GP-5526 bug fix for .plt.sec and pattern matching optimization

Ghidra/Features/Base/src/main/java/ghidra/app/cmd/function/CreateThunkFunctionCmd.java

@@ -566,6 +566,12 @@ public class CreateThunkFunctionCmd extends BackgroundCommand<Program> {
 		if (instr == null) {
 			return null;
 		}
+		// if there is no pcode, go to the next instruction
+		// assume fallthrough (ie. x86 instruction ENDBR64)
+		// TODO: at some point, might need to do a NOP detection
+		if (instr.getPcode().length == 0) {
+			instr = listing.getInstructionAfter(entry);
+		}
 
 		FlowType flowType;
 

Ghidra/Features/BytePatterns/src/main/java/ghidra/app/analyzers/FunctionStartAnalyzer.java

@@ -17,6 +17,7 @@ package ghidra.app.analyzers;
 
 import java.math.BigInteger;
 import java.util.*;
+import java.util.regex.Matcher;
 
 import generic.jar.ResourceFile;
 import ghidra.app.cmd.function.CreateFunctionCmd;
@@ -209,7 +210,7 @@ public class FunctionStartAnalyzer extends AbstractAnalyzer implements PatternFa
 		private String label = null;
 		private boolean isThunk = false;    // true if this function should be turned into a thunk
 		private boolean noreturn = false;   // true to set function non-returning
-		private String sectionName = null;  // required section name
+		private java.util.regex.Pattern sectionNamePattern = null;  // required section name as a regex pattern
 		boolean validFunction = false;      // must be defined at a function
 		private boolean contiguous = true;  // require validcode instructions be contiguous
 
@@ -227,9 +228,13 @@ public class FunctionStartAnalyzer extends AbstractAnalyzer implements PatternFa
 
 		protected boolean checkPreRequisites(Program program, Address addr) {
 			// check required section name
-			if (sectionName != null) {
+			if (sectionNamePattern != null) {
 				MemoryBlock block = program.getMemory().getBlock(addr);
-				if (block == null || !block.getName().matches(sectionName)) {
+				if (block == null) {
+					return false;
+				}
+		        Matcher m = sectionNamePattern.matcher(block.getName());
+			    if (!m.matches()) {
 					return false;
 				}
 			}
@@ -651,7 +656,7 @@ public class FunctionStartAnalyzer extends AbstractAnalyzer implements PatternFa
 						break;
 						
 					case "section":
-						sectionName = attrValue;
+						sectionNamePattern = java.util.regex.Pattern.compile(attrValue);
 						break;
 						
 					case "noreturn":

Ghidra/Processors/x86/data/patterns/x86gcc_prepatterns.xml

@@ -6,15 +6,15 @@
         0x68......00     <!-- push -->
         0xe9......ff     <!-- jmp -addr -->
      </data> <!-- .plt thunk -->
-     <funcstart thunk="true" section=".plt"/>
+     <funcstart thunk="true" section="(?i)(\.plt)"/>
   </pattern>
   
   <pattern>
      <data>
-        0xf3 0x0f 0x1e 0x1a        <!-- ENDBR64 -->
+        0xf3 0x0f 0x1e 0xfa        <!-- ENDBR64 --> 
-        0xf2 0xff 0x25 .. .. .. .. <!-- jmp -->
+        0xf2 0xff 0x25             <!-- jmp qword ptr [0xxxx] -->
      </data> <!-- .plt thunk -->
-     <funcstart thunk="true" section=".plt"/>
+     <funcstart thunk="true" section="(?i)(\.plt(\.sec)?)"/>
   </pattern>
 
 </patternlist>