Mirrors_Framework/ghidra
1
0
Fork 0
mirror of https://github.com/NationalSecurityAgency/ghidra.git synced 2026-05-27 11:30:23 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

GT-2884_GT-3583 fix for patterns and function signatures starting at 0x0

Browse Source 
address, also after=function in function start patterns
This commit is contained in:
emteere
2020-10-30 15:39:23 -04:00
parent f9631c0d34
commit a579854efc
4 changed files with 50 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Ghidra/Features/Base/src/main/java/ghidra/app/cmd/function/ApplyFunctionDataTypesCmd.java
+9 -7
View File
@@ -21,8 +21,7 @@ import ghidra.app.cmd.disassemble.DisassembleCommand;
import ghidra.app.util.PseudoDisassembler; import ghidra.app.util.PseudoDisassembler;
import ghidra.framework.cmd.BackgroundCommand; import ghidra.framework.cmd.BackgroundCommand;
import ghidra.framework.model.DomainObject; import ghidra.framework.model.DomainObject;
import ghidra.program.model.address.Address; import ghidra.program.model.address.*;
import ghidra.program.model.address.AddressSetView;
import ghidra.program.model.data.*; import ghidra.program.model.data.*;
import ghidra.program.model.listing.*; import ghidra.program.model.listing.*;
import ghidra.program.model.mem.MemoryBlock; import ghidra.program.model.mem.MemoryBlock;
@@ -266,12 +265,15 @@ public class ApplyFunctionDataTypesCmd extends BackgroundCommand {
boolean isValidFunctionStart(TaskMonitor monitor, Address address) { boolean isValidFunctionStart(TaskMonitor monitor, Address address) {
// instruction above falls into this one // instruction above falls into this one
// could be non-returning function, but we can't tell now // could be non-returning function, but we can't tell now
Instruction instructionBefore = Address addrBefore = address.previous();
program.getListing().getInstructionContaining(address.subtract(1)); if (addrBefore != null) {
if (instructionBefore != null && address.equals(instructionBefore.getFallThrough())) { Instruction instrBefore;
return false; instrBefore = program.getListing().getInstructionContaining(addrBefore);
if (instrBefore != null && address.equals(instrBefore.getFallThrough())) {
return false;
}
} }
// check if part of a larger code-block // check if part of a larger code-block
ReferenceIterator referencesTo = program.getReferenceManager().getReferencesTo(address); ReferenceIterator referencesTo = program.getReferenceManager().getReferencesTo(address);
for (Reference reference : referencesTo) { for (Reference reference : referencesTo) {
Ghidra/Features/Base/src/main/java/ghidra/app/plugin/exceptionhandlers/gcc/structures/ehFrame/FrameDescriptionEntry.java
+6
View File
@@ -304,7 +304,13 @@ public class FrameDescriptionEntry extends GccAnalysisClass {
String comment = "(FDE) PcRange"; String comment = "(FDE) PcRange";
intPcRange = (int) GccAnalysisUtils.readDWord(program, addr); intPcRange = (int) GccAnalysisUtils.readDWord(program, addr);
if (intPcRange < 0) {
return null;
}
if (intPcRange == 0) {
intPcRange = 1;
}
pcEndAddr = pcBeginAddr.add(intPcRange - 1); pcEndAddr = pcBeginAddr.add(intPcRange - 1);
DataType dataType = getAddressSizeDataType(); DataType dataType = getAddressSizeDataType();
Ghidra/Features/Base/src/main/java/ghidra/app/util/bin/format/dwarf4/DIEAggregate.java
+7 -2
View File
@@ -871,9 +871,14 @@ public class DIEAggregate {
// else it was a DW_FORM_data value and is relative to the lowPC value // else it was a DW_FORM_data value and is relative to the lowPC value
DWARFNumericAttribute low = DWARFNumericAttribute low =
getAttribute(DWARFAttribute.DW_AT_low_pc, DWARFNumericAttribute.class); getAttribute(DWARFAttribute.DW_AT_low_pc, DWARFNumericAttribute.class);
if (low != null && highVal.getUnsignedValue() > 0) {
long lhighVal = highVal.getUnsignedValue();
if (lhighVal == 0) {
lhighVal = 1;
}
if (low != null && lhighVal > 0) {
return low.getUnsignedValue() + getProgram().getProgramBaseAddressFixup() + return low.getUnsignedValue() + getProgram().getProgramBaseAddressFixup() +
highVal.getUnsignedValue() - 1; lhighVal - 1;
} }
} }
throw new IOException("Bad/unsupported DW_AT_high_pc attribute value or type"); throw new IOException("Bad/unsupported DW_AT_high_pc attribute value or type");
Ghidra/Features/BytePatterns/src/main/java/ghidra/app/analyzers/FunctionStartAnalyzer.java
+28
View File
@@ -368,6 +368,9 @@ public class FunctionStartAnalyzer extends AbstractAnalyzer implements PatternFa
if (checkAlreadyInFunctionAbove(program, addr)) { if (checkAlreadyInFunctionAbove(program, addr)) {
return false; return false;
} }
if (!checkForFunctionAbove(program, addr)) {
return false;
}
} }
else if (name.startsWith("inst")) { else if (name.startsWith("inst")) {
// make sure there is an end of function at location to check // make sure there is an end of function at location to check
@@ -402,10 +405,35 @@ public class FunctionStartAnalyzer extends AbstractAnalyzer implements PatternFa
return true; return true;
} }
/**
* Check for an existing function above the addr. Addr should not be in the function.
* @param program prpgram to check in
* @param addr address to check
* @return true if there is an existing function above addr that doesn't contain addr
*/
private boolean checkForFunctionAbove(Program program, Address addr) {
// make sure there is an end of function before this one, and addr is not in the function
Function func = null;
Address addrBefore = addr.previous();
func = program.getFunctionManager().getFunctionContaining(addrBefore);
// no function above
if (func == null) {
return false;
}
// addr is in function above
if (func.getBody().contains(addr)) {
return false;
}
return true;
}
private boolean checkAlreadyInFunctionAbove(Program program, Address addr) { private boolean checkAlreadyInFunctionAbove(Program program, Address addr) {
// make sure there is an end of function before this one, and if just an instruction, doesn't fall into this one. // make sure there is an end of function before this one, and if just an instruction, doesn't fall into this one.
Function func = null; Function func = null;
Address addrBefore = addr.previous(); Address addrBefore = addr.previous();
if (addrBefore == null) {
return false;
}
func = program.getFunctionManager().getFunctionContaining(addrBefore); func = program.getFunctionManager().getFunctionContaining(addrBefore);
if (func == null) { if (func == null) {
Instruction instr = program.getListing().getInstructionContaining(addrBefore); Instruction instr = program.getListing().getInstructionContaining(addrBefore);