From 740f8251ae621679022cf5c31853166d80a5fbd4 Mon Sep 17 00:00:00 2001 From: Ryan Kurtz Date: Tue, 26 Mar 2024 18:31:21 +0000 Subject: [PATCH 1/3] GP-4459 removed unnecessary restrictive check which was causing a later null exception. Also, added null check in later place. --- .../RTTIWindowsClassRecoverer.java | 59 ++++--------------- 1 file changed, 11 insertions(+), 48 deletions(-) diff --git a/Ghidra/Features/Decompiler/ghidra_scripts/classrecovery/RTTIWindowsClassRecoverer.java b/Ghidra/Features/Decompiler/ghidra_scripts/classrecovery/RTTIWindowsClassRecoverer.java index d5058b625f..6fe7627154 100644 --- a/Ghidra/Features/Decompiler/ghidra_scripts/classrecovery/RTTIWindowsClassRecoverer.java +++ b/Ghidra/Features/Decompiler/ghidra_scripts/classrecovery/RTTIWindowsClassRecoverer.java @@ -16,14 +16,7 @@ //DO NOT RUN. THIS IS NOT A SCRIPT! THIS IS A CLASS THAT IS USED BY SCRIPTS. package classrecovery; -import java.util.ArrayList; -import java.util.Collections; -import java.util.HashMap; -import java.util.Iterator; -import java.util.List; -import java.util.ListIterator; -import java.util.Map; -import java.util.Set; +import java.util.*; import ghidra.app.plugin.core.decompile.actions.FillOutStructureCmd; import ghidra.app.plugin.core.decompile.actions.FillOutStructureCmd.OffsetPcodeOpPair; @@ -31,41 +24,17 @@ import ghidra.app.util.opinion.PeLoader; import ghidra.app.util.opinion.PeLoader.CompilerOpinion.CompilerEnum; import ghidra.framework.plugintool.PluginTool; import ghidra.program.flatapi.FlatProgramAPI; -import ghidra.program.model.address.Address; -import ghidra.program.model.address.AddressOutOfBoundsException; -import ghidra.program.model.address.AddressRange; -import ghidra.program.model.address.AddressSet; -import ghidra.program.model.address.AddressSetView; -import ghidra.program.model.data.ArrayDataType; -import ghidra.program.model.data.Category; -import ghidra.program.model.data.CategoryPath; -import ghidra.program.model.data.DataType; -import ghidra.program.model.data.DataTypeConflictHandler; -import ghidra.program.model.data.IntegerDataType; -import ghidra.program.model.data.PointerDataType; -import ghidra.program.model.data.Structure; -import ghidra.program.model.data.StructureDataType; -import ghidra.program.model.listing.CircularDependencyException; -import ghidra.program.model.listing.Data; -import ghidra.program.model.listing.FlowOverride; -import ghidra.program.model.listing.Function; -import ghidra.program.model.listing.Instruction; -import ghidra.program.model.listing.Program; +import ghidra.program.model.address.*; +import ghidra.program.model.data.*; +import ghidra.program.model.listing.*; import ghidra.program.model.mem.MemoryAccessException; import ghidra.program.model.mem.MemoryBlock; import ghidra.program.model.pcode.HighFunction; import ghidra.program.model.pcode.HighVariable; -import ghidra.program.model.symbol.Namespace; -import ghidra.program.model.symbol.Reference; -import ghidra.program.model.symbol.SourceType; -import ghidra.program.model.symbol.Symbol; -import ghidra.program.model.symbol.SymbolIterator; -import ghidra.program.model.symbol.SymbolType; +import ghidra.program.model.symbol.*; import ghidra.program.util.ProgramLocation; import ghidra.util.Msg; -import ghidra.util.exception.CancelledException; -import ghidra.util.exception.DuplicateNameException; -import ghidra.util.exception.InvalidInputException; +import ghidra.util.exception.*; import ghidra.util.task.TaskMonitor; public class RTTIWindowsClassRecoverer extends RTTIClassRecoverer { @@ -2405,10 +2374,10 @@ public class RTTIWindowsClassRecoverer extends RTTIClassRecoverer { recoveredClass.getVftableAddresses().size() > 1 && recoveredClass.inheritsVirtualAncestor()) { - int virtParentOffset = getSingleVirtualParentOffset(baseClass); + Integer virtParentOffset = getSingleVirtualParentOffset(baseClass); int dataLength; - if (virtParentOffset == NONE) { + if (virtParentOffset == null || virtParentOffset == NONE) { dataLength = baseClassStructure.getLength(); } else { @@ -2548,7 +2517,7 @@ public class RTTIWindowsClassRecoverer extends RTTIClassRecoverer { private Map getBaseClassOffsetMap(RecoveredClass recoveredClass) throws CancelledException, MemoryAccessException, AddressOutOfBoundsException { - Map parentOffsetMap = new HashMap(); + Map baseClassOffsetMap = new HashMap(); Data baseClassArrayData = getBaseClassArray(recoveredClass); @@ -2575,12 +2544,6 @@ public class RTTIWindowsClassRecoverer extends RTTIClassRecoverer { continue; } - // Continue if the class has mult inh but base class is not on the parent list - //TODO: possibly update to include all base classes - if (!recoveredClass.getParentList().contains(baseClass)) { - continue; - } - int mdisp = api.getInt(baseClassDescriptorAddress.add(8)); int pdisp = api.getInt(baseClassDescriptorAddress.add(12)); int vdisp = api.getInt(baseClassDescriptorAddress.add(16)); @@ -2599,9 +2562,9 @@ public class RTTIWindowsClassRecoverer extends RTTIClassRecoverer { } baseClassOffset = api.getInt(recoveredClass.getVbtableAddress().add(vdisp)) + pdisp; } - parentOffsetMap.put(baseClass, baseClassOffset); + baseClassOffsetMap.put(baseClass, baseClassOffset); } - return parentOffsetMap; + return baseClassOffsetMap; } /** From f0f2ffc97e7f3979748285f22f8353679db64569 Mon Sep 17 00:00:00 2001 From: ghidra007 Date: Mon, 1 Apr 2024 20:14:57 +0000 Subject: [PATCH 2/3] GP-4459 fixed review notes --- .../classrecovery/RTTIWindowsClassRecoverer.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Ghidra/Features/Decompiler/ghidra_scripts/classrecovery/RTTIWindowsClassRecoverer.java b/Ghidra/Features/Decompiler/ghidra_scripts/classrecovery/RTTIWindowsClassRecoverer.java index 6fe7627154..b9a4e1ae2a 100644 --- a/Ghidra/Features/Decompiler/ghidra_scripts/classrecovery/RTTIWindowsClassRecoverer.java +++ b/Ghidra/Features/Decompiler/ghidra_scripts/classrecovery/RTTIWindowsClassRecoverer.java @@ -2495,7 +2495,7 @@ public class RTTIWindowsClassRecoverer extends RTTIClassRecoverer { * @param recoveredClass the given class * @return the offset in the given class structure of the classes single virtual parent or NONE * if cannot retrieve an offset value or if there is not a single virtual parent for the given - * class. + * class. Return null if cannot retrieve the offset for the single virtual parent. * @throws CancelledException if cancelled * @throws AddressOutOfBoundsException if trying to access an address that does not exist in program * @throws MemoryAccessException if trying to access memory that can't be accessed @@ -2517,7 +2517,7 @@ public class RTTIWindowsClassRecoverer extends RTTIClassRecoverer { private Map getBaseClassOffsetMap(RecoveredClass recoveredClass) throws CancelledException, MemoryAccessException, AddressOutOfBoundsException { - Map baseClassOffsetMap = new HashMap(); + Map baseClassOffsetMap = new HashMap<>(); Data baseClassArrayData = getBaseClassArray(recoveredClass); From cd780a7b63006af5d0fd2fea467c9a875d697b4b Mon Sep 17 00:00:00 2001 From: ghidra007 Date: Wed, 3 Apr 2024 18:25:23 +0000 Subject: [PATCH 3/3] GP-4459 put back parentList check --- .../classrecovery/RTTIWindowsClassRecoverer.java | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Ghidra/Features/Decompiler/ghidra_scripts/classrecovery/RTTIWindowsClassRecoverer.java b/Ghidra/Features/Decompiler/ghidra_scripts/classrecovery/RTTIWindowsClassRecoverer.java index b9a4e1ae2a..693d42cb1c 100644 --- a/Ghidra/Features/Decompiler/ghidra_scripts/classrecovery/RTTIWindowsClassRecoverer.java +++ b/Ghidra/Features/Decompiler/ghidra_scripts/classrecovery/RTTIWindowsClassRecoverer.java @@ -2543,6 +2543,11 @@ public class RTTIWindowsClassRecoverer extends RTTIClassRecoverer { baseClassDescriptorAddress.toString()); continue; } + + // Continue if the class has mult inh but base class is not on the parent list + if (!recoveredClass.getParentList().contains(baseClass)) { + continue; + } int mdisp = api.getInt(baseClassDescriptorAddress.add(8)); int pdisp = api.getInt(baseClassDescriptorAddress.add(12));