From 48ae03833ea2bb9a9a29d2d11704486cb596e2bf Mon Sep 17 00:00:00 2001 From: ghidorahrex Date: Thu, 23 Jan 2025 14:58:46 +0000 Subject: [PATCH 1/2] GP-5299: Fixed pop instruction macros --- Ghidra/Processors/x86/data/languages/ia.sinc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Ghidra/Processors/x86/data/languages/ia.sinc b/Ghidra/Processors/x86/data/languages/ia.sinc index f7a29889a9..c6f9b211c9 100644 --- a/Ghidra/Processors/x86/data/languages/ia.sinc +++ b/Ghidra/Processors/x86/data/languages/ia.sinc @@ -3734,8 +3734,8 @@ define pcodeop swap_bytes; @endif :POP Rmr16 is $(LONGMODE_OFF) & vexMode=0 & addrsize=0 & opsize=0 & row=5 & page=1 & Rmr16 { local val:2 = 0; pop22(val); Rmr16 = val; } -:POP Rmr16 is $(LONGMODE_OFF) & vexMode=0 & addrsize=1 & opsize=0 & row=5 & page=1 & Rmr16 { local val:2 = 0; pop22(val); Rmr16 = val; } -:POP Rmr32 is $(LONGMODE_OFF) & vexMode=0 & addrsize=0 & opsize=1 & row=5 & page=1 & Rmr32 { local val:4 = 0; pop44(val); Rmr32 = val; } +:POP Rmr16 is $(LONGMODE_OFF) & vexMode=0 & addrsize=1 & opsize=0 & row=5 & page=1 & Rmr16 { local val:2 = 0; pop42(val); Rmr16 = val; } +:POP Rmr32 is $(LONGMODE_OFF) & vexMode=0 & addrsize=0 & opsize=1 & row=5 & page=1 & Rmr32 { local val:4 = 0; pop24(val); Rmr32 = val; } :POP Rmr32 is $(LONGMODE_OFF) & vexMode=0 & addrsize=1 & opsize=1 & row=5 & page=1 & Rmr32 { local val:4 = 0; pop44(val); Rmr32 = val; } @ifdef IA64 :POP Rmr16 is $(LONGMODE_ON) & vexMode=0 & opsize=0 & row=5 & page=1 & Rmr16 { local val:2 = 0; pop82(val); Rmr16 = val; } From 39a6a73c6d2bbbeb796bc9c898bb9efd5c7b939f Mon Sep 17 00:00:00 2001 From: ghidra007 Date: Tue, 18 Mar 2025 15:44:54 +0000 Subject: [PATCH 2/2] GP-5487 improved RecoverClassesFromRTTI gcc rtti detection (Closes #7904) --- .../RecoverClassesFromRTTIScript.java | 24 +++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/Ghidra/Features/Decompiler/ghidra_scripts/RecoverClassesFromRTTIScript.java b/Ghidra/Features/Decompiler/ghidra_scripts/RecoverClassesFromRTTIScript.java index a61f9a8f9a..8662479dd0 100644 --- a/Ghidra/Features/Decompiler/ghidra_scripts/RecoverClassesFromRTTIScript.java +++ b/Ghidra/Features/Decompiler/ghidra_scripts/RecoverClassesFromRTTIScript.java @@ -82,7 +82,7 @@ import ghidra.program.model.mem.MemoryBlock; import ghidra.program.model.reloc.Relocation; import ghidra.program.model.reloc.Relocation.Status; import ghidra.program.model.reloc.RelocationTable; -import ghidra.program.model.symbol.Symbol; +import ghidra.program.model.symbol.*; import ghidra.program.util.GhidraProgramUtilities; import ghidra.service.graph.*; import ghidra.util.exception.CancelledException; @@ -414,8 +414,8 @@ public class RecoverClassesFromRTTIScript extends GhidraScript { runScript("FixElfExternalOffsetDataRelocationScript.java"); // first check that there is even rtti by searching the special string in memory - if (!isStringInProgramMemory("class_type_info")) { - return ("This program does not contain RTTI."); + if (!isStringInProgramMemory("class_type_info") && !containsClassTypeinfoSymbol()) { + return ("This program does not appear to contain RTTI."); } // then check to see if the special typeinfo namespace is in external space @@ -1612,9 +1612,25 @@ public class RecoverClassesFromRTTIScript extends GhidraScript { return false; } + // assume that if there are any symbols containing "class_type_info" there is rtti in program + private boolean containsClassTypeinfoSymbol() { + + SymbolTable symbolTable = currentProgram.getSymbolTable(); + SymbolIterator symbolIterator = + symbolTable.getSymbolIterator("*class_type_info*", true); + return symbolIterator.hasNext(); + + } + private boolean isExternalNamespace(String path) throws CancelledException { - List symbols = NamespaceUtils.getSymbols(path, currentProgram, true); + // try exact namespace path if there is one + List symbols = NamespaceUtils.getSymbols(path, currentProgram, false); + + // if not, try to find path in another namespace + if (symbols.isEmpty()) { + symbols = NamespaceUtils.getSymbols(path, currentProgram, true); + } for (Symbol symbol : symbols) { monitor.checkCancelled();