diff --git a/Ghidra/Debug/Debugger-agent-gdb/src/main/py/src/ghidragdb/arch.py b/Ghidra/Debug/Debugger-agent-gdb/src/main/py/src/ghidragdb/arch.py index af504b0156..407f4a040c 100644 --- a/Ghidra/Debug/Debugger-agent-gdb/src/main/py/src/ghidragdb/arch.py +++ b/Ghidra/Debug/Debugger-agent-gdb/src/main/py/src/ghidragdb/arch.py @@ -164,7 +164,7 @@ def compute_ghidra_compiler(lang): # Check if the selected lang has specific compiler recommendations if not lang in compiler_map: - print(f"{lang} not found in compiler map") + print(f"{lang} not found in compiler map - using default compiler") return 'default' comp_map = compiler_map[lang] if comp_map == data64_compiler_map: @@ -174,7 +174,7 @@ def compute_ghidra_compiler(lang): return comp_map[osabi] if None in comp_map: return comp_map[None] - print(f"{osabi} not found in compiler map") + print(f"{osabi} not found in compiler map - using default compiler") return 'default' diff --git a/Ghidra/Debug/Debugger-agent-lldb/data/debugger-launchers/kernel-lldb.sh b/Ghidra/Debug/Debugger-agent-lldb/data/debugger-launchers/kernel-lldb.sh new file mode 100755 index 0000000000..a3e90855ce --- /dev/null +++ b/Ghidra/Debug/Debugger-agent-lldb/data/debugger-launchers/kernel-lldb.sh @@ -0,0 +1,60 @@ +#!/usr/bin/env bash +## ### +# IP: GHIDRA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +## +#@title kernel lldb +#@desc +#@desc

Launch with local lldb and connect to a remote kernel

+#@desc

+#@desc This will start lldb on the local system and then use it to connect to the remote system. +#@desc For setup instructions, press F1. +#@desc

+#@desc +#@menu-group remote +#@icon icon.debugger +#@help TraceRmiLauncherServicePlugin#lldb_kernel +#@env OPT_HOST:str="localhost" "Host" "The hostname of the target" +#@env OPT_ARCH:str="" "Architecture" "Target architecture override" +#@env OPT_LLDB_PATH:file="lldb" "lldb command" "The path to lldb on the local system. Omit the full path to resolve using the system PATH." + +if [ -d ${GHIDRA_HOME}/ghidra/.git ] +then + export PYTHONPATH=$GHIDRA_HOME/ghidra/Ghidra/Debug/Debugger-agent-lldb/build/pypkg/src:$PYTHONPATH + export PYTHONPATH=$GHIDRA_HOME/ghidra/Ghidra/Debug/Debugger-rmi-trace/build/pypkg/src:$PYTHONPATH +elif [ -d ${GHIDRA_HOME}/.git ] +then + export PYTHONPATH=$GHIDRA_HOME/Ghidra/Debug/Debugger-agent-lldb/build/pypkg/src:$PYTHONPATH + export PYTHONPATH=$GHIDRA_HOME/Ghidra/Debug/Debugger-rmi-trace/build/pypkg/src:$PYTHONPATH +else + export PYTHONPATH=$GHIDRA_HOME/Ghidra/Debug/Debugger-agent-lldb/pypkg/src:$PYTHONPATH + export PYTHONPATH=$GHIDRA_HOME/Ghidra/Debug/Debugger-rmi-trace/pypkg/src:$PYTHONPATH +fi + +if [ -z "$OPT_ARCH" ] +then + archcmd= +else + archcmd=-o "settings set target.default-arch $OPT_ARCH" +fi + +"$OPT_LLDB_PATH" \ + -o "version" \ + -o "script import ghidralldb" \ + $archcmd \ + -o "kdp-remote $OPT_HOST" \ + -o "ghidra trace connect \"$GHIDRA_TRACE_RMI_ADDR\"" \ + -o "ghidra trace start" \ + -o "ghidra trace sync-enable" \ + -o "ghidra trace sync-synth-stopped" diff --git a/Ghidra/Debug/Debugger-agent-lldb/src/main/py/src/ghidralldb/arch.py b/Ghidra/Debug/Debugger-agent-lldb/src/main/py/src/ghidralldb/arch.py index 35dabef52b..581493d654 100644 --- a/Ghidra/Debug/Debugger-agent-lldb/src/main/py/src/ghidralldb/arch.py +++ b/Ghidra/Debug/Debugger-agent-lldb/src/main/py/src/ghidralldb/arch.py @@ -115,6 +115,13 @@ data64_compiler_map = { None: 'pointer64', } +x86_compiler_map = { + 'windows': 'windows', + 'Cygwin': 'windows', + 'default': 'gcc', + 'unknown': 'gcc', +} + default_compiler_map = { 'freebsd': 'gcc', 'linux': 'gcc', @@ -128,14 +135,14 @@ default_compiler_map = { # This may seem wrong, but Ghidra cspecs really describe the ABI 'Cygwin': 'Visual Studio', 'default': 'default', - 'unknown': 'gcc', + 'unknown': 'default', } compiler_map = { 'DATA:BE:64:': data64_compiler_map, 'DATA:LE:64:': data64_compiler_map, - 'x86:LE:32:': default_compiler_map, - 'x86:LE:64:': default_compiler_map, + 'x86:LE:32:': x86_compiler_map, + 'x86:LE:64:': x86_compiler_map, 'ARM:LE:32:': default_compiler_map, 'ARM:LE:64:': default_compiler_map, } @@ -225,7 +232,7 @@ def compute_ghidra_compiler(lang): key=lambda l: compiler_map[l] ) if len(matched_lang) == 0: - print(f"{lang} not found in compiler map") + print(f"{lang} not found in compiler map - using default compiler") return 'default' comp_map = compiler_map[matched_lang[0]] @@ -234,9 +241,12 @@ def compute_ghidra_compiler(lang): osabi = get_osabi() if osabi in comp_map: return comp_map[osabi] + if lang.startswith("x86:"): + print(f"{osabi} not found in compiler map - using gcc") + return 'gcc' if None in comp_map: return comp_map[None] - print(f"{osabi} not found in compiler map") + print(f"{osabi} not found in compiler map - using default compiler") return 'default' diff --git a/Ghidra/Debug/Debugger-rmi-trace/src/main/help/help/topics/TraceRmiLauncherServicePlugin/TraceRmiLauncherServicePlugin.html b/Ghidra/Debug/Debugger-rmi-trace/src/main/help/help/topics/TraceRmiLauncherServicePlugin/TraceRmiLauncherServicePlugin.html index 2fd845fddc..a8005f2394 100644 --- a/Ghidra/Debug/Debugger-rmi-trace/src/main/help/help/topics/TraceRmiLauncherServicePlugin/TraceRmiLauncherServicePlugin.html +++ b/Ghidra/Debug/Debugger-rmi-trace/src/main/help/help/topics/TraceRmiLauncherServicePlugin/TraceRmiLauncherServicePlugin.html @@ -635,13 +635,59 @@ gdb-remote [host]:[port]
  • Port: The TCP port of the target stub.
    • -
  • Architecture (optional): If the stub does not describe its architecture to GDB, +
  • Architecture (optional): If the stub does not describe its architecture to LLDB, you must set it before connecting. This is passed as is to "setting set target.default-arch ..." immediately before the "gdb-remote ..." command.
  • lldb command: This works the same as in LLDB.
    • +

    Kernel LLDB

    + +

    This launcher connects to macos kernels booted in debug-mode using + lldb. Essentially, it just starts lldb and then enters

    + + + +

    It is best to test this command outside of Ghidra to be sure everything is + compatible before using this launcher. This launcher does not require an image, nor does it + create your target. Thus, it can be used without a current program.

    + +

    Setup

    + +

    On your local system, follow the steps given in LLDB Setup. + Before connecting to the target kernel, you must force an NMI on the target to ready the connection. + On actual hardware, this is typically achieved by some button sequence, e.g. L/R-Options + Power + or Command+Option+Control+Shift+Esc. In a VM, you may have to pause the VM and modify its state. + For example, by cd'ing to the VM's container and issuing the command: +

    + + + +

    Options

    + + +

    Stock Windows Debugger (WinDbg) Launchers

    The following launchers based on Microsoft's dbgeng.dll are included out of the