><I>GUI</I>. Fixed issue in add references dialog where moving the mouse sometimes reset the address space combo box back to the default ram space. (GP-4779)</li>
<li><I>GUI</I>. Fixed minor rendering issues with combo boxes when using the Metal Look and Feel. (GP-4818)</li>
<li><I>GUI</I>. Fixed <span class="gtitle">Structure Editor</span> sometimes not getting focus when opening. (GP-4857, Issue #6782)</li>
<li><I>GUI</I>. Fixed an exception in the Stack editor when editing and using the down arrow. (GP-4891, Issue #6883)</li>
<li><I>GUI</I>. Fixed incorrect cell being edited on <span class="gcode">Tab</span> key press while editing in the Enum Editor. (GP-4892, Issue #6873)</li>
<li><I>Importer</I>. Fixed an <span class="gcode">IndexOutOfBoundsException</span> that could occur when loading OMF binaries. (GP-4884, Issue #6862)</li>
<li><I>Importer:ELF</I>. Corrected regression bug where ELF Importer was ignoring option to disable relocation processing. (GP-4799, Issue #6751)</li>
<li><I>Importer:ELF</I>. Added missing mips opinion for R3/4 n32 automatic processor identification during import. (GP-4939)</li>
<li><I>Listing</I>. Fixed bug in the GoTo dialog where it wouldn't find a label if you had more than one namespace in the path. (GP-4761, Issue #6699)</li>
<li><I>Multi-User</I>. Fixed regression causing Version Control status not updated after check-in. (GP-4921)</li>
<li><I>PDB</I>. Supplied work-around for class that contains inner member with same class name as containing class name; pertaining to LLVM lambdas. (GP-4595)</li>
<li><I>PDB</I>. Fixed a bug in the processing of PDB MSDIA names passed from the native <span class="gcode">pdb.exe</span> processing component. Members that had a bit-field type or that had a namespace delimiter in the name were affected. (GP-4843, Issue #6788)</li>
<li><I>Processors</I>. Fixed PIC16 <span class="gcode">PCLATH</span> and <span class="gcode">RP0</span> code flow and data reference issues. (GP-4596, Issue #3239, #6466)</li>
<li><I>Processors</I>. Fixed ARM <span class="gcode">ldaexd</span> instruction semantics. (GP-4645, Issue #6526)</li>
<li><I>Processors</I>. Fixed ARM <span class="gcode">sha1su0.32</span> instruction semantics. (GP-4646, Issue #6529)</li>
<li><I>Processors</I>. Fixed ARM <span class="gcode">sha1su1.32</span> instruction semantics. (GP-4647, Issue #6530)</li>
<li><I>Processors</I>. Corrected <span class="gcode">CMOV</span> semantics when destination and source overlap. (GP-4714, Issue #6523)</li>
<li><I>Processors</I>. Fixed bug in SPARC <span class="gcode">sdivcc</span> instruction. (GP-4747, Issue #6689)</li>
<li><I>Processors</I>. Fixed m68000 <span class="gcode">ext</span> instruction not updating flags. (GP-4749, Issue #6679, #6690)</li>
<li><I>Processors</I>. Fixed extension of immediates for certain variants of the x86 <span class="gcode">SBB</span> instruction. (GP-4754, Issue #6521)</li>
<li><I>Processors</I>. Corrected semantics for x86 <span class="gcode">PEXTR</span> instructions which write to memory. (GP-4769, Issue #6511)</li>
<li><I>Processors</I>. Corrected semantics of x86 <span class="gcode">CMPPS</span> instruction. (GP-4772, Issue #6512)</li>
<li><I>Processors</I>. Added semantics for several x86 AVX instructions in use by GCC: <span class="gcode">VCVTTSx2Sx</span>, <span class="gcode">VDIVSx</span>, <span class="gcode">VINSTERT128</span>, and <span class="gcode">VEXTRACT128</span>. (GP-4776)</li>
<li><I>Processors</I>. Corrected semantics of x86 <span class="gcode">PACKUSWB</span> instruction. (GP-4777, Issue #6514)</li>
<li><I>Processors</I>. Added missing float-to-integer cast operation, <span class="gcode">trunc()</span>, to x86 <span class="gcode">CVTSD2SI</span> instruction. (GP-4778, Issue #6513)</li>
<li><I>Processors</I>. Fixed aliasing issues in certain x86 SIMD instructions. (GP-4783, Issue #6524)</li>
<li><I>Processors</I>. Fixed incorrect <span class="gcode">.sla</span> file reference in PPC e500mc processor specification. (GP-4826)</li>
<li><I>Processors</I>. Fixed issue with the M68000 <span class="gcode">fmovem.l</span> instruction using FPCR in place of FPIAR. (GP-4845, Issue #6810)</li>
<li><I>Processors</I>. Fixed sparc 32/64-bit multiply instructions. (GP-4912, Issue #6287, #6346)</li>
<li><I>ProgramDB</I>. Corrected <span class="gcode">NullPointerException</span> when setting instruction length override for a non-fallthrough instruction. (GP-4775)</li>
<li><I>References</I>. Fixed spurious replacement of small constants when the low byte of an offset matches the low byte of the reference address. Also turned the option to manipulate constants with masks and shifts to be off by default. (GP-4667, Issue #1564)</li>
<li><I>Scripting</I>. Added check in the <span class="gcode">RecoverClassesFromRTTIScript</span> to make sure <span class="gcode">ClassHierarchyDescriptor</span> symbols are in a non-Global namespace before trying to promote their namespace to a class namespace. If such symbols are found in the Global namespace it indicates potential issues with either the RTTI data or the processing of the RTTI data; in these cases, no class recovery will be done for the associated classes. (GP-4763, Issue #6704)</li>
<li><I>Scripting</I>. Fixed <span class="gcode">NullPointerException</span> in <span class="gcode">PropagateExternalParametersScript</span>. (GP-4883, Issue #6841)</li>
<li><I>Scripting</I>. Fixed CodeUnitInsertionException error in RecoverClassesFromRTTIScript.java script. (GP-4932, Issue #6848)</li>
</ul>
</blockquote>
<blockquote><p><u><B>Notable API Changess</B></u></p>
<ul>
<li><I>Search</I>. (GP-4559)
The MemorySearchService has been changed. This had been a very specific service API created to support just one plugin and was not generally useful. The three existing methods have been consolidated into one method. The old service has been marked as deprecated and may be removed in future releases. If, in the unlikely event that anyone is using this service, please contact the Ghidra team to discuss your use case.
</li>
<li><I>Data Types</I>. (GP-4949)
Added API method <span class="gcode">Structure.setLength(int length)</span> which allows the size of a non-packed structure to be set.
</li>
<li><I>Debugger:Agents</I>. (GP-4847)
<span class="gcode">LaunchConfigurator.configureLauncher()</span> is changed such that <span class="gcode">arguments</span> now requires <span class="gcode">ValStr&lt;?&gt;</span> instead of just <span class="gcode">?</span> for its values. This affects both the new Trace-RMI launchers and the deprecated object-model launchers.
</li>
</ul>
</blockquote>
<H1 align="center">Ghidra 11.1.2 Change History (July 2024)</H1>
<blockquote><p><u><B>New Features</B></u></p>
<ul>

231
Ghidra/Configurations/Public_Release/src/global/docs/WhatsNew.html
View File

@ -47,33 +47,37 @@
</P>
<hr>
<H1>What's New in Ghidra 11.1</H1>
<H2>The not-so-fine print: Please Read!</H2>
<H1>What's New in Ghidra 11.2</H1>
<P>This release includes new features, enhancements, performance improvements, quite a few bug fixes, and many pull-request
contributions. Thanks to all those who have contributed their time, thoughts, and code. The Ghidra user community thanks you too!</P>
<H2>The not-so-fine print: Please Read!</H2>
<P>Ghidra 11.x is fully backward compatible with project data from previous releases.
However, programs and data type archives which are created or modified in 11.x will not be usable by an earlier Ghidra version. </P>
<P>Ghidra 11.2 is fully backward compatible with project data from previous releases.
However, programs and data type archives which are created or modified in 11.2 will not be usable by an earlier Ghidra version.</P>
<P>This distribution requires at minimum JDK 17 to run, but can also run under JDK 21.</P>
<P><span class="gtitle">IMPORTANT:</span> Ghidra 11.2 requires at minimum JDK 21 to run.</P>
<P>NOTE: Each build distribution will include native components (e.g., decompiler) for at least one platform (e.g., Windows x86-64).
<P><span class="gtitle">IMPORTANT:</span> To use the Debugger or do a full source distribution build, you will need Python3 (3.9 to 3.12 supported) installed on your system.</P>
<P><span class="gtitle">NOTE:</span> There have been reports of certain features causing the XWindows server to crash. A fix for
CVE-2024-31083 in X.org software in April 2024 introduced a regression, which has been fixed in xwayland 23.2.6 and xorg-server 21.1.13. If you experience
any crashing of Ghidra, most likely causing a full logout, check if your xorg-server has been updated to at least the noted version.</P>
<P><span class="gtitle">NOTE:</span> Each build distribution will include native components (e.g., decompiler) for at least one platform (e.g., Windows x86-64).
If you have another platform that is not included in the build distribution, you can build
native components for your platform directly from the distribution.
See the <a href="InstallationGuide.html">Ghidra Installation Guide</a> for additional information.
Users running with older shared libraries and operating systems (e.g., CentOS 7.x) may also run into
compatibility errors when launching native executables such as the Decompiler and GNU Demangler which
may necessitate a rebuild of native components.</P>
<P>IMPORTANT: To use the Debugger, you will need Python3 (3.7 to 3.12 supported) installed on your system.</P>
<P>NOTE: Ghidra Server: The Ghidra 11.x server is compatible with Ghidra 9.2 and later Ghidra clients. Ghidra 11.x
<P><span class="gtitle">NOTE:</span> Ghidra Server: The Ghidra 11.x server is compatible with Ghidra 9.2 and later Ghidra clients. Ghidra 11.x
clients are compatible with all 10.x and 9.x servers. Although, due to potential Java version differences, it is recommended
that Ghidra Server installations older than 10.2 be upgraded. Those using 10.2 and newer should not need a server upgrade.</P>
<P>NOTE: Any programs imported with a Ghidra beta version or code built directly from source code outside of a release tag may not be compatible,
<P><span class="gtitle">NOTE:</span> Any programs imported with a Ghidra beta version or code built directly from source code outside of a release tag may not be compatible,
and may have flaws that won't be corrected by using this new release. Any programs analyzed from a beta or other local master source build should be considered
experimental and re-imported and analyzed with a release version.</P>
@ -82,148 +86,77 @@
Ghidra versions. You might consider comparing a fresh import of any program you will continue to reverse engineer to see if the latest Ghidra
provides better results.</P>
<H2>Debugger </H2>
<H2>Memory Search</H2>
<P><span class="gtitle">ATTENTION:</span> Please delete and re-import the default Debugger tool!</P>
<P>The <span class="gtitle">Search Memory</span> feature in Ghidra has been updated substantially to provide two new features:</P>
<BLOCKQUOTE>
<UL>
<LI>The ability to perform set operations on successive searches</LI>
<LI>The ability to (re)scan memory for changes in value</LI>
</UL>
</BLOCKQUOTE>
<P>Set operations, accessible from the pull-down menu under <span class="gtitle">Search</span>, allow you to augment
results by performing boolean operations on an existing search. For example, you might search for the hex pattern "DE AD" using <span class="gtitle">Search</span>,
add "BE EF" to the pattern field, and then select "A-B" to retrieve a list of byte sequences that begin with "DE AD" but do not include "DE AD BE EF".
Scanning for changes is most useful in a dynamic environment, such as the Debugger. Given an existing search, you can look for values that have changed,
increased, decreased, or remained the same. Simple examples might include looking for counters while a process is running, checking for areas of decompressed
memory, or identifying active areas of the heap.</P>
<H2>PDB</H2>
<P>The PDB Symbol Server Search Config dialog has been changed, allowing the user to mark symbol servers as trusted or untrusted.
This is an improvement over the previous mechanism that based trust on the symbol server's connection type.</P>
<H2>Debugger</H2>
<P><span class="gtitle">ATTENTION:</span> Please either delete and re-import the default Emulator tool, or
manually remove the TraceRmiPlugin from your EmulatorTool!</P>
<P>There are new launchers/features for the traceRMI version of dbgeng, including extended launch options, kernel debugging, and
remote process server connections.</P>
<H2>Decompiler</H2>
<P>The Decompiler can now automatically recover strings built on the stack and initial support for optimized heap strings has been added.
Stack strings are typically found in optimized code and obfuscated malware.</P>
<P>A new Search All action has been added which displays a table containing the results found within the current function.</P>
<H2>Programming Languages</H2>
<P> We are introducing a new debugger connection system called Trace RMI. This is replacing the older system,
which we are calling the Recorder system.</P>
<P>Golang support for versions 1.15 and 1.16 have been added. This brings the supported Golang versions to 1.15 thru 1.22.</P>
<H2>Processors</H2>
<P>There have been quite a few improvements to the Sparc processor specification, including additional instructions, 64-bit relocation support, and better
handling of call/return detection through tracking of the o7 link register. In addition, the calling convention for both sparc 32 and 64 bit binaries
have had an overhaul to support hidden structure return and much improved parameter allocation of floating point and general data types.</P>
<P>The most noticeable difference will be a new menu for launching targets. It is very similar to the previous system, but with some key differences:</P>
<BLOCKQUOTE>
<UL>
<LI>Connection and launching are no longer separated into two different configuration panels. There is one panel to launch your target.</LI>
<LI>Ghidra will no longer attempt to launch blindly with defaults. The first time you launch a program, you must select a launcher and configure it.</LI>
<LI>After the initial launch you can re-launch with a previous configuration, without requiring a prompt.</LI>
</UL>
</BLOCKQUOTE>
<P>The Intel M16C/60/80 sleigh processor specifications have been added. In addition, there have been numerous fixes to the
ARM, RX, M68000, PIC16, PPC, and x86 processor specifications.</P>
<P>The next most noticeable difference will be the replacement of the Interpreter window with the Terminal window. This is a proper VT-100
terminal emulator, so the experience will be much like, if not identical to, how you'd debug in a plain terminal, except embedded into and integrated with Ghidra.
Some notable improvements that brings:</P>
<BLOCKQUOTE>
<UL>
<LI>Tab completion, history, etc., should all work as implemented by the connected debugger's command-line interface.</LI>
<LI>When the target is running, it has proper I/O in that terminal.</LI>
<LI>If connecting goes poorly for some reason, the debugger's command-line interface is likely still operational.</LI>
</UL>
</BLOCKQUOTE>
<P>You may also notice the replacement of the Debugger Targets window with the Connection Manager window, and the replacement
of the Objects window with the Model window. These are operationally very similar to their previous counterparts.</P>
<H2>Other Improvements</H2>
<P>Actions have been added to compare functions directly from the Listing, Decompiler, or Functions Table via popup menu items. If there
is already a Function Comparison window showing, there are two actions: one to add the selected function(s) to the existing comparison, and
one to create a new Function Comparison Window. This allows a workflow where users can build up a set of functions to compare as they browse
around instead of having to select them all at once.</P>
<P>For Ghidra script and plugin developers who would prefer to use Visual Studio Code, a new script VSCodeProjectScript will create a new
Visual Studio Code project that is setup to do Ghidra scripting and module development. The capabilities are similar to the Eclipse
GhidraDev plugin.</P>
<P>There have been major speed improvements when creating or modifying large structures within the structure editor. In general large structure manipulation
should perform fluidly no matter the size of the structure. If the structure contains a large number of defined data, there could still be some degradation in
speed. Some fixed performance issues include: resizing a structure smaller or larger, clicking on an item to select a row, and defining a data type either with keyboard actions or dragging
and dropping from the data type manager. In addition, the behavior of automatically growing the size of a structure has been made consistent. Defining data on the last element of a structure
is allowed to automatically grow the structure to fit the data type. Defining data anywhere other than the last element isn't allowed if the data type does not fit because
of defined data that would need to be cleared, or there are not enough undefined bytes.</P>
<P><span class="gtitle">For Power Users:</span> The launchers are just shell scripts on Linux and macOS, and batch files on Windows. We have provided plugins
for integrating with GDB, LLDB, and the Windows Debugger. So long as your target works with one of these debuggers, orchestrating
another kind of target is mostly a matter of creating a new shell script. This is usually accomplished by using the most similar
one as a template and then trying it out in Ghidra. When errors occur, Ghidra will inform you of what progress it made before it
failed, and the Terminal should display any error messages produced by your script.</P>
<P><span class="gtitle">For Developers:</span> Developers may notice that debugger integration is now all done using Python 3.
We have specified a new protocol we call Trace RMI, which provides client access to Ghidra's trace databases over TCP.
It uses protobuf and is substantially simpler than the previous GADP protocol. We have provided the client implementation in
Python 3. Existing integrations can be fairly easily extended, if necessary. For example, see the support for Wine we included in our GDB plugin.</P>
<P>If you wish to integrate a completely new debugger, and it has a Python 3 API, then things are relatively straightforward, so long as
the debugger provides the events and information that Ghidra expects. Use an existing plugin as a template or reference and have fun.
If the new debugger does not have Python 3 bindings, the protobuf specification is available, so the client can be ported, if necessary.</P>
<P><span class="gtitle">IMPORTANT:</span> To use the new Trace RMI system, you will need Python3 (3.7 to 3.12 supported) installed on your system.
Additional setup may be required for each type of debug connection. Press <span class="gtitle">F1</span> in the debug connector's launch dialog
for more information.</P>
<P>Overall, we believe this a substantially more approachable system than our previous DebuggerObjectModel SPI used in the Recorder system.</P>
<H2>GhidraGo </H2>
<P>GhidraGo is an experimental feature that adds integration support for Ghidra URL's and Ghidra Tools. GhidraGO can now process GhidraURL's that
locate folders within a project instead of only programs. For example a remote GhidraURL locating a project folder will open a read only view of
the repository in the front end tool and select the folder from the URL. If the GhidraURL refers to a folder in the currently open
active project, then the folder is selected within the active project's view instead of a read only view.
</P>
<H2>PDB </H2>
<P>The PDB data type processing changes from release 11.0 have been further enhanced, simplifying the processing model and reducing the number of datatype
conflicts. The algorithm for choosing the primary symbol at an address has been improved to provide the richest possible information. The PDB Universal
Analyzer has been split into multiple analyzers so that PDB function processing can follow interim analyzers that specialize in finding code.
Lastly, the Load PDB Task has been improved to schedule appropriate follow-on analyzers that are selected in the Analysis Options.</P>
<H2>Version Tracking </H2>
<P> Version Tracking Session files may now be added to a shared project repository. Once a version tracking file has been checked in to a project,
it must be checked out for exclusive access. For more information, see help found in the Version Tracking's
Session Wizard help for more information.</P>
<P>NOTE: Prior to adding a pre-existing VT Session to a shared project repository, it is highly recommended that it first be re-opened
and saved. This will upgrade the VT Session internal version to prevent its use with older versions of Ghidra which will not respect
the exclusive checkout requirement.</P>
<H2>Mach-O Improvements</H2>
<P>Mach-O support continues to improve, adding support for new features as well as filling in some gaps that existed for several years.
The latest dyld_shared_cache files use a new format for pointer fixups, which Ghidra now supports. A new GFileSystem has also been
implemented to import and/or extract individual Mach-O binaries from Mach-O "file sets" (i.e., kernelcache). A second new GFileSystem
has been added which can extract Apple LZFSE-compressed files. Other improvements have also been made to provide more complete markup of Mach-O load commands.</P>
<H2>Swift </H2>
<P>Initial support for binaries written in the Swift Programming Language has been added. The new support relies on the native Swift demangler being
present on the user's system. Swift is automatically bundled with XCode on macOS, and can be optionally installed on Windows and Linux.
See the "Demangler Swift" analyzer options for more information. Type information gathered from the demangled Swift symbol names is used to
create corresponding Ghidra data types. This currently works for Swift primitives and structures, but more work needs to be done to include
classes and other advanced data types. Swift-specific calling conventions are also applied to demangled Swift functions.</P>
<H2>Usability </H2>
<P>There have been many improvements to keyboard only actions and navigation in Ghidra. These changes will be welcome for those who
prefer to use the keyboard as much as possible and those needing better accessibility. Improvements include:</P>
<BLOCKQUOTE>
<UL>
<LI>Standard keyboard navigation should now work in most component windows and dialogs. In general, <span class="gtitle">Tab</span> and <span class="gtitle">&lt;CTRL&gt; Tab</span> will
move focus to the next focusable component and <span class="gtitle">&lt;SHIFT&gt; Tab</span> and <span class="gtitle">&lt;CTRL&gt;&lt;SHIFT&gt; Tab</span> will move to the
previous focusable component. <span class="gtitle">Tab</span> and <span class="gtitle">&lt;SHIFT&gt; Tab</span> do not always work as some components use those keys internally, but
<span class="gtitle">&lt;CTRL&gt; Tab,</span> and <span class="gtitle">&lt;SHIFT&gt;&lt;CTRL&gt; Tab</span> should work universally.</LI>
<LI>Ghidra now provides some convenient keyboard shortcut actions for transferring focus:</LI>
<UL>
<LI><span class="gtitle">&lt;CTRL&gt; F3</span> - Transfers focus to the next window or dialog.</LI>
<LI><span class="gtitle">&lt;CTRL&gt;&lt;SHIFT&gt; F3</span> - Transfers focus to the previous window or dialog.</LI>
<LI><span class="gtitle">&lt;CTRL&gt; J</span> - Transfers focus to the next titled dockable component (titled windows).</LI>
<LI><span class="gtitle">&lt;CTRL&gt;&lt;SHIFT&gt; J</span> - Transfers focus to the previous titled dockable component.</LI>
</UL>
<LI>All actions can now be accessed via a searchable dialog.</LI>
<UL>
<LI>Pressing <span class="gtitle">&lt;CTRL&gt; 3</span> will bring up the actions dialog with the local toolbar, popup and keyboard actions.</LI>
<LI>Pressing <span class="gtitle">&lt;CTRL&gt; 3</span> a second time will add in all the global actions. </LI>
<LI>Pressing <span class="gtitle">&lt;CTRL&gt; 3</span> a third time will add in the disabled actions as well.</LI>
<LI>The actions dialog was specifically designed to be easy to use without a mouse. Typing will filter the actions list and the
arrow keys allow you to select an action and enter will invoke the selected action </LI>
</UL>
</UL>
</BLOCKQUOTE>
<H2>Other Improvements </H2>
<P>Support for the <span class="gtitle">SquashFS</span> filesystem has been added.</P>
<P>A new wildcard assembler API has been added that can generate all possible variants of an instruction with a variety of wildcards for operands.
Two new scripts, <span class="gtitle">FindInstructionWithWildcard</span> and <span class="gtitle">WildSleighAssemblerInfo</span>, demonstrate how to use the API.
For more information, see help and search for <span class="gtitle">Wildcard Assembler</span>.
<P>A new <span class="gtitle">Runtime Information</span> dialog has replaced the Show VM Memory dialog. The dialog contains more information
which can aid in debugging, including version information, classpath, defined properties, environment variables, and more.</P>
<P>The GhidraDev Eclipse plugin has a new wizard for importing an existing Ghidra module source directory. This will work best with Ghidra module projects
created against Ghidra 11.1 or later.</P>
<P>Finding references to fields within a structure has been greatly improved. Previously many references to the field would be missed if they occurred within
functions calling external functions using the structure, or when the field was used only in local variables dynamically generated by
the decompiler.</P>
<P>Golang versions 17 thru 22 are now supported.</P>
<P>DWARF5 debug format is now supported. In addition, DWARF line number information processing has been incorporated into the base DWARF analyzer and the
separate DWARF line number analyzer has been removed.</P>
<H2>Additional Bug Fixes and Enhancements</H2>
<P> Numerous other new features, improvements, and bug fixes are fully listed in the <a href="ChangeHistory.html">ChangeHistory</a> file.</P>
<P> Numerous other new features, improvements, and bug fixes are fully listed in the <a href="ChangeHistory.html">ChangeHistory</a> file.</P>
<div align="center">
<B><a href="https://www.nsa.gov/ghidra"> https://www.nsa.gov/ghidra</a></B>
@ -231,4 +164,4 @@
</div>
</BODY>
</HTML>
</HTML>