From 606eecfa82d3d66678aa52aee9eca05c79fafa08 Mon Sep 17 00:00:00 2001 From: Ryan Kurtz Date: Mon, 8 Feb 2021 09:27:00 -0500 Subject: [PATCH 1/5] GP-668: PyDev debugger now stays on breakpoints appropriately (fixes #2713) --- .../main/java/ghidra/python/GhidraPythonInterpreter.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Ghidra/Features/Python/src/main/java/ghidra/python/GhidraPythonInterpreter.java b/Ghidra/Features/Python/src/main/java/ghidra/python/GhidraPythonInterpreter.java index 0f338e230c..142b05a80d 100644 --- a/Ghidra/Features/Python/src/main/java/ghidra/python/GhidraPythonInterpreter.java +++ b/Ghidra/Features/Python/src/main/java/ghidra/python/GhidraPythonInterpreter.java @@ -218,8 +218,12 @@ public class GhidraPythonInterpreter extends InteractiveInterpreter { InetAddress localhost = InetAddress.getLocalHost(); new Socket(localhost, PyDevUtils.PYDEV_REMOTE_DEBUGGER_PORT).close(); Msg.info(this, "Python debugger found"); - exec("import pydevd; pydevd.settrace(host=\"" + localhost.getHostName() + + StringBuilder dbgCmds = new StringBuilder(); + dbgCmds.append("import pydevd;"); + dbgCmds.append("pydevd.threadingCurrentThread().__pydevd_main_thread = True;"); + dbgCmds.append("pydevd.settrace(host=\"" + localhost.getHostName() + "\", port=" + PyDevUtils.PYDEV_REMOTE_DEBUGGER_PORT + ", suspend=False);"); + exec(dbgCmds.toString()); Msg.info(this, "Connected to a python debugger."); } catch (IOException e) { From 9231ee29e2aeff80370413de4b904d0fd8cef5f1 Mon Sep 17 00:00:00 2001 From: dev747368 <48332326+dev747368@users.noreply.github.com> Date: Thu, 19 Nov 2020 13:49:19 -0500 Subject: [PATCH 2/5] GP-360 ELF - handle uninitialized .got section --- .../ghidra/app/util/bin/format/elf/ElfDefaultGotPltMarkup.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Ghidra/Features/Base/src/main/java/ghidra/app/util/bin/format/elf/ElfDefaultGotPltMarkup.java b/Ghidra/Features/Base/src/main/java/ghidra/app/util/bin/format/elf/ElfDefaultGotPltMarkup.java index 8b185e485d..51b5a43572 100644 --- a/Ghidra/Features/Base/src/main/java/ghidra/app/util/bin/format/elf/ElfDefaultGotPltMarkup.java +++ b/Ghidra/Features/Base/src/main/java/ghidra/app/util/bin/format/elf/ElfDefaultGotPltMarkup.java @@ -183,6 +183,9 @@ public class ElfDefaultGotPltMarkup { monitor.checkCanceled(); Data data = createPointer(gotStart, true); + if (data == null) { + break; + } try { gotStart = data.getMaxAddress().add(1); From 2dc8e0434cafdf896193b41a4d1af464e7ff08d1 Mon Sep 17 00:00:00 2001 From: Ryan Kurtz Date: Mon, 8 Feb 2021 13:02:32 -0500 Subject: [PATCH 3/5] GP-669: Fixing GhidraDev exception when ~/ghidra_scripts doesn't exist --- .../EclipsePlugins/GhidraDev/GhidraDevFeature/category.xml | 2 +- .../EclipsePlugins/GhidraDev/GhidraDevFeature/feature.xml | 2 +- .../GhidraDev/GhidraDevPlugin/GhidraDev_README.html | 2 ++ .../GhidraDev/GhidraDevPlugin/META-INF/MANIFEST.MF | 2 +- .../ghidraprojectcreator/utils/GhidraScriptUtils.java | 7 +++++++ 5 files changed, 12 insertions(+), 3 deletions(-) diff --git a/GhidraBuild/EclipsePlugins/GhidraDev/GhidraDevFeature/category.xml b/GhidraBuild/EclipsePlugins/GhidraDev/GhidraDevFeature/category.xml index c97bad1bd1..7dbdf5746e 100644 --- a/GhidraBuild/EclipsePlugins/GhidraDev/GhidraDevFeature/category.xml +++ b/GhidraBuild/EclipsePlugins/GhidraDev/GhidraDevFeature/category.xml @@ -1,6 +1,6 @@ - + diff --git a/GhidraBuild/EclipsePlugins/GhidraDev/GhidraDevFeature/feature.xml b/GhidraBuild/EclipsePlugins/GhidraDev/GhidraDevFeature/feature.xml index b014ffeb63..ead7c00822 100644 --- a/GhidraBuild/EclipsePlugins/GhidraDev/GhidraDevFeature/feature.xml +++ b/GhidraBuild/EclipsePlugins/GhidraDev/GhidraDevFeature/feature.xml @@ -2,7 +2,7 @@ diff --git a/GhidraBuild/EclipsePlugins/GhidraDev/GhidraDevPlugin/GhidraDev_README.html b/GhidraBuild/EclipsePlugins/GhidraDev/GhidraDevPlugin/GhidraDev_README.html index d8aac87775..58f8f5e16d 100644 --- a/GhidraBuild/EclipsePlugins/GhidraDev/GhidraDevPlugin/GhidraDev_README.html +++ b/GhidraBuild/EclipsePlugins/GhidraDev/GhidraDevPlugin/GhidraDev_README.html @@ -53,6 +53,8 @@ change with future releases.

Change History

+

2.1.2: Fixed exception that occurred when creating a new Ghidra scripting project +if a ~/ghidra_scripts directory does not exist.

2.1.1:

  • diff --git a/GhidraBuild/EclipsePlugins/GhidraDev/GhidraDevPlugin/META-INF/MANIFEST.MF b/GhidraBuild/EclipsePlugins/GhidraDev/GhidraDevPlugin/META-INF/MANIFEST.MF index 303b7e3f1b..66e449de4a 100644 --- a/GhidraBuild/EclipsePlugins/GhidraDev/GhidraDevPlugin/META-INF/MANIFEST.MF +++ b/GhidraBuild/EclipsePlugins/GhidraDev/GhidraDevPlugin/META-INF/MANIFEST.MF @@ -3,7 +3,7 @@ Manifest-Version: 1.0 Bundle-ManifestVersion: 2 Bundle-Name: GhidraDev Bundle-SymbolicName: ghidra.ghidradev;singleton:=true -Bundle-Version: 2.1.1.qualifier +Bundle-Version: 2.1.2.qualifier Bundle-Activator: ghidradev.Activator Require-Bundle: org.eclipse.ant.core;bundle-version="3.5.200", org.eclipse.buildship.core;bundle-version="3.0.0", diff --git a/GhidraBuild/EclipsePlugins/GhidraDev/GhidraDevPlugin/src/main/java/ghidradev/ghidraprojectcreator/utils/GhidraScriptUtils.java b/GhidraBuild/EclipsePlugins/GhidraDev/GhidraDevPlugin/src/main/java/ghidradev/ghidraprojectcreator/utils/GhidraScriptUtils.java index 3171c0efa1..ed083d01d2 100644 --- a/GhidraBuild/EclipsePlugins/GhidraDev/GhidraDevPlugin/src/main/java/ghidradev/ghidraprojectcreator/utils/GhidraScriptUtils.java +++ b/GhidraBuild/EclipsePlugins/GhidraDev/GhidraDevPlugin/src/main/java/ghidradev/ghidraprojectcreator/utils/GhidraScriptUtils.java @@ -25,6 +25,7 @@ import org.eclipse.jdt.core.*; import ghidra.GhidraApplicationLayout; import ghidra.framework.GModule; +import ghidradev.Activator; /** * Utility methods for working with Ghidra scripts in Eclipse. @@ -87,6 +88,12 @@ public class GhidraScriptUtils { // Link in the user's personal ghidra_scripts directory if (linkUserScripts) { + if (!userScriptsDir.isDirectory()) { + if (!userScriptsDir.mkdirs()) { + throw new CoreException(new Status(IStatus.ERROR, Activator.PLUGIN_ID, + IStatus.ERROR, "Failed to create " + userScriptsDir, null)); + } + } IFolder link = javaProject.getProject().getFolder("Home scripts"); link.createLink(new Path(userScriptsDir.getAbsolutePath()), IResource.NONE, monitor); classpathEntries.add(JavaCore.newSourceEntry(link.getFullPath())); From e9eccb4eb2455f723d9acf5cd0f93fea0b4c3eda Mon Sep 17 00:00:00 2001 From: emteere <47253321+emteere@users.noreply.github.com> Date: Wed, 10 Feb 2021 22:50:34 +0000 Subject: [PATCH 4/5] GP-517 moved RTTI analyzer before Reference analysis to fix Rogue pointer analysis problems found in a few sample binaries --- .../prototype/MicrosoftCodeAnalyzerPlugin/RttiAnalyzer.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Ghidra/Features/MicrosoftCodeAnalyzer/src/main/java/ghidra/app/plugin/prototype/MicrosoftCodeAnalyzerPlugin/RttiAnalyzer.java b/Ghidra/Features/MicrosoftCodeAnalyzer/src/main/java/ghidra/app/plugin/prototype/MicrosoftCodeAnalyzerPlugin/RttiAnalyzer.java index 6578e55ffb..c845e43d91 100644 --- a/Ghidra/Features/MicrosoftCodeAnalyzer/src/main/java/ghidra/app/plugin/prototype/MicrosoftCodeAnalyzerPlugin/RttiAnalyzer.java +++ b/Ghidra/Features/MicrosoftCodeAnalyzer/src/main/java/ghidra/app/plugin/prototype/MicrosoftCodeAnalyzerPlugin/RttiAnalyzer.java @@ -58,7 +58,7 @@ public class RttiAnalyzer extends AbstractAnalyzer { setSupportsOneTimeAnalysis(); // Set priority of RTTI analyzer to run after Demangler so can see if better // plate comment or label already exists from Demangler. - setPriority(AnalysisPriority.DATA_TYPE_PROPOGATION.before().before()); + setPriority(AnalysisPriority.REFERENCE_ANALYSIS.before()); setDefaultEnablement(true); validationOptions = new DataValidationOptions(); applyOptions = new DataApplyOptions(); From 6507dc965113440ab490148289b5ddd143e11077 Mon Sep 17 00:00:00 2001 From: emteere <47253321+emteere@users.noreply.github.com> Date: Fri, 29 Jan 2021 11:38:40 -0500 Subject: [PATCH 5/5] GP-649_emteere Relaxed valid code check and added .nep as a valid section for vftable entries --- .../java/ghidra/app/cmd/data/rtti/RttiUtil.java | 16 ++++++++++++---- .../ghidra/app/cmd/data/rtti/VfTableModel.java | 5 +++-- 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/Ghidra/Features/MicrosoftCodeAnalyzer/src/main/java/ghidra/app/cmd/data/rtti/RttiUtil.java b/Ghidra/Features/MicrosoftCodeAnalyzer/src/main/java/ghidra/app/cmd/data/rtti/RttiUtil.java index 838e871ea9..4fd197d895 100644 --- a/Ghidra/Features/MicrosoftCodeAnalyzer/src/main/java/ghidra/app/cmd/data/rtti/RttiUtil.java +++ b/Ghidra/Features/MicrosoftCodeAnalyzer/src/main/java/ghidra/app/cmd/data/rtti/RttiUtil.java @@ -128,6 +128,7 @@ public class RttiUtil { Memory memory = program.getMemory(); MemoryBlock textBlock = memory.getBlock(".text"); + MemoryBlock nepBlock = memory.getBlock(".nep"); AddressSetView initializedAddresses = memory.getLoadedAndInitializedAddressSet(); PseudoDisassembler pseudoDisassembler = new PseudoDisassembler(program); @@ -148,9 +149,16 @@ public class RttiUtil { if (!initializedAddresses.contains(referencedAddress)) { break; // Not pointing to initialized memory. } - if ((textBlock != null) ? !textBlock.equals(memory.getBlock(referencedAddress)) - : false) { - break; // Not pointing to text section. + + // check in .text and .nep if either exists + if ( textBlock != null || nepBlock != null) { + MemoryBlock refedBlock = memory.getBlock(referencedAddress); + boolean inTextBlock = ((textBlock != null) && textBlock.equals(refedBlock)); + boolean inNepBlock = ((nepBlock != null) && nepBlock.equals(refedBlock)); + // if not in either labeled .text/.nep block, then bad vftable pointer + if (!(inTextBlock || inNepBlock)) { + break; // Not pointing to good section. + } } // any references after the first one ends the table @@ -158,7 +166,7 @@ public class RttiUtil { break; } - if (!pseudoDisassembler.isValidSubroutine(referencedAddress, true)) { + if (!pseudoDisassembler.isValidSubroutine(referencedAddress, true, false)) { break; // Not pointing to possible function. } diff --git a/Ghidra/Features/MicrosoftCodeAnalyzer/src/main/java/ghidra/app/cmd/data/rtti/VfTableModel.java b/Ghidra/Features/MicrosoftCodeAnalyzer/src/main/java/ghidra/app/cmd/data/rtti/VfTableModel.java index 636608aa02..62b0accf6e 100644 --- a/Ghidra/Features/MicrosoftCodeAnalyzer/src/main/java/ghidra/app/cmd/data/rtti/VfTableModel.java +++ b/Ghidra/Features/MicrosoftCodeAnalyzer/src/main/java/ghidra/app/cmd/data/rtti/VfTableModel.java @@ -37,13 +37,14 @@ import ghidra.program.model.listing.Program; public class VfTableModel extends AbstractCreateDataTypeModel { public static final String DATA_TYPE_NAME = "vftable"; + private static final int NO_LAST_COUNT = -1; private DataType dataType; private Rtti4Model rtti4Model; private Program lastProgram; private DataType lastDataType; - private int lastElementCount = -1; + private int lastElementCount = NO_LAST_COUNT; private int elementCount = 0; /** @@ -126,7 +127,7 @@ public class VfTableModel extends AbstractCreateDataTypeModel { */ private DataType getDataType(Program program) { - if (program != lastProgram) { + if (program != lastProgram || lastElementCount == NO_LAST_COUNT) { setIsDataTypeAlreadyBasedOnCount(true); lastProgram = program;