Merge remote-tracking branch 'origin/patch'

2025-10-03 09:49:23 +02:00 · 2025-09-15 09:45:43 -04:00 · 2025-09-15 09:45:43 -04:00 · a893955b03
commit a893955b03
parent 9e2a8d5604 a1851c5911
6 changed files with 68 additions and 10 deletions
--- a/Ghidra/Features/Base/data/PEFunctionsThatDoNotReturn
+++ b/Ghidra/Features/Base/data/PEFunctionsThatDoNotReturn
@ -18,3 +18,11 @@ longjmp
 quick_exit
 RpcRaiseException
 terminate
 ___raise_securityfailure
 ___report_rangecheckfailure
 ?_Xregex_error@std@@YAXW4error_type@regex_constant@1@@Z
 ?_Xbad_alloc@std@@YAXXZ
 ?_Xlength_error@std@@YAXPBD@Z
 ?_Xout_of_range@std@@YAXPBD@Z
 ?_Xbad_function_call@std@@YAXXZ
 ?terminate@@YAXXZ
--- a/Ghidra/Features/BytePatterns/src/main/java/ghidra/app/analyzers/FunctionStartAnalyzer.java
+++ b/Ghidra/Features/BytePatterns/src/main/java/ghidra/app/analyzers/FunctionStartAnalyzer.java
@ -209,6 +209,7 @@ public class FunctionStartAnalyzer extends AbstractAnalyzer implements PatternFa
 		private String label = null;
 		private boolean isThunk = false;    // true if this function should be turned into a thunk
 		private boolean noreturn = false;   // true to set function non-returning
 		private String sectionName = null;  // required section name
 		boolean validFunction = false;      // must be defined at a function
 		private boolean contiguous = true;  // require validcode instructions be contiguous
@ -225,6 +226,14 @@ public class FunctionStartAnalyzer extends AbstractAnalyzer implements PatternFa
 		}
 		protected boolean checkPreRequisites(Program program, Address addr) {
 			// check required section name
 			if (sectionName != null) {
 				MemoryBlock block = program.getMemory().getBlock(addr);
 				if (block == null || !block.getName().matches(sectionName)) {
 					return false;
 				}
 			}
 			/**
 			 * If the match's mark point occurs in undefined data, schedule disassembly
 			 * and a function start at that address. If the match's mark point occurs at an instruction, but that
@ -641,6 +650,10 @@ public class FunctionStartAnalyzer extends AbstractAnalyzer implements PatternFa
 						isThunk = true;
 						break;
 					case "section":
 						sectionName = attrValue;
 						break;
 					case "noreturn":
 						noreturn = true;
 						break;
@ -816,7 +829,14 @@ public class FunctionStartAnalyzer extends AbstractAnalyzer implements PatternFa
 		AutoAnalysisManager analysisManager = AutoAnalysisManager.getAnalysisManager(program);
 		if (!disassemResult.isEmpty()) {
-			analysisManager.disassemble(disassemResult, AnalysisPriority.DISASSEMBLY);
+			// disassemble known function starts now
 			AddressSet doNowDisassembly = disassemResult.intersect(funcResult);
 			// this will disassemble at this analyzers priority
 			analysisManager.disassemble(doNowDisassembly);
 			// delay disassemble of possible function starts
 			AddressSet delayedDisassembly = disassemResult.subtract(funcResult);
 			analysisManager.disassemble(delayedDisassembly, AnalysisPriority.DISASSEMBLY);
 		}
 		analysisManager.setProtectedLocations(codeLocations);
--- a/Ghidra/Features/BytePatterns/src/main/java/ghidra/app/analyzers/FunctionStartPreFuncAnalyzer.java
+++ b/Ghidra/Features/BytePatterns/src/main/java/ghidra/app/analyzers/FunctionStartPreFuncAnalyzer.java
@ -44,7 +44,7 @@ public class FunctionStartPreFuncAnalyzer extends FunctionStartAnalyzer {
 	public FunctionStartPreFuncAnalyzer() {
 		super(FUNCTION_START_PRE_SEARCH, DESCRIPTION, AnalyzerType.BYTE_ANALYZER);
-		setPriority(AnalysisPriority.BLOCK_ANALYSIS.after());
+		setPriority(AnalysisPriority.BLOCK_ANALYSIS.before());
 		setDefaultEnablement(true);
 		setSupportsOneTimeAnalysis();
 	}
--- a/Ghidra/Processors/x86/certification.manifest
+++ b/Ghidra/Processors/x86/certification.manifest
@ -92,5 +92,6 @@ data/patterns/x86-64gcc_patterns.xml||GHIDRA||||END|
 data/patterns/x86-64win_patterns.xml||GHIDRA||||END|
 data/patterns/x86delphi_patterns.xml||GHIDRA||||END|
 data/patterns/x86gcc_patterns.xml||GHIDRA||||END|
 data/patterns/x86gcc_prepatterns.xml||GHIDRA||||END|
 data/patterns/x86win_patterns.xml||GHIDRA||||END|
 data/patterns/x86win_prepatterns.xml||GHIDRA||||END|
--- a/Ghidra/Processors/x86/data/patterns/prepatternconstraints.xml
+++ b/Ghidra/Processors/x86/data/patterns/prepatternconstraints.xml
@ -7,6 +7,15 @@
  	<compiler id="borlandcpp">
  	  <patternfile>x86win_prepatterns.xml</patternfile>
  	</compiler>
  	<compiler id="gcc">
  	  <patternfile>x86gcc_prepatterns.xml</patternfile>
  	</compiler>
  </language>
  <language id="x86:LE:64:default">
  	<compiler id="gcc">
  	  <patternfile>x86gcc_prepatterns.xml</patternfile>
  	</compiler>
  </language>
 </patternconstraints>
--- a/Ghidra/Processors/x86/data/patterns/x86gcc_prepatterns.xml
+++ b/Ghidra/Processors/x86/data/patterns/x86gcc_prepatterns.xml
@ -0,0 +1,20 @@
 <patternlist>
  <pattern>
     <data>
        0xff25........   <!-- jmp -->
        0x68......00     <!-- push -->
        0xe9......ff     <!-- jmp -addr -->
     </data> <!-- .plt thunk -->
     <funcstart thunk="true" section=".plt"/>
  </pattern>
  <pattern>
     <data>
        0xf3 0x0f 0x1e 0x1a        <!-- ENDBR64 -->
        0xf2 0xff 0x25 .. .. .. .. <!-- jmp -->
     </data> <!-- .plt thunk -->
     <funcstart thunk="true" section=".plt"/>
  </pattern>
 </patternlist>