mirror of
https://github.com/NationalSecurityAgency/ghidra.git
synced 2025-10-03 09:49:23 +02:00
GP-3952 Updated the script categories to simplify and reduce the number of folders.
This commit is contained in:
ghidra_blue
parent
7772d98143
commit
7db176b2bd
82 changed files with 885 additions and 981 deletions
|
|
@ -19,7 +19,7 @@
|
|||
//script is more for diagnostic and demonstration purposes, since the application of unwind
|
||||
//information is already integrated into the Debugger.
|
||||
//@author
|
||||
//@category Stack
|
||||
//@category
|
||||
//@keybinding
|
||||
//@menupath
|
||||
//@toolbar
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
//Example script for training random forests to find function starts
|
||||
//@category machineLearning
|
||||
//@category Training
|
||||
|
||||
import java.util.*;
|
||||
import java.util.Map.Entry;
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
*/
|
||||
// Turns off function start searching (intended for use with the
|
||||
// headless analyzer as a prescript)
|
||||
//@category machineLearning
|
||||
//@category Search
|
||||
|
||||
import ghidra.app.script.GhidraScript;
|
||||
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
##
|
||||
# Generate the BSim signature for the function at the current address,
|
||||
# then dump the signature hashes and debug information to the console
|
||||
# @category: BSim.python
|
||||
# @category: BSim.Python
|
||||
# @runtime Jython
|
||||
|
||||
import ghidra.app.decompiler.DecompInterface as DecompInterface
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
##
|
||||
# Generate the BSim signature for the function at the current address, then dump the
|
||||
# signature hashes to the console
|
||||
# @category: BSim.python
|
||||
# @category: BSim.Python
|
||||
# @runtime Jython
|
||||
|
||||
import ghidra.app.decompiler.DecompInterface as DecompInterface
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@
|
|||
# limitations under the License.
|
||||
##
|
||||
# Example of how to perform an overview query in a script
|
||||
# @category BSim.python
|
||||
# @category BSim.Python
|
||||
# @runtime Jython
|
||||
|
||||
import ghidra.features.bsim.query.facade.SFOverviewInfo as SFOverviewInfo
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@
|
|||
# limitations under the License.
|
||||
##
|
||||
#Generate signatures for every function in the current program and write them to an XML file in a user-specified directory
|
||||
#@category BSim.python
|
||||
#@category BSim.Python
|
||||
#@runtime Jython
|
||||
|
||||
import java.lang.System as System
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@
|
|||
# limitations under the License.
|
||||
##
|
||||
# Example of performing a BSim query on a single function
|
||||
# @category BSim.python
|
||||
# @category BSim.Python
|
||||
# @runtime Jython
|
||||
|
||||
import ghidra.features.bsim.query.BSimClientFactory as BSimClientFactory
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
// Build ResultState for current function
|
||||
// @category Experimental
|
||||
// @category
|
||||
|
||||
import java.util.*;
|
||||
|
||||
|
|
|
|||
|
|
@ -14,12 +14,12 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
//Converts an ascii hex file into binary file. Works for files with spaces and without. Assumes hex bytes are zero padded so all values are two bytes long.
|
||||
//@category Conversion
|
||||
|
||||
import ghidra.app.script.GhidraScript;
|
||||
//@category
|
||||
|
||||
import java.io.*;
|
||||
|
||||
import ghidra.app.script.GhidraScript;
|
||||
|
||||
public class AsciiToBinaryScript extends GhidraScript {
|
||||
|
||||
private static final String EMPTY_STRING = "";
|
||||
|
|
@ -37,7 +37,8 @@ public class AsciiToBinaryScript extends GhidraScript {
|
|||
File outBinaryFile = askFile("Select Binary File", "Binary File");
|
||||
|
||||
if (outBinaryFile.equals(inAsciiFile)) {
|
||||
popup("Input file and output file are the same. Please choose a different file for the output." +
|
||||
popup(
|
||||
"Input file and output file are the same. Please choose a different file for the output." +
|
||||
inAsciiFile.getAbsolutePath());
|
||||
return;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
//Recursively finds a folder that matches a string and renames it to a new name.
|
||||
//@category Project
|
||||
//@category Program
|
||||
//@menupath
|
||||
|
||||
import ghidra.app.script.GhidraScript;
|
||||
|
|
@ -26,7 +26,6 @@ public class BatchRename extends GhidraScript {
|
|||
public BatchRename() {
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public void run() throws Exception {
|
||||
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
//Separates co-mingled n-bit and 64-bit binaries into two folder trees.
|
||||
//@category Project
|
||||
//@category Program
|
||||
//@menupath
|
||||
|
||||
import java.io.IOException;
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
/* ###
|
||||
* IP: GHIDRA
|
||||
* REVIEWED: YES
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -15,13 +14,12 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
//Converts a binary file into an ascii hex file.
|
||||
//@category Conversion
|
||||
|
||||
import ghidra.app.script.GhidraScript;
|
||||
import ghidra.util.Conv;
|
||||
//@category
|
||||
|
||||
import java.io.*;
|
||||
|
||||
import ghidra.app.script.GhidraScript;
|
||||
import ghidra.util.Conv;
|
||||
|
||||
public class BinaryToAsciiScript extends GhidraScript {
|
||||
|
||||
|
|
@ -42,7 +40,8 @@ public class BinaryToAsciiScript extends GhidraScript {
|
|||
}
|
||||
|
||||
if (outAsciiFile.exists()) {
|
||||
if (!askYesNo("Ascii File Already Exists", "The ascii file already exists.\nDo you want to overwrite it?")) {
|
||||
if (!askYesNo("Ascii File Already Exists",
|
||||
"The ascii file already exists.\nDo you want to overwrite it?")) {
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
// Produces a list of instructions whose pcode contains a CALLOTHER pcode op. The list is
|
||||
// sorted by number of occurrences of an instruction. When run headlessly, the list is displayed
|
||||
// each time a program is processed and the counts are cumulative.
|
||||
// @category sleigh
|
||||
// @category Sleigh
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
|
|
|||
|
|
@ -17,12 +17,12 @@
|
|||
//and saves the results to a file.
|
||||
//@category Customer Submission.Strings
|
||||
|
||||
import java.io.*;
|
||||
|
||||
import ghidra.app.script.GhidraScript;
|
||||
import ghidra.program.model.listing.*;
|
||||
import ghidra.program.util.ProgramSelection;
|
||||
|
||||
import java.io.*;
|
||||
|
||||
public class CountAndSaveStrings extends GhidraScript {
|
||||
private Listing listing;
|
||||
private File saveFile;
|
||||
|
|
@ -46,8 +46,8 @@ public class CountAndSaveStrings extends GhidraScript {
|
|||
private File getSaveFile() throws Exception {
|
||||
File file = askFile("Choose File Location", "Save");
|
||||
if (file.exists()) {
|
||||
if (!askYesNo("File Already Exists", "A file already exists with the name you "
|
||||
+ "chose.\nDo you want to overwrite it?")) {
|
||||
if (!askYesNo("File Already Exists", "A file already exists with the name you " +
|
||||
"chose.\nDo you want to overwrite it?")) {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@
|
|||
//
|
||||
// The name of the .exports file will be printed when the script finishes.
|
||||
//
|
||||
//@category Windows
|
||||
//@category
|
||||
//@keybinding
|
||||
//@menupath
|
||||
//@toolbar
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
//finds and creates strings that end with '\n'
|
||||
//@category Memory
|
||||
//@category Data Types
|
||||
|
||||
import ghidra.app.script.GhidraScript;
|
||||
import ghidra.program.model.address.Address;
|
||||
|
|
|
|||
|
|
@ -15,13 +15,12 @@
|
|||
*/
|
||||
// Attempt to parse single instruction from memory bytes at current location.
|
||||
// Parse trace output written to Tool Console.
|
||||
// @category sleigh
|
||||
// @category Sleigh
|
||||
import ghidra.app.plugin.processors.sleigh.SleighDebugLogger;
|
||||
import ghidra.app.plugin.processors.sleigh.SleighDebugLogger.SleighDebugMode;
|
||||
import ghidra.app.script.GhidraScript;
|
||||
import ghidra.util.StringUtilities;
|
||||
|
||||
|
||||
public class DebugSleighInstructionParse extends GhidraScript {
|
||||
|
||||
@Override
|
||||
|
|
@ -32,7 +31,8 @@ public class DebugSleighInstructionParse extends GhidraScript {
|
|||
}
|
||||
|
||||
try {
|
||||
SleighDebugLogger logger = new SleighDebugLogger(currentProgram, currentAddress, SleighDebugMode.VERBOSE);
|
||||
SleighDebugLogger logger =
|
||||
new SleighDebugLogger(currentProgram, currentAddress, SleighDebugMode.VERBOSE);
|
||||
|
||||
if (!logger.parseFailed()) {
|
||||
logger.append("\n");
|
||||
|
|
@ -48,12 +48,14 @@ public class DebugSleighInstructionParse extends GhidraScript {
|
|||
for (int i = 0; i < logger.getNumOperands(); i++) {
|
||||
mask = logger.getOperandValueMask(i);
|
||||
logger.append("\nOp-" + i + " Mask: " + getFormattedBytes(mask));
|
||||
logger.append("\nOp-" + i + " Value: " + getFormattedBytes(logger.getMaskedBytes(mask)));
|
||||
logger.append(
|
||||
"\nOp-" + i + " Value: " + getFormattedBytes(logger.getMaskedBytes(mask)));
|
||||
}
|
||||
}
|
||||
println(logger.toString());
|
||||
|
||||
} catch (Exception e) {
|
||||
}
|
||||
catch (Exception e) {
|
||||
println(e.getMessage());
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
//Convenience script to quickly clear, edit, and recreate the code or data at the current cursor location.
|
||||
//@category Memory
|
||||
//@category Update
|
||||
//@keybinding
|
||||
//@menupath
|
||||
//@toolbar
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
*/
|
||||
//Looks for already defined graphic image data in the program
|
||||
//and writes all selected images to a directory.
|
||||
//@category Images
|
||||
//@category
|
||||
|
||||
import java.awt.image.BufferedImage;
|
||||
import java.io.File;
|
||||
|
|
|
|||
|
|
@ -14,15 +14,15 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
//Rid us of those pesky FF's that become bad instructions
|
||||
//@category Cleanup
|
||||
//@category
|
||||
|
||||
import java.util.Arrays;
|
||||
|
||||
import ghidra.app.script.GhidraScript;
|
||||
import ghidra.program.model.address.Address;
|
||||
import ghidra.program.model.data.CategoryPath;
|
||||
import ghidra.program.model.data.DataType;
|
||||
|
||||
import java.util.Arrays;
|
||||
|
||||
public class FFsBeGoneScript extends GhidraScript {
|
||||
private Address addr;
|
||||
byte[] bytes = new byte[10];
|
||||
|
|
@ -83,11 +83,17 @@ public class FFsBeGoneScript extends GhidraScript {
|
|||
if (!isUndefinedData(addr)) {
|
||||
if (currentProgram.getListing().getInstructionContaining(addr) != null) {
|
||||
addr =
|
||||
currentProgram.getListing().getInstructionContaining(addr).getMaxAddress().next();
|
||||
currentProgram.getListing()
|
||||
.getInstructionContaining(addr)
|
||||
.getMaxAddress()
|
||||
.next();
|
||||
}
|
||||
else if (currentProgram.getListing().getDefinedDataContaining(addr) != null) {
|
||||
addr =
|
||||
currentProgram.getListing().getDefinedDataContaining(addr).getMaxAddress().next();
|
||||
currentProgram.getListing()
|
||||
.getDefinedDataContaining(addr)
|
||||
.getMaxAddress()
|
||||
.next();
|
||||
}
|
||||
advance();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
//Finds programs containing various audio resources such as WAV's
|
||||
//@category Resources
|
||||
//@category Search
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
|
|
@ -109,7 +109,8 @@ public class FindAudioInProgramScript extends GhidraScript {
|
|||
break;
|
||||
}
|
||||
found =
|
||||
memory.findBytes(start, blocks[i].getEnd(), imageBytes, mask, true, monitor);
|
||||
memory.findBytes(start, blocks[i].getEnd(), imageBytes, mask, true,
|
||||
monitor);
|
||||
if (found != null) {
|
||||
foundImages.add(found);
|
||||
start = found.add(1);
|
||||
|
|
|
|||
|
|
@ -14,7 +14,10 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
//Finds PNG and GIF images and applies data type if not already applied
|
||||
//@category Images
|
||||
//@category Search
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import ghidra.app.script.GhidraScript;
|
||||
import ghidra.program.model.address.Address;
|
||||
import ghidra.program.model.data.GifDataType;
|
||||
|
|
@ -23,9 +26,6 @@ import ghidra.program.model.listing.Data;
|
|||
import ghidra.program.model.mem.Memory;
|
||||
import ghidra.program.model.mem.MemoryBlock;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
public class FindImagesScript extends GhidraScript {
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
/* ###
|
||||
* IP: GHIDRA
|
||||
* REVIEWED: YES
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@
|
|||
//
|
||||
// Script may be constrained by a selection.
|
||||
//
|
||||
//@category ELF Relocations
|
||||
//@category DWARF
|
||||
import java.util.Iterator;
|
||||
|
||||
import ghidra.app.script.GhidraScript;
|
||||
|
|
@ -82,7 +82,8 @@ public class FixElfExternalOffsetDataRelocationScript extends GhidraScript {
|
|||
}
|
||||
}
|
||||
|
||||
private boolean updateExternalDataRelocation(Bookmark relocErrorBookmark, MessageLog log) throws Exception {
|
||||
private boolean updateExternalDataRelocation(Bookmark relocErrorBookmark, MessageLog log)
|
||||
throws Exception {
|
||||
|
||||
Address address = relocErrorBookmark.getAddress();
|
||||
String bookmarkComment = relocErrorBookmark.getComment();
|
||||
|
|
@ -112,12 +113,14 @@ public class FixElfExternalOffsetDataRelocationScript extends GhidraScript {
|
|||
Memory memory = currentProgram.getMemory();
|
||||
DumbMemBufferImpl buf = new DumbMemBufferImpl(memory, address);
|
||||
|
||||
Address symbolAddr = PointerDataType.getAddressValue(buf, byteSize, address.getAddressSpace());
|
||||
Address symbolAddr =
|
||||
PointerDataType.getAddressValue(buf, byteSize, address.getAddressSpace());
|
||||
if (symbolAddr == null) {
|
||||
return false; // invalid pointer data
|
||||
}
|
||||
|
||||
String symbolName = bookmarkComment.substring(EXT_RELO_BOOKMARK_TEXT_PREFIX.length(), index - 1).trim();
|
||||
String symbolName =
|
||||
bookmarkComment.substring(EXT_RELO_BOOKMARK_TEXT_PREFIX.length(), index - 1).trim();
|
||||
if (currentProgram.getSymbolTable().getSymbol(symbolName, symbolAddr, null) == null) {
|
||||
return false; // EXTERNAL block symbol not found at stored address
|
||||
}
|
||||
|
|
@ -146,7 +149,8 @@ public class FixElfExternalOffsetDataRelocationScript extends GhidraScript {
|
|||
|
||||
currentProgram.getBookmarkManager().removeBookmark(relocErrorBookmark);
|
||||
|
||||
ElfRelocationHandler.warnExternalOffsetRelocation(currentProgram, address, symbolAddr, symbolName, offset, log);
|
||||
ElfRelocationHandler.warnExternalOffsetRelocation(currentProgram, address, symbolAddr,
|
||||
symbolName, offset, log);
|
||||
|
||||
DataType offsetPtrDt =
|
||||
currentProgram.getDataTypeManager()
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
/* ###
|
||||
* IP: GHIDRA
|
||||
* REVIEWED: YES
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -15,7 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
//Iterates over all defined data in the current program.
|
||||
//@category Iteration
|
||||
//@category Examples
|
||||
|
||||
import ghidra.app.script.GhidraScript;
|
||||
import ghidra.program.model.listing.Data;
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
//Iterates over all functions in the current program
|
||||
//starting at the minimum address of the program.
|
||||
//
|
||||
//@category Iteration
|
||||
//@category Examples
|
||||
|
||||
import ghidra.app.script.GhidraScript;
|
||||
import ghidra.program.model.address.Address;
|
||||
|
|
@ -29,7 +29,8 @@ public class IterateFunctionsByAddressScript extends GhidraScript {
|
|||
public void run() throws Exception {
|
||||
|
||||
boolean forward =
|
||||
askYesNo("Iterate Function", "Do you want to iterate from low address to high address?");
|
||||
askYesNo("Iterate Function",
|
||||
"Do you want to iterate from low address to high address?");
|
||||
|
||||
if (forward) {
|
||||
iterateForward();
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
/* ###
|
||||
* IP: GHIDRA
|
||||
* REVIEWED: YES
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -15,7 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
//Iterates over all functions in the current program.
|
||||
//@category Iteration
|
||||
//@category Examples
|
||||
|
||||
import ghidra.app.script.GhidraScript;
|
||||
import ghidra.program.model.listing.Function;
|
||||
|
|
@ -26,7 +25,8 @@ public class IterateFunctionsScript extends GhidraScript {
|
|||
public void run() throws Exception {
|
||||
|
||||
boolean forward =
|
||||
askYesNo("Iterate Function", "Do you want to iterate from low address to high address?");
|
||||
askYesNo("Iterate Function",
|
||||
"Do you want to iterate from low address to high address?");
|
||||
|
||||
if (forward) {
|
||||
iterateForward();
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
/* ###
|
||||
* IP: GHIDRA
|
||||
* REVIEWED: YES
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -15,7 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
//Iterates over all instructions in the current program.
|
||||
//@category Iteration
|
||||
//@category Examples
|
||||
|
||||
import ghidra.app.script.GhidraScript;
|
||||
import ghidra.program.model.listing.Instruction;
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
/* ###
|
||||
* IP: GHIDRA
|
||||
* REVIEWED: YES
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
// Generate WARNING Bookmarks at instructions whose pcode contains a CALLOTHER op.
|
||||
// This is useful to find PseudoOps that need to be implemented to yield better
|
||||
// emulation or decompilation.
|
||||
// @category sleigh
|
||||
// @category Sleigh
|
||||
|
||||
import ghidra.app.script.GhidraScript;
|
||||
import ghidra.program.disassemble.Disassembler;
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
// Generate WARNING Bookmarks on instructions which have unimplemented pcode.
|
||||
// Similar to disassembler's built-in marking but allows for refresh after
|
||||
// language update.
|
||||
// @category sleigh
|
||||
// @category Sleigh
|
||||
import ghidra.app.script.GhidraScript;
|
||||
import ghidra.program.disassemble.Disassembler;
|
||||
import ghidra.program.model.address.AddressSetView;
|
||||
|
|
@ -60,7 +60,8 @@ public class MarkUnimplementedPcode extends GhidraScript {
|
|||
}
|
||||
|
||||
private void markUnimplementedPcode(Instruction instr) {
|
||||
currentProgram.getBookmarkManager().setBookmark(instr.getAddress(), BookmarkType.WARNING,
|
||||
currentProgram.getBookmarkManager()
|
||||
.setBookmark(instr.getAddress(), BookmarkType.WARNING,
|
||||
Disassembler.UNIMPL_BOOKMARK_CATEGORY,
|
||||
"Instruction pcode is unimplemented: " + instr.getMnemonicString());
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,33 +16,23 @@
|
|||
//This script applies labels and comments to the WallaceSrc.exe program for use with GhidraClass exercises
|
||||
//@category Training.Ghidra Class
|
||||
|
||||
|
||||
import ghidra.app.script.GhidraScript;
|
||||
import ghidra.program.model.address.Address;
|
||||
import ghidra.program.model.data.ArrayDataType;
|
||||
import ghidra.program.model.data.BooleanDataType;
|
||||
import ghidra.program.model.data.CharDataType;
|
||||
import ghidra.program.model.data.IntegerDataType;
|
||||
import ghidra.program.model.data.PointerDataType;
|
||||
import ghidra.program.model.data.Structure;
|
||||
import ghidra.program.model.data.StructureDataType;
|
||||
import ghidra.program.model.listing.Function;
|
||||
import ghidra.program.model.data.*;
|
||||
import ghidra.program.model.listing.*;
|
||||
import ghidra.program.model.listing.Function.FunctionUpdateType;
|
||||
import ghidra.program.model.listing.Parameter;
|
||||
import ghidra.program.model.listing.ParameterImpl;
|
||||
import ghidra.program.model.symbol.Namespace;
|
||||
import ghidra.program.model.symbol.SourceType;
|
||||
import ghidra.program.model.symbol.SymbolTable;
|
||||
import ghidra.program.model.symbol.*;
|
||||
import ghidra.util.exception.InvalidInputException;
|
||||
|
||||
public class MarkupWallaceSrcScript extends GhidraScript {
|
||||
|
||||
|
||||
@Override
|
||||
public void run() throws Exception {
|
||||
|
||||
if(!currentProgram.getName().contains("WallaceSrc") || (!currentProgram.getExecutableMD5().equals("2527c463a079c81af7b3bc1d26bd3b5d"))) {
|
||||
println("This script is only meant to work on the WallaceSrc executable with md5 hash 2527c463a079c81af7b3bc1d26bd3b5d.");
|
||||
if (!currentProgram.getName().contains("WallaceSrc") ||
|
||||
(!currentProgram.getExecutableMD5().equals("2527c463a079c81af7b3bc1d26bd3b5d"))) {
|
||||
println(
|
||||
"This script is only meant to work on the WallaceSrc executable with md5 hash 2527c463a079c81af7b3bc1d26bd3b5d.");
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
@ -68,49 +58,63 @@ public class MarkupWallaceSrcScript extends GhidraScript {
|
|||
//Gadget::Gadget(Gadget * this, undefined4 param_1)
|
||||
Function gadgetFunction = getFunctionAt(toAddr(0x00411440));
|
||||
Parameter[] parameters = gadgetFunction.getParameters();
|
||||
parameters[0] = new ParameterImpl("this", new PointerDataType(gadgetStruct), currentProgram);
|
||||
gadgetFunction.replaceParameters(FunctionUpdateType.DYNAMIC_STORAGE_ALL_PARAMS,true, SourceType.USER_DEFINED, parameters);
|
||||
parameters[0] =
|
||||
new ParameterImpl("this", new PointerDataType(gadgetStruct), currentProgram);
|
||||
gadgetFunction.replaceParameters(FunctionUpdateType.DYNAMIC_STORAGE_ALL_PARAMS, true,
|
||||
SourceType.USER_DEFINED, parameters);
|
||||
|
||||
//deployGadget - return type = Gadget *
|
||||
Function deployGadgetFunction = getFunctionAt(toAddr(0x004118f0));
|
||||
deployGadgetFunction.setReturnType(new PointerDataType(gadgetStruct), SourceType.USER_DEFINED);
|
||||
deployGadgetFunction.setReturnType(new PointerDataType(gadgetStruct),
|
||||
SourceType.USER_DEFINED);
|
||||
|
||||
//initializePeople(Person *)
|
||||
Function initPeopleFunction = getFunctionAt(toAddr(0x004117c0));
|
||||
parameters = initPeopleFunction.getParameters();
|
||||
parameters[0] = new ParameterImpl("people", new PointerDataType(personStruct), currentProgram);
|
||||
initPeopleFunction.replaceParameters(FunctionUpdateType.DYNAMIC_STORAGE_ALL_PARAMS,true, SourceType.USER_DEFINED, parameters);
|
||||
parameters[0] =
|
||||
new ParameterImpl("people", new PointerDataType(personStruct), currentProgram);
|
||||
initPeopleFunction.replaceParameters(FunctionUpdateType.DYNAMIC_STORAGE_ALL_PARAMS, true,
|
||||
SourceType.USER_DEFINED, parameters);
|
||||
|
||||
//use(Gadget *this, Person *person)
|
||||
Function useFunction = getFunctionAt(toAddr(0x00411570));
|
||||
parameters = useFunction.getParameters();
|
||||
parameters[0] = new ParameterImpl("this", new PointerDataType(gadgetStruct), currentProgram);
|
||||
parameters[1] = new ParameterImpl("person", new PointerDataType(personStruct), currentProgram);
|
||||
useFunction.replaceParameters(FunctionUpdateType.DYNAMIC_STORAGE_ALL_PARAMS,true, SourceType.USER_DEFINED, parameters);
|
||||
parameters[0] =
|
||||
new ParameterImpl("this", new PointerDataType(gadgetStruct), currentProgram);
|
||||
parameters[1] =
|
||||
new ParameterImpl("person", new PointerDataType(personStruct), currentProgram);
|
||||
useFunction.replaceParameters(FunctionUpdateType.DYNAMIC_STORAGE_ALL_PARAMS, true,
|
||||
SourceType.USER_DEFINED, parameters);
|
||||
|
||||
//addPerson(Person ** list, char * name)
|
||||
Function addPersonFunction = getFunctionAt(toAddr(0x00411860));
|
||||
parameters = addPersonFunction.getParameters();
|
||||
parameters[0] = new ParameterImpl("list", new PointerDataType(new PointerDataType(personStruct)), currentProgram);
|
||||
parameters[1] = new ParameterImpl("name", new PointerDataType(new CharDataType()), currentProgram);
|
||||
addPersonFunction.replaceParameters(FunctionUpdateType.DYNAMIC_STORAGE_ALL_PARAMS,true, SourceType.USER_DEFINED, parameters);
|
||||
parameters[0] = new ParameterImpl("list",
|
||||
new PointerDataType(new PointerDataType(personStruct)), currentProgram);
|
||||
parameters[1] =
|
||||
new ParameterImpl("name", new PointerDataType(new CharDataType()), currentProgram);
|
||||
addPersonFunction.replaceParameters(FunctionUpdateType.DYNAMIC_STORAGE_ALL_PARAMS, true,
|
||||
SourceType.USER_DEFINED, parameters);
|
||||
|
||||
//addPeople(Person ** list)
|
||||
Function addPeopleFunction = getFunctionAt(toAddr(0x00411700));
|
||||
parameters = addPeopleFunction.getParameters();
|
||||
parameters[0] = new ParameterImpl("list", new PointerDataType(new PointerDataType(personStruct)), currentProgram);
|
||||
addPeopleFunction.replaceParameters(FunctionUpdateType.DYNAMIC_STORAGE_ALL_PARAMS,true, SourceType.USER_DEFINED, parameters);
|
||||
parameters[0] = new ParameterImpl("list",
|
||||
new PointerDataType(new PointerDataType(personStruct)), currentProgram);
|
||||
addPeopleFunction.replaceParameters(FunctionUpdateType.DYNAMIC_STORAGE_ALL_PARAMS, true,
|
||||
SourceType.USER_DEFINED, parameters);
|
||||
|
||||
//print(Gadget * pGadget)
|
||||
Function printFunction = getFunctionAt(toAddr(0x004115d0));
|
||||
parameters = printFunction.getParameters();
|
||||
parameters[0] = new ParameterImpl("this", new PointerDataType(gadgetStruct), currentProgram);
|
||||
printFunction.replaceParameters(FunctionUpdateType.DYNAMIC_STORAGE_ALL_PARAMS,true, SourceType.USER_DEFINED, parameters);
|
||||
parameters[0] =
|
||||
new ParameterImpl("this", new PointerDataType(gadgetStruct), currentProgram);
|
||||
printFunction.replaceParameters(FunctionUpdateType.DYNAMIC_STORAGE_ALL_PARAMS, true,
|
||||
SourceType.USER_DEFINED, parameters);
|
||||
|
||||
// Create labels for some of the functions
|
||||
SymbolTable symbolTable = currentProgram.getSymbolTable();
|
||||
|
||||
|
||||
//create the Class "Gadget" to put most function symbols in
|
||||
Namespace namespace = null;
|
||||
namespace = symbolTable.getNamespace("Gadget", null);
|
||||
|
|
@ -140,12 +144,17 @@ public class MarkupWallaceSrcScript extends GhidraScript {
|
|||
|
||||
// Add comments
|
||||
setPlateComment(toAddr(0x00411440), "This is the init method for the Gadget class");
|
||||
setPlateComment(toAddr(0x004115d0), "This method prints the status of a Person -- whether they are deployed or not and who they are deployed on. ");
|
||||
setPlateComment(toAddr(0x00411700), "This function adds all the people to the Person list.");
|
||||
setPlateComment(toAddr(0x004117c0), "This function initializes each person's record with whether or not they like cheese, their id, and a pointer to the next person.");
|
||||
setPlateComment(toAddr(0x004115d0),
|
||||
"This method prints the status of a Person -- whether they are deployed or not and who they are deployed on. ");
|
||||
setPlateComment(toAddr(0x00411700),
|
||||
"This function adds all the people to the Person list.");
|
||||
setPlateComment(toAddr(0x004117c0),
|
||||
"This function initializes each person's record with whether or not they like cheese, their id, and a pointer to the next person.");
|
||||
setPlateComment(toAddr(0x00411860), "This function adds a person to the Person list.");
|
||||
setPlateComment(toAddr(0x004118f0), "This function checks to see if the person on the list is Wallace and if so, it deploys the Infrared Garden Gnome.");
|
||||
setEOLComment(toAddr(0x004117e7), "Randomly assign whether each person likes cheese or not.");
|
||||
setPlateComment(toAddr(0x004118f0),
|
||||
"This function checks to see if the person on the list is Wallace and if so, it deploys the Infrared Garden Gnome.");
|
||||
setEOLComment(toAddr(0x004117e7),
|
||||
"Randomly assign whether each person likes cheese or not.");
|
||||
}
|
||||
|
||||
void createNewLabel(Address address, String name, Namespace namespace, SourceType sourceType) {
|
||||
|
|
@ -153,10 +162,10 @@ public class MarkupWallaceSrcScript extends GhidraScript {
|
|||
if (getSymbolAt(address).getSource().equals(SourceType.DEFAULT)) {
|
||||
try {
|
||||
symbolTable.createLabel(address, name, namespace, sourceType);
|
||||
} catch (InvalidInputException e) {
|
||||
}
|
||||
catch (InvalidInputException e) {
|
||||
println("Invalid input to create label.");
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
// This script displays data about Microsoft development tools (compilers, linkers, etc.)
|
||||
// used to build objects within program as stored in the Rich header and table.
|
||||
//
|
||||
//@category Windows
|
||||
//@category
|
||||
//@keybinding
|
||||
//@menupath
|
||||
//@toolbar
|
||||
|
|
@ -81,7 +81,11 @@ public class PortableExecutableRichPrintScript extends GhidraScript {
|
|||
MSProductType prodType = prod == null ? MSProductType.Unknown : prod.getProductType();
|
||||
|
||||
if (prodType != MSProductType.Unknown) {
|
||||
sb.append(prodType).append(" from ").append(prodVersion).append(", build ").append(
|
||||
sb.append(prodType)
|
||||
.append(" from ")
|
||||
.append(prodVersion)
|
||||
.append(", build ")
|
||||
.append(
|
||||
compid.getBuildNumber());
|
||||
}
|
||||
else {
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@
|
|||
# limitations under the License.
|
||||
##
|
||||
#Given a function, find all strings used within all called funtions.
|
||||
# @category: Strings
|
||||
# @category: Functions
|
||||
# @runtime Jython
|
||||
|
||||
# Handles only functions, not subroutines, as of now. Hopefully this will change later
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
// Reloads the language specification associated with a program at runtime.
|
||||
// @category sleigh
|
||||
// @category Sleigh
|
||||
import java.io.IOException;
|
||||
|
||||
import ghidra.app.script.GhidraScript;
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
//Script to allow repository admins the ability to terminate multiple file checkouts belonging to a single user.
|
||||
//@category MultiUser
|
||||
//@category Update
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
|
|
@ -61,13 +61,15 @@ public class RemoveUserCheckoutsScript extends GhidraScript {
|
|||
}
|
||||
if (!found) {
|
||||
if (OptionDialog.showYesNoDialogWithNoAsDefaultButton(null, "User Name Confirmation",
|
||||
"User '" + uname + "' not a registered server user.\nDo you still want to search for and remove checkouts for this user?") != OptionDialog.YES_OPTION) {
|
||||
"User '" + uname +
|
||||
"' not a registered server user.\nDo you still want to search for and remove checkouts for this user?") != OptionDialog.YES_OPTION) {
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if (projectData.getFileCount() > 1000) {
|
||||
if (OptionDialog.showYesNoDialogWithNoAsDefaultButton(null, "Large Repository Confirmation",
|
||||
if (OptionDialog.showYesNoDialogWithNoAsDefaultButton(null,
|
||||
"Large Repository Confirmation",
|
||||
"Repository contains a large number of failes and could be slow to search.\nDo you still want to search for and remove checkouts?") != OptionDialog.YES_OPTION) {
|
||||
return;
|
||||
}
|
||||
|
|
@ -85,7 +87,8 @@ public class RemoveUserCheckoutsScript extends GhidraScript {
|
|||
return folderPath + childName;
|
||||
}
|
||||
|
||||
private int removeCheckouts(RepositoryAdapter repository, String folderPath, String uid, TaskMonitor monitor) throws IOException, CancelledException {
|
||||
private int removeCheckouts(RepositoryAdapter repository, String folderPath, String uid,
|
||||
TaskMonitor monitor) throws IOException, CancelledException {
|
||||
int count = 0;
|
||||
for (RepositoryItem item : repository.getItemList(folderPath)) {
|
||||
monitor.checkCancelled();
|
||||
|
|
@ -97,15 +100,19 @@ public class RemoveUserCheckoutsScript extends GhidraScript {
|
|||
return count;
|
||||
}
|
||||
|
||||
private int removeCheckouts(RepositoryAdapter repository, RepositoryItem item, String uid) throws IOException {
|
||||
private int removeCheckouts(RepositoryAdapter repository, RepositoryItem item, String uid)
|
||||
throws IOException {
|
||||
int count = 0;
|
||||
ItemCheckoutStatus[] checkouts = repository.getCheckouts(item.getParentPath(), item.getName());
|
||||
ItemCheckoutStatus[] checkouts =
|
||||
repository.getCheckouts(item.getParentPath(), item.getName());
|
||||
for (ItemCheckoutStatus checkout : checkouts) {
|
||||
if (uid.equals(checkout.getUser())) {
|
||||
try {
|
||||
repository.terminateCheckout(item.getParentPath(), item.getName(), checkout.getCheckoutId(), false);
|
||||
repository.terminateCheckout(item.getParentPath(), item.getName(),
|
||||
checkout.getCheckoutId(), false);
|
||||
++count;
|
||||
} catch (IOException e) {
|
||||
}
|
||||
catch (IOException e) {
|
||||
printerr("Failed to remove checkout: " + e.getMessage());
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
/* ###
|
||||
* IP: GHIDRA
|
||||
* REVIEWED: YES
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -25,12 +24,12 @@
|
|||
//
|
||||
//@category Customer Submission.Search
|
||||
|
||||
import java.util.Iterator;
|
||||
|
||||
import ghidra.app.script.GhidraScript;
|
||||
import ghidra.program.model.data.DataTypeComponent;
|
||||
import ghidra.program.model.data.Structure;
|
||||
|
||||
import java.util.Iterator;
|
||||
|
||||
public class RenameStructMembers extends GhidraScript {
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
/* ###
|
||||
* IP: GHIDRA
|
||||
* REVIEWED: YES
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -23,9 +22,7 @@
|
|||
//@category Customer Submission.Search
|
||||
|
||||
import ghidra.app.script.GhidraScript;
|
||||
import ghidra.program.model.listing.Function;
|
||||
import ghidra.program.model.listing.FunctionIterator;
|
||||
import ghidra.program.model.listing.Variable;
|
||||
import ghidra.program.model.listing.*;
|
||||
import ghidra.program.model.symbol.SourceType;
|
||||
|
||||
public class RenameVariable extends GhidraScript {
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
/* ###
|
||||
* IP: GHIDRA
|
||||
* REVIEWED: YES
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -19,7 +18,10 @@
|
|||
// Function Definition. This resolves variable size errors which
|
||||
// result from this bad data state.
|
||||
//
|
||||
//@category Repair
|
||||
//@category
|
||||
import java.util.Arrays;
|
||||
import java.util.Comparator;
|
||||
|
||||
import ghidra.app.script.GhidraScript;
|
||||
import ghidra.program.model.address.Address;
|
||||
import ghidra.program.model.data.*;
|
||||
|
|
@ -28,9 +30,6 @@ import ghidra.program.model.symbol.SourceType;
|
|||
import ghidra.util.Msg;
|
||||
import ghidra.util.exception.InvalidInputException;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.Comparator;
|
||||
|
||||
public class RepairFuncDefinitionUsageScript extends GhidraScript {
|
||||
|
||||
private static class MyVariableOffsetComparator implements Comparator<Variable> {
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
/* ###
|
||||
* IP: GHIDRA
|
||||
* REVIEWED: YES
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -34,9 +33,7 @@
|
|||
|
||||
import ghidra.app.script.GhidraScript;
|
||||
import ghidra.program.model.address.Address;
|
||||
import ghidra.program.model.listing.Function;
|
||||
import ghidra.program.model.listing.FunctionIterator;
|
||||
import ghidra.program.model.listing.Variable;
|
||||
import ghidra.program.model.listing.*;
|
||||
import ghidra.program.model.mem.MemoryBlock;
|
||||
|
||||
public class ReplaceInComments extends GhidraScript {
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@
|
|||
// the script will optionally list any existing checkouts prior to starting
|
||||
// the batch upgrade.
|
||||
//
|
||||
//@category Upgrade
|
||||
//@category Program
|
||||
import java.io.IOException;
|
||||
|
||||
import ghidra.app.script.GhidraScript;
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@
|
|||
# 2. The user has imported the file into Ghidra and the user has since deleted the file. This Ghidra script attempts to
|
||||
# generate the original bytes of the imported file and asks the user to provide a filename to store the bytes. YARA then runs on that file.
|
||||
|
||||
#@category Memory.YARA
|
||||
#@category Search.YARA
|
||||
#@runtime Jython
|
||||
|
||||
import os.path
|
||||
|
|
|
|||
|
|
@ -56,10 +56,12 @@ public class SearchGuiSingle extends SearchBaseExtended {
|
|||
GroupLayout jPanel1Layout = new GroupLayout(jPanel1);
|
||||
jPanel1.setLayout(jPanel1Layout);
|
||||
jPanel1Layout.setHorizontalGroup(
|
||||
jPanel1Layout.createParallelGroup(GroupLayout.Alignment.LEADING).addGap(0, 100,
|
||||
jPanel1Layout.createParallelGroup(GroupLayout.Alignment.LEADING)
|
||||
.addGap(0, 100,
|
||||
Short.MAX_VALUE));
|
||||
jPanel1Layout.setVerticalGroup(
|
||||
jPanel1Layout.createParallelGroup(GroupLayout.Alignment.LEADING).addGap(0, 100,
|
||||
jPanel1Layout.createParallelGroup(GroupLayout.Alignment.LEADING)
|
||||
.addGap(0, 100,
|
||||
Short.MAX_VALUE));
|
||||
|
||||
frame.setDefaultCloseOperation(WindowConstants.DISPOSE_ON_CLOSE);
|
||||
|
|
@ -81,10 +83,15 @@ public class SearchGuiSingle extends SearchBaseExtended {
|
|||
.addGroup(layout.createParallelGroup(GroupLayout.Alignment.LEADING) //
|
||||
.addGroup(layout.createSequentialGroup() //
|
||||
.addContainerGap() //
|
||||
.addGroup(layout.createParallelGroup(GroupLayout.Alignment.LEADING) //
|
||||
.addGroup(layout.createParallelGroup(GroupLayout.Alignment.TRAILING) //
|
||||
.addGroup(layout
|
||||
.createParallelGroup(GroupLayout.Alignment.LEADING) //
|
||||
.addGroup(layout
|
||||
.createParallelGroup(
|
||||
GroupLayout.Alignment.TRAILING) //
|
||||
.addComponent(opTwoCheckBox) //
|
||||
.addGroup(layout.createParallelGroup(GroupLayout.Alignment.LEADING) //
|
||||
.addGroup(layout
|
||||
.createParallelGroup(
|
||||
GroupLayout.Alignment.LEADING) //
|
||||
.addComponent(mnemonicCheckBox) //
|
||||
.addComponent(opOneCheckBox) //
|
||||
) //
|
||||
|
|
@ -113,7 +120,8 @@ public class SearchGuiSingle extends SearchBaseExtended {
|
|||
.addComponent(opTwoCheckBox) //
|
||||
.addPreferredGap(LayoutStyle.ComponentPlacement.UNRELATED) //
|
||||
.addComponent(constCheckBox) //
|
||||
.addGap(18, 18, 18).addComponent(searchButton) //
|
||||
.addGap(18, 18, 18)
|
||||
.addComponent(searchButton) //
|
||||
.addContainerGap(27, Short.MAX_VALUE) //
|
||||
) //
|
||||
);
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
*/
|
||||
//Creates a selection in the current program consisting of the sum
|
||||
//of all function bodies.
|
||||
//@category Selection
|
||||
//@category
|
||||
|
||||
import ghidra.app.script.GhidraScript;
|
||||
import ghidra.program.model.address.AddressSet;
|
||||
|
|
|
|||
|
|
@ -28,7 +28,6 @@ import ghidra.program.model.sourcemap.SourceMapEntry;
|
|||
import ghidra.program.model.sourcemap.SourceMapEntryIterator;
|
||||
import ghidra.util.datastruct.Counter;
|
||||
|
||||
|
||||
public class ShowSourceMapEntryStartsScript extends GhidraScript {
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
//Example skeleton script that iterates over all strings and sets the translation value for each
|
||||
//@category Strings
|
||||
//@category Data Types
|
||||
|
||||
import ghidra.app.script.GhidraScript;
|
||||
import ghidra.program.model.data.StringDataInstance;
|
||||
|
|
|
|||
|
|
@ -14,13 +14,10 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
//XOR's the memory of the current program.
|
||||
//@category Memory
|
||||
//@category Analysis
|
||||
|
||||
import ghidra.app.script.GhidraScript;
|
||||
import ghidra.program.model.address.Address;
|
||||
import ghidra.program.model.address.AddressIterator;
|
||||
import ghidra.program.model.address.AddressSet;
|
||||
import ghidra.program.model.address.AddressSetView;
|
||||
import ghidra.program.model.address.*;
|
||||
import ghidra.program.model.mem.Memory;
|
||||
import ghidra.program.model.mem.MemoryBlock;
|
||||
|
||||
|
|
|
|||
|
|
@ -60,7 +60,8 @@ public class ZapBCTRScript extends GhidraScript {
|
|||
}
|
||||
|
||||
// first try input as class and search for symbol "<class>::__vtbl"
|
||||
List<Symbol> symbols = currentProgram.getSymbolTable().getSymbols("__vtbl",
|
||||
List<Symbol> symbols = currentProgram.getSymbolTable()
|
||||
.getSymbols("__vtbl",
|
||||
getNamespace(null, classNameOrAddr));
|
||||
// if symbol found, then vtblAddr is the symbol's address
|
||||
if (symbols.size() == 1) {
|
||||
|
|
@ -100,7 +101,8 @@ public class ZapBCTRScript extends GhidraScript {
|
|||
// insert funcName as EOL comment and
|
||||
// add a mnemonic ref from instAddr to funcAddr
|
||||
listing.setComment(instAddr, CommentType.EOL, funcName);
|
||||
listing.getInstructionAt(instAddr).addMnemonicReference(funcAddr, RefType.COMPUTED_CALL,
|
||||
listing.getInstructionAt(instAddr)
|
||||
.addMnemonicReference(funcAddr, RefType.COMPUTED_CALL,
|
||||
SourceType.USER_DEFINED);
|
||||
|
||||
/* old code that replaces the 'bctr' with a 'bl'
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@
|
|||
# limitations under the License.
|
||||
##
|
||||
# Sets up IOPORT IN/OUT references for the Program
|
||||
#@category Instructions
|
||||
#@category
|
||||
#@runtime Jython
|
||||
# Before running this script, you should have created an OVERLAY memory
|
||||
# space called IOMEM, starting at address 0, size 0x10000.
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
*/
|
||||
//Use this script to dump the information about the function bit patterns for the
|
||||
// current function to the ghidra console.
|
||||
//@category FunctionStartPatterns
|
||||
//@category Functions
|
||||
import java.util.List;
|
||||
|
||||
import ghidra.app.script.GhidraScript;
|
||||
|
|
|
|||
|
|
@ -15,8 +15,8 @@
|
|||
*/
|
||||
//This script dumps information about byte and instructions in neighborhoods around function starts
|
||||
//and returns to an XML file
|
||||
//@category FunctionStartPatterns
|
||||
import java.io.*;
|
||||
//@category Functions
|
||||
import java.io.File;
|
||||
import java.util.List;
|
||||
|
||||
import ghidra.app.script.GhidraScript;
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
//@category CodeAnalysis
|
||||
//@category
|
||||
|
||||
import java.io.*;
|
||||
import java.util.ArrayList;
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@
|
|||
//
|
||||
// You can also pre-add the COMPUTED_JUMP references to the branch instruction before running the
|
||||
// script, and simply put the cursor on the computed branching instruction.
|
||||
//@category Repair
|
||||
//@category
|
||||
|
||||
import java.util.ArrayList;
|
||||
|
||||
|
|
@ -37,7 +37,8 @@ import ghidra.program.model.symbol.*;
|
|||
|
||||
public class SwitchOverride extends GhidraScript {
|
||||
|
||||
private Address collectSelectedJumpData(Listing listing,AddressSetView select,ArrayList<Address> destlist) {
|
||||
private Address collectSelectedJumpData(Listing listing, AddressSetView select,
|
||||
ArrayList<Address> destlist) {
|
||||
Address branchind = null;
|
||||
AddressIterator iter = select.getAddresses(true);
|
||||
while (iter.hasNext()) {
|
||||
|
|
@ -91,7 +92,8 @@ public class SwitchOverride extends GhidraScript {
|
|||
Reference[] referencesFrom = instr.getReferencesFrom();
|
||||
for (Reference reference : referencesFrom) {
|
||||
if (reference.getReferenceType().isCall()) {
|
||||
Function func = currentProgram.getFunctionManager().getFunctionAt(reference.getToAddress());
|
||||
Function func =
|
||||
currentProgram.getFunctionManager().getFunctionAt(reference.getToAddress());
|
||||
if (func != null && func.getCallFixup() != null) {
|
||||
return true;
|
||||
}
|
||||
|
|
@ -101,24 +103,28 @@ public class SwitchOverride extends GhidraScript {
|
|||
return false;
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public void run() throws Exception {
|
||||
ArrayList<Address> destlist = new ArrayList<Address>();
|
||||
Address branchind = null;
|
||||
|
||||
if (currentSelection != null && !currentSelection.isEmpty()) {
|
||||
branchind = collectSelectedJumpData(currentProgram.getListing(),currentSelection,destlist);
|
||||
} else {
|
||||
branchind = collectPointJumpData(currentProgram.getListing(),currentLocation.getAddress(),destlist);
|
||||
branchind =
|
||||
collectSelectedJumpData(currentProgram.getListing(), currentSelection, destlist);
|
||||
}
|
||||
else {
|
||||
branchind = collectPointJumpData(currentProgram.getListing(),
|
||||
currentLocation.getAddress(), destlist);
|
||||
}
|
||||
|
||||
if (branchind == null) {
|
||||
println("Please highlight or place the cursor on the instruction performing the computed jump");
|
||||
println(
|
||||
"Please highlight or place the cursor on the instruction performing the computed jump");
|
||||
return;
|
||||
}
|
||||
if (destlist.size() == 0) {
|
||||
println("Please highlight destination instructions in addition to instruction performing switch");
|
||||
println(
|
||||
"Please highlight destination instructions in addition to instruction performing switch");
|
||||
println(" Or put CONDITIONAL_JUMP destination references at the branching instruction");
|
||||
return;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
//Annotates an HFS+ attributes b-Tree file.
|
||||
//@category iOS
|
||||
//@category Apple.iOS
|
||||
|
||||
import ghidra.app.script.GhidraScript;
|
||||
import ghidra.app.util.bin.*;
|
||||
|
|
@ -180,7 +180,8 @@ public class BTreeAnnotationScript extends GhidraScript {
|
|||
return data;
|
||||
}
|
||||
|
||||
private Data createBTreeHeaderRecord(Program program, BTreeHeaderRecord headerRecord, int offset)
|
||||
private Data createBTreeHeaderRecord(Program program, BTreeHeaderRecord headerRecord,
|
||||
int offset)
|
||||
throws Exception {
|
||||
Address address = toAddr(offset);
|
||||
DataType dataType = headerRecord.toDataType();
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
*/
|
||||
//This script cleans up the disassembly for kext files by locating "Bad Instruction" bookmarks caused by incorrectly defined data in valid code flows.
|
||||
//@author
|
||||
//@category iOS
|
||||
//@category Apple.iOS
|
||||
//@keybinding
|
||||
//@menupath
|
||||
//@toolbar
|
||||
|
|
@ -79,7 +79,8 @@ public void cleanup(Address ba) throws Exception {
|
|||
Address paddr = listing.getInstructionBefore(ba).getAddress();
|
||||
RegisterValue rv;
|
||||
if (paddr != null) {
|
||||
rv = p.getProgramContext().getRegisterValue(contextReg,
|
||||
rv = p.getProgramContext()
|
||||
.getRegisterValue(contextReg,
|
||||
paddr);
|
||||
p.getProgramContext().setRegisterValue(ba, ba_end, rv);
|
||||
}
|
||||
|
|
@ -89,7 +90,8 @@ public void cleanup(Address ba) throws Exception {
|
|||
Function f = getFunctionBefore(ba);
|
||||
if (f != null) {
|
||||
CreateFunctionCmd cf = new CreateFunctionCmd(f.getName(), f
|
||||
.getEntryPoint(), null, f.getSymbol().getSource(),
|
||||
.getEntryPoint(),
|
||||
null, f.getSymbol().getSource(),
|
||||
true, true);
|
||||
cf.applyTo(p);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
//@category iOS
|
||||
//@category Apple.iOS
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
//Processes Mach-O BIND information.
|
||||
//@category Mac OS X
|
||||
//@category Apple.Mac OS X
|
||||
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.File;
|
||||
|
|
@ -37,7 +37,8 @@ public class MachoProcessBindScript extends GhidraScript {
|
|||
public void run() throws Exception {
|
||||
File file = new File(currentProgram.getExecutablePath());
|
||||
if (!file.exists()) {
|
||||
file = askFile( "Please select original file used to import this program:", "Original File" );
|
||||
file = askFile("Please select original file used to import this program:",
|
||||
"Original File");
|
||||
}
|
||||
if (file == null) {
|
||||
popup("File cannot be null");
|
||||
|
|
@ -64,7 +65,8 @@ public class MachoProcessBindScript extends GhidraScript {
|
|||
}
|
||||
}
|
||||
|
||||
private void processCommand( MachHeader header, ByteProvider provider, DyldInfoCommand command ) throws Exception {
|
||||
private void processCommand(MachHeader header, ByteProvider provider, DyldInfoCommand command)
|
||||
throws Exception {
|
||||
|
||||
BindState bind = new BindState();
|
||||
bind.header = header;
|
||||
|
|
@ -72,7 +74,8 @@ public class MachoProcessBindScript extends GhidraScript {
|
|||
try {
|
||||
boolean done = false;
|
||||
|
||||
byte [] commandBytes = provider.readBytes( command.getBindOffset(), command.getBindSize() );
|
||||
byte[] commandBytes =
|
||||
provider.readBytes(command.getBindOffset(), command.getBindSize());
|
||||
ByteArrayInputStream byteServer = new ByteArrayInputStream(commandBytes);
|
||||
|
||||
while (!done) {
|
||||
|
|
@ -104,12 +107,14 @@ public class MachoProcessBindScript extends GhidraScript {
|
|||
}
|
||||
case DyldInfoCommandConstants.BIND_OPCODE_DO_BIND_ADD_ADDR_IMM_SCALED: {
|
||||
bind.doBind();
|
||||
bind.segmentOffset += ( immediate * currentProgram.getDefaultPointerSize() ) + currentProgram.getDefaultPointerSize();
|
||||
bind.segmentOffset += (immediate * currentProgram.getDefaultPointerSize()) +
|
||||
currentProgram.getDefaultPointerSize();
|
||||
break;
|
||||
}
|
||||
case DyldInfoCommandConstants.BIND_OPCODE_DO_BIND_ADD_ADDR_ULEB: {
|
||||
bind.doBind();
|
||||
bind.segmentOffset += uleb128( byteServer ) + currentProgram.getDefaultPointerSize();
|
||||
bind.segmentOffset +=
|
||||
uleb128(byteServer) + currentProgram.getDefaultPointerSize();
|
||||
break;
|
||||
}
|
||||
case DyldInfoCommandConstants.BIND_OPCODE_DO_BIND_ULEB_TIMES_SKIPPING_ULEB: {
|
||||
|
|
@ -145,7 +150,8 @@ public class MachoProcessBindScript extends GhidraScript {
|
|||
bind.libraryOrdinal = 0;
|
||||
}
|
||||
else {
|
||||
byte signExtended = (byte) ( DyldInfoCommandConstants.BIND_OPCODE_MASK | immediate );
|
||||
byte signExtended =
|
||||
(byte) (DyldInfoCommandConstants.BIND_OPCODE_MASK | immediate);
|
||||
bind.libraryOrdinal = signExtended;
|
||||
}
|
||||
bind.fromDylib = getOrdinalName(bind);
|
||||
|
|
@ -160,7 +166,8 @@ public class MachoProcessBindScript extends GhidraScript {
|
|||
}
|
||||
case DyldInfoCommandConstants.BIND_OPCODE_SET_SYMBOL_TRAILING_FLAGS_IMM: {
|
||||
bind.symbolName = readString(byteServer);
|
||||
if ( ( immediate & DyldInfoCommandConstants.BIND_SYMBOL_FLAGS_WEAK_IMPORT ) != 0 ) {
|
||||
if ((immediate &
|
||||
DyldInfoCommandConstants.BIND_SYMBOL_FLAGS_WEAK_IMPORT) != 0) {
|
||||
bind.weak = true;
|
||||
}
|
||||
else {
|
||||
|
|
@ -243,7 +250,8 @@ public class MachoProcessBindScript extends GhidraScript {
|
|||
if (bind.libraryOrdinal < DyldInfoCommandConstants.BIND_SPECIAL_DYLIB_FLAT_LOOKUP) {
|
||||
return "unknown special ordinal" + Integer.toHexString(bind.libraryOrdinal);
|
||||
}
|
||||
List<DynamicLibraryCommand> dylibCommands = bind.header.getLoadCommands( DynamicLibraryCommand.class );
|
||||
List<DynamicLibraryCommand> dylibCommands =
|
||||
bind.header.getLoadCommands(DynamicLibraryCommand.class);
|
||||
if (bind.libraryOrdinal > dylibCommands.size()) {
|
||||
return "library ordinal out of range" + Integer.toHexString(bind.libraryOrdinal);
|
||||
}
|
||||
|
|
@ -391,7 +399,8 @@ public class MachoProcessBindScript extends GhidraScript {
|
|||
|
||||
long offset = symbol.getAddress().getOffset();
|
||||
|
||||
DataConverter converter = DataConverter.getInstance(currentProgram.getLanguage().isBigEndian());
|
||||
DataConverter converter =
|
||||
DataConverter.getInstance(currentProgram.getLanguage().isBigEndian());
|
||||
|
||||
if (currentProgram.getDefaultPointerSize() == 8) {
|
||||
setBytes(getAddress(), converter.getBytes(offset));
|
||||
|
|
@ -400,7 +409,9 @@ public class MachoProcessBindScript extends GhidraScript {
|
|||
setBytes(getAddress(), converter.getBytes((int) offset));
|
||||
}
|
||||
|
||||
Reference reference = currentProgram.getReferenceManager().addMemoryReference( getAddress(), symbol.getAddress(), RefType.READ, SourceType.IMPORTED, 0 );
|
||||
Reference reference = currentProgram.getReferenceManager()
|
||||
.addMemoryReference(getAddress(), symbol.getAddress(), RefType.READ,
|
||||
SourceType.IMPORTED, 0);
|
||||
currentProgram.getReferenceManager().setPrimary(reference, true);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
//Pulls symbol name through pointer references.
|
||||
//@category Mac OS X
|
||||
//@category Apple.Mac OS X
|
||||
|
||||
import ghidra.app.script.GhidraScript;
|
||||
import ghidra.program.model.address.Address;
|
||||
|
|
@ -97,7 +97,8 @@ public class PointerPullerScript extends GhidraScript {
|
|||
}
|
||||
Namespace nameSpace = getNamespace(null, nameSpaceName);
|
||||
if (nameSpace == null) {
|
||||
nameSpace = currentProgram.getSymbolTable().createNameSpace(null, nameSpaceName,
|
||||
nameSpace = currentProgram.getSymbolTable()
|
||||
.createNameSpace(null, nameSpaceName,
|
||||
SourceType.ANALYSIS);
|
||||
}
|
||||
return nameSpace;
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
/* ###
|
||||
* IP: GHIDRA
|
||||
* REVIEWED: YES
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -14,7 +13,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
//@category References
|
||||
//@category
|
||||
|
||||
import ghidra.app.script.GhidraScript;
|
||||
import ghidra.program.model.address.Address;
|
||||
|
|
@ -23,14 +22,14 @@ import ghidra.program.model.listing.CodeUnit;
|
|||
import ghidra.program.model.listing.Listing;
|
||||
import ghidra.program.model.symbol.*;
|
||||
|
||||
|
||||
public class RemoveAllOffcutReferencesScript extends GhidraScript {
|
||||
|
||||
@Override
|
||||
public void run() throws Exception {
|
||||
Listing listing = currentProgram.getListing();
|
||||
ReferenceManager referenceManager = currentProgram.getReferenceManager();
|
||||
AddressIterator iterator = referenceManager.getReferenceDestinationIterator(currentProgram.getMinAddress(), true);
|
||||
AddressIterator iterator =
|
||||
referenceManager.getReferenceDestinationIterator(currentProgram.getMinAddress(), true);
|
||||
while (iterator.hasNext()) {
|
||||
if (monitor.isCancelled()) {
|
||||
break;
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
/* ###
|
||||
* IP: GHIDRA
|
||||
* REVIEWED: YES
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -15,7 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
//Removes any offcut references to the current code unit.
|
||||
//@category References
|
||||
//@category
|
||||
|
||||
import ghidra.app.script.GhidraScript;
|
||||
import ghidra.program.model.address.Address;
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
/* ###
|
||||
* IP: GHIDRA
|
||||
* REVIEWED: YES
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -16,7 +15,7 @@
|
|||
*/
|
||||
//Resolves relative references computed off EBX.
|
||||
//This will resolve references to strings in the "__cstring" section.
|
||||
//@category Mac OS X
|
||||
//@category Apple.Mac OS X
|
||||
|
||||
import ghidra.app.script.GhidraScript;
|
||||
import ghidra.program.model.address.Address;
|
||||
|
|
@ -59,7 +58,8 @@ public class ResolveReferencesRelativeToEbxScript extends GhidraScript {
|
|||
|
||||
long ebx = -1;
|
||||
|
||||
InstructionIterator instructions = currentProgram.getListing().getInstructions( function.getBody(), true ) ;
|
||||
InstructionIterator instructions =
|
||||
currentProgram.getListing().getInstructions(function.getBody(), true);
|
||||
|
||||
while (instructions.hasNext()) {
|
||||
|
||||
|
|
@ -91,17 +91,20 @@ public class ResolveReferencesRelativeToEbxScript extends GhidraScript {
|
|||
|
||||
if (register.equals(EBX)) {
|
||||
|
||||
Address address = toAddr( (ebx + scalar.getUnsignedValue()) & Conv.INT_MASK );
|
||||
Address address =
|
||||
toAddr((ebx + scalar.getUnsignedValue()) & Conv.INT_MASK);
|
||||
|
||||
if (isValid(address)) {
|
||||
|
||||
removeReferencesFrom(instruction);
|
||||
|
||||
Reference reference = createMemoryReference( instruction, 1, address, RefType.DATA );
|
||||
Reference reference =
|
||||
createMemoryReference(instruction, 1, address, RefType.DATA);
|
||||
|
||||
setReferencePrimary(reference);
|
||||
|
||||
println( "Creating reference from " + instruction.getMinAddress() + " to " + address );
|
||||
println("Creating reference from " + instruction.getMinAddress() +
|
||||
" to " + address);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,152 +0,0 @@
|
|||
/* ###
|
||||
* IP: GHIDRA
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
//Upgrade DEX program(s) that have function prototypes layed down prior to Ghidra 7.1
|
||||
//@category Upgrade
|
||||
|
||||
import java.util.Map;
|
||||
|
||||
import ghidra.app.cmd.function.ApplyFunctionSignatureCmd;
|
||||
import ghidra.app.script.GhidraScript;
|
||||
import ghidra.framework.model.*;
|
||||
import ghidra.framework.plugintool.PluginTool;
|
||||
import ghidra.program.model.address.AddressSpace;
|
||||
import ghidra.program.model.data.FunctionDefinitionDataType;
|
||||
import ghidra.program.model.lang.*;
|
||||
import ghidra.program.model.listing.*;
|
||||
import ghidra.program.model.pcode.Varnode;
|
||||
import ghidra.program.model.symbol.SourceType;
|
||||
import ghidra.util.exception.*;
|
||||
|
||||
/**
|
||||
* There was a major rearrangement of registers in the Dalvik.slaspec from 7.0 -> 7.1 which invalidates function prototypes
|
||||
* laid down by "Android DEX Header Format" analyzer. This script repairs the prototypes to match the new register layout
|
||||
* If run with a Program already up, the script will make all the changes, letting the user decide if they want to
|
||||
* save (or undo) the changes. If the script is run from an empty code browser, it will search for all Dalvik programs
|
||||
* in the current project and automatically upgrade and save the function prototypes.
|
||||
*
|
||||
*/
|
||||
public class UpgradeDexToGhidra71Script extends GhidraScript {
|
||||
|
||||
@Override
|
||||
public void run() throws Exception {
|
||||
|
||||
if ( currentProgram != null ) {
|
||||
processProgram(currentProgram);
|
||||
return;
|
||||
}
|
||||
|
||||
PluginTool tool = state.getTool();
|
||||
Project project = tool.getProject();
|
||||
ProjectData projectData = project.getProjectData();
|
||||
DomainFolder rootFolder = projectData.getRootFolder();
|
||||
recurseProjectFolder( rootFolder );
|
||||
}
|
||||
|
||||
private void recurseProjectFolder( DomainFolder domainFolder ) throws Exception {
|
||||
DomainFile[] files = domainFolder.getFiles();
|
||||
for ( DomainFile domainFile : files ) {
|
||||
monitor.checkCancelled();
|
||||
try {
|
||||
processDomainFile( domainFile );
|
||||
} catch(Exception ex) {
|
||||
printerr(ex.getMessage());
|
||||
}
|
||||
}
|
||||
DomainFolder[] folders = domainFolder.getFolders();
|
||||
for ( DomainFolder folder : folders ) {
|
||||
monitor.checkCancelled();
|
||||
recurseProjectFolder( folder );
|
||||
}
|
||||
}
|
||||
|
||||
private void processDomainFile(DomainFile domainFile ) throws Exception {
|
||||
Map<String, String> metadata = domainFile.getMetadata();
|
||||
if (metadata == null) {
|
||||
return;
|
||||
}
|
||||
String formatString = metadata.get("Executable Format");
|
||||
if (formatString == null) {
|
||||
return;
|
||||
}
|
||||
if (!formatString.equals("Dalvik Executable (DEX)")) {
|
||||
return;
|
||||
}
|
||||
DomainObject domainObject = domainFile.getDomainObject(this, true, true, monitor);
|
||||
try {
|
||||
Program program = (Program) domainObject;
|
||||
processProgram(program);
|
||||
saveProgram(program);
|
||||
} finally {
|
||||
domainObject.release(this);
|
||||
}
|
||||
}
|
||||
|
||||
private void processProgram(Program program) throws CancelledException {
|
||||
println("Updating program: "+program.getName());
|
||||
int id = program.startTransaction("Update DEX parameters");
|
||||
boolean success = false;
|
||||
try {
|
||||
for (Function func : program.getFunctionManager().getFunctions(true)) {
|
||||
monitor.checkCancelled();
|
||||
processFunction(func);
|
||||
}
|
||||
success = true;
|
||||
} finally {
|
||||
program.endTransaction(id, success);
|
||||
}
|
||||
}
|
||||
|
||||
private void processFunction(Function func) {
|
||||
monitor.setMessage("Updating: "+func.getName());
|
||||
FunctionDefinitionDataType sig = new FunctionDefinitionDataType(func,false);
|
||||
try {
|
||||
sig.setCallingConvention(CompilerSpec.CALLING_CONVENTION_stdcall);
|
||||
}
|
||||
catch (InvalidInputException e) {
|
||||
throw new AssertException(e);
|
||||
}
|
||||
func.setCustomVariableStorage(false);
|
||||
ApplyFunctionSignatureCmd cmd = new ApplyFunctionSignatureCmd(func.getEntryPoint(),sig,SourceType.ANALYSIS);
|
||||
cmd.applyTo(func.getProgram());
|
||||
|
||||
Program program = func.getProgram();
|
||||
Language language = program.getLanguage();
|
||||
AddressSpace registerSpace = program.getAddressFactory().getRegisterSpace();
|
||||
Variable[] localVariables = func.getLocalVariables();
|
||||
|
||||
for (Variable var : localVariables) {
|
||||
Varnode varnode = var.getFirstStorageVarnode();
|
||||
if (!varnode.isRegister()) {
|
||||
continue;
|
||||
}
|
||||
if (varnode.getOffset() >= 0x1000)
|
||||
{
|
||||
continue; // Already converted
|
||||
}
|
||||
long offset = varnode.getOffset() + 0x1000 - 8;
|
||||
int size = varnode.getSize();
|
||||
Register localRegister = language.getRegister(registerSpace, offset, size);
|
||||
try {
|
||||
LocalVariableImpl newlocal = new LocalVariableImpl( var.getName(), 0, var.getDataType(), localRegister, func.getProgram() );
|
||||
func.removeVariable(var);
|
||||
func.addLocalVariable(newlocal, SourceType.ANALYSIS);
|
||||
} catch (InvalidInputException e) {
|
||||
} catch (DuplicateNameException e) {
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -18,7 +18,7 @@
|
|||
// See binutils' c++filt for more information on supported options.
|
||||
|
||||
//
|
||||
//@category Examples.Demangler
|
||||
//@category Demangler
|
||||
import ghidra.app.script.GhidraScript;
|
||||
import ghidra.app.util.demangler.DemangledObject;
|
||||
import ghidra.app.util.demangler.MangledContext;
|
||||
|
|
|
|||
|
|
@ -39,7 +39,7 @@
|
|||
// - Modify getVxSymbolClass() to recognize your program's VxWorks
|
||||
// symbol table entry structure, if necessary
|
||||
//
|
||||
// @category VxWorks
|
||||
// @category Customer Submission.vxWorks
|
||||
|
||||
import java.util.List;
|
||||
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@
|
|||
# - MEMORY_REGION:0x1234abcd
|
||||
# Omitting the address space or memory region specifier from the address will result in the function or label being created in the default address space.
|
||||
# @author unkown; edited by matedealer <git@matedealer.de>
|
||||
# @category Data
|
||||
# @category Import
|
||||
# @runtime Jython
|
||||
#
|
||||
|
||||
|
|
|
|||
|
|
@ -16,7 +16,9 @@
|
|||
//Loads the same file as binary using each of the DATA languages.
|
||||
//Any DATA language can be used with any size file.
|
||||
//The only issues are the POINTER sizes and does the file fit in the memory space.
|
||||
//@category Processor.DATA
|
||||
//@category Languages
|
||||
|
||||
import java.io.File;
|
||||
|
||||
import ghidra.app.script.GhidraScript;
|
||||
import ghidra.language.data.DataLanguageHelper;
|
||||
|
|
@ -24,8 +26,6 @@ import ghidra.program.model.lang.LanguageCompilerSpecPair;
|
|||
import ghidra.program.model.lang.LanguageService;
|
||||
import ghidra.program.util.DefaultLanguageService;
|
||||
|
||||
import java.io.File;
|
||||
|
||||
public class LoadDataScript extends GhidraScript {
|
||||
|
||||
@Override
|
||||
|
|
@ -33,13 +33,19 @@ public class LoadDataScript extends GhidraScript {
|
|||
|
||||
LanguageService languageService = DefaultLanguageService.getLanguageService();
|
||||
|
||||
LanguageCompilerSpecPair dataBE16 = DataLanguageHelper.getLanguage( languageService, 16, true );
|
||||
LanguageCompilerSpecPair dataBE32 = DataLanguageHelper.getLanguage( languageService, 32, true );
|
||||
LanguageCompilerSpecPair dataBE64 = DataLanguageHelper.getLanguage( languageService, 64, true );
|
||||
LanguageCompilerSpecPair dataBE16 =
|
||||
DataLanguageHelper.getLanguage(languageService, 16, true);
|
||||
LanguageCompilerSpecPair dataBE32 =
|
||||
DataLanguageHelper.getLanguage(languageService, 32, true);
|
||||
LanguageCompilerSpecPair dataBE64 =
|
||||
DataLanguageHelper.getLanguage(languageService, 64, true);
|
||||
|
||||
LanguageCompilerSpecPair dataLE16 = DataLanguageHelper.getLanguage( languageService, 16, false );
|
||||
LanguageCompilerSpecPair dataLE32 = DataLanguageHelper.getLanguage( languageService, 32, false );
|
||||
LanguageCompilerSpecPair dataLE64 = DataLanguageHelper.getLanguage( languageService, 64, false );
|
||||
LanguageCompilerSpecPair dataLE16 =
|
||||
DataLanguageHelper.getLanguage(languageService, 16, false);
|
||||
LanguageCompilerSpecPair dataLE32 =
|
||||
DataLanguageHelper.getLanguage(languageService, 32, false);
|
||||
LanguageCompilerSpecPair dataLE64 =
|
||||
DataLanguageHelper.getLanguage(languageService, 64, false);
|
||||
|
||||
File file = askFile("Select DATA File", "OK");
|
||||
if (file == null) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue