yetangitu/ghidra
1
0
Fork 0
mirror of https://github.com/NationalSecurityAgency/ghidra.git synced 2025-10-04 10:19:23 +02:00
Code Issues Releases Wiki Activity

Candidate release of source code.

Browse source
This commit is contained in:
Dan 2019-03-26 13:45:32 -04:00
parent db81e6b3b0
commit 79d8f164f8
12449 changed files with 2800756 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

BIN
Ghidra/Features/VersionTracking/src/main/docs/VTClasses.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 65 KiB

BIN
Ghidra/Features/VersionTracking/src/main/docs/VTGuiImpl.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 134 KiB

181
Ghidra/Features/VersionTracking/src/main/help/help/TOC_Source.xml Normal file
View file

@ -0,0 +1,181 @@
<?xml version='1.0' encoding='ISO-8859-1' ?>
<!--
This is an XML file intended to be parsed by the Ghidra help system. It is loosely based
upon the JavaHelp table of contents document format. The Ghidra help system uses a
TOC_Source.xml file to allow a module with help to define how its contents appear in the
Ghidra help viewer's table of contents. The main document (in the Base module)
defines a basic structure for the
Ghidra table of contents system. Other TOC_Source.xml files may use this structure to insert
their files directly into this structure (and optionally define a substructure).
In this document, a tag can be either a <tocdef> or a <tocref>. The former is a definition
of an XML item that may have a link and may contain other <tocdef> and <tocref> children.
<tocdef> items may be referred to in other documents by using a <tocref> tag with the
appropriate id attribute value. Using these two tags allows any module to define a place
in the table of contents system (<tocdef>), which also provides a place for
other TOC_Source.xml files to insert content (<tocref>).
During the help build time, all TOC_Source.xml files will be parsed and validated to ensure
that all <tocref> tags point to valid <tocdef> tags. From these files will be generated
<module name>_TOC.xml files, which are table of contents files written in the format
desired by the JavaHelp system. Additionally, the generated files will be merged together
as they are loaded by the JavaHelp system. In the end, when displaying help in the Ghidra
help GUI, there will be one table of contents that has been created from the definitions in
all of the modules' TOC_Source.xml files.
Tags and Attributes
<tocdef>
-id - the name of the definition (this must be unique across all TOC_Source.xml files)
-text - the display text of the node, as seen in the help GUI
-target** - the file to display when the node is clicked in the GUI
-sortgroup - this is a string that defines where a given node should appear under a given
parent. The string values will be sorted by the JavaHelp system using
a javax.text.RulesBasedCollator. If this attribute is not specified, then
the text of attribute will be used.
<tocref>
-id - The id of the <tocdef> that this reference points to
**The URL for the target is relative and should start with 'help/topics'. This text is
used by the Ghidra help system to provide a universal starting point for all links so that
they can be resolved at runtime, across modules.
-->
<tocroot>
<tocref id="Ghidra Functionality">
<tocdef id="Version Tracking"
text="Version Tracking"
target="help/topics/VersionTrackingPlugin/Version_Tracking_Intro.html" >
<!-- Workflow -->
<tocdef id="VTWorkflow"
sortgroup="a"
text="Workflow"
target="help/topics/VersionTrackingPlugin/VT_Workflow.html">
<tocdef id="Preconditions"
sortgroup="a"
text="Preconditions"
target="help/topics/VersionTrackingPlugin/VT_Preconditions.html" />
<tocdef id="VersionTrackingExampleWorkflow"
sortgroup="b"
text="Example Workflow"
target="help/topics/VersionTrackingPlugin/VT_Workflow.html#Workflow" />
<tocdef id="VersionTrackingWorkflowFAQ"
sortgroup="c"
text="Workflow FAQ"
target="help/topics/VersionTrackingPlugin/VT_Workflow.html#FAQ" />
<tocdef id="VersionTrackingCommonProblems"
sortgroup="d"
text="Common Problems"
target="help/topics/VersionTrackingPlugin/VT_Workflow.html#Common_Problems" />
</tocdef>
<!-- Correlators -->
<tocdef id="VTCorrelators"
sortgroup="b"
text="Program Correlators"
target="help/topics/VersionTrackingPlugin/VT_Correlators.html" >
<!-- Data Match Correlator -->
<tocdef id="DataMatchCorrelator"
text="Data Match Correlator"
target="help/topics/VersionTrackingPlugin/VT_Correlators.html#Data_Match" />
<!-- Function Match Correlator -->
<tocdef id="FunctionMatchCorrelator"
text="Function Match Correlator"
target="help/topics/VersionTrackingPlugin/VT_Correlators.html#Function_Match" />
<!-- Legacy Import Correlator -->
<tocdef id="LegacyMatchCorrelator"
text="Legacy Import Match Correlator"
target="help/topics/VersionTrackingPlugin/VT_Correlators.html#Legacy_Import" />
<!-- Implied Match Correlator -->
<tocdef id="ImpliedMatchCorrelator"
text="Implied Match Correlator"
target="help/topics/VersionTrackingPlugin/VT_Correlators.html#Implied_Match" />
<!-- Manual Match Correlator -->
<tocdef id="ManualMatchCorrelator"
text="Manual Match Correlator"
target="help/topics/VersionTrackingPlugin/VT_Correlators.html#Manual_Match" />
<!-- Symbol Name Correlator -->
<tocdef id="SymbolMatchCorrelator"
text="Symbol Name Match Correlator"
target="help/topics/VersionTrackingPlugin/VT_Correlators.html#Symbol_Match" />
</tocdef>
<!-- Wizard -->
<tocdef id="VTWizard"
sortgroup="c"
text="Session Wizard"
target="help/topics/VersionTrackingPlugin/VT_Wizard.html" />
<!-- New Session Panel -->
<!-- Address Set Panel -->
<!-- Preconditions Panel -->
<!-- Correlator Panel -->
<!-- Options Panel -->
<!-- Summary Panel -->
<!-- Tool -->
<tocdef id="VTTool"
sortgroup="d"
text="Tool"
target="help/topics/VersionTrackingPlugin/VT_Tool.html" >
<!-- Matches Table -->
<tocdef id="VTMatchTable"
sortgroup="a"
text="Matches Table"
target="help/topics/VersionTrackingPlugin/providers/VT_Matches_Table.html" />
<!-- Markup Items Table -->
<tocdef id="VTMarkupTable"
sortgroup="b"
text="Markup Items Table"
target="help/topics/VersionTrackingPlugin/providers/VT_Markup_Table.html" />
<!-- Functions Table -->
<tocdef id="VTFunctionsTable"
sortgroup="c"
text="Functions Table"
target="help/topics/VersionTrackingPlugin/providers/VT_Functions_Table.html" />
<!-- Related Associations Tables -->
<tocdef id="VTRelatedAssociationsTable"
sortgroup="d"
text="Related Matches Table"
target="help/topics/VersionTrackingPlugin/providers/VT_Related_Associations_Table.html" />
<!-- Implied Matches Tables -->
<tocdef id="VTImpliedMatchTable"
sortgroup="e"
text="Implied Matches Table"
target="help/topics/VersionTrackingPlugin/providers/VT_Implied_Matches_Table.html" />
</tocdef>
</tocdef>
</tocref>
</tocroot>

58
Ghidra/Features/VersionTracking/src/main/help/help/shared/Frontpage.css Normal file
View file

@ -0,0 +1,58 @@
/* ###
* IP: GHIDRA
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/*
WARNING!
This file is copied to all help directories. If you change this file, you must copy it
to each src/main/help/help/shared directory.
Java Help Note: JavaHelp does not accept sizes (like in 'margin-top') in anything but
px (pixel) or with no type marking.
*/
body { margin-bottom: 50px; margin-left: 10px; margin-right: 10px; margin-top: 10px; } /* some padding to improve readability */
li { font-family:times new roman; font-size:14pt; }
h1 { color:#000080; font-family:times new roman; font-size:36pt; font-style:italic; font-weight:bold; text-align:center; }
h2 { margin: 10px; margin-top: 20px; color:#984c4c; font-family:times new roman; font-size:18pt; font-weight:bold; }
h3 { margin-left: 10px; margin-top: 20px; color:#0000ff; font-family:times new roman; font-size:14pt; font-weight:bold; }
h4 { margin-left: 10px; margin-top: 20px; font-family:times new roman; font-size:14pt; font-style:italic; }
/*
P tag code. Most of the help files nest P tags inside of blockquote tags (the was the
way it had been done in the beginning). The net effect is that the text is indented. In
modern HTML we would use CSS to do this. We need to support the Ghidra P tags, nested in
blockquote tags, as well as naked P tags. The following two lines accomplish this. Note
that the 'blockquote p' definition will inherit from the first 'p' definition.
*/
p { margin-left: 40px; font-family:times new roman; font-size:14pt; }
blockquote p { margin-left: 10px; }
p.providedbyplugin { color:#7f7f7f; margin-left: 10px; font-size:14pt; margin-top:100px }
p.ProvidedByPlugin { color:#7f7f7f; margin-left: 10px; font-size:14pt; margin-top:100px }
p.relatedtopic { color:#800080; margin-left: 10px; font-size:14pt; }
p.RelatedTopic { color:#800080; margin-left: 10px; font-size:14pt; }
/*
We wish for a tables to have space between it and the preceding element, so that text
is not too close to the top of the table. Also, nest the table a bit so that it is clear
the table relates to the preceding text.
*/
table { margin-left: 20px; margin-top: 10px; width: 80%;}
td { font-family:times new roman; font-size:14pt; vertical-align: top; }
th { font-family:times new roman; font-size:14pt; font-weight:bold; background-color: #EDF3FE; }
code { color: black; font-family: courier new; font-size: 14pt; }

BIN
Ghidra/Features/VersionTracking/src/main/help/help/shared/arrow.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 69 B

BIN
Ghidra/Features/VersionTracking/src/main/help/help/shared/close16.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 859 B

BIN
Ghidra/Features/VersionTracking/src/main/help/help/shared/menu16.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 62 B

BIN
Ghidra/Features/VersionTracking/src/main/help/help/shared/note-red.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 4.1 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/shared/note.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 4.1 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/shared/note.yellow.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 4.1 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/shared/redo.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 187 B

BIN
Ghidra/Features/VersionTracking/src/main/help/help/shared/tip.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1.6 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/shared/undo.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 185 B

BIN
Ghidra/Features/VersionTracking/src/main/help/help/shared/warning.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1.3 KiB

428
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/VT_Correlators.html Normal file
View file

@ -0,0 +1,428 @@
<!DOCTYPE doctype PUBLIC "-//W3C//DTD HTML 4.0 Frameset//EN">
<HTML>
<HEAD>
<META name="generator" content=
"HTML Tidy for Java (vers. 2009-12-01), see jtidy.sourceforge.net">
<TITLE>Version Tracking Program Correlators</TITLE>
<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
<LINK rel="stylesheet" type="text/css" href="../../shared/Frontpage.css">
</HEAD>
<BODY lang="EN-US">
<H1><A name="Version_Tracking_Program_Correlators">Version Tracking Program
Correlators</A></H1>
<BLOCKQUOTE>
<P>A program correlator compares two versions of a program and generates matches between
them. These matches are either functions (this function in the old version became this
function in the new version), or data (this piece of defined data in the old is now here in
the new version).</P>
<P>Each correlator has its own strengths and weaknesses, as well as characteristics for
generating scores. For instance, some correlators may run better after already having run
certain others (and processing their results). Some correlators return hard-coded scores due
to the nature of their correlation. It is important to read the specifics of each
correlator's description to understand how to best use it.</P>
<P>Below is a list of built-in (i.e, not discovered) program correlators.</P>
<UL>
<LI><A href="#Data_Match">Data Match Correlators</A></LI>
<UL>
<LI><A href="#Exact_Data_Match">Exact Data Match</A></LI>
<LI><A href="#Duplicate_Data_Match">Duplicate Data Match</A></LI>
<LI><A href="#Similar_Data_Match">Similar Data Match</A></LI>
</UL>
<LI><A href="#Function_Match">Function Match Correlators</A></LI>
<UL>
<LI><A href="#Exact_Function_Bytes_Match">Exact Function Bytes Match</A></LI>
<LI><A href="#Exact_Function_Instructions_Match">Exact Function Instructions Match</A></LI>
<LI><A href="#Duplicate_Function_Instructions_Match">Duplicate Function Instructions
Match</A></LI>
<LI><A href="#Exact_Function_Mnemonics_Match">Exact Function Mnemonics Match</A></LI>
</UL>
<LI><A href="#Legacy_Import">Legacy Import Correlator</A></LI>
<LI><A href="#Implied_Match">Implied Correlator</A></LI>
<LI><A href="#Manual_Match">Manual Match Correlator</A></LI>
<LI><A href="#Symbol_Match">Symbol Name Match Correlator</A></LI>
<UL>
<LI><A href="#Exact_Symbol_Name_Match">Exact Symbol Name Match</A></LI>
<LI><A href="#Duplicate_Exact_Symbol_Name_Match">Duplicate Exact Symbol Name Match</A></LI>
<LI><A href="#Similar_Symbol_Name_Match">Similar Symbol Name Match</A></LI>
</UL>
<LI><A href="#Match_Info">Reference Correlators that Use Match Information to Find Other Matches</A></LI>
<UL>
<LI><A href="#Data_Ref">Data Reference Correlator</A></LI>
<LI><A href="#Func_Ref">Function Reference Correlator</A></LI>
<LI><A href="#Comb_Func_Data_Ref">Combined Function and Data Reference Correlator</A></LI>
</UL>
</UL>
</BLOCKQUOTE>
<H2><A name="Data_Match">Data Match Correlators</A></H2>
<BLOCKQUOTE>
<H3><A name="Exact_Data_Match">Exact Data Match</A></H3>
<BLOCKQUOTE>
<P>Exact Data Match will iterate through your entire source program's list of defined data,
and look for a 1:1 correspondence for this data in the destination program. For instance,
if you have a defined string "This is a string" that appears only once in the source
program, and the Exact Data Matcher finds a single area in the destination program with
"This is a string", it will report it as a match.</P>
<P>Exact Data Match reports 1.0 for similarity score (because by definition, the data are
exactly the same) and 1.0 for confidence score (because it was found only once in each
program).</P>
</BLOCKQUOTE>
<H3><A name="Duplicate_Data_Match">Duplicate Data Match</A></H3>
<BLOCKQUOTE>
<P>Duplicate Data Match will iterate through your source program's defined data, look for
matches in the destination program, and only create matches if the correspondence is NOT
1:1, i.e. 1:N, M:1, or M:N. Switch tables are often found by this correlator.</P>
<P>Duplicate Data Match reports 1.0 for similarity score (because by definition, the data
is exactly the same), but the confidence scores will all be less than 1.0. Duplicate Data
Match uses 10/(total source and destination matches) for raw confidence, but due to the
log<SUB>10</SUB> scaling of the confidence reporting column these values will always be
less than 0.7<SUP>*</SUP>.</P>
<P>Note that the data does not need to be defined in the destination program for these
correlators to find matches.</P>
</BLOCKQUOTE>
<H3><A name="Similar_Data_Match">Similar Data Match</A></H3>
<BLOCKQUOTE>
<P>Similar Data Match will iterate through your source and destination programs' defined data,
and look for similar data based on locality sensitive hashing of 4-grams.</P>
<P>Similar Data Match reports a similarity score based on the cosine difference between the
vector representations of the two data objects. A similarity of 1.0 means the data matches exactly.
The confidence scores are based on the similarity score and the vector lengths of the data objects.</P>
</BLOCKQUOTE>
</BLOCKQUOTE>
<H2><A name="Function_Match">Function Match Correlators</A></H2>
<BLOCKQUOTE>
<P><IMG src="../../shared/note.png" border="0"> Note that functions MUST be defined in the
destination program for these correlators to find matches.</P>
<H3><A name="Exact_Function_Bytes_Match">Exact Function Bytes Match</A></H3>
<BLOCKQUOTE>
<P>Exact Function Bytes Match is very similar to the Exact Data Match correlator, except it
looks for functions. If there is an exact byte-for-byte, 1:1 correspondence between a
function in the source program and a function in the destination program, it will create a
match.</P>
<P>Exact Function Bytes Match reports 1.0 for similarity score (because by definition, the
functions are exactly the same) and 1.0 for confidence score (because it was found only
once in each program).</P>
</BLOCKQUOTE>
<H3><A name="Exact_Function_Instructions_Match">Exact Function Instructions Match</A></H3>
<BLOCKQUOTE>
<P>Exact Function Instructions Match is almost exactly like Exact Function Bytes Match,
except that it removes the operands from the instructions by masking them out. This has an
advantage on certain CPU architectures (RISC)/compilers that can compile the same source
using different registers but otherwise identical opcodes. If a 1:1 correspondence is found
between a masked source function and a masked destination function, a match is created.</P>
<P>Exact Function Instructions Match reports 1.0 for similarity score, even though the
functions aren't necessarily identical byte-for-byte. It reports 1.0 for confidence score
(because it was found only once in each program).</P>
</BLOCKQUOTE>
<H3><A name="Duplicate_Function_Instructions_Match">Duplicate Function Instructions
Match</A></H3>
<BLOCKQUOTE>
<P>Duplicate Function Match will iterate through your source program's functions, look for
matches in the destination program, and only create matches if the correspondence is NOT
1:1, i.e. 1:N, M:1, or M:N. It uses the operand masking to eliminate operands from the
opcodes when searching for matches. Boilerplate or template functions are often found by
this correlator.</P>
<P>Duplicate Function Match reports 1.0 for similarity score, even though the functions
aren't necessarily identical byte-for-byte. The confidence scores will all be less than
1.0. Duplicate Function Match uses 10/(total source and destination matches) for raw
confidence, but due to the log<SUB>10</SUB> scaling of the confidence reporting column
these values will always be less than 0.7<SUP>*</SUP>.</P>
</BLOCKQUOTE>
<H3><A name="Exact_Function_Mnemonics_Match">Exact Function Mnemonics Match</A></H3>
<BLOCKQUOTE>
<P>Exact Function Mnemonic Match is almost exactly like Exact Function Instructions Match,
except that it uses the mnemonic names representing an instruction instead of the bytes representing
the instruction. This will find cases where the same instruction names are used but the underlying instruction bytes have changed.
Differences between the two correlators will be rare.
If a 1:1 correspondence is found between a masked source function and a masked destination function, a match is created.</P>
<P>Exact Function Instructions Match reports 1.0 for similarity score, even though the
functions aren't necessarily identical byte-for-byte. It reports 1.0 for confidence score
(because it was found only once in each program).</P>
</BLOCKQUOTE>
</BLOCKQUOTE>
<H2><A name="Legacy_Import">Legacy Import Correlator</A></H2>
<BLOCKQUOTE>
<P>The Legacy Import correlator is a legacy results file importer (and not really a
correlator). It reads text files with a very specific format, and only creates functions
matches based upon the contained data.</P>
<P>The format of the file is a series of matches, each match on its own line. The match is
comprised of 9 fields, each separated by whitespace. The 9 fields are as follows:</P>
<PRE>
score (similarity, in the range [0.0, 1.0])
source length (in bytes)
destination length (in bytes)
source program name
source function name
source address
destination program name
destination function name
destination address
</PRE>
<P><IMG src="../../shared/note.png" border="0"> NOTE: this format is provided for users who
have existing results that absolutely positively can't see any way to get them into Version
Tracking another way. It is legacy, deprecated, and will likely be replaced in the future
with a new import format (most likely a legacy format -&gt; new data import format conversion
tool will be released simultaneously). <B>We strongly recommend you don't use this importer,
and instead start your Version Tracking analysis from scratch using our provided
correlators.</B></P>
</BLOCKQUOTE>
<H2><A name="Implied_Match">Implied Correlator</A></H2>
<BLOCKQUOTE>
<P>The "Implied Match" correlator is a placeholder for matches that were created based on
references from other accepted matches. There is no "Implied Match" algorithm that can be
run, but since all matches must have a correlator, the Implied Match correlator was created.
Its only purpose is to display Implied Matches in the matches table. See the <A href=
"help/topics/VersionTrackingPlugin/providers/VT_Implied_Matches_Table.html">Implied Matches
Table</A> for more information.</P>
</BLOCKQUOTE>
<H2><A name="Manual_Match">Manual Match Correlator</A></H2>
<BLOCKQUOTE>
<P>The manual match correlator is a placeholder for matches that were created manually by the
user. There is no "Manual Match" algorithm that can be run, but since all matches must have a
correlator, the Manual Match correlator was created. Its only purpose is to display Manual
Matches in the matches table.</P>
</BLOCKQUOTE>
<H2><A name="Symbol_Match">Symbol Name Match Correlators</A></H2>
<BLOCKQUOTE>
<H3><A name="Exact_Symbol_Name_Match">Exact Symbol Name Match</A></H3>
<BLOCKQUOTE>
<P>Exact Symbol Name Match is very similar to the Exact Data Match correlator and the Exact
Function Match correlators, except it looks for symbol names. If there is an exact 1:1
correspondence between a symbol name (after removing the _address suffix that is sometimes added to symbols)
in the source program and a symbol in the destination
program, it will create a match. Note that this correlator only works on symbols where
there is a defined function or defined data in the source program. For the function case,
there also must be a defined function in the destination program. For the data case, there does
not have to be defined data in the destination program. Also note that this correlator
ignores the default symbols that Ghidra automatically creates such as, but not limited to, those that
start with FUN_, DAT_, except strings that start with s_, u_, etc... Note: There is an option to
that allows users to find external symbol matches as well. </P>
<P>Exact Symbol Name Match reports 1.0 for similarity score (because by definition, the
symbols are exactly the same) and 1.0 for confidence score (because it was found only once
in each program).</P>
</BLOCKQUOTE>
<H3><A name="Duplicate_Exact_Symbol_Name_Match">Duplicate Exact Symbol Name Match</A></H3>
<BLOCKQUOTE>
<P>Duplicate Exact Symbol Name Match will iterate through your source program's symbols,
look for matches in the destination program, and only create matches if the correspondence
is NOT 1:1, i.e. 1:N, M:1, or M:N. When there is more than one symbol with the same name in
Ghidra, Ghidra appends the address onto the end of it. This correlator strips off the
ending address before correlating symbol names and ignores the default symbols
that Ghidra automatically creates such as, but not limited to, those that
start with FUN_, DAT_, except strings that start with s_, u_, etc... Note: There is an option to
that allows users to find external symbol matches as well.</P>
<P>Duplicate Exact Symbol Name Match reports 1.0 for similarity score, since the symbols
(minus the tacked on address) are identical. The confidence scores will all be less than
1.0. Duplicate Exact Symbol Name Match uses 10/(total source and destination matches) for
raw confidence, but due to the log<SUB>10</SUB> scaling of the confidence reporting column
these values will always be less than 0.7<SUP>*</SUP>.</P>
<P><SUP>*</SUP> <TT>log<SUB>10</SUB>(10/N) &lt; 0.7 for N &gt; 1; e.g. log<SUB>10</SUB>(5) ~= 0.69897</TT></P>
</BLOCKQUOTE>
<H3><A name="Similar_Symbol_Name_Match">Similar Symbol Name Match</A></H3>
<BLOCKQUOTE>
<P>Similar Symbol Name Match will iterate through your source and destination programs'
symbols, and look for similar names based on locality sensitive hashing of trigrams.</P>
<P>Similar Symbol Name Match reports a similarity score based on the cosine difference
between the vector representations of the two symbol names. A similarity of 1.0
means the symbols match exactly. The confidence scores are based on the similarity score and
the vector lengths of the names.</P>
</BLOCKQUOTE>
</BLOCKQUOTE>
<H2><A name="Match_Info">Reference Correlators that Use Match Information to Find Other Matches</A></H2>
<BLOCKQUOTE>
<P>Each of the following program correlators determines correlation based on feature vectors constructed from
matched and unmatched references of their respective types. The algorithm used is
<OL>
<li>Identify functions that reference each ACCEPTED (<IMG src="images/flag.png">) match of the correct type.
</li>
<li> Construct a sourceMap and a destinationMap of the form {referencingFunction:featureVector}
where the featureVector identifies an ACCEPTED match with the log weight for
the probability that it appears in any one function in the system.<br/>
NOTE: The same feature and log weight are added to sourceMap and destinationMap for each match.
<li> For each referencingFunction add a unique feature* to its featureVector with probability 0.5 for each
of its UNMATCHED references of the correct type.
</li>
<li> Score each pair of SOURCE and DESTINATION functions by the angle between their feature vectors,
taking the highest scoring pairs as the result.
</li>
<li> Refine the results by removing matches that have no clear winner. </li>
</OL>
<p>* This is to account for the probabilistic cost of a reference being switched, dropped or picked
up between SOURCE and DESTINATION versions. Theoretically this should be dependent on the probability of the referenced element occurring,
but for simplicity we consider the model for a generalized switch and drop/pickup by assigning
a probability of 0.5 to each of the unmatched references made in any of our considered functions.</p>
<p>
</p>
<H3><A name="Data_Ref">Data Reference Correlator</A></H3>
<BLOCKQUOTE>
<P>The Data Reference Correlator uses ACCEPTED matched data to find other function matches based on common data they reference.
That is, a reference is considered if it is a reference to matched data location.
</P>
<h4>Example</h4>
<p>
<OL>
<li> (<IMG src="images/start-here_16.png">) Start a Version Tracking session </li>
<li> (<IMG src="images/Plus.png">) Run the "Exact Data Match" correlator</li>
<li> (<IMG src="images/flag.png">) Accept all the matches <br> <br>
<IMG src="images/DataRefCorr_ExactSelectAll.png" alt="Select All Exact Matches and Accept"/>
</li>
<li> (<IMG src="images/Plus.png">) Run the "Data Reference Correlator" <br> <br>
<IMG src="images/DataRefCorrelator_Setup.png"/>
</li>
<li> Try using the default options (click 'Next' and 'Finish'): <br> <br>
<IMG src="images/DataRefCorr_options.png"/>
</li>
<li> Now try sorting on Score for the Data Reference Correlator and note that the lowest score is above the
minimum threshold set in the options. If a function is missing that you expect to see in the results, try
lowering the thresholds and/or unchecking the "Refine Results" checkbox.
<br> <br>
<IMG src="images/DataRefCorr_refined.png"/>
</li>
</OL>
</p>
</BLOCKQUOTE>
<H3><A name="Func_Ref">Function Reference Correlator</A></H3>
<BLOCKQUOTE>
<P>The Function Reference Correlator uses ACCEPTED matched functions to find other
function matches based on common functions they reference. That is, a reference is
considered if it is a reference to a matched function.</P>
<h4>Example</h4>
<p>
<ol>
<li> By first running the "Exact Function Instructions Match" correlator, and then
running the "Function Reference Correlator" with the default options as above, we see
potential matches with Scores >= 0.5.<br>
<IMG src="images/FuncRefCorr_defaultOptions_results.png"/> <br> <br>
</li>
<li> By lowering the "Minimum similarity threshold (score)", we see one additional possible match.
The lower score indicates to us that this function, "__onexit", makes reference to functions that have not been matched yet.<br>
<IMG src="images/FuncRefCorr_lowerScoreThresh.png"/> <br> <br>
<IMG src="images/FuncRefCorr_lowerScoreThresh_results.png"/> <br> <br>
</li>
<li> By using the same thresholds as above, but also unchecking the "Refine Results" box, we
get many more results returned from the Reference Correlator. In this case, most of the additional results
are BLOCKED by our previously ACCEPTED matches, which, for example, results in only the correct pair for
"print" being made available for matching.<br>
<IMG src="images/FuncRefCorr_lowerScoreThreshUnrefined.png"/> <br> <br>
<IMG src="images/FuncRefCorr_lowerScoreThreshUnrefined_results.png"/><br><br>
NOTE: By deafult the Version Tracking table does not display "Blocked" matches.
To see them, go to the Match Table Filters (<IMG src="images/settings16.gif"/> in the upper right corner)
and check the box next to "Blocked" under "Association Status".<br><br>
<center><IMG src="images/FuncRefCorr_MatchTableFilters_AssocStatus.png"/></center>
</li>
</ol>
</p>
</BLOCKQUOTE>
<H3><A name="Comb_Func_Data_Ref">Combined Function and Data Reference Correlator</A></H3>
<BLOCKQUOTE>
<P> The Combined Function and Data Reference Correlator matches functions based on the accepted
data and function matches they have in common. This means that the set of references considered
for each tested function includes all its data and function references. That is, a reference is
considered if it is a reference to a matched function or matched data location.
</P>
<P><IMG src="../../shared/note.png" border="0"> NOTE: If no matches are returned, make sure there are existing <b>ACCEPTED</b> matches
(<IMG src="images/flag.png">). This means you will need to run other correlators first, such as
<UL>
<LI><A href="#Exact_Data_Match">Exact Data Match</A></LI>
<LI><A href="#Exact_Function_Bytes_Match">Exact Function Bytes Match</A></LI>
</UL>
</P>
</BLOCKQUOTE>
</BLOCKQUOTE>
<!-- Main content blockquote -->
<P class="providedbyplugin">Provided by: <I>Version Tracking Plugin</I></P>
<P class="relatedtopic">Related Topics:</P>
<UL>
<LI><A href="help/topics/VersionTrackingPlugin/providers/VT_Matches_Table.html">Version
Tracking Matches Table</A></LI>
<LI><A href="help/topics/VersionTrackingPlugin/VT_Tool.html">Version Tracking Tool</A></LI>
<LI><A href="help/topics/VersionTrackingPlugin/Version_Tracking_Intro.html">Version Tracking
Introduction</A></LI>
</UL><BR>
<BR>
</BODY>
</HTML>

121
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/VT_Preconditions.html Normal file
View file

@ -0,0 +1,121 @@
<!DOCTYPE doctype PUBLIC "-//W3C//DTD HTML 4.0 Frameset//EN">
<HTML>
<HEAD>
<META name="generator" content=
"HTML Tidy for Java (vers. 2009-12-01), see jtidy.sourceforge.net">
<TITLE>Version Tracking Preconditions</TITLE>
<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
<LINK rel="stylesheet" type="text/css" href="../../shared/Frontpage.css">
</HEAD>
<BODY lang="EN-US">
<H1><A name="Version_Tracking_Preconditions"></A>Version Tracking Preconditions</H1>
<BLOCKQUOTE>
<P>
One of the first items you run across in the Version Tracking Wizard is the
Precondition Panel.
***Put picture here****
It is an important initial step in the Version Tracking process. In the past, users
trying to match functions and pull relevant "mark-up" such as labels and comments into a
new version of a binary, would encounter problems if one or both of the binaries were not
sufficiently analyzed or had major analysis problems. Users were given no indication that
these issues were a direct result of having a poorly analyzed binary. The success or failure
of the various preconditions are indicatiors of how well your binaries have been analyzed
and how well their analyses "match" each other. If the preconditions indicates problems
*** show and describe red x, warning, green check****, it is important to fix them before
moving on or there will probably be problems with the Version Tracking process, such as
identifying incorrect matches or failing to find valid function matches. In general,
Version Tracking will work best if the same methods of cleaning up a binary are used and
if similar numbers of functions are created.
</P>
<H2><A NAME="Current_Preconditions"></A>Current Preconditions</H2>
<BLOCKQUOTE>
<P>
</P>
<TABLE border="1" width="90%">
<TR>
<TH>Precondition Name</TH>
<TH>Precondition Description </TH>
<TH>Potential Problems </TH>
<TH>How to Fix</TH>
</TR>
<TR>
<TD><b>Memory Blocks</b></TD>
<TD>This validator checks to see if both program memory maps have been split into the same memory blocks with the same permissions. </TD>
<TD>Potential problems include incorrect analysis and decompilation due to incorrect execution or data permissions being set. </TD>
<TD>Use the Window->Memory Map to adjust the memory blocks and permissions so that they are correct.</TD>
</TR>
<TR>
<TD nowrap><b>Number of Functions</b></TD>
<TD>This validator checks to see if both programs have a similar number of defined functions</TD>
<TD>Potential problems include missing function matches. </TD>
<TD>Change analysis options and rerun it, run analysis scripts, run aggressive analyzer, and/or manually disassemble and create functions. </TD>
</TR>
<TR>
<TD nowrap><b>Number of "No-Return" Functions</b></TD>
<TD>This validator checks to see if both programs have a similar number of "No-Return" functions</TD>
<TD>Potential problems include bad analysis due to disassembly falling through past the end of a function. </TD>
<TD>Run the FixupNoReturnsScript. </TD>
</TR>
<TR>
<TD nowrap><b>Offcut References</b></TD>
<TD>This validator checks to see if either program has offcut references.</TD>
<TD>Potential problems include bad analysis due to disassembly or data creation in incorrect locations.</TD>
<TD>Using the Symbol Table find offcut references. If they are incorrect, fix them and the problems that caused them to be created such
as incorrect operand reference assumptions or incorrect memory map flags, etc...</TD>
</TR>
<TR>
<TD nowrap><b>Percent Analyzed</b></TD>
<TD>This validator checks to see if both programs have a similar percentage of analyzed code in the code segments of each binary.
</TD>
<TD>Potential problems include missing potential matches due to incomplete analysis.</TD>
<TD>Change analysis options and rerun it, run analysis scripts, run aggressive analyzer, and/or manually disassemble and create functions.</TD>
</TR>
<TR>
<TD nowrap><b>Red Flags</b></TD>
<TD>This validator checks to see if either program has red flags indicating errors in analysis.
</TD>
<TD>Potential problems include incorrect instruction definitions at the language level and incorrect analysis of code or data.</TD>
<TD>Use the Bookmark Manager or Margin Markers to find red flags. Fix them and the problems that caused them to be created such
as bad flow (most likely) or bad instruction definitions. </TD>
</TR>
</TABLE>
</BLOCKQUOTE>
</BLOCKQUOTE>
<P class="providedbyplugin">Provided by: <I>Version Tracking Plugin</I></P>
<P class="relatedtopic">Related Topics:</P>
<UL>
<LI><A href="help/topics/VersionTrackingPlugin/providers/VT_Matches_Table.html">Version Tracking Matches Table</A></LI>
<LI><A href="help/topics/VersionTrackingPlugin/providers/VT_Markup_Table.html">Version
Tracking Markup Table</A></LI>
<LI><A href="help/topics/VersionTrackingPlugin/Version_Tracking_Intro.html">Version
Tracking Introduction</A></LI>
<li><a href="help/topics/CodeBrowserPlugin/CodeBrowser.htm">Code Browser</a></li>
</UL><BR>
<BR>
</BODY>
</HTML>

281
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/VT_Tool.html Normal file
View file

@ -0,0 +1,281 @@
<!DOCTYPE doctype PUBLIC "-//W3C//DTD HTML 4.0 Frameset//EN">
<HTML>
<HEAD>
<META name="generator" content=
"HTML Tidy for Java (vers. 2009-12-01), see jtidy.sourceforge.net">
<TITLE>Version Tracking Tool</TITLE>
<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
<LINK rel="stylesheet" type="text/css" href="../../shared/Frontpage.css">
</HEAD>
<BODY lang="EN-US">
<H1><A name="Version_Tracking_Tool"></A>Version Tracking Tool</H1>
<TABLE x-use-null-cells="" width="100%">
<TBODY>
<TR>
<TD align="center" width="100%"><IMG border="1" src="images/VersionTrackingTool.png"></TD>
</TR>
</TBODY>
</TABLE>
<BLOCKQUOTE>
<BLOCKQUOTE>
<P>The primary Version Tracking Tool, by default, consists of a few actions and
a couple provider views. The primary view of the tool is the
<b><a href="help/topics/VersionTrackingPlugin/providers/VT_Matches_Table.html">
Matches Table</a></b>. The other default component view is the
<b><a href="help/topics/VersionTrackingPlugin/providers/VT_Markup_Table.html">
Markup Items Table</a></b>.
</P>
<p>
The Version Tracking Tool also has sub-tools that are present when a Version Tracking
Session is open.
</p>
</BLOCKQUOTE>
<H2><A name="Version_Tracking_Session"></A>Version Tracking Session</H2>
<BLOCKQUOTE>
<P>
A version tracking session is created when you run the
<a href="help/topics/VersionTrackingPlugin/VT_Wizard.html">Version Tracking Wizard</a>.
Once created, the session will be saved to the
<a href="help/topics/FrontEndPlugin/Ghidra_Front_end.htm#Project_Window">Ghidra Project Window</a>.
As you make changes to version tracking data (i.e., matches and markup items), those
changes are applied to the current session.
</P>
<P>
You can open an existing session by dragging it from the Ghidra Project Window's data
tree onto:
<UL>
<LI>A running Version Tracking Tool, or
</LI>
<LI>The Version Tracking Tool icon in the Ghidra Project Window's
<a href="help/topics/FrontEndPlugin/Ghidra_Front_end.htm#ToolChest">
Tool Chest</a>, or
</LI>
<LI>
The icon of a running Version Tracking Tool in the
<a href="help/topics/FrontEndPlugin/Ghidra_Front_end.htm#RunningTools">
Running Tools panel</a> of the Ghidra Project Window.
</LI>
</UL>
<P>
You can also double-click the session file in the Ghidra Project Window. This will
launch the session in a <b>new Version Tracking Tool instance</b>.
</P>
</P>
<P>
When you open a session, the Version Tracking Sub-tools (mentioned below)
are also opened. When you close a session, the sub-tools are closed.
</P>
</BLOCKQUOTE>
<H2><A name="Version_Tracking_Sub_Tools"></A>Version Tracking Sub-tools</H2>
<BLOCKQUOTE>
<P>When a session is open in the primary Version Tracking Tool, then two other tool
windows will be opened: the source tool and the destination tool. Both tools look the
same. They differ in which program they show, the source program or the destination
program.
</p>
<TABLE x-use-null-cells="" width="100%">
<TBODY>
<TR>
<TD align="center" width="100%"><IMG border="1" src="images/SourceTool.png"></TD>
</TR>
</TBODY>
</TABLE>
<p>
Each of these tools is similar to default Ghidra
<a href="help/topics/CodeBrowserPlugin/CodeBrowser.htm">Code Browser</a>
in that they each provider full Ghidra functionality. However, these tools differ from
the default Ghidra Tool in that they offer a few extra plugins, which add version tracking
functionality.
</P>
<p>
</p>
</BLOCKQUOTE>
<H2><A name="Tool_Actions"></A>Version Tracking Tool Actions</H2>
<BLOCKQUOTE>
<P align="left"><A name="Create_Session"></A>The <b>Create Session</b>
<IMG src="images/start-here_16.png" border="0"> action will launch the
<a href="help/topics/VersionTrackingPlugin/VT_Wizard.html">Version Tracking Wizard</a> to
guide you through the process of create a new
<a href="help/topics/VersionTrackingPlugin/Version_Tracking_Intro.html#Session">version tracking session</a>.
</P>
<P align="left"><A name="Add_To_Session"></A>The <b>Add to Session</b>
<IMG src="images/Plus.png" border="0"> action will launch the
<a href="help/topics/VersionTrackingPlugin/VT_Wizard.html">Version Tracking Wizard</a> to
guide you through the process of create adding new
<a href="help/topics/VersionTrackingPlugin/VT_Correlators.html">Program Correlator</a> results to
an existing
<a href="help/topics/VersionTrackingPlugin/Version_Tracking_Intro.html#Session">version tracking session</a>.
</P>
<P align="left"><A name="Automatic_Version_Tracking"></A> The <b>Automatic Version Tracking</b>
<IMG src="images/wizard.png" border="0"> action uses various correlators in a predetermined order
to automatically create matches, accept the most likely matches, and apply markup all with one button press. The following
correlators are run in this order:
<ul>
<li><a href="help/topics/VersionTrackingPlugin/VT_Correlators.html#Symbol_Match">Exact Symbol Name Correlator</a></li>
<li><a href="help/topics/VersionTrackingPlugin/VT_Correlators.html#Data_Match">Exact Data Correlator</a></li>
<li><a href="help/topics/VersionTrackingPlugin/VT_Correlators.html#Exact_Function_Bytes_Match">Exact Function Bytes Correlator</a></li>
<li><a href="help/topics/VersionTrackingPlugin/VT_Correlators.html#Exact_Function_Instructions_Match">Exact Function Instructions Correlator</a></li>
<li><a href="help/topics/VersionTrackingPlugin/VT_Correlators.html#Exact_Function_Mnemonics_Match">Exact Function Mnemonics Correlator</a></li>
<li><a href="help/topics/VersionTrackingPlugin/VT_Correlators.html#Duplicate_Function_Instructions_Match">Duplicate Function Instructions Correlator</a></li>
<li><a href="help/topics/VersionTrackingPlugin/VT_Correlators.html#Comb_Func_Data_Ref">Combined Function and Data Reference Correlator</a></li>
</ul>
<blockquote>
<P> <IMG src="../../shared/note.yellow.png" border="0"> <b>NOTE: It is unlikely that all matches in the entire program will be made and there is no guarantee that no mistakes will be made. This
action was designed to try to save as much time as possible while also taking a conservative approach to the automation.</b>
</blockquote>
</P>
<P align="left"><A name="Open_Session"></A>The <b>Open Session...</b>
action will launch a session chooser dialog that allows you to pick a previously
created session. This action is available only from the <b>File</b> menu.
</P>
</BLOCKQUOTE>
<H2>Version Tracking Menu</H2>
<BLOCKQUOTE>
This section describes the various menu actions available from the Version Tracking
Tool.
<BLOCKQUOTE>
<P>
The <B>File</B> menu
<UL>
<LI><B>Add to Session</B> - Shows the
<a href="help/topics/VersionTrackingPlugin/VT_Wizard.html">
Version Tracking Wizard</a> so that you can perform
<a href="help/topics/VersionTrackingPlugin/VT_Correlators.html">
program correlation</a> and have the results <b>added to the currently open
version tracking session.</b>
</LI>
<LI><B>New Session</B> - Shows the
<a href="help/topics/VersionTrackingPlugin/VT_Wizard.html">
Version Tracking Wizard</a> so that you can create a new version tracking
session.
</LI>
<LI><b>Auto Version Track</b> - Runs various correlators in a predetermined order
and automatically creates matches, accepts the most likely matches, and applies markup
all with one button press. </LI>
<LI><B>Open Session</B> - Shows a chooser dialog that allows
you to open an <b>existing</b> version tracking session.
</LI>
<LI><B>Close Session - Closes the currently open version tracking session.</B>
</LI>
<LI><B>Save Session - Saves any changes to the current version tracking
session.</B>
</LI>
<LI><B>Save Tool</B> - Saves the state Version Tracking Tool (e.g.,
window locations, size and open state).
</LI>
<LI><B>Close Tool</B> - Closes the Version Tracking Tool and the current
version tracking session, if one is open.</LI>
<LI><B>Exit Ghidra</B> - Exits the Ghidra application.</LI>
</UL>
</P>
<P>
The <B>Edit</B> menu
<UL>
<LI><B>Tool Options...</B> - Shows the Options Dialog for the Version
Tracking Tool.
</LI>
<LI><B>Undo</B> - Performs an undo of the last edit (e.g., accepting a
match, applying markup, etc).
</LI>
<LI><B>Redo</B> - Performs a redo of the previous undo action.</LI>
<LI><A NAME="Reset_Tools"></A><B>Reset Source and Destination Tools</B> -
Will reset the sub-tools to be the default configurations. This
is useful if you have made changes (layout, size, etc.)
to the tools and would like to undo those changes.</LI>
</UL>
</P>
<P>
The <B>Window</B> menu - Contains menu actions to show the various view components
that are available in the Version Tracking tool. For help with a specific
view component, press <B>F1</B> on the view component itself or the menu action
for that component.
</P>
</BLOCKQUOTE>
</BLOCKQUOTE>
<H2>Version Tracking Menu</H2>
<BLOCKQUOTE>
This section describes the version tracking actions that are available from
the <A href="#Version_Tracking_Sub_Tools">sub tools</A>.
<H3><A NAME="Create_Manual_Match_From_Subtools"></A>Create Manual Match</H3>
<BLOCKQUOTE>
<p align="left">
The <b>Create Manual Match</b> action (<img src="images/Plus.png"/>) allows
the user to create a match for the
selected function in the source sub tool to the selected function in the destination sub tool.
The action will only appear in the popup menu if your cursor is in a function in both tools.
</P>
</BLOCKQUOTE>
<H3><A NAME=Create_And_Accept_Manual_Match_From_Subtools></A>Create And Accept Manual Match</H3>
<BLOCKQUOTE>
<p align="left">
The <b>Create And Accept Manual Match</b> action (<img src="images/flag.png"/>) allows
the user to create a match for the
selected function in the source sub tool to the selected function in the destination sub tool.
It then accepts the match if possible.
The action will only appear in the popup menu if your cursor is in a function in both tools.
</P>
</BLOCKQUOTE>
<H3><A NAME="Create_And_Apply_Manual_Match_From_Subtools"></A>Create And Apply Manual Match</H3>
<BLOCKQUOTE>
<p align="left">
The <b>Create And Apply Manual Match</b> action (<img src="images/checkmark_green.gif"/>) allows
the user to create a match for the
selected function in the source sub tool to the selected function in the destination sub tool.
It then applies the match if possible.
The action will only appear in the popup menu if your cursor is in a function in both tools.
</P>
</BLOCKQUOTE>
</BLOCKQUOTE><!-- Main content blockquote -->
</BLOCKQUOTE>
<P class="providedbyplugin">Provided by: <I>Version Tracking Plugin</I></P>
<P class="relatedtopic">Related Topics:</P>
<UL>
<LI><A href="help/topics/VersionTrackingPlugin/providers/VT_Matches_Table.html">Version Tracking Matches Table</A></LI>
<LI><A href="help/topics/VersionTrackingPlugin/providers/VT_Markup_Table.html">Version
Tracking Markup Table</A></LI>
<LI><A href="help/topics/VersionTrackingPlugin/Version_Tracking_Intro.html">Version
Tracking Introduction</A></LI>
<li><a href="help/topics/CodeBrowserPlugin/CodeBrowser.htm">Code Browser</a></li>
</UL><BR>
<BR>
</BODY>
</HTML>

418
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/VT_Wizard.html Normal file
View file

@ -0,0 +1,418 @@
<!DOCTYPE doctype PUBLIC "-//W3C//DTD HTML 4.0 Frameset//EN">
<HTML>
<HEAD>
<META name="generator" content=
"HTML Tidy for Java (vers. 2009-12-01), see jtidy.sourceforge.net">
<TITLE>Version Tracking Wizard</TITLE>
<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
<LINK rel="stylesheet" type="text/css" href="../../shared/Frontpage.css">
</HEAD>
<BODY lang="EN-US">
<H1><A name="Version_Tracking_Wizard"></A>Version Tracking Wizard</H1>
<BLOCKQUOTE>
<P>The version tracking wizard guides you through the process of creating a new version
tracking session or adding results to an existing session.</P>
<H2><A name="New_Session"></A>Creating a New Session</H2>
<BLOCKQUOTE>
<P>To create a new version tracking session you can:</P>
<UL>
<LI>Drag the two programs to be tracked onto a running tool or the Version Tracking tool
button (<A href="help/topics/Tool/Ghidra_Tool_Administration.htm#Run_Tool">more
info</A>)</LI>
<LI>Press the <B>Create Session</B> <IMG border="0" src="images/start-here_16.png">
action from within the
<A href="help/topics/VersionTrackingPlugin/VT_Tool.html#Create_Session">
Version Tracking Tool</A></LI>
</UL>
</BLOCKQUOTE>
<BLOCKQUOTE>
<H3><A name="New_Session_Panel"></A>New Version Tracking Session Panel</H3>
<TABLE x-use-null-cells="" width="100%">
<TBODY>
<TR>
<TD align="center" width="100%"><IMG border="0" src="images/SessionPanel.png"></TD>
</TR>
</TBODY>
</TABLE>
<P>The new version tracking session panel appears when creating a new session only. On
this page you specify the domain folder in your project in which to store the session
information, the name of the session domain object, and the source and destination
programs. The source program is the existing program that's been analyzed and contains
markup to transfer. The destination program is the new program that will receive the
markup items.</P>
<P>When dragging two programs from the front-end onto the version tracking tool, the
source and destination might not be properly identified. If they are backwards (source is
destination, destination is source) simply press the "swap" button (<IMG border="0" src=
"images/doubleArrowUpDown.png">) to correct the ordering.</P>
</BLOCKQUOTE>
<BLOCKQUOTE>
<H3><A name="Preconditions_Panel"></A>Preconditions Panel</H3>
<TABLE x-use-null-cells="" width="100%">
<TBODY>
<TR>
<TD align="center" width="100%"><IMG border="0" src=
"images/PreconditionsPanel.png"></TD>
</TR>
</TBODY>
</TABLE>
<P>The preconditions panel has a list of mini-analysis routines called "validators".
These validators analyze parts of your source and destination programs, looking for
potential problems which will adversely affect version tracking success. For instance, a
large difference in the number of defined functions between the source and the
destination programs could be an indication that they are not ready to be correlated.</P>
<P>Press the button "Run Precondition checks", and then review the results in the panel
by clicking on the individual tests in the list.</P>
<P>
<a href="help/topics/VersionTrackingPlugin/VT_Preconditions.html">Click here</a> for a list of known preconditions.
</P>
</BLOCKQUOTE>
<BLOCKQUOTE>
<H3><A name="New_Session_Summary_Panel"></A>Summary Panel</H3>
<TABLE x-use-null-cells="" width="100%">
<TBODY>
<TR>
<TD align="center" width="100%"><IMG border="0" src="images/SummaryPanel.png"></TD>
</TR>
</TBODY>
</TABLE>
<P>The summary panel shows a summary of the selections provided to the Version Tracking
wizard before it creates the new version tracking session.
Selecting the "Finish" button creates the new version tracking session.</P>
</BLOCKQUOTE>
<H2><A name="Wizard_Add_To_Session"></A>Add to an Existing Session</H2>
<BLOCKQUOTE>
<P>To add to an existing session you can:</P>
<UL>
<LI>Press the <B>Add to Session</B> <IMG border="0" src="images/Plus.png">
action from within the
<A href="help/topics/VersionTrackingPlugin/VT_Tool.html#Add_To_Session">
Version Tracking Tool</A></LI>
</UL>
<P>The wizard panels that appear can vary depending on which options are selected on
prior panels. For example, the correlator options will depend upon which correlation
algorithm was chosen. Also the Select Address Ranges panel is only displayed if you
choose to Limit Addresses on the Address Set Options panel. The following wizard panels
are for adding correlation results to an existing session.</P>
</BLOCKQUOTE>
<BLOCKQUOTE>
<H3><A name="Correlator_Panel"></A>Correlation Algorithm Panel</H3>
<TABLE x-use-null-cells="" width="100%">
<TBODY>
<TR>
<TD align="center" width="100%"><IMG border="0" src=
"images/CorrelatorPanel.png"></TD>
</TR>
</TBODY>
</TABLE>
<P>The correlation algorithm panel lets you choose which program correlator to use. The
list is dynamically populated based upon which features you have installed, so the actual
list may look different than that above. See the
<a href="help/topics/VersionTrackingPlugin/VT_Correlators.html">Correlators</a> help
page for more information about individual correlators or the <a href="help/topics/VersionTrackingPlugin/VT_Workflow.html">Workflow</a> help
page for information about which correlators to run first.
</P>
</BLOCKQUOTE>
<BLOCKQUOTE>
<H3><A name="Options_Panel"></A>Options Panel</H3>
<TABLE x-use-null-cells="" width="100%">
<TBODY>
<TR>
<TD align="center" width="100%"><IMG border="0" src="images/OptionsPanel.png"></TD>
</TR>
</TBODY>
</TABLE>
<P>The options panel displays correlation algorithm specific options to select. Please
see notes on the individual correlator algorithms for more information about their
options.</P>
</BLOCKQUOTE>
<BLOCKQUOTE>
<H3><A name="Address_Set_Panel"></A>Address Set Options Panel</H3>
<TABLE x-use-null-cells="" width="100%">
<TBODY>
<TR>
<TD align="center" width="100%"><IMG border="0" src="images/VT_Wizard_AddressSetOptions.png"></TD>
</TR>
</TBODY>
</TABLE>
<P>The address set options panel lets the user add or remove specific address ranges from
consideration by the chosen program correlator.</P>
<ul>
<li>
<P>This <b>Exclude accepted matches</b> option will cause the correlator algorithm to not
consider any functions or data that have already been accepted. Using this option
can greatly speed up the processing time of the correlator algorithm; however, this
options should only be used when you trust that your accepted matches are correct. As an example,
if you accepted matches from the <b>Exact Function Bytes</b> correlator algorithm, you can be very
confident that your matches are correct because they are unique matches with
all bytes in each function are identical to each other. These matches would be ok to exclude in the next correlator
run.
</P>
<BLOCKQUOTE>
<P><IMG src="../../shared/note.png" border="0">
<B>NOTE: </B> This option will be disabled when the correlator does not support
limiting search scope.
</P>
</BLOCKQUOTE></li>
<li><P>The <b>Limit source and destination address sets</b> option allows the users to
choose ranges of their program to limit the current correlator algorithm to when matching
functions and data.
If you need to restrict the address ranges of your programs, you should select the
checkbox here. For instance, this might be useful if you have two copies of your
functions in memory and only want to consider one copy.
</P>
<P>If you select this option you will be presented with another panel for limiting the
source program's address ranges and the destination program's address ranges.
</P>
</li>
</ul>
</P>
</BLOCKQUOTE>
<BLOCKQUOTE>
<H3><A name="Select_Address_Ranges_Panel"></A>Select Address Range(s) Panel</H3>
<TABLE x-use-null-cells="" width="100%">
<TBODY>
<TR>
<TD align="center" width="100%"><IMG border="0" src="images/VT_Wizard_SelectAddressRanges.png"></TD>
</TR>
</TBODY>
</TABLE>
<P>The select address ranges panel lets the user limit the source and destination
address sets that will be used by the chosen program correlator when determining
version tracking matches. The left side lets you specify what addresses to use from
the Source program and the right side allows you to specify
the address ranges to use from the Destination program.</P>
<H4><A name="Select_Source_Address_Ranges"></A>Source</H4>
<BLOCKQUOTE>
<P>The left side of this panel allows you to specify the
address ranges to use from the Source program when adding version tracking matches
to a session. Select the appropriate radio button to indicate
the addresses that you want the correlator to use.
</P>
</BLOCKQUOTE>
<ul>
<li>
<P>The <b>Use Entire Source Program</b> option will use all memory addresses currently
defined in the source program when determining match results.
</P>
<BLOCKQUOTE>
<P><IMG src="../../shared/note.png" border="0">
<B>NOTE: </B> This is the default option which you normally get if you don't
check the <b>Limit source and destination address sets</b> box on the previous panel
for Address Set Options.
</P>
</BLOCKQUOTE>
</li>
<li>
<P>The <b>Use Source Tool Selection</b> option will use all memory addresses that were
selected in the Source Tool's listing when you invoked the Add To Session version
tracking wizard. If necessary, you can Cancel the current wizard,
select addresses in the version tracking Source Tool, and restart the wizard if you
want to limit the addresses using a selection.
</P>
<BLOCKQUOTE>
<P><IMG src="../../shared/note.png" border="0">
<B>NOTE: </B> This option will be disabled if there wasn't a selection in
the version tracking Source Tool when the Add To Session version tracking wizard
was started.
</P>
</BLOCKQUOTE>
</li>
<li>
<P>The <b>Specify My Own Address Ranges</b> option allows you to manually specify
address ranges of the Source program to include when determining matches with the
current correlator algorithm. All other addresses will be ignored.
</P>
<P>If you choose this option, you can specify the ranges of addresses, which then
appear in the <b>Address Ranges</b> list. The list and its associated buttons are
disabled whenever the option is not the currently selected radio button.
When you have a Source Tool selection, the list will initially contain the same
address ranges as the selection. Otherwise, it will contain the address ranges for
the current memory in the source program.
</P>
<ul>
<li>
<P>Press the <B>Add Range</B> <IMG border="0" src="images/Plus.png">
button to add another address range to those already in the list.
</P>
</li>
<li>
<P>Press the <B>Remove Range</B> <IMG border="0" src="images/list-remove.png">
button to remove all addresses from the list that fall within a specific range.
</P>
</li>
<li>
<P>Pressing the <b>Remove Selected Range(s)</b> button will remove any
address ranges from the Address Ranges list that are currently selected.
</P>
<BLOCKQUOTE>
<P><IMG src="../../shared/note.png" border="0">
<B>NOTE: </B> This button will be disabled if the <b>Specify My Own Address Ranges</b> option
isn't selected or if there isn't an address range selected in the list.
</P>
</BLOCKQUOTE>
</li>
</ul>
</li>
</ul>
<H4><A name="Select_Destination_Address_Ranges"></A>Destination</H4>
<BLOCKQUOTE>
<P>The right side of this panel allows you to specify the
address ranges to use from the Destination program when adding version tracking matches
to a session. Select the appropriate radio button to indicate
the addresses that you want the correlator to use from the destination program.
</P>
<P>The options within the Destination function in the same manner as they did for the Source,
but instead apply to addresses within the destination program.</P>
</BLOCKQUOTE>
<ul>
<li>
<P>The <b>Use Entire Destination Program</b> option will use all memory addresses currently
defined in the destination program when determining match results.
</P>
<BLOCKQUOTE>
<P><IMG src="../../shared/note.png" border="0">
<B>NOTE: </B> This is the default option which you normally get if you don't
check the <b>Limit source and destination address sets</b> box on the previous panel
for Address Set Options.
</P>
</BLOCKQUOTE>
</li>
<li>
<P>The <b>Use Destination Tool Selection</b> option will use all memory addresses that were
selected in the Destination Tool's listing when you invoked the Add To Session version
tracking wizard. If necessary, you can Cancel the current wizard,
select addresses in the version tracking Destination Tool, and restart the wizard if you
want to limit the addresses using a selection.
</P>
<BLOCKQUOTE>
<P><IMG src="../../shared/note.png" border="0">
<B>NOTE: </B> This option will be disabled if there wasn't a selection in
the version tracking Destination Tool when the Add To Session version tracking wizard
was started.
</P>
</BLOCKQUOTE>
</li>
<li>
<P>The <b>Specify My Own Address Ranges</b> option allows you to manually specify
address ranges of the Destination program to include when determining matches with the
current correlator algorithm. All other addresses will be ignored.
</P>
<P>If you choose this option, you can specify the ranges of addresses, which then
appear in the <b>Address Ranges</b> list. The list and its associated buttons are
disabled whenever the option is not the currently selected radio button.
When you have a Destination Tool selection, the list will initially contain the same
address ranges as the selection. Otherwise, it will contain the address ranges for
the current memory in the destination program.
</P>
<ul>
<li>
<P>Press the <B>Add Range</B> <IMG border="0" src="images/Plus.png">
button to add another address range to those already in the list.
</P>
</li>
<li>
<P>Press the <B>Remove Range</B> <IMG border="0" src="images/list-remove.png">
button to remove all addresses from the list that fall within a specific range.
</P>
</li>
<li>
<P>Pressing the <b>Remove Selected Range(s)</b> button will remove any
address ranges from the Address Ranges list that are currently selected.
</P>
<BLOCKQUOTE>
<P><IMG src="../../shared/note.png" border="0">
<B>NOTE: </B> This button will be disabled if the <b>Specify My Own Address Ranges</b> option
isn't selected or if there isn't an address range selected in the list.
</P>
</BLOCKQUOTE>
</li>
</ul>
</li>
</ul>
</BLOCKQUOTE>
<BLOCKQUOTE>
<H3><A name="Add_To_Session_Summary_Panel"></A>Summary Panel</H3>
<TABLE x-use-null-cells="" width="100%">
<TBODY>
<TR>
<TD align="center" width="100%">
<IMG border="0" src="images/VT_Wizard_AddToSession_Summary.png"></TD>
</TR>
</TBODY>
</TABLE>
<P>The summary panel shows a summary of the selections provided to the Version Tracking
wizard before it runs the correlation.
Selecting the <b>Finish</b> button will run the correlation and add its results to the current
version tracking session.</P>
</BLOCKQUOTE>
</BLOCKQUOTE><!-- Main content blockquote -->
<P class="providedbyplugin">Provided by: <I>Version Tracking Plugin</I></P>
<P class="relatedtopic">Related Topics:</P>
<UL>
<LI><A href="help/topics/VersionTrackingPlugin/Version_Tracking_Intro.html">Version Tracking
Introduction</A></LI>
<LI><A href="help/topics/VersionTrackingPlugin/VT_Tool.html">Version Tracking Tool</A></LI>
</UL><BR>
<BR>
</BODY>
</HTML>

527
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/VT_Workflow.html Normal file
View file

@ -0,0 +1,527 @@
<!DOCTYPE doctype PUBLIC "-//W3C//DTD HTML 4.0 Frameset//EN">
<HTML>
<HEAD>
<META name="generator" content=
"HTML Tidy for Java (vers. 2009-12-01), see jtidy.sourceforge.net">
<TITLE>Version Tracking Workflow</TITLE>
<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
<LINK rel="stylesheet" type="text/css" href="../../shared/Frontpage.css">
</HEAD>
<BODY lang="EN-US">
<H1><A name="Version_Tracking_Workflow"></A>Version Tracking Workflow</H1>
<BLOCKQUOTE>
<P>The goal of this document is to help users understand not only the basic process of
Version Tracking, but also how and when to use the myriad of methods for tweaking that process to
produce results tailored to individual user needs. The list below outlines the sections
available in this document:</P>
<OL>
<LI><A href="#Preconditions">Preconditions</A></LI>
<LI><A href="#Correlators">Correlators</A></LI>
<LI><A href="#Workflow">Example Work Flow</A></LI>
<LI><A href="#FAQ">Workflow FAQ</A></LI>
<LI><A href="#Common_Problems">Common Problems</A></LI>
</OL>
<H2><A name="Preconditions"></A>Preconditions</H2>
<BLOCKQUOTE>
<P>One of the first items you run across in the Version Tracking Wizard is the <A href=
"help/topics/VersionTrackingPlugin/VT_Wizard.html#Preconditions_Panel">Precondition
Panel</A>. This panel is described in more detail as part of the <A href=
"help/topics/VersionTrackingPlugin/VT_Wizard.html">Version Tracking Wizard Help</A>.
However, it is also mentioned here as an important initial step in the Version
Tracking process. In the past, users trying to match functions and pull relevant <A href=
"help/topics/VersionTrackingPlugin/Version_Tracking_Intro.html#Intro_Markup_Items">markup</A>
such as labels and comments into a new version of a binary, would encounter problems if one
or both of the binaries were not sufficiently analyzed or had major analysis problems.
Users were given no indication that these issues were a direct result of having a poorly
analyzed binary. The <B>Precondition Panel</B> is an indication of how well your binaries
have been analyzed and how well their analyses "match" each other. If this panel indicates
problems, it is important to fix them before moving on or there will probably be problems
with the Version Tracking process. Problems that might be encountered are missing matches
and incorrect matches. In general, Version Tracking will work best if the same methods of
cleaning up a binary are used and if similar numbers of functions are created.</P>
</BLOCKQUOTE>
<H2><A name="Correlators"></A>Correlators</H2>
<BLOCKQUOTE>
<P>Once a binary has passed the precondition checks, a user must decide which correlator
(Ghidra terminology for a matching algorithm) to use, what part of the binary to run each
correlator on, and what to do with the matches once they are generated. Depending on the
ultimate goal of the Version Tracking user, the work flow might be different. Some users
might want to identify all matching functions and pull over all related markup items as
quickly as possible. Others might want to quickly identify what has changed in the new
binary. Others might want to only run Version Tracking on a select number of items they
care about. The goal of this section is to help users learn how to determine which
correlators best suit their individual needs.</P>
<H3>What Correlator Should I Use First?</H3>
<BLOCKQUOTE>
<P>One new feature of version tracking is the ability to sequentially run more than one
correlator to find matching code and data and view their results simultaneously in the
same Version Tracking Session. This ability to choose brings up the question of which to
choose first. There are benefits to choosing certain correlators before others. In
general, users should first run correlators that will find obvious matches and allow for
automated matching and markup of a good portion of the destination program.</P>
</BLOCKQUOTE>
<H4>Exact Correlators</H4>
<BLOCKQUOTE>
<P>Some of these "obvious" correlators are ones that find matches that are unique and the
same in both binaries:</P>
<UL>
<LI><A href=
"help/topics/VersionTrackingPlugin/VT_Correlators.html#Exact_Data_Match">Exact Data
Match Correlator</A></LI>
<LI><A href=
"help/topics/VersionTrackingPlugin/VT_Correlators.html#Exact_Function_Bytes_Match">Exact
Function Bytes Correlator</A></LI>
<LI><A href=
"help/topics/VersionTrackingPlugin/VT_Correlators.html#Exact_Function_Instructions_Match">Exact
Function Instructions Correlator</A></LI>
</UL>
</BLOCKQUOTE>
<BLOCKQUOTE>
<P>These correlators all report back unique and exact matches so it is almost assured that
the matches are correct. Also, since they are identical in some way (bytes and/or
instructions), the markup items, such as labels and comments, are going to line up
correctly, allowing an automated pull of all markup at once. To automatically accept all
of these items as matches and apply all related markup, the user can do a <B>CTRL-A</B>
in the match table after making sure only the exact matches are in the table. Then, click
on the <B>Apply Markup</B> <IMG src="images/checkmark_green.gif" border="0"> icon to
accept all the matches and apply all related markup. If the two binaries are very
similar, this can do the majority of the matching very quickly. <B>It is recommended to
run these three exact correlators in this order before running any other
correlators.</B></P>
</BLOCKQUOTE>
<H4>Symbol Match Correlator</H4>
<BLOCKQUOTE>
<P>Another one of the "obvious" correlators is the <A href=
"help/topics/VersionTrackingPlugin/VT_Correlators.html#Symbol_Match">Symbol Match
Correlator</A>. If you have unique matching symbols there is a high likelihood that the
corresponding functions or data will be a match. However, it is not immediately apparent,
without visiting them individually, whether these matches are exactly the same in both
versions of the binary. The markup items such as labels, comments, data types, and
parameters might not match up exactly so the user should use the <B>Accept</B> <IMG src=
"images/flag.png" border="0"> icon to accept the matches, then if necessary, individually <A
href="help/topics/VersionTrackingPlugin/providers/VT_Markup_Table.html">visually inspect
and apply the markup items</A>. In some cases, the user might not care about the markup.
For example, if there are no user-generated markup items associated with the match, there
is no reason to do anything other than "Accept" the match. Users might wonder why it is
important to even accept a match for these items. One reason to accept matches, even if
no markup needs to take place, is to help other correlators get better results. Some
correlators use known accepted match information to make their decisions more accurate.
Another reason is to save time. If there is an easy, quick way to identify matches, other
correlators can ignore them and not waste time or memory trying to identify them.</P>
<BLOCKQUOTE>
<P><IMG src="../../shared/note.png" border="0">
<B>NOTE:</B> It is also a good idea to check for wildly differing lengths between
matches in case there is the case where a wrapper function in one program has the same
name as the actual function in the other program. You can either take care of length
issues before running the correlator by making the length large enough to not include
wrapper functions, or use the resulting match table to inspect for different lengths. An
easy way to do this is to add the <B>Length Delta</B> column in the match table and sort
it. A delta of zero means there is no difference in the lengths. A high delta means there
is a big difference in lengths.</P>
</BLOCKQUOTE>
</BLOCKQUOTE>
<H4>Duplicate Exact Correlators</H4>
<BLOCKQUOTE>
<P>Sometimes binaries will have more than one identical match. This often happens if
there are multiple copies of strings or data in a binary. It also happens in functions
that have the exact same instructions but different parameters. There are three
correlators that find duplicate matches. These are:</P>
<UL>
<LI><A href=
"help/topics/VersionTrackingPlugin/VT_Correlators.html#Duplicate_Data_Match">Duplicate
Data Match Correlator</A></LI>
<LI><A href=
"help/topics/VersionTrackingPlugin/VT_Correlators.html#Duplicate_Function_Instructions_Match">Duplicate
Function Instructions Correlator</A></LI>
<LI><A href=
"help/topics/VersionTrackingPlugin/VT_Correlators.html#Duplicate_Exact_Symbol_Name_Match">Duplicate
Exact Symbol Name Correlator</A></LI>
</UL>
</BLOCKQUOTE>
<BLOCKQUOTE>
<P>The user won't know right away which ones match. The <A href=
"help/topics/VersionTrackingPlugin/providers/VT_Related_Associations_Table.html">Related
Matches Tables</A> in the Source and Destination CodeBrowsers are useful for determining
which matches are correct. Once the user determines the correct matches, the markup
should line up correctly and be pulled over all at once with the <B>Apply Markup</B> <IMG
src="images/checkmark_green.gif" border="0"> icon.</P>
</BLOCKQUOTE>
<H4><A name="Other Correlators"></A>Other Correlators</H4>
<BLOCKQUOTE>
<P>Once you finish determining the obvious matches you can run other correlators to find
the rest of the matches. The availability of these other correlators depend on which
version of Ghidra is available. Please
refer to the individual help for these correlators for instructions on how to use them
and how to incorporate them into a work flow process. In general these other correlators
do not use "exact" methods of matching so it is important to be careful when accepting
matches or applying markup.</P>
</BLOCKQUOTE>
</BLOCKQUOTE>
<H2><A name="Workflow"></A>Example Work Flow - Match All Possible Functions Between Two
Binaries</H2>
<OL>
<LI>Open an empty version tracking tool (<A href=
"help/topics/Tool/Ghidra_Tool_Administration.htm#Run_Tool">more info</A>)</LI>
<LI>Enable the <A href=
"help/topics/VersionTrackingPlugin/providers/VT_Apply_Options.html#Match_Accept_Options">Version
Tracking Accept Match Option</A> to <B>Auto Create Implied Matches</B></LI>
<LI>Temporarily set the <A href=
"help/topics/VersionTrackingPlugin/providers/VT_Matches_Table.html#Match_Filters">Match
Table Filter</A> to remove <B>Implied Matches</B>, <B>Accepted Matches</B>, and
<B>Blocked</B> matches from the Match Table so they are not accidentally selected in the
next few steps</LI>
<LI><B>(Optional)</B> Bring up the <A href=
"help/topics/VersionTrackingPlugin/providers/VT_Functions_Table.html">Version Tracking
Functions Table</A> and either tab it with the <A href=
"help/topics/VersionTrackingPlugin/providers/VT_Matches_Table.html">Match Table</A> or dock
it in its own location. Configure it to <A href=
"help/topics/VersionTrackingPlugin/providers/VT_Functions_Table.html#Show_Unmatched_Functions"><B>Show
Only Unaccepted Functions</B></A>. This will allow the user to continually see the list of
functions they need to still match.</LI>
<LI>
<A href="help/topics/VersionTrackingPlugin/VT_Wizard.html#New_Session">Create a new
session</A> by specifying your source and destination programs and then running the
precondition checks. This will give you a session that initially has no version tracking
matches. You will then Add to the Existing Session to begin getting matches.
</A>
</LI>
<LI>
<A href="help/topics/VersionTrackingPlugin/VT_Wizard.html#Wizard_Add_To_Session">Add
to the existing session</A>, choosing the <A href=
"help/topics/VersionTrackingPlugin/VT_Correlators.html#Exact_Function_Bytes_Match">Exact
Function Bytes Correlator</A>.<BR>
After the correlator is finished, in the matched table:
<UL>
<LI>Press <B>CTRL-A</B> to select all matches currently listed in the table</LI>
<LI><B>Click the Apply Markup</B> <IMG src="images/checkmark_green.gif" border="0">
icon to accept all matches and apply all their markup items.</LI>
</UL>
<P>
<IMG src="../../shared/note.png" border="0">
<B>NOTE:</B> For any of the following runs, there is an option to <B>Exclude Accepted
Matches</B> so that the correlator being run will not report matches that are already made.
It is up to personal preference whether to use this option. In large binaries it will speed
up processing time. However, it is sometimes useful to have duplicate information for
verification of results.
</P>
</LI>
<LI>
<A href="help/topics/VersionTrackingPlugin/VT_Wizard.html#Wizard_Add_To_Session">Add
to the existing session</A>, choosing the <A href=
"help/topics/VersionTrackingPlugin/VT_Correlators.html#Exact_Function_Instructions_Match">Exact
Function Instructions Correlator</A>.<BR>
After the correlator is finished, in the matched table:
<UL>
<LI>Press <B>CTRL-A</B> to select all matches currently listed in the table</LI>
<LI><B>Click the Apply Markup</B> <IMG src="images/checkmark_green.gif" border="0">
icon to accept all matches and apply all their markup items.</LI>
</UL>
</LI>
<LI>
<A href="help/topics/VersionTrackingPlugin/VT_Wizard.html#Wizard_Add_To_Session">Add
to the existing session</A>, choosing the <A href=
"help/topics/VersionTrackingPlugin/VT_Correlators.html#Exact_Data_Match">Exact Data Match
Correlator</A> .<BR>
After the correlator is finished, in the matched table:
<UL>
<LI>Press <B>CTRL-A</B> to select all matches currently listed in the table</LI>
<LI><B>Click the Apply Markup</B> <IMG src="images/checkmark_green.gif" border="0">
icon to accept all matches and apply all their markup items.</LI>
</UL>
</LI>
<LI>
<A href="help/topics/VersionTrackingPlugin/VT_Wizard.html#Wizard_Add_To_Session">Add
to the existing session</A>, choosing the <A href=
"help/topics/VersionTrackingPlugin/VT_Correlators.html#Symbol_Match">Symbol Match
Correlator</A> .<BR>
After the correlator is finished, in the matched table:
<UL>
<LI>First use the <A href=
"help/topics/VersionTrackingPlugin/providers/VT_Matches_Table.html#Match_Filters">Match
Table Filter</A> to only show Imported and Analysis symbol types (this is assuming
these types do not have user generated parameters or comments)</LI>
<LI>Press <B>CTRL-A</B> to select all matches currently listed in the table</LI>
<LI>Choose <B>Accept</B> to accept the matches but not pull over any markup - there
probably isn't any user markup and actually it is better to take the newest analysis
markup</LI>
<LI>Edit the filter to show all symbol types again</LI>
<LI>If desired, inspect to see if there are other symbol matches to individually or
automatically match depending on score/confidence/etc...</LI>
</UL>
</LI>
<LI>
<A href="help/topics/VersionTrackingPlugin/VT_Wizard.html#Wizard_Add_To_Session">Add
to the existing session</A>, choosing the <A href=
"help/topics/VersionTrackingPlugin/VT_Correlators.html#Duplicate_Function_Instructions_Match">Duplicate
Function Instruction Match Correlator</A>
<UL>
<LI>Use the <A href=
"help/topics/VersionTrackingPlugin/providers/VT_Related_Associations_Table.html">Related
Matches Tables</A> to figure out which ones match</LI>
<LI><B>Use the Apply Markup</B> <IMG src="images/checkmark_green.gif" border="0"> icon
to accept and apply markup for each match individually.</LI>
</UL>
</LI>
<LI>
<A href="help/topics/VersionTrackingPlugin/VT_Wizard.html#Wizard_Add_To_Session">Add
to the existing session</A>, choosing the <A href=
"help/topics/VersionTrackingPlugin/VT_Correlators.html#Duplicate_Data_Match">Duplicate
Data Match Correlator</A>
<UL>
<LI>Use the <A href=
"help/topics/VersionTrackingPlugin/providers/VT_Related_Associations_Table.html">Related
Matches Tables</A> to figure out which ones match</LI>
<LI><B>Use the Apply Markup</B> <IMG src="images/checkmark_green.gif" border="0"> icon
to accept and apply markup for each match individually.</LI>
</UL>
</LI>
<LI>
Run any other correlators available but don't do anything with their matches yet.
<UL>
<LI>Reset the <A href=
"help/topics/VersionTrackingPlugin/providers/VT_Matches_Table.html#Match_Filters">Match
Table Filter</A> to show <B>Implied Matches</B> and <B>Blocked</B> matches in the Match
Table.</LI>
<LI>
Sort the Match Table in various ways to help determine any likely matches. Here is a
list of useful ways to sort the table
<UL>
<LI>Primary sort by <B>Score</B> and secondary sort by <B>Confidence</B> - if both
are high it is a good indication of a good match</LI>
<LI>By <B>Votes</B> - high number of votes means the match has many of the same
Implied Match suggestions</LI>
<LI>By <B>Length Delta</B> - 0 implies matching length Source and Destination
match</LI>
<LI>By <B>Source Address</B> to see if more than one algorithm reports the same
match</LI>
</UL>
</LI>
<LI>To help determine valid matches, use the <A href=
"help/topics/VersionTrackingPlugin/providers/VT_Related_Associations_Table.html">Related
Matches Tables</A> to see all correlated matches for a particular match item.</LI>
<LI>Use the <B>Accept</B> <IMG src="images/flag.png" border="0"> icon to individually
accept matches once they are determined.</LI>
</UL>
</LI>
<LI>Use the <A href=
"help/topics/VersionTrackingPlugin/providers/VT_Functions_Table.html">Version Tracking
Functions Table</A> to see what is left and manually match them using this table.</LI>
<LI>Use the <A href=
"help/topics/VersionTrackingPlugin/providers/VT_Markup_Table.html">Markup_Table</A> to
inspect and manually accept or apply any leftover interesting markup items in the matched
functions. Use the <B>Status</B> column in the Match Table to determine which markup items
are not finished. Users should set the filters on the Match Table so that all matches are
visible again to make sure none are missed.</LI>
</OL>
<BLOCKQUOTE>
<P><IMG src="../../shared/note.png" border="0"> <B>NOTE:</B> This is only one sample workflow
for matching all possible functions. In general, the exact, one-to-one correlators should be
run first and the rest can be used in any order. Users will come up with their own
preferences for workflow as they get used to the tool.</P>
</BLOCKQUOTE>
</BLOCKQUOTE>
<H2><A name="FAQ"></A>Workflow FAQ</H2>
<BLOCKQUOTE>
<H3>What are Implied Matches?</H3>
<BLOCKQUOTE>
<P>An Implied Match is a match that is found when a function match is Applied or Accepted
and operand references in the matched functions apparently point to a matching function or
matching data. For example, in the matched function pictured below, it is apparent that
FUN_004011a0 in the Destination program is probably a match to the function addPerson. Also
notice that the string s_Lady_Tottington matches the string s_Lady_Tottington. Notice
that the <A href=
"help/topics/VersionTrackingPlugin/providers/VT_Implied_Matches_Table.html">Implied Match
Table</A> below the matching functions, lists this function and string and several other
references to strings as Possible Implied Matches. Users can use this table to make matches
from Implied Matches. This will cause a match to be placed in the Match table with the type
Implied Match. However, the user still has to accept or apply the match. There is also an
<A href=
"help/topics/VersionTrackingPlugin/providers/VT_Apply_Options.html#Match_Accept_Options">Version
Tracking Accept Match Option</A> to automatically generate Implied Matches whenever a
function match is Applied or Accepted. The user still has to Accept or Apply the matches.
The determination to use the automatic generation of Implied Matches or the Implied Match
Table depends on how likely the match is to be correct and how closely aligned the match
listings are. For matches found with the exact one-to-one correlators, it is relatively
safe to turn on the auto option. For other correlators, it is safer to use the table.</P>
<P><IMG src="images/ImpliedMatchExample.png" border="0"></P>
<BR>
</BLOCKQUOTE>
<H3>What do the Scores and Confidence Columns Mean?</H3>
<BLOCKQUOTE>
<P>The <B>Score</B> is an indication of how similar two potential matches are. For example,
if two functions are matched with the Exact Function Bytes Correlator, the score will be
1.0. The <B>Confidence</B> is an indication of how likely the two potential matches are
actually a match. For example, if two functions are matched with the Exact Function Bytes
Correlator, the Confidence will be 1.0 because this correlator only reports one-to-one
matches. However, if two functions are matched with the Duplicate Exact Function
Instruction Correlator, the Confidence value will be lower because this correlator reports
two or more matches. Users should look at both of these indicators to help decide whether
to Accept, Apply, Reject, or Ignore a match.</P>
<P><B>It is important to note that score and confidence values cannot be reliably compared
between different correlators.</B> A confidence value of 0.8 for one correlator might be
theoretically higher than a confidence value of 0.9 for another, because each correlator
computes similarity and confidence differently.</P>
</BLOCKQUOTE><BR>
<H3>How Do I Know Which Functions Have Not Been Matched Yet?</H3>
<BLOCKQUOTE>
<P>Bring up the <A href=
"help/topics/VersionTrackingPlugin/providers/VT_Functions_Table.html">Window-&gt;Version
Tracking Functions Table</A>. By default, two separate lists of functions from both
programs are shown. To see which functions in both programs have no matches generated by
any correlator so far, click on the black triangle and choose <B>Show Only Unmatched
Functions</B>. To see which functions in both programs have no matches accepted by the user
(includes functions with and without a correlator generated match) choose <B>Show Only
Unaccepted Functions</B></P>
</BLOCKQUOTE><BR>
<H3>Why Do I See The Same Match More Than Once in the Match Table?</H3>
<BLOCKQUOTE>
<P>If a match is found by more than one correlator, it will show up in the table for each
correlator. This allows the user to gain more confidence in a match. It can clutter up the
table, though, so users can filter the table based on algorithm and many other ways. See
the <A href="help/topics/VersionTrackingPlugin/providers/VT_Matches_Table.html">Matches
Table</A> help for more information on how to filter out information from the table.</P>
</BLOCKQUOTE><BR>
<H3>What Part of the Binary Should I Run The Correlators On?</H3>
<BLOCKQUOTE>
<P>This is dependent on what the user is trying to do and which correlator is being run.
Most correlators may be run on a subset of the binary. Others correlators must run on the
entire binary. Those that allow subsets will give the user a choice when that correlator is
chosen. If a user has specific items they are interested in finding matches for, they can
run most correlators on those items only without seeing results for the entire binary.
Other users want to match all possible items. Also, once items have been accepted by a
user, users have the choice to ignore them on subsequent correlator runs. There are pros
and cons to doing this. Pros include saving memory, compute time, and less clutter in the
match table, although it can be filtered to remove the clutter. Cons include losing
information about multiple correlator agreements or disagreements.</P>
</BLOCKQUOTE><BR>
</BLOCKQUOTE>
<H2><A name="Common_Problems"></A>Common Problems</H2>
<BLOCKQUOTE>
<P>This section lists common problems or things that should be avoided when version tracking
programs.</P>
<H3>Making Program Changes</H3>
<BLOCKQUOTE>
<P>While version tracking two programs you should not make changes to either of the
programs (aside from applying markup through the version tracking tool). Changing programs,
especially the destination program, can cause the state of version tracking data (e.g.,
matches and their markup) to be incorrect. If you need to make changes to either of the
programs, then we recommend restarting the version tracking process from the beginning
after your changes have been made.</P>
</BLOCKQUOTE>
</BLOCKQUOTE>
<P class="providedbyplugin">Provided by: <I>Version Tracking Plugin</I></P>
<P class="relatedtopic">Related Topics:</P>
<UL>
<LI><A href="help/topics/VersionTrackingPlugin/Version_Tracking_Intro.html">Version Tracking
Introduction</A></LI>
<LI><A href="help/topics/VersionTrackingPlugin/VT_Tool.html">Version Tracking Tool</A></LI>
<LI><A href="help/topics/VersionTrackingPlugin/VT_Wizard.html">Version Tracking
Wizard</A></LI>
<LI><A href="help/topics/VersionTrackingPlugin/providers/VT_Matches_Table.html">Version
Tracking Matches Table</A></LI>
<LI><A href="help/topics/VersionTrackingPlugin/providers/VT_Markup_Table.html">Version
Tracking Markup Items Table</A></LI>
</UL><BR>
<BR>
</BODY>
</HTML>

204
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/Version_Tracking_Intro.html Normal file
View file

@ -0,0 +1,204 @@
<!DOCTYPE doctype PUBLIC "-//W3C//DTD HTML 4.0 Frameset//EN">
<HTML>
<HEAD>
<META name="generator" content=
"HTML Tidy for Java (vers. 2009-12-01), see jtidy.sourceforge.net">
<TITLE>Version Tracking Introduction</TITLE>
<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
<LINK rel="stylesheet" type="text/css" href="../../shared/Frontpage.css">
</HEAD>
<BODY lang="EN-US">
<H1><A name="Version_Tracking_Plugin"></A></A>Version Tracking Introduction</H1>
<BLOCKQUOTE>
<P>
Version Tracking refers to the process used by reverse engineers to identify matching code or data
between different software binaries. One common use case is to version track two
different versions of the same binary. Alternatively, version tracking techniques
can be used to check for the presence of of a particular piece of code within a given
binary of interest.
</P>
<P>
Perhaps the most common version tracking scenario is when you have a binary file that
you have previously analyzed, identifying important areas of interest and annotating the code with comments
and labels. Suppose the software developer releases a newer version of the software including bug
fixes and feature modifications. Since customers may be using the more up-to-date version,
the analyst will probably want to continue evaluation with the newer version as well.
However, it can be very time-consuming to have to initiate the analysis from scratch. In
order to leverage the existing work, version tracking enables the reverse engineer
to port comments and labels into the new context.
</P>
<P>
Perhaps the second most common version tracking scenario is where you wish to check for
the presence of existing code within a given binary. As an example, given a small collection
of functions, say from some library of routines or code representing known malware, you
can use version tracking to search for that code in a given binary.
</P>
<P>
The remainder of this document describes high-level version tracking concepts use by
Ghidra, followed by links to documents that describe how to get started version
tracking in Ghidra.
</P>
</BLOCKQUOTE>
<BLOCKQUOTE>
<p>
Version Tracking Concepts:
</p>
<ul>
<li><a href="#Session">Session</a></li>
<li><a href="#Intro_Associations">Associations</a></li>
<li><a href="#Intro_Matches">Matches</a></li>
<li><a href="#Intro_Markup_Items">Markup Items</a></li>
<li><a href="#Intro_Correlators">Correlators</a></li>
<li><a href="#Intro_How_To_Start">How to Start</a></li>
</ul>
</BLOCKQUOTE>
<H2><A name="Session"></A>Version Tracking Session</H2>
<BLOCKQUOTE>
<P>
A <i>session</i> is created as a result of running one of Ghidra's matching
algorithms (a.k.a., a <a href="#Intro_Correlators">correlator</a>) against two binaries.
The newly created session is stored in the
<a href="help/topics/FrontEndPlugin/Ghidra_Front_end.htm#Project_Window">Ghidra Project Window</a>.
The session records the history of any work done within that session (e.g., applying
markup). Furthermore, since changes are saved, you may close and reopen a session to
continue work at a later time. Sessions can be updated with new data by running
additional matching algorithms at any time.
</P>
</BLOCKQUOTE>
<H2><A name="Intro_Associations"></A>Version Tracking Associations</H2>
<BLOCKQUOTE>
<P>
An <I>association</I> is any pairing of information between the two versions of the same program, which suggests
that the items correspond with one another in some way. An association is characterized by a collection
of metadata including the correlating algorithm that determined the association, a memory address reference
locating the items in each version, and the type of the items being associated (data or function).
</P>
<P>
Sometimes a variable or function in the source program will be associated with several
variables or functions in the destination program. This happens because the version tracking algorithm has
found enough evidence to support each candidate as a possible correspondence between the two versions. When
this happens, we say that they are conflicting associations. It may be that only one of the associations
is exactly right or that the modularity of the program has changed sufficiently and none of the associations
is quite right. Ultimately, the analyst has to inspect the actual code
to make a determination about which associations represents a valid match.
</P>
<P>
Once an association is accepted by the user, any other associations which may be conflicting because they include
either the same source or the same destination address will become blocked because the tool only allows one-to-one
mappings. Blocked and conflicting associations which lead to other inconsistencies can be a useful way of identifying
valid matches between two different versions.
</P>
</BLOCKQUOTE>
<H2><A name="Intro_Matches"></A>Version Tracking Matches</H2>
<BLOCKQUOTE>
<P>
A <i>match</i> is an association that has been assigned a score. As a correlator finds an
association it will assign that association a score, thus creating a match. The
<a href="help/topics/VersionTrackingPlugin/providers/VT_Matches_Table.html">matches table</a>
contains all matches discovered by any correlators run within a given session. Users
can use the score to help determine the accuracy of a given match, as not all matches
created by the correlators are correct.
</P>
<P>
When the you determine that a match is valid, then you can
<a href="help/topics/VersionTrackingPlugin/providers/VT_Matches_Table.html#Accept_Match">accept</a>
the match, which will block conflicting, related matches. When you apply markup for a
given match, then that match is automatically accepted. Finally, you cannot apply
markup for a match that has been blocked by another already accepted match.
</P>
<P>
Ghidra also has the concept of an
<a href="help/topics/VersionTrackingPlugin/providers/VT_Implied_Matches_Table.html#Implied_Matches">Implied
Match</a>. If you accept a function match, then Ghidra will generate implied matches for any functions
called by the two functions that make up the function match.
</P>
</BLOCKQUOTE>
<H2><A name="Intro_Markup_Items"></A>Version Tracking Markup Items</H2>
<BLOCKQUOTE>
<P>
During analysis of a program, the analyst will develop a greater understanding of the code and will annotate
the disassembly with comments, labels, data type information, and parameter and variable names to document
the code and to make it more readable. Ghidra refers to all of these annotated details
as markup items.
</P>
<P>
For any given match we can apply its markup items
and port these annotations in an appropriate manner so that the labels and comments appear in the corresponding
locations in the new binary. This is the ultimate purpose of version tracking, to retain any progress that
has already been made in understanding the code and be able to proceed despite any changes
to the original binary.
</P>
</BLOCKQUOTE>
<H2><A name="Intro_Correlators"></A>Version Tracking Correlators</H2>
<BLOCKQUOTE>
<P>
There are many strategies for identifying
how different versions of the a program are related to each other. Any scheme or algorithm
that determines these relationships is referred to as a correlator. Correlators may be based
on the underlying bytes in a program, the program flow, or any other aspect of the code upon
which similarities may be observed. Additional documentation is available for the specific
<a href="help/topics/VersionTrackingPlugin/VT_Correlators.html">correlators used in Ghidra.</a>
</font>
</P>
</BLOCKQUOTE>
<H2><A name="Intro_How_To_Start"></A>How to Start</H2>
<BLOCKQUOTE>
<P>
This list presents a few different useful links for getting started with
version tracking.
</P>
<ul>
<li><a href="help/topics/VersionTrackingPlugin/VT_Workflow.html">Workflow</a></li>
<li><a href="help/topics/VersionTrackingPlugin/VT_Tool.html">Version Tracking Tool</a></li>
<li><a href="help/topics/VersionTrackingPlugin/VT_Wizard.html">Version Tracking Wizard</a>
</li>
</ul>
</BLOCKQUOTE>
<P class="providedbyplugin">Provided by: <I>Version Tracking Plugin</I></P>
<P class="relatedtopic">Related Topics:</P>
<UL>
<li><a href="help/topics/VersionTrackingPlugin/VT_Workflow.html">Workflow</a></li>
<li><a href="help/topics/VersionTrackingPlugin/VT_Tool.html">Version Tracking Tool</a></li>
<li><a href="help/topics/VersionTrackingPlugin/VT_Wizard.html">Version Tracking Wizard</a>
<LI><A href="help/topics/VersionTrackingPlugin/providers/VT_Matches_Table.html">Version Tracking Matches Table</A></LI>
<LI><A href="help/topics/VersionTrackingPlugin/providers/VT_Markup_Table.html">Version Markup Items Table</A></LI>
</UL><BR>
<BR>
</BODY>
</HTML>

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/ActionsMenu_DropDown.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 839 B

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/ApplyAdd.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1.1 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/ApplyReplace.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1.4 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/CorrelatorPanel.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 54 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/DataRefCorr_ExactSelectAll.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 284 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/DataRefCorr_options.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 7 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/DataRefCorr_refined.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 67 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/DataRefCorrelator_Setup.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 191 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/FuncRefCorr_MatchTableFilters.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 56 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/FuncRefCorr_MatchTableFilters_AssocStatus.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 3.7 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/FuncRefCorr_defaultOptions_results.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 122 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/FuncRefCorr_lowerScoreThresh.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 7.6 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/FuncRefCorr_lowerScoreThreshUnrefined.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 7.5 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/FuncRefCorr_lowerScoreThreshUnrefined_results.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 103 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/FuncRefCorr_lowerScoreThresh_results.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 121 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/FunctionsTable.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 50 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/ImpliedMatchExample.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 77 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/ImpliedMatchesTable.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 76 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/MarkupItemsFilters.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 21 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/MatchesTable.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 66 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/OneToManyDestination.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 21 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/OneToManySource.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 24 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/OptionsPanel.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 14 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/Plus.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 171 B

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/PreconditionsPanel.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 29 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/Same.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 322 B

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/SessionPanel.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 23 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/SourceTool.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 84 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/SummaryPanel.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 14 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/VTOptions_AcceptMatchDialog.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 29 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/VTOptions_ApplyMarkupDialog.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 72 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/VT_Wizard_AddToSession_Summary.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 18 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/VT_Wizard_AddressSetOptions.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 13 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/VT_Wizard_SelectAddressRanges.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 30 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/VersionTrackingMarkupItems.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 71 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/VersionTrackingMarkupItemsHeader.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 86 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/VersionTrackingMarkupItemsSideBySide.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 66 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/VersionTrackingMarkupItemsTableOnly.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 36 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/VersionTrackingTool.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 78 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/accepted_fully_applied.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 794 B

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/accepted_fully_considered.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 777 B

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/accepted_warning.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 773 B

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/add.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 733 B

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/application_tile_horizontal.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 432 B

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/asterisk_orange.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 760 B

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/cache.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 778 B

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/checkmark_green.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 867 B

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/dialog-cancel.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 848 B

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/doubleArrowUpDown.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 281 B

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/edit-delete.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 641 B

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/edit-rename.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 245 B

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/filter_matched.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 574 B

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/flag.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1.7 KiB

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/function.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 391 B

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/kgpg.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 865 B

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/lightbulb.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 782 B

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/list-remove.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 332 B

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/locationIn.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 219 B

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/locationOut.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 220 B

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/menu16.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 62 B

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/settings16.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 142 B

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/start-here_16.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 658 B

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/sync_enabled.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 446 B

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/table_delete.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 660 B

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/table_gear.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 714 B

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/table_go.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 683 B

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/tag_blue.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 586 B

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/tag_blue_delete.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 701 B

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/tag_blue_edit.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 748 B

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/text_align_justify.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 209 B

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/undo-apply.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 707 B

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/unknown.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 314 B

BIN
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/images/view-filter.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 429 B

626
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/providers/VT_Apply_Options.html Normal file
View file

@ -0,0 +1,626 @@
<!DOCTYPE doctype PUBLIC "-//W3C//DTD HTML 4.0 Frameset//EN">
<HTML>
<HEAD>
<META name="generator" content=
"HTML Tidy for Java (vers. 2009-12-01), see jtidy.sourceforge.net">
<TITLE>Version Tracking Apply Options</TITLE>
<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
<LINK rel="stylesheet" type="text/css" href="../../../shared/Frontpage.css">
</HEAD>
<BODY lang="EN-US">
<H1><A name="Version_Tracking_Apply_Options"></A>Version Tracking Options</H1>
<BLOCKQUOTE>
<P>
The actions taken when accepting match or applying its markup are defined as options, which
can be changed by the user. The sections below describe the various options available
and list the default values. To access the options you can click the
<img src="../images/settings16.gif" /> icon on the
<a href="help/topics/VersionTrackingPlugin/providers/VT_Matches_Table.html">
Matches Table</a>.
</P>
</BLOCKQUOTE>
<br>
<BLOCKQUOTE>
<H2><A NAME="Match_Accept_Options"></A>Accept Match Options</H2>
<P>
Below is a image of the <b>Accept Match Options</b>:
</P>
<BR>
</BLOCKQUOTE>
<TABLE x-use-null-cells="" width="100%">
<TBODY>
<TR>
<TD align="center" width="100%">
<IMG border="1" src="../images/VTOptions_AcceptMatchDialog.png">
</TD>
</TR>
</TBODY>
</TABLE>
<BLOCKQUOTE>
<BR>
<BR>
<BR>
<P>
The following items will happen when a
<a href="help/topics/VersionTrackingPlugin/providers/VT_Matches_Table.html#Accept_Match">match is accepted</a>:
</P>
<BR>
<TABLE border="1" width="90%">
<TR>
<TH>Name</TH>
<TH>Description</TH>
<TH nowrap>Default Value</TH>
</TR>
<TR>
<TD nowrap><b>Auto Create Implied Matches</b></TD>
<TD>When true, an
<a href="help/topics/VersionTrackingPlugin/providers/VT_Implied_Matches_Table.html">implied match</a>
will be created.
</TD>
<TD><tt>True</tt></TD>
</TR>
<TR>
<TD nowrap><b>Automatically Apply Function Name on Accept</b></TD>
<TD>When true,
the function name of the function in the source
program will be applied to the matched function in the destination program.
</TD>
<TD><tt>True</tt></TD>
</TR>
</TABLE>
</BLOCKQUOTE>
<br>
<BLOCKQUOTE>
<H2><A NAME="Match_Apply_Options"></A>Apply Markup Options</H2>
<P>
Below is a image of the <b>Apply Markup Options</b>:
</P>
<BR>
</BLOCKQUOTE>
<TABLE x-use-null-cells="" width="100%">
<TBODY>
<TR>
<TD align="center" width="100%">
<IMG border="1" src="../images/VTOptions_ApplyMarkupDialog.png">
</TD>
</TR>
</TBODY>
</TABLE>
<BLOCKQUOTE>
<BR>
<BR>
<BR>
<P>
The table below contains the markup items and their default actions taken
when
<a href="help/topics/VersionTrackingPlugin/providers/VT_Matches_Table.html#Apply_Markup">
Apply Markup</a> is executed on a match. Each type of markup has different
available actions. These are:
<ul>
<li><b>Data Match Data Type Markup</b>:<br>
<ul>
<li><b>Do Not Apply</b> - Do not apply markup to the destination program.</li>
<li><b>Replace First Data Only</b> - Replace the markup in the destination
with that from the source program. The replace will fail if any instructions
or defined data, other than a defined data at the destination address, would
be overwritten by the replace.</li>
<li><b>Replace All Data</b> - Replace the markup in the destination
with that from the source program. The replace will fail if any instructions
would be overwritten by the replace.
<br>
<FONT color="red"><b>Important</b>: After doing Replace All Data,
the <i>Reset Mark-up</i> action will only be able to restore the single
Data item that was originally at the Destination Address. Any other
Data items that were replaced by this action will not be restored by
<i>Reset Mark-up</i>.</FONT>
</li>
<li><b>Replace Undefined Data Only</b> - Only replace undefined bytes in the destination
with the markup item's data type in the source program. Otherwise, do nothing.</li>
</ul>
</li>
<li><b>Label Markup</b>:<br>
<ul>
<li><b>Do Not Apply</b> - Do not apply markup to the destination program</li>
<li><b>Add</b> - Adds the labels from the source program to those already
at the address in the destination program.</li>
<li><b>Add As Primary</b> - Adds the labels from the source program to
those already at the address in the destination program. Sets the
primary label in the destination program to whatever label was the
primary one in the source program.</li>
<li><b>Replace All</b> - Replaces all the labels at the the address in
the destination program with those from the source program.</li>
<li><b>Replace Default Only</b> - Only apply labels from the
source program to the destination program when the label
in the destination program is a default label.</li>
</ul>
</li>
<li><b>Function Name Markup</b>:<br>
<ul>
<li><b>Do Not Apply</b> - Do not apply markup to the destination program</li>
<li><b>Add</b> - Adds the function name from the source program to the one already
at the address in the destination program.</li>
<li><b>Add As Primary</b> - Adds the function name from the source program to
the one already at the address in the destination program. Sets the
primary label in the destination program to whatever label was the
primary one in the source program.</li>
<li><b>Replace Always</b> - Always apply markup to from the source
program to the destination program.</li>
<li><b>Replace Default Only</b> - Only apply markup from the
source program to the destination program when the label
in the destination program is a default label.</li>
</ul>
</li>
<li><b>Function Signature Markup</b>:<br>
Applying function signature markup applies the function signature except for the names,
which are controlled by the parameter names markup.<br>
<ul>
<li><b>Do Not Apply</b> - Do not apply markup to the destination program.</li>
<li><b>Replace</b> - Always replace the markup in the destination
with that from the source program.</li>
<li><b>Replace When Same Parameter Count</b> - Only replace the function signature in the
destination with that from the source program when the number of parameters in the
source signature match the number of parameters in the destination signature.</li>
</ul>
</li>
<li><b>Comment Markup</b>:<br>
<ul>
<li><b>Do Not Apply</b> - Do not apply markup to the destination program.</li>
<li><b>Add To Existing</b> - Append the markup from the source program
to the destination program.</li>
<li><b>Replace Existing</b> - Replace the markup in the destination program with
the markup from the source program.</li>
</ul>
</li>
<P><U><b>Function Signature Details</b></U></P>
<BLOCKQUOTE>
<li><b>Return Type</b>:<br>
The function return type is applied as part of the function signature markup based on this
option setting.<br>
<ul>
<li><b>Do Not Apply</b> - Do not apply the function REturn type in the destination program.</li>
<li><b>Replace Undefined Data Types Only</b> - Replace the function return type in the destination
with that from the source program when replacing the function signature only
if the source return type is an undefined data type.</li>
<li><b>Replace</b> - Replace the function return type in the destination
with that from the source program when replacing the function signature.</li>
</ul>
</li>
<li><b>Inline</b>:<br>
The function inline flag is applied as part of the function signature markup based on this
option setting.<br>
<ul>
<li><b>Do Not Apply</b> - Do not apply the function inline flag in the destination program.</li>
<li><b>Replace</b> - Replace the function inline flag in the destination
with that from the source program when replacing the function signature.</li>
</ul>
</li>
<li><b>No Return</b>:<br>
The function "No Return" flag is applied as part of the function signature markup based on this
option setting.
<ul>
<li><b>Do Not Apply</b> - Do not apply the "No Return" flag to the destination program.</li>
<li><b>Replace</b> - Replace the "No Return" flag in the destination
with that from the source program when replacing the function signature.</li>
</ul>
</li>
<li><b>Calling Convention</b>:<br>
The calling convention is applied as part of the function signature markup based on this
option setting.<br>
<ul>
<li><b>Do Not Apply</b> - Do not apply the calling convention to the destination program.</li>
<li><b>Replace If Same Language</b> - Replace the calling convention in the destination
with that from the source program when replacing the function signature if the
source and destination programs are the same language.</li>
<li><b>Replace If Has Named Convention</b> - Replace the calling convention in the destination
with that from the source program when replacing the function signature if the
destination program has a calling convention with the same name as the one in
the source program.</li>
</ul>
</li>
<li><b>Call Fixup</b>:<br>
The function call fixup is applied as part of the function signature markup based on this
option setting.<br>
<ul>
<li><b>Do Not Apply</b> - Do not apply the function call fixup to the destination program.</li>
<li><b>Replace</b> - Replace the function call fixup in the destination
with that from the source program when replacing the function signature.</li>
</ul>
</li>
<li><b>Var Args</b>:<br>
The function var args flag is applied as part of the function signature markup based on this
option setting.<br>
<ul>
<li><b>Do Not Apply</b> - Do not apply the function var args flag in the destination program.</li>
<li><b>Replace</b> - Replace the function var args flag in the destination
with that from the source program when replacing the function signature.</li>
</ul>
</li>
</BLOCKQUOTE>
<P><U><b>Parameter Details</b></U></P>
<BLOCKQUOTE>
<li><b>Parameter Data Types</b>:<br>
The parameter data types are applied as part of the function signature markup based on this
option setting.<br>
Undefined parameter data types will not replace any defined parameter data types.
A default data type won't replace another undefined data type or a defined data type.<br>
<ul>
<li><b>Do Not Apply</b> - Do not apply parameter data types to the destination program.</li>
<li><b>Replace Undefined Data Types Only</b> - Only replace undefined bytes in the destination
with the parameter data type in the source program. Otherwise, do nothing.</li>
<li><b>Replace</b> - Replace the markup in the destination
with that from the source program. The replace will fail if any instructions
or defined data, other than a defined data at the destination address, would
be overwritten by the replace.</li>
</ul>
</li>
<li><b>Parameter Names</b>:<br>
The parameter names are applied as part of the function signature markup based on this
option setting.<br>
Default parameter names will not replace any defined parameter names.<br>
Whenever parameter names are replaced in the function signature using one of the
source type priorities, an additional
option controls whether a name in the destination function should be replaced by the one from
the source function if the source types are the same.<br>
<ul>
<li><b>Do Not Apply</b> - Do not apply the parameter names to the function signature of the
destination program.</li>
<li><b>Replace Default Only</b> - Replace only default parameter names in the destination
with those from the source program. </li>
<li><b>Replace</b> - Replace the parameter names in the destination
with those from the source program. Default parameter names from the source
will not replace defined names in the destination.</li>
<li><b>Priority Replace</b> - Only replace the parameter names in the
destination with one that has a higher priority source type from the source program.
This option applies names based on the source types from highest to lowest in the
following order:
User Defined, Imported, Analysis, Default.</li>
<li><b>Import Priority Replace</b> - Only replace the parameter names in the
destination with one that has a higher priority source type from the source program.
This option applies names based on the source types from highest to lowest in the
following order:
Imported, User Defined, Analysis, Default.</li>
</ul>
</li>
<li><b>Parameter Names Highest Name Priority</b>:<br>
Whenever the Function Parameter Names option is set to Priority Replace,
this option determines the order of the source type priorities.
Whenever parameter names are replaced in the function signature using
one of the source type priorities, this option controls whether a name
in the destination function should be replaced by the one from
the source function if the source types are the same.
Only replace the parameter names in the destination with one that has
a higher priority source type from the source program.<br>
<ul>
<li><b>User</b> - This option applies names based on the source types from highest to lowest in the
following order:
User Defined, Imported, Analysis, Default.</li>
<li><b>Import</b> - This option applies names based on the source types from highest to lowest in the
following order:
Imported, User Defined, Analysis, Default.</li>
</ul>
</li>
<li><b>Parameter Names Replace If Same Priority</b>:<br>
This option determines whether or not to replace the destination parameter name with the
source parameter name whenever their source types are the same and the Function Parameter
Names option is set to either "User Priority Replace" or "Import Priority Replace".
Checking this option's box prevents causes the source parameter name to replace the
destination name when they are the same source type.<br>
</li>
<li><b>Parameter Comments</b>:<br>
The parameter comments are applied as part of the function signature markup based on this
option setting.<br>
<ul>
<li><b>Do Not Apply</b> - Do not apply the parameter comments to the destination program
even if the parameter names are applied.</li>
<li><b>Append To Existing</b> - Append the parameter comments from the source program
to the destination program whenever parameter names are applied.</li>
<li><b>Replace Existing</b> - Overwrite the parameter comments in the destination program with
the parameter comments from the source program whenever parameter names are applied.</li>
</ul>
</li>
</BLOCKQUOTE>
<br>
</ul>
</P>
</BLOCKQUOTE>
<BLOCKQUOTE>
<TABLE border="1" width="90%">
<TR>
<TH><b>Name &</b><br>
Description</TH>
<TH nowrap><b>Default Value</b></TH>
</TR>
<TR>
<TD><b>Calling Convention</b> : <br>
Specifies the default action to take for applying the function's calling
convention when applying the function signature markup of a match.
</TD>
<TD nowrap><tt>Replace If Same Language</tt>
</TD>
</TR>
<TR>
<TD><b>Call Fixup</b> : <br>
Specifies the default action to take for applying the function's call
fixup when applying the function signature markup of a match.
</TD>
<TD nowrap><tt>Replace</tt>
</TD>
</TR>
<TR>
<TD><b>Data Match Data Type</b> : <br>
Specifies the default action to take when applying the data type markup of a
data match.
</TD>
<TD nowrap><tt>Replace Undefined Data Only</tt>
</TD>
</TR>
<TR>
<TD><b>End of Line Comment</b> : <br>
Specifies the default action to take when applying EOL comment markup of a
match.
</TD>
<TD nowrap><tt>Add To Existing</tt>
</TD>
</TR>
<TR>
<TD><b>Function Name</b> : <br>
Specifies the default action to take when applying the function
name of a match.
</TD>
<TD nowrap><tt>Add As Primary</tt>
</TD>
</TR>
<TR>
<TD><b>Inline</b> : <br>
Specifies the action to take for applying the inline flag when
applying a function signature markup of a match.
</TD>
<TD nowrap><tt>Replace</tt>
</TD>
</TR>
<TR>
<TD><b>No Return</b> : <br>
Specifies the default action to take when applying the no return
flag when applying a function signature markup of a match.
</TD>
<TD nowrap><tt>Replace</tt>
</TD>
</TR>
<TR>
<TD><b>Parameter Comments</b> : <br>
Specifies the default action to take when applying the parameter comments
when applying a function signature markup of a match.
</TD>
<TD nowrap><tt>Add To Existing</tt>
</TD>
</TR>
<TR>
<TD><b>Parameter Data Types</b> : <br>
Specifies the default action to take when applying the parameter data types
when applying a function signature markup of a match.
</TD>
<TD nowrap><tt>Replace Undefined Data Types Only</tt>
</TD>
</TR>
<TR>
<TD><b>Parameter Names</b> : <br>
Specifies the default action to take when applying the parameter
names when applying a function signature markup of a match.
</TD>
<TD><tt>Priority Replace</tt>
</TD>
</TR>
<TR>
<TD><b>Parameter Names Highest Name Priority</b> : <br>
Specifies the highest to lowest priority order of the source types that
are used when performing a Priority Replace for Function Parameter Names.
</TD>
<TD><tt>User</tt>
</TD>
</TR>
<TR>
<TD><b>Parameter Names Replace If Same Priority</b> : <br>
When true, if Function Signatures are being replaced and Function
Parameter Names are doing a User Priority Replace or an Import Priority
Replace and the Source Types are the same for the source and
destination parameters, the source parameter will replace the
destination parameter.
</TD>
<TD nowrap><tt>False</tt>
</TD>
</TR>
<TR>
<TD><b>Function Signature</b> : <br>
Specifies the default action to take when applying the function
signature of a match.
</TD>
<TD nowrap><tt>Replace When Same Parameter Count</tt>
</TD>
</TR>
<TR>
<TD><b>Labels</b> : <br>
Specifies the default action to take when applying the label of a match.
</TD>
<TD nowrap><tt>Add</tt>
</TD>
</TR>
<TR>
<TD><b>Plate Comment</b> : <br>
Specifies the default action to take when applying Plate Comment
markup of a match.
</TD>
<TD nowrap><tt>Add To Existing</tt>
</TD>
</TR>
<TR>
<TD><b>Post Comment</b> : <br>
Specifies the default action to take when applying Post Comment
markup of a match.
</TD>
<TD nowrap><tt>Add To Existing</tt>
</TD>
</TR>
<TR>
<TD><b>Pre Comment</b> : <br>
Specifies the default action to take when applying Pre Comment
markup of a match.
</TD>
<TD nowrap><tt>Add To Existing</tt>
</TD>
</TR>
<TR>
<TD><b>Repeatable Comment</b> : <br>
Specifies the default action to take when applying Repeatable Comment
markup of a match.
</TD>
<TD nowrap><tt>Add To Existing</tt>
</TD>
</TR>
<TR>
<TD><b>Return Type</b> : <br>
Specifies the action to take for applying the return type when
applying a function signature markup of a match.
</TD>
<TD nowrap><tt>Replace Undefined Data Types Only</tt>
</TD>
</TR>
<TR>
<TD><b>Set Excluded Markup Items To Ignored</b> : <br>
When true, any markup items marked as <b>Do Not Apply</b> via these options
will have their status marked as ignored, with a
<a href="help/topics/VersionTrackingPlugin/providers/VT_Markup_Table.html#Markup_Item_Status">
status of <b>Don't Care</b></a>.
</TD>
<TD nowrap><tt>False</tt>
</TD>
</TR>
<TR>
<TD><b>Set Incomplete Markup Items To Ignored</b> : <br>
When true, any markup item that could not be applied (such as when
it has no destination address set) will have their
status marked as ignored, with a
<a href="help/topics/VersionTrackingPlugin/providers/VT_Markup_Table.html#Markup_Item_Status">
status of <b>Don't Care</b></a>.
</TD>
<TD nowrap><tt>False</tt>
</TD>
</TR>
<TR>
<TD><b>Var Args</b> : <br>
Specifies the action to take for applying the var args flag when
applying a function signature markup of a match.
</TD>
<TD nowrap><tt>Replace</tt>
</TD>
</TR>
</TR>
</TABLE>
</BLOCKQUOTE>
</BLOCKQUOTE>
<P class="providedbyplugin">Provided by: <I>Version Tracking Plugin</I></P>
<P class="relatedtopic">Related Topics:</P>
<UL>
<LI><A href="help/topics/VersionTrackingPlugin/providers/VT_Matches_Table.html">Version Tracking Matches Table</A></LI>
<LI><A href="help/topics/VersionTrackingPlugin/providers/VT_Markup_Table.html">Version
Tracking Markup Table</A></LI>
<LI><A href="help/topics/VersionTrackingPlugin/Version_Tracking_Intro.html">Version
Tracking Introduction</A></LI>
<li><a href="help/topics/CodeBrowserPlugin/CodeBrowser.htm">Code Browser</a></li>
</UL><BR>
<BR>
</BODY>
</HTML>

225
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/providers/VT_Functions_Table.html Normal file
View file

@ -0,0 +1,225 @@
<!DOCTYPE doctype PUBLIC "-//W3C//DTD HTML 4.0 Frameset//EN">
<HTML>
<HEAD>
<META name="generator" content=
"HTML Tidy for Java (vers. 2009-12-01), see jtidy.sourceforge.net">
<TITLE>Version Tracking Functions Table</TITLE>
<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
<LINK rel="stylesheet" type="text/css" href="../../../shared/Frontpage.css">
</HEAD>
<BODY lang="EN-US">
<H1><A name="Functions_Table"></A></A>Version Tracking Functions Table</H1>
<TABLE x-use-null-cells="" width="100%">
<TBODY>
<TR>
<TD align="center" width="100%"><IMG border="0" src="../images/FunctionsTable.png"></TD>
</TR>
</TBODY>
</TABLE>
<blockquote>
<BLOCKQUOTE>
<p>
The functions table shows a list of all functions in the source program and the
destination program. You can filter this table to show only those functions that are
not part of a match. This is useful if you would like to
<a href="#Create_Manual_Match">create a manual match</a> from two functions.
</p>
<P>
If you select function in each table and there exists already a match between the
two functions, then the following status message will be displayed in the table:
A match already exists between &lt;<i>source function name</i>&gt;
and &lt;<i>destination function name</i>&gt;.
</P>
<P>
The title of this window will show, for each program, the number of total functions, as
well as the number of functions filtered-out of the table, if any filters are applied.
</P>
</BLOCKQUOTE>
<H2>Functions Table Columns</H2>
<BLOCKQUOTE>
<table border="1" width="90%">
<tr>
<th>
Column Name
</th>
<th>
Description
</th>
</tr>
<tr>
<td>
Label
</td>
<td>
This column shows the label for function in the given row.
</td>
</tr>
<tr>
<td>
Location
</td>
<td>
This column shows the address for the function in the given row.
</td>
</tr>
<tr>
<td>
Function Signature
</td>
<td>
This column shows the function signature for the function in the given row.
</td>
</tr>
</table>
</BLOCKQUOTE>
<H2><A name="Functions_Actions"></A>Functions Table Actions</H2>
<BLOCKQUOTE>
<h3><a name="Create_Manual_Match"></a>Create Manual Match</h3>
<BLOCKQUOTE>
<p align="left">
The <b>Create Manual Match</b> action (<img src="../images/Plus.png"/>) allows the user to create a match for the
selected function in source table to the selected function in the destination table.
The action will be disabled if you do not have a single function selected in both
tables.
</p>
</BLOCKQUOTE>
<BR>
<h3><a name="Create_And_Accept_Manual_Match"></a>Create And Accept Manual Match</h3>
<BLOCKQUOTE>
<p align="left">
The <b>Create And Accept Manual Match</b> action (<img src="../images/flag.png"/>) allows the user to create a match for the
selected function in source table to the selected function in the destination table and then automatically accept it.
The action will be disabled if you do not have a single function selected in both
tables.
</p>
</BLOCKQUOTE>
<BR>
<h3><a name="Create_And_Apply_Manual_Match"></a>Create And Apply Manual Match</h3>
<BLOCKQUOTE>
<p align="left">
The <b>Create And Apply Manual Match</b> action (<img src="../images/checkmark_green.gif"/>) allows the user to create a match for the
selected function in source table to the selected function in the destination table and then accept it and then automatically apply
any appropriate markup items from the source to the destination program.
The action will be disabled if you do not have a single function selected in both
tables.
</p>
</BLOCKQUOTE>
<BR>
<h3><a name="Select_Existing_Match"></a>Select Existing Match</h3>
<BLOCKQUOTE>
<p align="left">The
<b>Select Existing Match</b> action (<img src="../images/text_align_justify.png"/>) will
select the existing match in the matches table. To use this action you must have
one function selected in source table and one function selected in the destination
table. Further, the action will only be enabled if a match exists for the two
selected functions.
</p>
</BLOCKQUOTE>
<BR>
<h3>Functions Table Filter</h3>
<BLOCKQUOTE>
<p align="left"> <a name="Functions_Filter"></a>
The <b>Functions Filter</b> action filters functions from the tables
based upon the chosen state of the action. You can change the state of the
filter from the actions toolbar using the drop-down menu.
(<img src="../images/ActionsMenu_DropDown.png"/>).
</p>
<p>
This list below shows the available filter states:
</p>
<ul>
<li>
<a name="Show_All_Functions"></a>
<b>Show All Functions</b> (<img src="../images/function.png" />) -
Shows all functions found in the source and destination programs.
</li>
<li>
<a name="Show_Unmatched_Functions"></a>
<b>Show Only Unmatched Functions</b> (<img src="../images/filter_matched.png" />) -
Shows only functions in the source and destination programs that are
not part of any match. This is
useful for showing functions that were not matched by any of the
<a href="help/topics/VersionTrackingPlugin/VT_Correlators.html">program correlators</a>.
</li>
<li>
<a name="Show_Unaccepted_Functions"></a>
<b>Show Only Unaccepted Match Functions</b> (<img src="Icons.FILTER_NOT_ACCEPTED_ICON" />) -
Shows only functions in the source and destination programs that
are not part of <b>an accepted match</b>. This means that the functions
visible in the tables will either be part of no match or part of a
match that has not been accepted. This is useful for showing functions
that you have not yet accepted as being part of a valid match.
</li>
</ul>
</BLOCKQUOTE>
<BR>
<h3><a name="Function_Association_Show_Hide_Function_Compare"></a>Show/Hide the Function Comparison Panel</h3>
<BLOCKQUOTE>
<p align="left">The
<b>Toggle Visibility of Dual Comparison Views</b> action
(<img src="../images/application_tile_horizontal.png"/>) will
toggle whether or not a function comparison panel is displayed below the source
and destination function tables. As you select a function in the source or destination
table, it is displayed in the function comparison panel so you can visually compare
the source and destination functions.
</p>
<p align="left">
There are other toolbar and popup actions that are available for this function
comparison panel. See the help for the
<A href="help/topics/FunctionComparison/FunctionComparison.htm">Function Comparison Window</A>
to learn more about using these.
</p>
</BLOCKQUOTE>
</BLOCKQUOTE>
<BR>
<H2><A name="Function_Filters"></A>Text Filter</H2>
<BLOCKQUOTE>
<p align="left">
Each table has a text field at that bottom labeled <b>Search Filter</b> that
allows you to search for text in the respective table. If the text searched
is contained in any column, then that column will remain in the table; otherwise
the row will be filtered out.
</p>
</BLOCKQUOTE>
</BLOCKQUOTE>
</blockquote>
<P class="providedbyplugin">Provided by: <I>Version Tracking Plugin</I></P>
<P class="relatedtopic">Related Topics:</P>
<UL>
<LI><A href="help/topics/VersionTrackingPlugin/providers/VT_Matches_Table.html">Version Tracking Matches Table</A></LI>
<LI><A href="help/topics/VersionTrackingPlugin/VT_Tool.html">Version Tracking Tool</A></LI>
<LI><A href="help/topics/VersionTrackingPlugin/Version_Tracking_Intro.html">Version Tracking Introduction</A></LI>
<LI><A href="help/topics/FunctionComparison/FunctionComparison.htm">Function Comparison Window</A></LI>
</UL><BR>
<BR>
</BODY>
</HTML>

198
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/providers/VT_Implied_Matches_Table.html Normal file
View file

@ -0,0 +1,198 @@
<!DOCTYPE doctype PUBLIC "-//W3C//DTD HTML 4.0 Frameset//EN">
<HTML>
<HEAD>
<META name="generator" content=
"HTML Tidy for Java (vers. 2009-12-01), see jtidy.sourceforge.net">
<TITLE>Version Tracking Implied Matches Table</TITLE>
<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
<LINK rel="stylesheet" type="text/css" href="../../../shared/Frontpage.css">
</HEAD>
<BODY lang="EN-US">
<BLOCKQUOTE>
<H1><A name="Implied_Matches_Table"></A>Version Tracking Implied Matches Table</H1>
<BLOCKQUOTE>
<P>The implied matches table displays of list of <A href="#Implied_Matches">Implied
Matches</A> for the selected match in the <A href=
"help/topics/VersionTrackingPlugin/providers/VT_Matches_Table.html#Matches_Table">Matches
Table</A>. The implied matches are generated by pairing up the <B>outgoing</B> references
from the two functions in the selected match. Both <B>function references (calls)</B> and
<B>data references</B> can generate implied matches. If there is already a match in the
session that has the same <A href=
"help/topics/VersionTrackingPlugin/Version_Tracking_Intro.html#Intro_Associations">association</A>
as the implied match, then an implied match is not created. Instead, it is indicated by
incrementing the vote count for the current match. If no other match exists, and implied
match is created it is listed as a "Possible Implied Match". For those implied matches that
don't already have a corresponding existing match, the user can created new matches.</P>
</BLOCKQUOTE>
<TABLE x-use-null-cells="" width="100%">
<TBODY>
<TR>
<TD align="center" width="100%"><IMG border="0" src=
"../images/ImpliedMatchesTable.png"></TD>
</TR>
</TBODY>
</TABLE>
<BLOCKQUOTE>
<P>In the example shown above, the matches table has a match selected for a function named
"_mainCRTSartup". The Implied Matches table shows a list of implied matches wherever
references from "_mainCRTStartup" in the source program match a similar reference in the
"_mainCRTStartup" function in the destination program. The idea is that if the selected
match in the matches table is <B>Accepted</B>, then these other matches may also be
"correct".</P>
</BLOCKQUOTE>
<H2><A name="Implied_Matches"></A>Version Tracking Implied Match</H2>
<BLOCKQUOTE>
<P>An implied match is simply a function or data match that is implied because of the
correlation of references made by some other match.</P>
</BLOCKQUOTE>
<H2>Implied Match Table Columns</H2>
<BLOCKQUOTE>
<TABLE border="1" width="90%">
<TR>
<TH>Column Name</TH>
<TH>Description</TH>
</TR>
<TR>
<TD>Source Reference Address</TD>
<TD>Displays the address in the source program where the implied match is
referenced.</TD>
</TR>
<TR>
<TD>Destination Reference Address</TD>
<TD>Displays the address in the destination program where the implied match is
referenced.</TD>
</TR>
<TR>
<TD>Status</TD>
<TD>Displays the status of the association for this implied match.</TD>
</TR>
<TR>
<TD>Type</TD>
<TD>Displays the type of this implied match. Either Function or Data.</TD>
</TR>
<TR>
<TD>Score</TD>
<TD>The score of the best match with the same association as this implied match, or 0
if no matches exist with this association.</TD>
</TR>
<TR>
<TD>Confidence</TD>
<TD>The confidence score of the best match with the same association as this implied
match, or 0 if no matches exist with this association.</TD>
</TR>
<TR>
<TD>Multiple Source Labels?</TD>
<TD>Icon indicating there is more than one label at the match's source
address and a number indicating how many labels. The tooltip can be viewed to see
the label names.</TD>
</TR>
<TR>
<TD>Source Label</TD>
<TD>Displays the label at the source address of the implied match.</TD>
</TR>
<TR>
<TD>Source Address</TD>
<TD>Displays the source address of the implied match.</TD>
</TR>
<TR>
<TD>Multiple Dest Labels?</TD>
<TD>Icon indicating there is more than one label at the match's destination
address and a number indicating how many labels. The tooltip can be viewed to see
the label names.</TD>
</TR>
<TR>
<TD>Dest Label</TD>
<TD>Displays the label at the destination address of the implied match.</TD>
</TR>
<TR>
<TD>Dest Address</TD>
<TD>Displays the destination address of the implied match.</TD>
</TR>
<TR>
<TD>Algorithm</TD>
<TD>Displays the algorithm of the best match with the same association as this implied
match, otherwise, "Possible Implied Match" is displayed.</TD>
</TR>
</TABLE>
</BLOCKQUOTE>
<H2><A name="Implied_Matches_Actions"></A>Implied Match Table Actions</H2>
<BLOCKQUOTE>
<P align="left"><A name="Navigate_References"></A><B>Navigate References</B> <IMG src=
"../images/locationOut.gif" border="0"> When this action toggled on, selecting a row in the
implied matches table will cause the <A href=
"help/topics/VersionTrackingPlugin/VT_Tool.html#Version_Tracking_Sub_Tools">sub-tools</A>
to navigate to the <B>From Address</B> of the references used to create the selected
implied match.</P>
<P align="left"><A name="Navigate_Match"></A><B>Navigate Match</B> <IMG src=
"../images/locationIn.gif" border="0"> When this action toggled on, selecting a row in the
implied matches table will cause the <A href=
"help/topics/VersionTrackingPlugin/VT_Tool.html#Version_Tracking_Sub_Tools">sub-tools</A>
to navigate to the source and destination addresses of the selected implied match.</P>
<P align="left"><A name="Accept_Implied_Match"></A>The <B>Accept Implied Match</B> <IMG
src="../images/flag.png" border="0"> action creates a match in the Matches Table if one
does not already exist, and then sets its status as 'Accepted'. Note, the Implied Matches
shown in the table are not saved unless this action is applied.</P>
</BLOCKQUOTE>
<H2><A name="Implied_Filter"></A>Text Filter</H2>
<BLOCKQUOTE>
<P align="left">The text filter allows filtering on any text displayed in the table.</P>
</BLOCKQUOTE>
</BLOCKQUOTE>
<P class="providedbyplugin">Provided by: <I>Version Tracking Plugin</I></P>
<P class="relatedtopic">Related Topics:</P>
<UL>
<LI><A href="help/topics/VersionTrackingPlugin/providers/VT_Matches_Table.html">Version
Tracking Matches Table</A></LI>
<LI><A href="help/topics/VersionTrackingPlugin/VT_Tool.html">Version Tracking Tool</A></LI>
<LI><A href="help/topics/VersionTrackingPlugin/Version_Tracking_Intro.html">Version Tracking
Introduction</A></LI>
</UL><BR>
<BR>
</BODY>
</HTML>

1022
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/providers/VT_Markup_Table.html Normal file
View file

File diff suppressed because it is too large Load diff

487
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/providers/VT_Matches_Table.html Normal file
View file

@ -0,0 +1,487 @@
<!DOCTYPE doctype PUBLIC "-//W3C//DTD HTML 4.0 Frameset//EN">
<HTML>
<HEAD>
<META name="generator" content=
"HTML Tidy for Java (vers. 2009-12-01), see jtidy.sourceforge.net">
<TITLE>Version Tracking Matches Table</TITLE>
<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
<LINK rel="stylesheet" type="text/css" href="../../../shared/Frontpage.css">
</HEAD>
<BODY lang="EN-US">
<BLOCKQUOTE>
<H1><A name="Matches_Table"></A>Version Tracking Matches Table</H1>
<BLOCKQUOTE>
<P>The Version Tracking Matches Table is the primary window for managing a version tracking
session. It displays a list of all matches contained in the current session. All other
version tracking windows are driven by selecting a match within this table. This window
is also the primary means for accepting matches and bulk applying markup items. In addition,
this table provides an extensive filtering system. </P>
</BLOCKQUOTE>
<TABLE x-use-null-cells="" width="100%">
<TBODY>
<TR>
<TD valign="top" align="center" width="100%"><IMG border="0" src="../images/MatchesTable.png"></TD>
</TR>
</TBODY>
</TABLE>
<H2><A name="Match"></A>Version Tracking Match</H2>
<BLOCKQUOTE>
<P>A match represents an opinion that a function or data in one program is the equivalent
function or data in another program. The pairing of a function or data from one program to
another is called an association. There can be multiple matches (opinions) for the same
association by one or more correlation algorithms. When a match is considered correct, it
should be marked as accepted. When a match is marked as accepted, it is really the
association that is accepted and therefore all matches that have the same association are
considered accepted. Also, when a match is accepted, all competing matches (matches that have
the same source or destination address, but not both) become blocked. For example, if one
match has the opinion that A in one program is associated with X in another program and
another match has the opinion that A is associated with Y, then accepting the first match,
will block the second match since A can't be associated with both X and Y.</P>
</BLOCKQUOTE>
<H2><A name="Match_Status"></A>Match Status</H2>
<BLOCKQUOTE>
<P>Each match has a primary status that is one of <B>Available, Accepted, Rejected, or
Blocked</B>. In addition, matches that are <B>Accepted</B> have additional status for its
markup items. The status column uses overlayed icons to provide information about both
types of status. The table below lists the various combined status of a match.</P>
<TABLE border="1" width="90%">
<TR>
<TH>Status</TH>
<TH>Icon</TH>
<TH>Description</TH>
</TR>
<TR>
<TD valign="top">AVAILABLE</TD>
<TD valign="top"></TD>
<TD valign="top">The match is available to be accepted and applied.</TD>
</TR>
<TR>
<TD valign="top">REJECTED</TD>
<TD valign="top"><IMG src="../images/dialog-cancel.png"></TD>
<TD valign="top">The match has been rejected by the user.</TD>
</TR>
<TR>
<TD valign="top"><a name="blocked"></a>BLOCKED</TD>
<TD valign="top"><IMG src="../images/kgpg.png"></TD>
<TD valign="top">
The match can't be accepted because a conflicting match has been accepted.
<br>
<br>
Note: To see which associations are causing a blocked association, sort the table
by source or destination address to see all conflicting associations.
</TD>
</TR>
<TR>
<TD valign="top">ACCEPTED</TD>
<TD valign="top"><IMG src="../images/flag.png"></TD>
<TD valign="top">The match has been accepted.</TD>
</TR>
<TR>
<TD valign="top">ACCEPTED - Not Done</TD>
<TD valign="top"><IMG src="../images/accepted_warning.png"></TD>
<TD valign="top">The match has been accepted. There is at least 1 markup item that has not been examined.</TD>
</TR>
<TR>
<TD valign="top" nowrap>ACCEPTED - Fully considered</TD>
<TD valign="top"><IMG src="../images/accepted_fully_considered.png"></TD>
<TD valign="top">The match is accepted and all markup items have been applied or ignored.</TD>
</TR>
<TR>
<TD valign="top">ACCEPTED - Fully Applied</TD>
<TD valign="top"><IMG src="../images/accepted_fully_applied.png"></TD>
<TD valign="top">The match is accepted and all markup items have been applied.</TD>
</TR>
</TABLE><BR>
<BR>
</BLOCKQUOTE>
<H2>Match Table Columns</H2>
<BLOCKQUOTE>
<TABLE border="1" width="90%">
<TR>
<TH nowrap>Column Name</TH>
<TH>Description</TH>
</TR>
<TR>
<TD valign="top">Session ID</TD>
<TD valign="top">A one-up number for the correlation algorithm run this match belongs to.</TD>
</TR>
</TR>
<TD valign="top">Tag</TD>
<TD valign="top">User-defined text that has been applied to a given match. This can be set from the <A
href="#Choose_Tag">Choose Tag</A> action.</TD>
</TR>
<TR>
<TD valign="top">Status</TD>
<TD valign="top">The match status. See the section above on <A href="#Match_Status">Match Status</A></TD>
</TR>
<TR>
<TD valign="top">Type</TD>
<TD valign="top">Type of match. Either function or data</TD>
</TR>
<TR>
<TD valign="top">Source Label</TD>
<TD valign="top">The label at the source address of this match.</TD>
</TR>
<TR>
<TD valign="top">Dest Label</TD>
<TD valign="top">The label at the destination address of this match.</TD>
</TR>
<TR>
<TD valign="top">Multiple Source Labels?</TD>
<TD valign="top">Icon indicating there is more than one label at the match's source
address and a number indicating how many labels. The tooltip can be viewed to see
the label names.</TD>
</TR>
<TR>
<TD valign="top">Multiple Dest Labels?</TD>
<TD valign="top">Icon indicating there is more than one label at the match's destination
address and a number indicating how many labels. The tooltip can be viewed to see
the label names.</TD>
</TR>
<TR>
<TD valign="top">Score</TD>
<TD valign="top">The primary similarity score for this match. The value will be between 0.0 and 1.0. This score
indicates how similar two match items are, not necessarily that they are THE correct match. Scores should NOT be compared
between different correlator algorithms. </TD>
</TR>
<TR>
<TD valign="top">Confidence Score</TD>
<TD valign="top">A score where higher numbers indicate more confidence that the two items are a match. These numbers have no intrinsic
meaning other than higher numbers are better for the same correlator algorithm. Confidence scores should NOT be compared
between differrent correlator algorithms. Typically, this number
is a combination of the similarity score and some length indicator or the number of duplicate matches.</TD>
</TR>
<TR>
<TD valign="top">Source Length</TD>
<TD valign="top">The length of the source function or data item.</TD>
</TR>
<TR>
<TD valign="top">Dest Length</TD>
<TD valign="top">The length of the destination function or data item.</TD>
</TR>
<TR>
<TD valign="top">Votes</TD>
<TD valign="top">The number of references from from previously accepted matches that would suggest
that this is a correct match.</TD>
</TR>
<TR>
<TD valign="top">Source Address</TD>
<TD valign="top">The address of the function or data object in the source program.</TD>
</TR>
<TR>
<TD valign="top" nowrap>Destination Address</TD>
<TD valign="top">The address of the function or data object in the destination program.</TD>
</TR>
<TR>
<TD valign="top">Algorithm</TD>
<TD valign="top">The algorithm that was used to generate this match.</TD>
</TR>
<TR>
<TD valign="top">Length Delta</TD>
<TD valign="top">The difference in lengths between the source and destination objects.</TD>
</TR>
<TR>
<TD valign="top">Source Label Type</TD>
<TD valign="top">The source of the label in the source program. (Imported, Analysis, User Defined, etc.)</TD>
</TR>
<TR>
<TD nowrap nowrap valign="top">Destination Label Type</TD>
<TD valign="top">The source of the label in the destination program. (Imported, Analysis, User Defined, etc.)</TD>
</TR>
<TR>
<TD valign="top">Markup Status</TD>
<TD valign="top">Displays an overview of the markup items status. There is a colored
orb for each status type and that orb is either colored if at least one markup item
has that status or else it is greyed out. An orange orb indicates that one or more
markup items have
been applied or marked. A green orb indicates at least one markup item has
been applied. A purple orb indicates markup items that are rejected. A blue orb
indicates there are markup items that have been ignored (either "Don't Know" or "Don't
Care". And finally, a red orb indicates that at least one markup item could not be
applied due to some error.</TD>
</TR>
<TR>
<TD nowrap nowrap valign="top"># Conflicting</TD>
<TD valign="top">
The number of unique associations with either the same source or same destination address.
<br><br>
This is the number of associations that will become
<a href="#blocked">BLOCKED</a> if you accept the match
in this row of the table.
</TD>
</TR>
</TABLE>
</BLOCKQUOTE>
<H2><A name="Matches_Actions"></A>Match Table Actions</H2>
<BLOCKQUOTE>
<P align="left"><A name="Accept_Match"></A>The <b>Accept Match</b>
<IMG src="../images/flag.png" border="0">
action marks a match (and all matches that have the same association) as being
accepted. All competing matches will become blocked.
<a href="help/topics/VersionTrackingPlugin/providers/VT_Apply_Options.html#Match_Accept_Options">
There are options</a> to auto-apply
function names and create implied matches when accepting a match.</P>
<P align="left"><A name="Apply_Blocked_Match"></A>The <b>Apply Blocked Match</b>
<IMG src="Icons.APPLY_BLOCKED_MATCH_ICON" border="0">
action will clear conflicting matches and then apply the match, which had been blocked
by those conflicts, and its markup items
<a href="help/topics/VersionTrackingPlugin/providers/VT_Apply_Options.html#Match_Apply_Options">
according to the apply settings</a>.</P>
<P align="left"><A name="Apply_Markup"></A>The <b>Apply Markup</b>
<IMG src="../images/checkmark_green.gif" border="0">
action will attempt to apply all the markup items for the match
<a href="help/topics/VersionTrackingPlugin/providers/VT_Apply_Options.html#Match_Apply_Options">
according to the apply settings</a>.
If the match is not already accepted, it will first be marked as accepted.</P>
<P align="left"><A name="Reject_Match"></A>The <b>Reject Match</b>
<IMG src="../images/dialog-cancel.png" border="0">
action will mark the match as rejected.</P>
<P align="left"><A name="Choose_Tag"></A>The <b>Choose Match Tag</b>
<IMG src="../images/tag_blue.png" border="0">
action allows the user to set a user-defined tag that has been created via the <A href=
"#Edit_Tag">Edit Tag</A> action.</P>
<P align="left"><A name="Remove_Tag"></A>The <b>Remove Match Tag</b>
<IMG src="../images/tag_blue_delete.png" border="0">
action removes any tag associated with the selected match(es) </P>
<P align="left"><A name="Edit_Tag"></A>The <b>Edit Tag</b>
<IMG src="../images/tag_blue_edit.png" border="0">
action allows the user to manage (create and delete) custom tags that can be applied to
matches.</P>
<P align="left"><A name="Clear_Match"></A>The <b>Clear Match</b> <IMG src="../images/undo-apply.png" border="0">
action will reset the match to unaccepted and undo any applied markup.</P>
<P align="left"><A name="Remove_Match"></A>The <b>Remove Match</b> <IMG src="../images/edit-delete.png" border="0">
action will remove a manually created match from the matches table.</P>
<P align="left"><A name="Make_Selections"></A>The <b>Make Selections</b> <IMG src="../images/text_align_justify.png" border="0">
action will create selections in the source and destination tools for all matches selected in the table.</P>
<P align="left"><A name="Match_Table_Selection"></A>The <b>Table Selection Mode</b>
<IMG src="../images/table_gear.png" border="0"> allows you to change the behavior
of the match table with regard to how it tracks table selections as you apply
matches.
</p>
<BLOCKQUOTE>
<P>
As you make changes to a match, the table will update. Sometimes as the table
updates the changed match will disappear from the table (for example, if your filter
settings are setup to hide applied matches and you have just applied a match). The
default behavior (<IMG src="../images/table_gear.png" border="0">) is to keep
the table selection on the same row, regardless of whether
the match changes its position in the table or is removed from the table altogether.
</P>
<P>
Table Selection States:
</P>
<TABLE border="1" width="90%">
<TR>
<TH>Action Icon</TH>
<TH nowrap>Action Name</TH>
<TH>Description</TH>
</TR>
<TR>
<TD valign="top" align="center"><IMG src="../images/table_gear.png" border="0"></TD>
<TD nowrap valign="top">Track Selected Index</TD>
<TD valign="top">Causes the match table to maintain the selection for
the selected <b>row</b>. So, for example, if you change a match, and that
match is moved as a result of the table re-sorting, then the selection
will remain on the row where the applied match used to be.
</TD>
</TR>
<TR>
<TD valign="top" align="center"><IMG src="../images/table_go.png" border="0"></TD>
<TD nowrap valign="top">Track Selected Match</TD>
<TD valign="top">Causes the match table to maintain the selection for
the selected <b>match</b>. So, for example, if you change a match,
and that match is moved as a result of the table re-sorting, then
the selection will change to keep the applied match selected.
</TD>
</TR>
<TR>
<TD valign="top" align="center"><IMG src="../images/table_delete.png" border="0"></TD>
<TD nowrap valign="top">No Selection Tracking</TD>
<TD valign="top">In this state the table will not restore selections.
If changes are made to matches, the selection will be lost.
</TD>
</TR>
</TABLE>
</BLOCKQUOTE>
<BR>
<BR>
<P align="left"><A name="Match_Table_Settings"></A>The <b>Settings</b> <IMG src="../images/settings16.gif" border="0">
action will bring up the version tracking accept and apply options.</P>
</BLOCKQUOTE>
<H2><A name="Match_Filters"></A>Match Filters</H2>
<BLOCKQUOTE>
<P align="left">The match table has an extensive assortment of filters. There
are several commonly used filter controls at the bottom of the table:
<ol>
<li><b>Text Filter</b> - allows you to filter based on any text in the table
</li>
<li><b>Score Filter</b> - allows you to filter on a range of scores. All scores
are between 0 and 1
</li>
<li><b>Confidence Filter</b> - allows you to filter a range of confidence values.
All confidence values will be greater than -9.999 and smaller than 9.999.
</li>
<li><b>Length Filter</b> - is used to filter out
functions that are smaller than some number
</li>
</ol>
</P>
<P>Finally, the <IMG src="../images/view-filter.png" border="0"> will show the ancillary filters
available. The table below lists and describes the available filters. When an ancillary
filter is applied, the icon will change to <IMG src="../images/lightbulb.png" border="0"> .
Further, the icon may occasionally flash as a reminder that there is a filter applied.</P>
<BR>
<TABLE border="1" width="90%">
<TR>
<TH nowrap>Filter Name</TH>
<TH>Description</TH>
</TR>
<TR>
<TD valign="top">Match Type</TD>
<TD valign="top">This filter allows the user to show only function or data matches.</TD>
</TR>
<TR>
<TD valign="top" nowrap>Association Status</TD>
<TD valign="top">This filter allows the user to show only matches whose assocation
has one of the included status types. A useful setting
for this filter is to turn off all but the <B>Available</B> status. This will cause the
table to act like a "To Do" list.</TD>
</TR>
<TR>
<TD valign="top">Symbol Type</TD>
<TD valign="top">This filter allows the user to show only matches whose source or
destination labels are of one of the included symbol types.</TD>
</TR>
<TR>
<TD valign="top">Algorithms</TD>
<TD valign="top">This filter allows the user to show only matches that were generated
by one of the included types of correlating algorithms</TD>
</TR>
<TR>
<TD valign="top">Address Range</TD>
<TD valign="top">This filter allows the user to show only matches whose source or
destination address is within the specified range.</TD>
</TR>
<TR>
<TD valign="top">Tags</TD>
<TD valign="top">This filter allows the user to show only matches whose tag is an
included tag.</TD>
</TR>
</TABLE>
</BLOCKQUOTE>
</BLOCKQUOTE> <!-- end of top-level blockquote -->
<P class="providedbyplugin">Provided by: <I>Version Tracking Plugin</I></P>
<P class="relatedtopic">Related Topics:</P>
<UL>
<LI><A href="help/topics/VersionTrackingPlugin/providers/VT_Markup_Table.html">Version
Tracking Markup Items Table</A></LI>
<LI><A href="help/topics/VersionTrackingPlugin/VT_Tool.html">Version Tracking Tool</A></LI>
<LI><A href="help/topics/VersionTrackingPlugin/Version_Tracking_Intro.html">Version
Tracking Introduction</A></LI>
</UL><BR>
<BR>
</BODY>
</HTML>

161
Ghidra/Features/VersionTracking/src/main/help/help/topics/VersionTrackingPlugin/providers/VT_Related_Associations_Table.html Normal file
View file

@ -0,0 +1,161 @@
<!DOCTYPE doctype PUBLIC "-//W3C//DTD HTML 4.0 Frameset//EN">
<HTML>
<HEAD>
<META name="generator" content=
"HTML Tidy for Java (vers. 2009-12-01), see jtidy.sourceforge.net">
<TITLE>Version Tracking Related Matches Table</TITLE>
<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
<LINK rel="stylesheet" type="text/css" href="../../../shared/Frontpage.css">
</HEAD>
<BODY lang="EN-US">
<BLOCKQUOTE>
<H1><A name="Related_Matches_Table"></A>Version Tracking Related Matches Table</H1>
<H2><A name="Related Matches"></A>Related Matches</H2>
<BLOCKQUOTE>
<P>The <B>Related Matches</B> table is a dockable window that is available in both the
Version Tracking Source Tool and Destination Tool. By default it appears as a small window
in the bottom right corner of the tool. It shows a list of potential matches for the
function or data where the cursor is currently located within the tool's listing. This
match information is generated by the correlators chosen by the user.</P>
<P>The <B>Related Matches</B> Table provides fields with the same information as those in
the <A href="help/topics/VersionTrackingPlugin/providers/VT_Matches_Table.html">Matches
Table</A>. For a description of the table characteristics, see that table. The main
difference between this table and the Matches Table is that this table only displays the
matches related to the current function or data.</P>
<H3><A name="Version Tracking Matches For Source">Version Tracking Matches For
Source</A></H3>
<BLOCKQUOTE>
<P>In the Source Tool the <B>Related Matches</B> table shows all correlator or manually
generated matches for the single function or data that is currently active in the Source
Tool. Likewise the <B>Related Matches</B> table in the Destination Tool shows all
correlator or manually generated matches for the single function or data that is
currently active in the Destination Tool.</P>
<P>The following image shows an example <B>Related Matches</B> table from a Version
Tracking Source Tool.<BR>
</P>
<TABLE width="100%">
<TBODY>
<TR>
<TD align="center"><IMG alt="" border="0" src=
"../images/OneToManySource.png"></TD>
</TR>
</TBODY>
</TABLE>
<P>The information above the table indicates the name and address for the current tool's
function or data. In the Source Tool if the cursor is within a function then the
information above the table shows the current source function's name and entry point
address. <I>In this case, our cursor is in the function <B>addPerson</B> in the Source
Tool.</I><BR>
<BR>
The table itself contains a row for each of the matches (if any) for the current function
or data. Each table row shows the name and address of each possible match in the
Destination Tool, along with other match information. <I>In this case, correlators have
found more than one potential match to the current function in the Source Tool. These
matches might be entirely different functions or the same function but found with
different correlators. In this example, the user decided that "addPerson" in the source
program matched function <B>addPerson</B> in the destination program. It has already been
accepted by the user as the correct match. Therefore both rows that indicate a match to
the same destination function are marked accepted. By definition, there can only be one
accepted match per function.</I></P>
<BLOCKQUOTE>
<P><IMG alt="" border="0" src="../../../shared/tip.png"> Selecting a row in the Related
Match Table causes the Destination Tool to navigate to that selected destination
address.</P>
</BLOCKQUOTE>
</BLOCKQUOTE>
<H3><A name="Version Tracking Matches For Destination">Version Tracking Matches For
Destination</A></H3>
<BLOCKQUOTE>
<P>The Destination Tool has its own <B>Related Matches</B> table. This has information
for the function or data where the cursor is currently located in the Destination Tools
listing. Each row of this table indicates a match to a source function. The following
shows the related matches in the Destination Tool that are related to what was selected
above in the Source Tool's table.<BR>
<BR>
</P>
<TABLE width="100%">
<TBODY>
<TR>
<TD align="center"><IMG alt="" border="0" src=
"../images/OneToManyDestination.png"></TD>
</TR>
</TBODY>
</TABLE>
<P><I>In this case the Destination Tool's cursor is in function <B>addPerson</B>. There
are two matches displayed in the table which are to the same source address but were
arrived at by different correlation algorithms.</I></P>
<BLOCKQUOTE>
<P><IMG alt="" border="0" src="../../../shared/tip.png"> Selecting a row in this table
causes the Source Tool to navigate to that selected source address.</P>
</BLOCKQUOTE>
</BLOCKQUOTE>
</BLOCKQUOTE>
<H2><A name="Related_Match_Actions"></A>Actions</H2>
<BLOCKQUOTE>
<H3><A name="Select_Same_Match_In_Version_Tracking_Matches_Table">Select Match in VT
Matches Table</A> <IMG alt="" border="0" src="../images/text_align_justify.png"></H3>
<BLOCKQUOTE>
<P>As you select various matches in either <B>Related Matches</B> table, the other
(source or destination) tool will navigate to the function or data associated with the
match. However, the selected match in the <B>Version Tracking Matches</B> table will
remain the same. To force the selection in the <B>Version Tracking Matches</B> table to
match selection in the <B>Related Matches</B> table, use this action. This action can be
initiated as follows:</P>
<BLOCKQUOTE>
<P>Select a match in the <B>Related Matches</B> table and do either of the
following.</P>
<UL>
<LI>Click the toolbar button, <IMG alt="" border="0" src=
"../images/text_align_justify.png">.</LI>
<LI>Right-click on a row in the <B>Related Matches</B> table to get a popup menu.
From the popup menu choose <B>Select Match in VT Matches Table</B>.</LI>
</UL>
<P>Either of these will cause the same match to be selected in the Version Tracking
Matches table. When the match becomes selected in the Matches table, the Markup Items
table will update to show the items for that match and the markup items will be marked
with colors in the listings.</P>
</BLOCKQUOTE>
</BLOCKQUOTE>
</BLOCKQUOTE>
</BLOCKQUOTE>
<P class="providedbyplugin">Provided by: <I>Version Tracking Plugin</I></P>
<P class="relatedtopic">Related Topics:</P>
<UL>
<LI><A href="help/topics/VersionTrackingPlugin/providers/VT_Matches_Table.html">Version
Tracking Matches Table</A></LI>
<LI><A href="help/topics/VersionTrackingPlugin/VT_Tool.html">Version Tracking Tool</A></LI>
<LI><A href="help/topics/VersionTrackingPlugin/Version_Tracking_Intro.html">Version Tracking
Introduction</A></LI>
</UL><BR>
<BR>
</BODY>
</HTML>

236
Ghidra/Features/VersionTracking/src/main/java/ghidra/feature/vt/GhidraVersionTrackingScript.java Normal file
View file

@ -0,0 +1,236 @@
/* ###
* IP: GHIDRA
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package ghidra.feature.vt;
import ghidra.app.script.GhidraScript;
import ghidra.feature.vt.api.db.VTSessionDB;
import ghidra.feature.vt.api.main.*;
import ghidra.feature.vt.api.util.VTOptions;
import ghidra.framework.model.DomainFile;
import ghidra.framework.model.DomainFolder;
import ghidra.program.model.listing.*;
import ghidra.util.classfinder.ClassSearcher;
import ghidra.util.exception.CancelledException;
import ghidra.util.exception.VersionException;
import java.io.IOException;
import java.util.*;
public abstract class GhidraVersionTrackingScript extends GhidraScript {
protected VTSession vtSession;
protected Program sourceProgram;
protected Program destinationProgram;
private int transactionID;
public void createVersionTrackingSession(String sourceProgramPath, String destinationProgramPath)
throws Exception {
if (vtSession != null) {
throw new RuntimeException("Attempted to open a new session with one already open!");
}
sourceProgram = openProgram(sourceProgramPath);
destinationProgram = openProgram(destinationProgramPath);
createVersionTrackingSession("New Session", sourceProgram, destinationProgram);
}
public void createVersionTrackingSession(String name, Program source, Program destination)
throws Exception {
if (vtSession != null) {
throw new RuntimeException("Attempted to create a new session with one already open!");
}
sourceProgram = source;
destinationProgram = destination;
if (!sourceProgram.isUsedBy(this)) {
sourceProgram.addConsumer(this);
}
if (!destinationProgram.isUsedBy(this)) {
destinationProgram.addConsumer(this);
}
vtSession = VTSessionDB.createVTSession(name, sourceProgram, destinationProgram, this);
transactionID = vtSession.startTransaction("VT Script");
}
public void openVersionTrackingSession(String path) throws Exception {
if (vtSession != null) {
throw new RuntimeException("Attempted to open a session with one already open!");
}
if (state.getProject() == null) {
throw new RuntimeException("No project open.");
}
DomainFile file = state.getProject().getProjectData().getFile(path);
vtSession = (VTSessionDB) file.getDomainObject(this, true, true, monitor);
sourceProgram = vtSession.getSourceProgram();
destinationProgram = vtSession.getDestinationProgram();
if (!sourceProgram.isUsedBy(this)) {
sourceProgram.addConsumer(this);
}
if (!destinationProgram.isUsedBy(this)) {
destinationProgram.addConsumer(this);
}
transactionID = vtSession.startTransaction("VT Script");
}
public void saveVersionTrackingSession() throws IOException {
vtSession.endTransaction(transactionID, true);
vtSession.save();
transactionID = vtSession.startTransaction("VT Script");
}
public void saveSessionAs(String path, String name) throws Exception {
DomainFolder folder = state.getProject().getProjectData().getFolder(path);
folder.createFile(name, vtSession, monitor);
vtSession.setName(name);
}
@Override
public void cleanup(boolean success) {
closeVersionTrackingSession();
if (destinationProgram != null) {
closeProgram(destinationProgram);
}
if (sourceProgram != null) {
closeProgram(sourceProgram);
}
sourceProgram = null;
destinationProgram = null;
}
public void closeVersionTrackingSession() {
if (vtSession != null) {
vtSession.endTransaction(transactionID, true);
vtSession.release(this);
}
}
public Program openProgram(String path) throws VersionException, CancelledException,
IOException {
if (state.getProject() == null) {
throw new RuntimeException("No project open.");
}
DomainFile file = state.getProject().getProjectData().getFile(path);
return (Program) file.getDomainObject(this, true, true, monitor);
}
@Override
public void closeProgram(Program program) {
program.release(this);
}
public Set<String> getSourceFunctions() {
if (vtSession == null) {
throw new RuntimeException("You must have an open vt session");
}
return getFunctionNames(vtSession.getSourceProgram());
}
public Set<String> getDestinationFunctions() {
if (vtSession == null) {
throw new RuntimeException("You must have an open vt session");
}
return getFunctionNames(vtSession.getSourceProgram());
}
private Set<String> getFunctionNames(Program program) {
Set<String> functionNames = new HashSet<String>();
FunctionIterator functions = program.getFunctionManager().getFunctions(true);
for (Function function : functions) {
functionNames.add(function.getName());
}
return functionNames;
}
public List<String> getProgramCorrelators() {
List<String> correlators = new ArrayList<String>();
Set<VTProgramCorrelatorFactory> generateList = getVTProgramCorrelatorFactory();
for (VTProgramCorrelatorFactory vtProgramCorrelatorFactory : generateList) {
correlators.add(vtProgramCorrelatorFactory.getName());
}
return correlators;
}
public void runCorrelator(String name) throws CancelledException {
if (vtSession == null) {
throw new RuntimeException("You must have an open vt session to run a correlator");
}
VTProgramCorrelatorFactory correlatorFactory = getCorrelatorFactory(name);
VTProgramCorrelator correlator =
correlatorFactory.createCorrelator(null, sourceProgram,
sourceProgram.getMemory().getLoadedAndInitializedAddressSet(), destinationProgram,
destinationProgram.getMemory().getLoadedAndInitializedAddressSet(), new VTOptions("dummy"));
correlator.correlate(vtSession, monitor);
}
public Collection<VTMatch> getMatchesFromLastRunCorrelator() {
List<VTMatchSet> matchSets = vtSession.getMatchSets();
VTMatchSet last = matchSets.get(matchSets.size() - 1);
return last.getMatches();
}
public Function getSourceFunction(VTMatch vtMatch) {
VTAssociation association = vtMatch.getAssociation();
Program source = vtSession.getSourceProgram();
FunctionManager functionManager = source.getFunctionManager();
return functionManager.getFunctionAt(association.getSourceAddress());
}
public Function getDestinationFunction(VTMatch vtMatch) {
VTAssociation association = vtMatch.getAssociation();
Program destination = vtSession.getDestinationProgram();
FunctionManager functionManager = destination.getFunctionManager();
return functionManager.getFunctionAt(association.getDestinationAddress());
}
//==================================================================================================
// Potential Methods
//==================================================================================================
// to not correlate the entire program
// public void runCorrelator(String name, AddressSet addresSet)
// TODO
// -a way to allow users to apply markup of matches, given some filtering criteria
// (maybe via a callback)
// -a way to allow users to specify the **options** for applying, since this is how
// we perform applying now
//==================================================================================================
// Private Methods
//==================================================================================================
private VTProgramCorrelatorFactory getCorrelatorFactory(String name) {
Set<VTProgramCorrelatorFactory> generateList = getVTProgramCorrelatorFactory();
for (VTProgramCorrelatorFactory vtProgramCorrelatorFactory : generateList) {
if (vtProgramCorrelatorFactory.getName().equals(name)) {
return vtProgramCorrelatorFactory;
}
}
return null;
}
private static Set<VTProgramCorrelatorFactory> getVTProgramCorrelatorFactory() {
return ClassSearcher.getInstances(VTProgramCorrelatorFactory.class);
}
}

Some files were not shown because too many files have changed in this diff Show more