Mirrors_Framework/ghidra
1
0
Fork 0
mirror of https://github.com/NationalSecurityAgency/ghidra.git synced 2026-05-31 02:51:12 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/Ghidra_10.1'

Browse Source
This commit is contained in:
ghidra1
2021-11-16 20:46:58 -05:00
parent a17f525e11 53e4f2ff9b
commit 0996ede391
8 changed files with 263 additions and 403 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Ghidra/Configurations/Public_Release/src/global/docs/ChangeHistory.html
+167
View File
@@ -7,6 +7,173 @@
<BODY>
<H1 align="center">Ghidra 10.1 Change History (November 2021)</H1>
<blockquote><p><u>New Features</u></p>
<ul>
<li><I>Build</I>. Ghidra now builds on 64-bit Linux ARM and macOS M1 platforms. (GP-1106, Issue #3197)</li>
<li><I>Build</I>. Native binaries for the current platform can now be built/rebuilt from within a release using the <B>support/buildNatives(.bat)</B> script. Please see the "Building Ghidra Native Components" section of the Installation Guide for additional information. (GP-1209, Issue #3387)</li>
<li><I>Data Types</I>. Added encoding methods to DataType. (GP-1265)</li>
<li><I>Debugger</I>. Added Memory view (raw bytes) to the Debugger. (GP-80)</li>
<li><I>Debugger</I>. Added new agent for lldb on macOS and Linux. (GP-1005, Issue #2591, #2967)</li>
<li><I>Debugger</I>. Added Events/Exceptions to Objects View. (GP-1288, Issue #3049)</li>
<li><I>Debugger:Emulator</I>. Added <B>Emulate Program</B> and <B>Add Emulated Thread</B> actions for loading a program into a purely emulated trace. (GP-660)</li>
<li><I>Decompiler</I>. Added support for <code><B>else if</B></code> syntax in Decompiler output. (GP-1172, Issue #1609)</li>
<li><I>Importer</I>. Added support for Android formats (ART, OAT, ODEX, DEX, CDEX, VDEX) and Dalvik VM Sleigh modules for each major Android release up to version 12.x (S). (GP-1247)</li>
<li><I>Scripting</I>. Created RunYARAFromGhidra.py to map YARA rules to Ghidra comments. (GP-1199)</li>
</ul>
</blockquote>
<blockquote><p><u>Improvements</u></p>
<ul>
<li><I>Analysis</I>. The ___chkstk_ms() function is now properly recognized and handled. (GP-1347, Issue #1888, #1889)</li>
<li><I>Analysis</I>. Added support for Objective-C small methods. (GP-1397, Issue #2719, #2732)</li>
<li><I>Analysis</I>. Several memory usage issues with constant propagation for very large functions have been fixed. These fixes have also resulted in an average 10-20 percent time savings for constant propagation and stack analysis. (GP-1418, Issue #3508)</li>
<li><I>API</I>. Updated API methods of the DataTypeChooserDialog. (GP-1349, Issue #3140)</li>
<li><I>Basic Infrastructure</I>. Symbol performance in Ghidra was significantly improved. Specifically, new database indexes were created to improve finding primary symbols as well as improving lookups by combinations of name, namespace, and address. (GP-1082)</li>
<li><I>Basic Infrastructure</I>. Added optional columns in the Functions table for several boolean-valued function attributes. (GP-1393)</li>
<li><I>Build</I>. Extension builds can now declare jar dependencies from standard Gradle repositories such as Maven Central. (GP-1144, Issue #2219, #2226)</li>
<li><I>Data Types</I>. Added support for zero-element arrays and zero-length components within structures and unions. Eliminated flex-array API methods and added/improved other Structure methods to handle multiple components which share the same offset. (GP-943)</li>
<li><I>Data Types</I>. Added the ability to set comments on enum values. (GP-1316, Issue #1680, #2421)</li>
<li><I>Debugger</I>. Respond to CLI-driven memory changes in dbgeng. (GP-853)</li>
<li><I>Debugger</I>. User can now override the Debugger's processor selection when manually activating the <B>Record</B> (<B>R</B>) action. (GP-1233)</li>
<li><I>Debugger</I>. User can now double-click in Listing margin to toggle breakpoints. (GP-1395)</li>
<li><I>Debugger</I>. Adjusted alignment of <B>Description</B> tag in Debugger's <B>Connect</B> dialog. (GP-1416)</li>
<li><I>Debugger:Emulator</I>. Added more accessor methods to PcodeThread, Machine, Executor, and similar classes. (GP-1223)</li>
<li><I>Debugger:Emulator</I>. Added more accessor methods to PairedCodeArithmetic, ExecutorState, ExecutorStatePiece, and similar classes. (GP-1224)</li>
<li><I>Debugger:GDB</I>. GDB manager handles <code>=cmd-param-changed</code> events. (GP-1330)</li>
<li><I>Debugger:GDB</I>. Ported GDB's SSH connector to JSch. (GP-1387)</li>
<li><I>Debugger:Stack</I>. Fixed various <code>NullPointerExceptions</code> among the Debugger Stack and Threads windows. (GP-1475)</li>
<li><I>Debugger:Trace</I>. Trace API now supports <B>Overlay</B> spaces. (GP-484)</li>
<li><I>Decompiler</I>. Added the <B>Rename Label</B> Decompiler action to allow label name editing. (GP-1195, Issue #1751)</li>
<li><I>Decompiler</I>. The Decompiler now recognizes typedef relationships between data-types when determining if casts are necessary. (GP-1297, Issue #2393, #3249)</li>
<li><I>Decompiler</I>. Improved the Decompiler's analysis of pointer calculations affected by common subexpression elimination. (GP-1312)</li>
<li><I>Decompiler</I>. Added methods to ClangTokenGroup to facilitate iteration and filtering over the Decompiler's output tokens. (GP-1317, Issue #2040)</li>
<li><I>DWARF</I>. Relaxed DWARF symbol name mangling to allow colons and forward slashes; changed space mangling to use underscores. (GP-1122, Issue #2014, #2043)</li>
<li><I>DWARF</I>. Improved DWARF analyzer to handle MIPSPro 64-bit file format oddity. (GP-1171, Issue #3223)</li>
<li><I>DWARF</I>. Improved DWARF analyzer to import DWARF data from PE binaries. (GP-1192, Issue #1267)</li>
<li><I>DWARF</I>. Add support for DWARF external debug files. (GP-1286, Issue #3513)</li>
<li><I>DWARF</I>. Added support for DWARF <B>noreturn</B> function attribute. (GP-1390)</li>
<li><I>Eclipse Integration</I>. Eclipse Python breakpoints now work when Eclipse installs PyDev in <B>.p2</B> bundle pool directory. (GP-1338, Issue #3453, #3454)</li>
<li><I>Exporter</I>. Updated the DataTypeWriter to emit enum comments. Furthermore, the enum data type has been updated to return names sorted by enum value, which is now the order in which enum values will be emitted by the DataTypeWriter. (GP-1374, Issue #1664)</li>
<li><I>Exporter</I>. The PE Exporter no longer forces files to be saved with a <B>.exe</B> extension. (GP-1385, Issue #3391)</li>
<li><I>Extensions</I>. Building extensions now fails gracefully if an unsupported Gradle version is used. (GP-1189, Issue #3313)</li>
<li><I>FileSystems</I>. Temporary files created by GFilesystem implementations are now obfuscated when written to disk. (GP-253)</li>
<li><I>FileSystems</I>. Added support for opening password-protected zip files. (GP-725, Issue #377)</li>
<li><I>FileSystems</I>. Add support for opening HFS+ volume images. Improved support for ISO9660 images by using 7-Zip library. (GP-807)</li>
<li><I>Graphing</I>. Created concept of graph types that define specific vertex and edge types so that color and shape attributes can be assigned indirectly to vertices and edges. Created tool options for setting/changing the display attributes for these types. (GP-773)</li>
<li><I>GUI</I>. Added new layouts to the Function Graph. Each new layout is using one of the Jungrapht layouts. (GP-926)</li>
<li><I>GUI</I>. Added option to change the background color of the Function Call Graph. (GP-1014)</li>
<li><I>GUI</I>. Added menu support for the following navigation keys: <B>Page Up</B>, <B>Page Down</B>, <B>Home</B>, <B>End</B>, and number keys <B>1</B>-<B>9</B>. (GP-1081, Issue #2811)</li>
<li><I>GUI</I>. Added an option to group the XRef field in the Listing by function. (GP-1093, Issue #1305)</li>
<li><I>GUI</I>. Symbol tree has been changed to improve its behavior in the presence of large scale changes such as analysis, loading PDB, etc. It now will auto-close the label or function category if the internal organization becomes too much out of balance. This will also improve the analysis performance when the root category nodes are closed. (GP-1198)</li>
<li><I>GUI</I>. Improved composite interior selection of components with shared offset such as bit-fields. Previous behavior was forcing selection of multiple components. (GP-1261)</li>
<li><I>GUI</I>. Fixed exception due to the Patch action incorrectly being added to the Function Graph context menu. (GP-1334, Issue #3288)</li>
<li><I>GUI</I>. Updated the Search Memory dialog to allow the user to enter a single wildcard character to search for any byte value. Previously, two consecutive wildcard characters were required. (GP-1358, Issue #3351)</li>
<li><I>GUI</I>. Updated auto-comments to show user-defined repeatable comments from the reference destination. (GP-1361, Issue #2475)</li>
<li><I>GUI</I>. Changed the Context column to allow for filtering of special characters in the results table of the <B>Find Uses of</B> action. (GP-1370, Issue #3473)</li>
<li><I>GUI</I>. Updated the CodeBlockIterator interface to extend Iterable. This allows the iterator to be used in Java's foreach loops. (GP-1381, Issue #3478)</li>
<li><I>GUI</I>. Added <B>Find Structures by Offset...</B> and <B>Find Structures by Size...</B> actions to the Data Type Manager window. (GP-1382, Issue #759)</li>
<li><I>GUI</I>. Added the ability to remove a non-default symbol by setting the Edit Label dialog text to the empty string; added an action to the Decompiler to remove non-default labels. (GP-1383, Issue #3285)</li>
<li><I>GUI</I>. Fixed the Function Editor's Storage Address Editor dialog to ensure that the Cancel button will not allow data type changes to be passed through to the primary editor. (GP-1398, Issue #3490)</li>
<li><I>GUI</I>. Updated the Comments Dialog to allow the <B>Shift-Enter</B> keystroke to insert a newline at the cursor position. (GP-1428, Issue #3548)</li>
<li><I>GUI</I>. Updated the Symbol Table to allow users to enter optional namespaces when editing a symbol name. (GP-1430)</li>
<li><I>GUI</I>. Fixed issue with shared actions across windows sometimes getting the wrong (non-focused) context. This was mostly related to windows with snapshot components. (GP-1440)</li>
<li><I>GUI</I>. Fixed issue when attempting to rename a datatype that has the same name as a category in the same parent cateogory. The rename would attempt to rename the category instead of the datatype. (GP-1445)</li>
<li><I>Importer</I>. Added support for new Mach-O load commands and file types. (GP-398, Issue #2487, #3572)</li>
<li><I>Importer</I>. Added method to Memory to find addresses where a specific byte from a loaded FileBytes object is used in memory. (GP-1166)</li>
<li><I>Importer:Mach-O</I>. The Mach-O loader now outputs a warning when it encounters encrypted sections. (GP-1406, Issue #1935)</li>
<li><I>Importer:PE</I>. Added support for long section names (e.g., "/1234" as offset in the string table) in PE binaries. (GP-1177, Issue #1267)</li>
<li><I>Multi-User</I>. Upgraded YAJSW to 13.01. Ghidra Server can now run with JDK 17. (GP-1266, Issue #3406)</li>
<li><I>PDB</I>. Improved processing time on huge PDBs, especially when many labels are seen at the same address, such as with Identical COMDAT Folding. This change also allows some additional valid labels to be applied at these addresses. (GP-1298)</li>
<li><I>Processors</I>. Added pcodetests for ARM version 5, which does not support thumb mode. (GP-1078)</li>
<li><I>Processors</I>. Added 65C02 opcodes to the 6502 processor. (GP-1112, Issue #1261, #3170)</li>
<li><I>Processors</I>. Made numerous improvements to the SPARC language module. (GP-1135)</li>
<li><I>Processors</I>. Improved and fixed several issues involving the SuperH4 language module. (GP-1212)</li>
<li><I>Processors</I>. Updated manual index page numbers for AMD VMX instructions. (GP-1219, Issue #2923)</li>
<li><I>Processors</I>. Updated x86 and AARCH64 processor manual index files. (GP-1234)</li>
<li><I>Processors</I>. Added <code><B>longMode</B></code> bit to x64 language spec for mixed 32-/64-bit use cases; e.g., WoW64. (GP-1255)</li>
<li><I>Processors</I>. Made minor improvements to the RISC-V language module. (GP-1409)</li>
<li><I>Scripting</I>. Improved RecoverClassesFromRTTIScript to better define virtual function data definitions to be more generically used by all related class structures. (GP-1311, Issue #3417)</li>
<li><I>Scripting</I>. Added options to allow removal of replaced class structure data types when replaced with ones created by RecoverClassesFromRTTIScript. (GP-1315, Issue #3443)</li>
<li><I>Scripting</I>. Changed class structures created by RecoverClassesfromRTTI so that the vftable pointers are separated from the class data structures inside a derived class. This allows the derived class vftables structures to be accessed correctly by the Decompiler. (GP-1408)</li>
<li><I>Sleigh</I>. Modeled undocumented encoding of <code>REP</code> prefix for x86 instructions. (GP-1294, Issue #731)</li>
<li><I>Version Tracking</I>. Slightly relaxed score thresholds for the reference correlator portions of auto version tracking to enable discovery of more high scoring matches. (GP-1448)</li>
</ul>
</blockquote>
<blockquote><p><u>Bugs</u></p>
<ul>
<li><I>Analysis</I>. Fixed a bug that would result in the <B>COFF Header Annotation</B> analyzer from running on PIC binaries when it was not intended to. (GP-1366, Issue #3386)</li>
<li><I>Analysis</I>. The Objective-C analyzer no longer crashes when encountering categories with an implementation in an external binary. (GP-1413, Issue #3510)</li>
<li><I>Analysis</I>. Fixed a stack overflow in the <B>Objective-C 2 Class</B> analyzer. (GP-1420, Issue #2378)</li>
<li><I>API</I>. Fixed issues related to moving memory blocks where the source and/or destination have pinned symbols. This could have resulted in addresses with symbols where no symbol is primary or having multiple symbols at an address that are primary. It could also have resulted in pinned symbols being moved from the destination to the source address range. (GP-1103)</li>
<li><I>API</I>. Fixed an issue with the SymbolManager method getClassNamespaces() where it was only returning class namespaces in the global namespace. (GP-1346)</li>
<li><I>C Parsing</I>. Several issues parsing C header files have been fixed including ternary macro expression evaluation, #line preprocessor markup within functions and structures, far/near recognized as a keyword, and handling of __asm syntax. (GP-1335, Issue #1069, #1082, #2667, #464, #929)</li>
<li><I>Debugger</I>. Fixed program actions (<B>Save</B>, <B>Close</B>, <B>Undo</B>, etc.) to work properly in the Debugger. (GP-508)</li>
<li><I>Debugger</I>. Fixed issue getting registers on ARM targets with GDB where command exceeded 4096 characters. (GP-1356, Issue #3297, #3509)</li>
<li><I>Debugger</I>. Fixed several issues with the GDB connector's <b>use existing session</b> option. (GP-1365)</li>
<li><I>Debugger</I>. Fixed a NullPointerException from canceling a debug launch. (GP-1442)</li>
<li><I>Debugger</I>. Fixed <B>Select Addresses</B> button for Debugger Modules pane. (GP-1450)</li>
<li><I>Debugger</I>. Fixed issue with duplicate selection actions in the debugger tool. (GP-1452)</li>
<li><I>Debugger:Emulator</I>. Fixed Debugger integration and trace emulation for WoW64. (GP-1245)</li>
<li><I>Debugger:GDB</I>. Fixed issue with GDB/GADP hang in development mode. (GP-1360)</li>
<li><I>Debugger:GDB</I>. Fixed issue interrupting GDB targets launched without temporary breakpoint on main. (GP-1362)</li>
<li><I>Debugger:GDB</I>. Fixed issues parsing and displaying various types of GDB breakpoints. (GP-1364)</li>
<li><I>Debugger:GDB</I>. Fixed problem passing arguments to GDB in IN-VM and SSH modes. (GP-1368)</li>
<li><I>Debugger:GDB</I>. Fixed a NullPointerException when terminating GDB. Changed PtySession API to prevent future occurrence. (GP-1399, Issue #3487)</li>
<li><I>Debugger:Trace</I>. Fixed <B>ram</B> not in this trace/language error. (GP-1411, Issue #3509)</li>
<li><I>Decompiler</I>. Fixed a corner case in the manipulation of integer ranges by the Decompiler. (GP-1243, Issue #3064)</li>
<li><I>Decompiler</I>. Fixed a bug in the Decompiler's renaming algorithm that could cause memory corruption in rare cases. (GP-1380, Issue #3429)</li>
<li><I>Demangler</I>. Fixed GNU Demangling bug encountered when Address Table types have spaces in the parent namespace name. (GP-1051)</li>
<li><I>Eclipse Integration</I>. Fixed an exception in the GhidraDev Eclipse plugin that occurred when performing a <B>Link Ghidra</B> operation on projects that use a Gradle classpath container. (GP-1149, Issue #3087, #3088)</li>
<li><I>Exporter</I>. IDA exporter no longer fails when function stack variables have comments. (GP-1190, Issue #2350, #3309, #748)</li>
<li><I>FileSystems</I>. Fixed Ext4 handling of longer symlink paths and added support for inline data. (GP-1088)</li>
<li><I>FileSystems</I>. Fixed Ext4 file system to handle volumes with blocksize 1024 and a first data block value of 1. Also added support for old style block maps. (GP-1094, Issue #1877)</li>
<li><I>Framework</I>. Fixed error causing exception in the Specification Extensions panel, when importing a new callotherfixup. (GP-1414, Issue #3502)</li>
<li><I>GUI</I>. Fixed potential infinite loop in Function Graph edge painting. (GP-1019, Issue #2114)</li>
<li><I>GUI</I>. Fixed minor memory leak encountered when using <B>Search -> For Address Tables</B>. (GP-1030, Issue #3013)</li>
<li><I>GUI</I>. Fixed bug that prevented the Decompiler scalar hover tooltip from showing. (GP-1071, Issue #3142)</li>
<li><I>GUI</I>. Fixed NullPointerException in File System Browser when closing the current project. (GP-1096, Issue #3179)</li>
<li><I>GUI</I>. Fixed the script console to not lock the GUI when a large amount of text is being written. (GP-1148, Issue #3251)</li>
<li><I>GUI</I>. Fixed long GUI hang when attempting to <B>Set External Program</B> on an import within in a large Ghidra project. (GP-1155, Issue #3245)</li>
<li><I>GUI</I>. Fixed UI freeze when connecting to a large remote project. (GP-1200, Issue #3305)</li>
<li><I>GUI</I>. Tweaked enablement of several search actions so that instead of being disabled when on a restricted view provider (e.g., Decompiler, FunctionGraph), they instead are enabled, but apply to the global listing provider. (GP-1259)</li>
<li><I>GUI</I>. Fixed stack trace in the Function Call Graph when using the <B>Show Incoming Level Edges</B> action. (GP-1302, Issue #3327)</li>
<li><I>GUI</I>. Fixed the Search Memory dialog issue that caused odd resize behavior when using the Advanced button. (GP-1333, Issue #3158)</li>
<li><I>GUI</I>. Fixed tracking of <B>Favorite</B> data types when switching between multiple open programs. (GP-1391)</li>
<li><I>GUI</I>. Fix user list scrollbar in shared project dialog when there is a large number of users. (GP-1410)</li>
<li><I>GUI</I>. Fixed bug that cause a structure field name to change when using the Retype Field action without picking a new data type. (GP-1429, Issue #3483)</li>
<li><I>Importer</I>. Fixed issue with <B>Extract and Import</B> action trying to create invalid filenames. (GP-1024, Issue #3114)</li>
<li><I>Importer</I>. Fixed <B>Extract and Import</B> action when highlighting bytes in the debugger view. (GP-1449)</li>
<li><I>Importer:ELF</I>. Corrected ELF importer error which could occur when processing memory section overlay blocks caused by AddressOutOfBoundsException exception. (GP-1052, Issue #3128)</li>
<li><I>Importer:ELF</I>. Corrected various markup issues related to packed ELF Android relocations. Added missing ELF Arm 32-bit RELR relocation support. (GP-1352, Issue #3462)</li>
<li><I>PDB</I>. Fixed short timeout values when downloading PDB files. (GP-1105, Issue #3184)</li>
<li><I>PDB</I>. Fixed the <B>Load PDB</B> dialog to better handle missing or incomplete metadata. (GP-1180, Issue #3289)</li>
<li><I>PDB</I>. Fixed NullPointerException encountered for a particular array of enums scenario where the enum definition processing had not completed. (GP-1456, Issue #3484)</li>
<li><I>Processors</I>. Corrected return type for MIPS32 <code>JIC</code> instruction. (GP-938, Issue #3022)</li>
<li><I>Processors</I>. Corrected pcode for ARM/ARM-Thumb <code>adcs</code> and <code>sbcs</code> carry and overflow flag updates. (GP-1043)</li>
<li><I>Processors</I>. Corrected flag handling for some 6502 instructions. (GP-1054, Issue #3096)</li>
<li><I>Processors</I>. Fixed issues with PPC register overwrites. (GP-1075, Issue #1672)</li>
<li><I>Processors</I>. Fixed MIPS 32-bit little endian floating point register ordering. (GP-1129, Issue #3212)</li>
<li><I>Processors</I>. Corrected PowerPC ISA instruction manual index page numbers. (GP-1218, Issue #2927)</li>
<li><I>Processors</I>. Updated Tricore manual index file to match correct page numbers. (GP-1220, Issue #2926)</li>
<li><I>Processors</I>. Fixed bug in SuperH <code>moveml.l</code> instruction which caused a load instead of store register. (GP-1263, Issue #3379)</li>
<li><I>Processors</I>. Corrected semantics for MIPS <code>INS</code> instruction. (GP-1290, Issue #3405)</li>
<li><I>Processors</I>. Corrected MIPS64 <code>DINS</code> instruction semantics. (GP-1291, Issue #2232)</li>
<li><I>Processors</I>. Corrected semantics of PA-RISC shift conditions, which was incorrectly using the register size in bytes, as opposed to bits. (GP-1292)</li>
<li><I>Processors</I>. Corrected ARM neon <code>vmrs</code> instruction disassembly. (GP-1322, Issue #3446)</li>
<li><I>Processors</I>. Corrected SuperH <code>bld</code> and <code>movemu</code> instruction semantics. (GP-1331, Issue #3449)</li>
<li><I>Processors</I>. Removed deprecated ARM condition code 15. (GP-1332)</li>
<li><I>Processors</I>. Corrected issue with x86 <code>call</code> instructions when stack pointer is used as a reference. (GP-1357, Issue #3455)</li>
<li><I>Processors</I>. Corrected MIPS pcodeop error in <code>tlbr</code> instruction. (GP-1363, Issue #3463)</li>
<li><I>Processors</I>. Corrected ARM Thumb conditional instruction <code>it</code> to allow the <code>al</code> (always) conditional. (GP-1402, Issue #3499)</li>
<li><I>Processors</I>. Removed extraneous <code>sb</code> from ARM <code>ldrsb</code> instruction. (GP-1412, Issue #3522)</li>
<li><I>ProgramDB</I>. Corrected language upgrade issue which could result in lost memory reference due to <code>RefType</code> change. (GP-1392)</li>
<li><I>Scripting</I>. RecoverClassesFromRTTIScript now consistently applies its class structures in programs that have PDB information applied. Also, an option was added so users can decide whether to replace existing class data in thiscall functions regardless of whether they originated as PDB or not. (GP-1464)</li>
<li><I>Sleigh</I>. Corrected sleigh-language endian-mismatch error-message formatting. (GP-1132, Issue #3215)</li>
<li><I>Version Tracking</I>. Fixed UnsupportedOperationException in Version Tracking when attempting to find references to register or stack addresses. (GP-1084, Issue #1152)</li>
<li><I>Version Tracking</I>. Fixed Version Tracking <B>Swap</B> button to not trigger the reloading of programs. (GP-1183)</li>
</ul>
</blockquote>
<H1 align="center">Ghidra 10.0.4 Change History (September 2021)</H1>
<blockquote><p><u>Improvements</u></p>
<ul>
Ghidra/Configurations/Public_Release/src/global/docs/WhatsNew.html
+71 -370
View File
@@ -42,387 +42,89 @@
vulnerabilities in networks and systems.
</P>
<H1> What's new in Ghidra 10.0</H1>
<H1>What's new in Ghidra 10.1 BETA</H1>
<H2> <a id="finePrint10"/>The not-so-fine print: Please Read!</H2>
<H2>The not-so-fine print: Please Read!</H2>
<P>Ghidra 10.0 is fully backward compatible with project data from previous releases. However, programs and data type archives
which are created or modified in 10.0 will not be useable by an earlier Ghidra version.</P>
<P>Ghidra 10.1 is fully backward compatible with project data from previous releases. However, programs and data type archives
which are created or modified in 10.1 will not be useable by an earlier Ghidra version.</P>
<P>This release includes many new features and capabilities, performance improvements, quite a few bug fixes, and many pull-request
contributions. Thanks to all those who have contributed their time, thoughts, and code. The Ghidra user community
thanks you too!</P>
<P>NOTE: Ghidra Server: The Ghidra 10.0 server is compatible with Ghidra 9.2 and later Ghidra clients. Ghidra 10.0
<P>NOTE: Ghidra Server: The Ghidra 10.1 server is compatible with Ghidra 9.2 and later Ghidra clients. Ghidra 10.1
clients are compatible with all 9.x servers.</P>
<H2>Distribution</H2>
<P> The Ghidra distribution has been enhanced to allow building of native executables directly from a release distribution.
The distribution currently provides Linux 64-bit, Windows 64-bit, and MacOS x86 binaries. If you have another platform,
for example a MacOS M1 based system or a Linux variant, the support/buildNatives script can build the decompiler,
demangler, and legacy PDB executables for your plaform. You will need gradle that supports building for your platform
and a working compiler for your environment. Not every platform can be supported, as a pre-requisite is
support by gradle. Ghidra has been tested to build additional native executables for Linux ARM 64-bit,
Linux x86 variants, and macOS ARM 64-bit. </P>
<P>Please see the "Building Ghidra Native Components" section of the Installation Guide for additional information.</P>
<H2>Debugger</H2>
<H3>Pure Emulation</H3>
<P>There's a new action <B>Emulate Program</B> (next to the <B>Debug Program</B> button) to launch the current program in Ghidra's p-code emulator.
This is not a new "connector." Rather, it starts a blank trace with the current program mapped in. The user can then step using the usual
"Emulate Step" actions in the "Threads" window. In general, this is sufficient to run simple experiments or step through local regions of code.
To modify emulated machine state, use the "Watches" window. At the moment, no other provider can modify emulated machine state.</P>
<H2>Debugger</H2>
<P>With the release of Ghidra 10.0, we are excited to officially introduce our new Debugger. It is still geared primarily for user-mode application debugging on Linux and Windows;
however, you may find its components usable in other scenarios. To get started, please Ghidra Functionality / Debugger / Getting Started in the Help. For most, it is as easy as importing
your program, opening it with the Debugger tool, and clicking the "bug" icon in the main toolbar. The Debugger's features include:</P>
<BLOCKQUOTE><UL>
<li>Debugging user-mode Windows applications on x64 hosts via dbgeng.dll/WinDbg (including 32-bit x86 applications via WoW64)</li>
<li>Debugging user-mode Linux applications on amd64/x86_64 hosts via GDB (including 32-bit i686/x86 applications)</li>
<li>Quick launch to locally debug the current program</li>
<li>Recording of observations from a live debug session into a Ghidra Trace database</li>
<BLOCKQUOTE><UL>
<li>NOTE: We do <em>not</em> currently plan to support Trace database upgrades in future releases</li>
</UL></BLOCKQUOTE>
<P>This is also very useful in combination with the "P-code Stepper" window (this plugin must be added manually via File->Configure).
A language developer can, for example, assemble an instruction that needs testing, start emulating with the cursor at that instruction,
and then step individual p-code ops in the "P-code Stepper" window.</P>
<li>Sharing of Trace databases via a Ghidra Server</li>
<li>Time-travel(-like) exploration and annotation of Trace databases.</li>
<BLOCKQUOTE><UL>
<li>Includes capture of memory and register values over time</li>
<li>Utilizes p-code emulation to interpolate and extrapolate ahead of the target</li>
</UL></BLOCKQUOTE>
<li>Export a Trace's memory / listing (at a given time) to ASCII, Binary, HTML, Intel Hex, and XML</li>
</UL></BLOCKQUOTE>
<H3>New Views:</H3>
<BLOCKQUOTE><UL>
<li>Targets list for managing platform debugger connections</li>
<li>Interpreter Panel for accessing the platform debugger's command-line interface</li>
<li>Console Panel for viewing log messages and resolving problems</li>
<li>Objects Tree for accessing and commanding the platform debugger via a graphical user interface
<BLOCKQUOTE>
Includes Resume, Interrupt, Step, Launch, etc.
</BLOCKQUOTE>
<li>Dynamic Listing for viewing and annotating memory in a Trace</li>
<li>Breakpoint management:</li>
<BLOCKQUOTE>
<li>Breakpoints viewer showing breakpoints from all live sessions, as well as breakpoints bookmarked in Program databases</li>
<li>Dynamic Listing actions permitting placement, toggling, and removal of breakpoints at the current address</li>
<li>(Static) Listing actions permitting the bookmarking, placement, toggling, and removal of breakpoints</li>
</BLOCKQUOTE>
<li>Registers Table for viewing and annotating values in a Trace and/or modifying values of the target</li>
<li>Watches Table for evaluating SLEIGH expressions on the Trace or target machine state</li>
<BLOCKQUOTE>
NOTE: Dependent registers and memory are captured to the Trace, if recording from a live target
</BLOCKQUOTE>
<li>Stack / Frame Table for navigating frame contexts</li>
<li>Threads Timeline for listing threads and for navigating thread and time contexts</li>
<li>Modules Table for viewing modules and sections, and for mapping live Trace addresses to static Program database addresses</li>
<li>P-code Stepper/Emulator for debugging SLEIGH language specifications in-situ</li>
<li>Memory/Time plotter for viewing trace events</li>
</UL></BLOCKQUOTE>
<H3>New APIs:</H3>
<BLOCKQUOTE><UL>
<li>Trace database (backs our time-travel features and populates our machine-state UIs)</li>
<li>Platform debugger model (our abstraction of platform debuggers into a reflexive API)</li>
<li>Abstract SLEIGH / p-code execution (backs our emulation, trace interpolation, and SLEIGH watches)</li>
</UL></BLOCKQUOTE>
<H3>Nascent support for the following:</H3>
<BLOCKQUOTE><UL>
<li>Other modes, including kernel-mode, and remote debugging, as supported by the platform debugger.</li>
<BLOCKQUOTE>
WARNING: Ghidra's Trace recorder may not know how to cope with the environment and objects presented, causing it to behave poorly, e.g., it may greedily record things,
exhaust resources, crash Ghidra, crash your debugger, crash your target, etc.
</BLOCKQUOTE>
<li>Connection to WinDbg Preview (via dbgmodel.dll) on Windows</li>
<li>Connection to a JVM or DalvikVM via JDI (JDWP)</li>
<li>Support for tracing the following architectures via GDB: arm, m68k, mips, powerpc (depending on versions and variants)</li>
<li>Support for tracing the following architectures via JDI: Java, Dalvik (depending on versions and variants)</li>
</UL></BLOCKQUOTE>
<H3>Support in progress for the following:</H3>
<BLOCKQUOTE><UL>
<li>Pure program emulation, i.e., simulating a trace from a program, without an actual target</li>
<li>Connection to LLDB for macOS and iOS targets. This will likely support other targets and platforms, too.</li>
</UL></BLOCKQUOTE>
<H3>Known Issues:</H3>
<BLOCKQUOTE>
<P>
While the debugger is quite usable, as this is its initial release, it is not as mature as the other features of Ghidra.
The following are areas where we've seen the most recurring problem tickets, for which we've not been able to produce quick fixes.
We don't necessarily have answers for these problems, so we're listing them here so people are aware, and to open up some discussion.
</P>
<H4>1. The breakpoints interface is complicated</H4>
<P>
We attempt to present an abstract view of breakpoints and save them to the program databases, but we also didn't want to hide the raw breakpoint locations listed for each target.
This is the basis of our "logical breakpoint" concept, but it has introduced some complexity and confusion, which is obviously not what we intended.
One common misconception is that placing a breakpoint in the program image then launching the program should cause an initial break at that spot.
This is a totally reasonable expectation, but one which cannot necessarily be implemented, depending on the capabilities of the connected debugger.
Typically, the user must launch the target, take the initial break provided by the debugger, then place the desired breakpoints.
While we've made some changes recently to try to communicate actual breakpoint state, it has not alleviated this confusion.
We're also not sure if this is just a learning curve thing, or a real problem regarding UI intuition.
</P>
<H4>2. Loading the correct dbgeng DLL for Windows debugging is a kludge</H4>
<P>
It turns out the OpenJDK 11 JVM is already linked to <code>dbgeng.dll</code> in order to implement its service agent.
This created two potential issues:
</P>
<BLOCKQUOTE><OL>
<li>It's difficult/impossible to link an alternative DLL. It always gets <code>C:\windows\system32\dbgeng.dll</code>.</li>
<li>The JVM's debugging session and Ghidra's debugging session could potentially conflict.</li>
</OL></BLOCKQUOTE>
<P>
While we figured that out some time ago, we worked around it by copying the desired DLL(s) into the JRE running Ghidra.
This moved things along nicely, allowing us to postpone a better solution, while coding up the connector.
Furthermore, issue (2) did not seem to be a problem, presumably because we never tried triggering the issue.
Regarding issue (1), we could (or so we thought) ignore it, since the system copy had the required features.
It was almost the same as WinDbg's, but with some disabled bits, e.g., the <code>.server</code> command.
However, it seems there are more nuances than that.
Ideally, we'd find an environment variable to override the JVM's link to <code>dbgeng.dll</code>, so that we can link to a configured WinDbg installation.
Furthermore, we have some configuration management to do in cataloging and deciding which versions of WinDbg to prescribe.
</P>
<H4>3. Errors due to configuration / installation issues are not clear</H4>
<P>
While we've done our best to document version requirements, when those requirements are not met, we don't fail fast.
This typically leads to cryptic error messages.
We neglected such checks in part, because we weren't sure what the requirements were until we had tested, and partly because we didn't want to limit the user.
We now find ourselves in the pickle of needing to go back and code in some reasonable checks, while perhaps allowing for optional bypasses.
That would allow for issues from configuration to be more quickly diagnosed.
</P>
<P>
However, there's also the case of unexpected user configurations even within the prescribed versions.
For example, connecting GDB to a remote or system stub may prevent <code>proc info mappings</code> or <code>maint info sections</code> from returning anything useful, and we rely on them for the memory and module maps.
Granted, some of these situations are outside the prescribed use cases, not all are.
While this can be addressed in support forums or FAQs, we really ought to put in some better diagnostics.
</P>
<H4>4. A trace database is required to accomplish even basic operations, and it's becoming a burden.</H4>
<P>
The trace database was a bit serendipitous.
We originally connected machine-state UI components directly to the debugging interfaces, but this created some problems:
</P>
<BLOCKQUOTE><OL>
<li>If a request was never answered on a blocking call, we risked hanging the UI.</li>
<li>Our caches (used to reduce queries to the debugger connection) grew in size.</li>
</OL></BLOCKQUOTE>
<P>
While converting the debugging API to asynchronous queries helped us avoid a good portion of UI hangs, we still needed something to mediate between the UI's synchronous calls and the debugging API's asynchronous calls.
This was accomplished by introducing a database.
This allowed us to answer synchronous callbacks from the UI immediately, and later emit update once aysnchronous debugger API requests were completed.
Additionally, because the database is stored on disk, using in place of some in-memory caches alleviated memory requirements.
Our first attempt used an extension of a standard ProgramDB, but that proved insufficient.
Thus, we needed a new kind of database for storing target machine state.
We thought this an opportunity to build something new, and aware of other research efforts in "time-travel" or "timeless" debugging, we introduced a "trace database."
</P>
<P>
Currently, a trace database (even if just an ephemeral one) is required for the UI to interact with a target's machine state.
While we anticipated some risk, we were perhaps a little too excited about traces to give it proper credence.
There are a good bit of dependencies and resource needs to get a trace going.
Notably, the system must know the target architecture, and usually also its ABI.
Additionally, all combined &mdash; the debugging API, the GADP server and client, the trace database, and the UI &mdash; there's still plenty of unchecked in-memory caching going on, risking resource exhaustion.
Regarding target architecture recognition: if it's not on the (currently small) list, the target cannot be traced, and so its state cannot be viewed.
This precludes the user from viewing the target's memory in the UI, even if disassembly is not desired.
Furthermore, a table of register names and values could easily be presented without first recognizing the architecture.
The latter is mitigated somewhat by the "Objects" viewer's table mode, using the Registers container as the root, but this is not an intuitive solution until the user is familiar with that viewer.
We need either/both to support simpler forms of tracing that have fewer dependencies and/or to implement some state viewers outside of tracing &mdash; but without taking us back to our original problems.
</P>
<H4>5. The threads timeline view has not been receiving enough TLC</H4>
<P>
This particular view was meant to expose the time axis of the trace database in a sort of "cool" fashion by plotting the lifetimes of every observed thread.
Some work was put in to get that plot working, but it has been the source of some pernicious bugs that are simply no fun to work on.
One of the more annoying ones deals with caret placement, which is essentially the "scroll bar" for time.
It seems the range of that widget does not always match the range of the timeline plot, causing confusion surrounding a critical parameter in navigating the trace: time.
It would seem an easy issue to fix, except that we're no longer sure a single caret is really the best way to navigate time.
We're honestly looking at dropping that timeline pane altogether and just accomplishing the same plot using a custom cell editor on the threads table.
However, the only other means we have of navigating time is the "Time" table, which generally just lists events.
We'd like to devise something more cogent, perhaps allowing queries or establishing visual cues to identify interesting points in time.
</P>
</BLOCKQUOTE>
<H2>User-defined Compiler Specification Extensions</H2>
<P>Ghidra 10.0 adds support for user-defined extensions to the <b>compiler specification</b> assigned to a specific Program. In particular,
users can now define their own:</P>
<BLOCKQUOTE><UL>
<LI><B>Calling Conventions</B> - which inform analysis and decompilation how parameters are passed between functions,</LI>
<LI><B>Call-Fixups</B> - which substitute behavior for specific CALLs when analyzing a function that makes them, and</LI>
<LI><B>Callother-Fixups</B> - which substitute behavior for certain Instructions when analyzing a function that contains them.</LI>
</UL></BLOCKQUOTE>
<H3>Raw Hex for Live Memory</H3>
<P>We've added a variant of the "Bytes" window within dynamic trace, allowing viewing live memory as hex, ascii, etc. The window
includes the same background coloring, navigation, and tracking actions as the "Dynamic Listing". To open this window, select Window -> Bytes -> Memory.</P>
<H3>LLDB Support</H3>
<P>Working toward debugging macOS targets, we've added support for LLDB. Currently, some effort is required on the user's end to clone, patch,
and build LLDB with language bindings for Java. Once done, the new connectors for LLDB can be used in the normal fashion. While intended for macOS,
these connectors also work on Linux, and may work on Windows, too. This offers an alternative for those who prefer lldb to gdb.</P>
<H2>Data Types</H2>
<P>Support for zero-length data types and components has been improved, although such types will continue to
report a non-zero length using the <i>DataType.getLength()</i> method. For code/features that can support zero-length data types the <i>DataType.isZeroLength()</i>
method must be used to identify this case. The <i>DataType.isZeroLength()</i> is no longer synonymous with <i>DataType.isNotYetDefined()</i> which is
intended to identify data types (i.e., structures and unions) whose components have not yet be specified. Along these same lines, Ghidra
now allows zero-element arrays to be defined. The API methods supporting a trailing flex-array on structures have been removed in favor
of using zero-element array components. Existing flex-array instances will be upgraded accordinagly within Programs and Data Type Archives.
The static method <i>DataTypeComponent.usesZeroLengthComponent(DataType)</i> may be used to determine if a zero-length component
will be used for a specific data type. Due to the overlapping behavior of zero-length components, a data type which returns <i>true</i>
for <i>isNotYetDefined()</i> will not produce a zero-length component.</P>
<H2>Mach-O Binary Import</H2>
<P>Mach-O binary import has been greatly improved, including handling of relocation pointer chains, support for newer Objective-C
class structures with RelativePointers, many additional load commands such as encrypted blocks, and more recent dyld and kernel caches.</P>
<H2>Android</H2>
<P>Added support for Android formats (ART, OAT, ODEX, DEX, CDEX, VDEX) and Dalvik VM Sleigh modules for each major Android release up to version 12.x.
Support for the latest android release is in progress for a future release.</P>
<P>Prior releases only provided compiler specifications statically via <B>.cspec</B> files in the distribution. The new extensions
are stored as part of the Program and can be added or adjusted dynamically as users build up their understanding.
Extensions can be added from the <B>Specification Extensions</B> tab under the <I>Options</I> dialog for the Program.</P>
<H2>Prototype Class Recovery From RTTI</H2>
<P>A new prototype script <B>RecoverClassesFromRTTIScript</B> which recovers class information using RTTI structures has been added.
The script recovers class hierarchy, inheritance types, constructors and destructors, class data types, and more. If available, PDB information
is used to help fill in class structures with known names and types for class member data. If PDB is unavailable, the decompiler structure
recovery is utilized to populate class data structure members.</P>
<P>Things to consider when using this script:</P>
<BLOCKQUOTE><UL>
<LI>As this is a prototype script, the location, names, layout of data types, and default virtual function names created by this script are
likely to change in the future once an official design for Object Oriented representation is determined.</LI>
<LI>Windows class recovery is fairly complete and tested, however GCC class recovery is still in early development.</LI>
<LI>For best results, run this script on freshly imported and analyzed programs. No testing has been done on programs previously imported with pre-existing user mark-up.</LI>
</UL></BLOCKQUOTE>
<P>Two related scripts have been added, <B>ApplyClassFunctionSignatureUpdatesScript</B> and <B>ApplyClassFunctionDefinitionUpdatesScript</B>, which are fix-up scripts that can be applied if a user
makes changes to a virtual function recovered by the <B>RecoverClassesFromRTTIScript</B>. Both scripts identify differences between Function Signatures in the
Listing and Function Definitions in the Data Type Manager, but the first script fixes all changes to match the signature and the second to match the definition. NOTE: These
scripts are a temporary measure until an underlying connection between function signatures and their associated function definition can be implemented in the Ghidra API.</P>
<H2>Performance Improvements</H2>
<P>There have been many performance improvements to import, analysis, program data base access, many API calls, and the user interface.</P>
<P>Symbol performance in Ghidra was significantly improved. Specifically, new database indexes were created to improve finding primary
symbols as well as improving lookups by combinations of name, namespace, and address.</P>
<H2>Processors</H2>
<P>Improvements and bug fixes to many processors to include: X86, ARM, AARCH64, SPARC, PPC, SH4, RISC-V, and 6502.</P>
<H2>DWARF</H2>
<P>Support for loading DWARF debug information from a separate file during import has been added. In addition data type information contained in the
separate debug file can be loaded without application to a program, enabling the use of debug information from a related version of the binary.</P>
<H2>PDB Symbol Server</H2>
<P>Managing and applying PDB files has a much improved GUI, including support for multiple symbol server locations.</P>
<H2>Saved Analysis Options Configuration</H2>
<P>Analysis options configurations can be saved by name and quickly changed using a new feature in the Analysis configuration menu. The
last used named configuration will be used as the default option the next time a program is analyzed even after exiting Ghidra. This can be useful
to disable one or more options, such as Stack Analysis, if the analyzer is providing poor results or the analysis is not desired for a type of binary
you will be working with. For example some analysis options should be turned off by default for all suspect malware binaries on the first pass to avoid
issues with some types of obfuscation.<P>
<H2>Graphs</H2>
<P>Data types can get complicated and might have many references to other data structures, either by declaring them as a field or as a pointer at another data type.
A general graph of data type relationships from the Data Type manager has been added. In addition defined data structures in memory can be graphed by following all references
to other defined data or code using the Graph->Data menu.<P>
<P>A new favored edge and associated layout has been added for hierarchical graphs. This edge can help closely align graph nodes that should
be arranged more closely to a neighboring node, for example the node from a fall-thru edge should be arranged closer than from a branching edge.<P>
<H2>Structure/Union Changes</H2>
<P>A significant refactor of the Composite datatype interfaces and internals has been completed which affects
Structures and Unions. The changes are intended to provide a more understandable API and allow an alignment
to be specified for non-packed composites (aka, composites with internal alignment disabled).</P>
<H3>Editor Changes</H3>
<P>Previously, the editor contained an <B>Align</B> checkbox which determined if packing should be performed or not.
This checkbox has been replaced by a checkbox adjacent to the <B>pack</B> choices (i.e., enable/disable packing).
Generally, this setting would be "not-checked" (i.e., disabled) when reverse-engineering the content of a
structure so that components may be placed at specific offsets. Only when there is a complete understanding
of all components, as conveyed by a source header file, should
this be enabled with the appropriate <B>pack</B> and <B>align</B> settings specified. In addition, when <B>pack</B>
is enabled it is important that the component datatypes emit the correct alignment to ensure proper
placement during packing.</P>
<P>The <B>align</B> setting may now be used when packing is disabled with the composite adopting
the specified alignment. The default alignment for a non-packed composite is <B>1</B> which is consistent
with the current behavior in Ghidra 9.x.</P>
<H3>Composite API Changes</H3>
<P>The various pack and align methods of the <I>Composite</I> (i.e., <I>Structure</I> and <I>Union</I>)
API have been changed extensively. Since these changes were primarily intended to "cleanup" the
interface we decided to eliminate (i.e., not deprecate) the old methods. It was felt leaving them in
place would only confuse matters when attempting to understand the new interface. It is also believed that
most uses of the API generally do not utilize the pack and align settings which should minimize the
impact to existing user code.<P>
<P>The tables below convey the <I>Composite</I> API changes as they relate to the pack and align settings.</P>
<BLOCKQUOTE>
<P>
<TABLE WIDTH="100%">
<TR>
<TD COLSPAN="3" padding-top:14px; padding-bottom:14px;><CENTER><B>Composite Pack API Changes</B></CENTER></TD>
</TR><TR style="background-color:#DFDFDF;">
<TH>Old Method 9.x</TH><TH>New Method 10.0</TH><TH>Comments</TH>
</TR><TR>
<TD><CODE>setInternallyAligned(<font color="blue">boolean</font>)</CODE></TD>
<TD><CODE>setPackingEnabled(<font color="blue">boolean</font>)</CODE></TD>
<TD> </TD>
</TR><TR>
<TD><CODE>isInternallyAligned()</CODE></TD>
<TD><CODE>isPackingEnabled()</CODE></TD>
<TD>Equivalent to: <CODE>getPackingType() != DISABLED</CODE></TD>
</TR><TR>
<TD><CODE>setPackingValue(NOT_PACKING)<BR>setPackingValue(1..n)</CODE></TD>
<TD><CODE>setToDefaultPacking()<BR>setExplicitPackingValue(1..n)<BR>pack(1..n)</CODE></TD>
<TD>Packing will be enabled if not previously enabled. Old constant <CODE>NOT_PACKING</CODE> has been elliminated.</TD>
</TR><TR>
<TD><CODE>getPackingValue()</CODE></TD>
<TD><CODE>getExplicitPackingValue()</CODE></TD>
<TD>New method use does not directly map (see Javadocs). Old constant <CODE>NOT_PACKING</CODE> has been elliminated.</TD>
</TR><TR>
<TD> </TD>
<TD><CODE>hasDefaultPacking()</CODE></TD>
<TD>Equivalent to: <CODE>getPackingType() == DEFAULT</CODE></TD>
</TR><TR>
<TD> </TD>
<TD><CODE>hasExplicitPackingValue()</TD>
<TD>Equivalent to: <CODE>getPackingType() == EXPLICIT</CODE></TD>
</TR><TR>
<TD> </TD>
<TD><CODE>getPackingType()</TD>
<TD>Possible values: <CODE>DISABLED</CODE>, <CODE>DEFAULT</CODE> or <CODE>EXPLICIT</CODE></TD>
</TR><TR>
<TD><CODE>realign()</CODE></TD>
<TD><CODE>repack()</CODE></TD>
<TD>Update component sizing and placement if composite has packing enabled.
Changes to data organization (e.g., type sizes and alignments) are problematic and difficult to fully
recover from. Any attempted repair to component sizes and alignments need to be performed in
dependency order (ignoring pointer components).</TD>
</TR>
</TABLE>
<P>
<TABLE WIDTH="100%">
<TR>
<TD COLSPAN="3"><CENTER><B>Composite Align API Changes</B></CENTER><BR>
<B>NOTE!</B> The old alignment <I>set</I> methods previously forced packing to be enabled.
This is no longer the case since the alignment setting is now supported for composites
where packing is not enabled. If packing should be enabled a separate
call to a packing enablement method (see above) is required. When packing is <U>disabled</U>
the composite's computed alignment will match the specified align setting (default is
1 which is consistent with old behavior).
</TD>
</TR><TR style="background-color:#DFDFDF;">
<TH>Old Method 9.x</TH><TH>New Method 10.0</TH><TH>Comments</TH>
</TR><TR>
<TD><CODE>setToDefaultAlignment()</CODE></TD>
<TD><CODE>setToDefaultAligned()</CODE></TD>
<TD>Default alignment for a non-packed composite is 1. When packing is enabled the
default alignment is a function of the component packing.</TD>
</TR><TR>
<TD><CODE>isDefaultAligned()</CODE></TD>
<TD><CODE>isDefaultAligned()</CODE></TD>
<TD>Equivalent to: <CODE>getAlignmentType() == DEFAULT</CODE></TD>
</TR><TR>
<TD><CODE>setToMachineAlignment()</CODE></TD>
<TD><CODE>setToMachineAligned()</CODE></TD>
<TD>Non-packed composites will have an alignment which equals the machine alignment
specified by the compiler specification (data organization). Packed structures
will have an alignment which is a multiple of the machine alignment.</TD>
</TR><TR>
<TD><CODE>isMachineAligned()</CODE></TD>
<TD><CODE>isMachineAligned()</CODE></TD>
<TD>Equivalent to: <CODE>getAlignmentType() == MACHINE</CODE></TD>
</TR><TR>
<TD><CODE>setMinimumAlignment(DEFAULT_ALIGNMENT_VALUE)<BR>setMinimumAlignment(1..n)</CODE></TD>
<TD><CODE>setToDefaultAligned()<BR>setExplicitMinimumAlignment(1..n)<BR>align(1..n)</CODE></TD>
<TD>
If an explicit minimum alignment is set (1..n), non-packed composites will have an alignment
which equals this value, while packed structures
will have an alignment which is a multiple of this value.
Old constant <CODE>DEFAULT_ALIGNMENT_VALUE</CODE> has been eliminated.
</TD>
</TR><TR>
<TD><CODE>getMinimumAlignment()</CODE></TD>
<TD><CODE>getExplicitMinimumAlignment()</CODE></TD>
<TD>New method use does not directly map (see Javadocs). Old constant <CODE>DEFAULT_ALIGNMENT_VALUE</CODE> has been elliminated.</TD>
</TR><TR>
<TD></TD>
<TD><CODE>hasExplicitMinimumAlignment()</CODE></TD>
<TD>Equivalent to: <CODE>getAlignmentType() == EXPLICIT</CODE></TD>
</TR><TR>
<TD></TD>
<TD><CODE>getAlignmentType()</CODE></TD>
<TD>Possible values: <CODE>DEFAULT, MACHINE or EXPLICIT</CODE></TD>
</TR>
</TABLE>
</BLOCKQUOTE>
</P>
<H2>Gradle</H2>
<P>The build infrastructure has been upgraded to support both Gradle 6 and 7. Gradle 5 is no longer supported.<P>
<H2>New Processors</H2>
<P>We are working on .NET/CIL that may make it into the final 10.0 release, but most likely into 10.1</P>
<H2>Binary Exporter</H2>
<P>New exporters that write programs imported with the PE and ELF loaders back to their original file layout have been added.
Any file-backed bytes that were modified by the user in the program database will be reflected in the written file.
Bytes that are part of the import process such as relocations or modified Memory Maps are not currently handled.</P>
<P>
... WORK IN PROGRESS ... See release notes for more details.
</P>
<H2>Bug Fixes and Enhancements</H2>
<P> Numerous other bug fixes and improvements are fully listed in the <a href="ChangeHistory.html">ChangeHistory</a> file.</P>
@@ -433,4 +135,3 @@
</BODY>
</HTML>
Ghidra/Features/Base/src/test.slow/java/ghidra/app/plugin/core/codebrowser/CodeBrowserTest.java
+6 -5
View File
@@ -132,6 +132,7 @@ public class CodeBrowserTest extends AbstractGhidraHeadedIntegrationTest {
private void setUpCodeBrowserTool(PluginTool tool) throws Exception {
tool.addPlugin(CodeBrowserPlugin.class.getName());
tool.addPlugin(NextPrevAddressPlugin.class.getName());
tool.addPlugin(CodeBrowserSelectionPlugin.class.getName());
addPlugin(tool, SymbolTablePlugin.class);
}
@@ -472,7 +473,7 @@ public class CodeBrowserTest extends AbstractGhidraHeadedIntegrationTest {
@Test
public void testSelectAll() {
DockingActionIf action = getAction(cb, "Select All");
DockingActionIf action = getAction(tool, "Select All");
performAction(action, cb.getProvider(), true);
ProgramSelection ps = getCurrentSelection();
AddressSet set1 = new AddressSet(program.getMemory());
@@ -482,7 +483,7 @@ public class CodeBrowserTest extends AbstractGhidraHeadedIntegrationTest {
@Test
public void testSelectComplementOnAllProgram() {
DockingActionIf action = getAction(cb, "Select Complement");
DockingActionIf action = getAction(tool, "Select Complement");
ProgramSelection allSelection = new ProgramSelection(program.getMemory());
ProgramSelection noneSelection = new ProgramSelection();
assertEquals(noneSelection, cb.getCurrentSelection());
@@ -499,7 +500,7 @@ public class CodeBrowserTest extends AbstractGhidraHeadedIntegrationTest {
@Test
public void testSelectComplementOnAllView() {
DockingActionIf action = getAction(cb, "Select Complement");
DockingActionIf action = getAction(tool, "Select Complement");
AddressSet viewSet = new AddressSet(addr("0x1001000"), addr("0x10012ff"));
setView(viewSet);
ProgramSelection allSelection = new ProgramSelection(viewSet);
@@ -515,7 +516,7 @@ public class CodeBrowserTest extends AbstractGhidraHeadedIntegrationTest {
@Test
public void testSelectComplementOnSomeOfProgram() {
DockingActionIf action = getAction(cb, "Select Complement");
DockingActionIf action = getAction(tool, "Select Complement");
AddressSetView programSet = program.getMemory();
AddressSet initialSelectSet = new AddressSet();
initialSelectSet.addRange(addr("0x10011e8"), addr("0x10011ef"));
@@ -537,7 +538,7 @@ public class CodeBrowserTest extends AbstractGhidraHeadedIntegrationTest {
@Test
public void testSelectComplementOnSomeOfView() {
DockingActionIf action = getAction(cb, "Select Complement");
DockingActionIf action = getAction(tool, "Select Complement");
AddressSet viewSet = new AddressSet(addr("0x1001000"), addr("0x10012ff"));
setView(viewSet);
AddressSet initialSelectSet = new AddressSet();
Ghidra/Features/Base/src/test.slow/java/ghidra/app/plugin/core/disassembler/ClearTest.java
+5 -14
View File
@@ -38,8 +38,6 @@ import ghidra.app.events.ProgramSelectionPluginEvent;
import ghidra.app.plugin.core.clear.ClearDialog;
import ghidra.app.plugin.core.clear.ClearPlugin;
import ghidra.app.plugin.core.codebrowser.CodeBrowserPlugin;
import ghidra.app.plugin.core.navigation.GoToAddressLabelPlugin;
import ghidra.app.plugin.core.navigation.NextPrevAddressPlugin;
import ghidra.app.services.ProgramManager;
import ghidra.framework.plugintool.PluginTool;
import ghidra.program.database.ProgramBuilder;
@@ -72,23 +70,16 @@ public class ClearTest extends AbstractGhidraHeadedIntegrationTest {
@Before
public void setUp() throws Exception {
env = new TestEnv();
tool = env.getTool();
tool = env.launchDefaultTool();
setupTool(tool);
cb = env.getPlugin(CodeBrowserPlugin.class);
showTool(tool);
loadProgram("notepad");
cb.updateNow();
}
private void setupTool(PluginTool tool) throws Exception {
tool.addPlugin(CodeBrowserPlugin.class.getName());
tool.addPlugin(NextPrevAddressPlugin.class.getName());
tool.addPlugin(DisassemblerPlugin.class.getName());
tool.addPlugin(ClearPlugin.class.getName());
tool.addPlugin(GoToAddressLabelPlugin.class.getName());
cb = env.getPlugin(CodeBrowserPlugin.class);
ClearPlugin cp = getPlugin(tool, ClearPlugin.class);
clearAction = getAction(cp, "Clear Code Bytes");
@@ -555,7 +546,7 @@ public class ClearTest extends AbstractGhidraHeadedIntegrationTest {
// 1 function with it's label
assertEquals(6, program.getSymbolTable().getNumSymbols());
DockingActionIf action = getAction(cb, "Select All");
DockingActionIf action = getAction(tool, "Select All");
performAction(action, cb.getProvider(), true);
performAction(clearWithOptionsAction, cb.getProvider(), false);
@@ -600,7 +591,7 @@ public class ClearTest extends AbstractGhidraHeadedIntegrationTest {
assertTrue(program.getBookmarkManager().getBookmarkCount() > 0);
final DockingActionIf action = getAction(cb, "Select All");
final DockingActionIf action = getAction(tool, "Select All");
performAction(action, cb.getProvider(), true);
performAction(clearWithOptionsAction, cb.getProvider(), false);
@@ -629,7 +620,7 @@ public class ClearTest extends AbstractGhidraHeadedIntegrationTest {
assertTrue(program.getListing().getFunctions(true).hasNext());
DockingActionIf action = getAction(cb, "Select All");
DockingActionIf action = getAction(tool, "Select All");
performAction(action, cb.getProvider(), true);
performAction(clearWithOptionsAction, cb.getProvider(), false);
Ghidra/Features/Base/src/test.slow/java/ghidra/app/plugin/core/disassembler/DisassemblerPluginTest.java
+3 -10
View File
@@ -30,8 +30,6 @@ import ghidra.app.plugin.core.analysis.AutoAnalysisManager;
import ghidra.app.plugin.core.clear.ClearCmd;
import ghidra.app.plugin.core.clear.ClearPlugin;
import ghidra.app.plugin.core.codebrowser.CodeBrowserPlugin;
import ghidra.app.plugin.core.navigation.GoToAddressLabelPlugin;
import ghidra.app.plugin.core.navigation.NextPrevAddressPlugin;
import ghidra.app.services.ProgramManager;
import ghidra.framework.plugintool.PluginTool;
import ghidra.program.disassemble.Disassembler;
@@ -56,19 +54,14 @@ public class DisassemblerPluginTest extends AbstractGhidraHeadedIntegrationTest
@Before
public void setUp() throws Exception {
env = new TestEnv();
tool = env.getTool();
tool = env.launchDefaultTool();
setupTool(tool);
cb = env.getPlugin(CodeBrowserPlugin.class);
}
private void setupTool(PluginTool tool) throws Exception {
tool.addPlugin(CodeBrowserPlugin.class.getName());
tool.addPlugin(NextPrevAddressPlugin.class.getName());
tool.addPlugin(DisassemblerPlugin.class.getName());
tool.addPlugin(ClearPlugin.class.getName());
tool.addPlugin(GoToAddressLabelPlugin.class.getName());
cb = env.getPlugin(CodeBrowserPlugin.class);
DisassemblerPlugin dp = getPlugin(tool, DisassemblerPlugin.class);
disassemblyAction = getAction(dp, "Disassemble");
staticDisassemblyAction = getAction(dp, "Disassemble Static");
@@ -419,7 +412,7 @@ public class DisassemblerPluginTest extends AbstractGhidraHeadedIntegrationTest
}
private void clearAll() throws Exception {
DockingActionIf action = getAction(cb, "Select All");
DockingActionIf action = getAction(tool, "Select All");
performAction(action, cb.getProvider(), true);
ClearPlugin dp = getPlugin(tool, ClearPlugin.class);
DockingActionIf clearAction = getAction(dp, "Clear Code Bytes");
Ghidra/Features/Base/src/test.slow/java/ghidra/app/plugin/core/marker/MarkerTest.java
+2 -2
View File
@@ -245,7 +245,7 @@ public class MarkerTest extends AbstractGhidraHeadedIntegrationTest {
clickMouse(navPanel, 1, 0, pixel, 1, 0);
assertEquals(addr("0x10032d2"), cb.getCurrentAddress());
DockingActionIf action = getAction(cb, "Select All");
DockingActionIf action = getAction(tool, "Select All");
performAction(action, cb.getProvider(), true);
clickMouse(navPanel, 1, 0, navPanel.getHeight() - MarkerSetImpl.MARKER_HEIGHT, 1, 0);
@@ -533,7 +533,7 @@ public class MarkerTest extends AbstractGhidraHeadedIntegrationTest {
}
private void removeAllBookmarks() {
DockingActionIf action = getAction(cb, "Select All");
DockingActionIf action = getAction(tool, "Select All");
performAction(action, cb.getProvider(), true);
performAction(clearWithOptionsAction, cb.getProvider(), false);
ClearDialog cd = waitForDialogComponent(ClearDialog.class);
Ghidra/Features/Decompiler/src/decompile/cpp/types.h
+5
View File
@@ -37,11 +37,16 @@ typedef int8_t int1;
/* uintp is intended to be an unsigned integer that is the same size as a pointer */
typedef uintptr_t uintp;
#if defined (__x86_64__) || defined (__i386__)
#define HOST_ENDIAN 0
#else // other platforms (not compatible with g++ 4.8.5)
class Endian {
public:
static constexpr const union { int4 whole; int1 part[4]; } host = { 1 };
};
#define HOST_ENDIAN Endian::host.part[3]
#endif
#if defined(_WINDOWS)
#pragma warning (disable:4312)
Ghidra/Framework/Docking/src/test.slow/java/docking/widgets/tree/GTreeTest.java
+4 -2
View File
@@ -59,8 +59,10 @@ public class GTreeTest extends AbstractDockingTest {
@After
public void tearDown() throws Exception {
gTree.dispose();
frame.dispose();
runSwing(() -> {
gTree.dispose();
frame.dispose();
});
}
@Test