Merge remote-tracking branch 'origin/patch'

2025-10-03 09:49:23 +02:00 · 2025-02-05 18:44:54 -05:00 · 2025-02-05 18:44:54 -05:00 · e653e82c3e
commit e653e82c3e
parent 5002de13f4 1bccb8ac60
4 changed files with 72 additions and 2849 deletions
--- a/Ghidra/Configurations/Public_Release/src/global/docs/ChangeHistory.md
+++ b/Ghidra/Configurations/Public_Release/src/global/docs/ChangeHistory.md
--- a/Ghidra/Configurations/Public_Release/src/global/docs/WhatsNew.md
+++ b/Ghidra/Configurations/Public_Release/src/global/docs/WhatsNew.md
@ -1,3 +1,20 @@
 # Ghidra: NSA Reverse Engineering Software
 Ghidra is a software reverse engineering (SRE) framework developed by NSA's Research Directorate.
 This framework includes a suite of full-featured, high-end software analysis tools that enable users
 to analyze compiled code on a variety of platforms including Windows, MacOS, and Linux. Capabilities
 include disassembly, assembly, decompilation, debugging, emulation, graphing, and scripting, along
 with hundreds of other features.  Ghidra supports a wide variety of processor instruction sets and
 executable formats and can be run in both user-interactive and automated modes.  Users may also
 develop their own Ghidra plug-in components and/or scripts using the exposed API.  In addition there
 are numerous ways to extend Ghidra such as new processors, loaders/exporters, automated analyzers,
 and new visualizations.
 In support of NSA's Cybersecurity mission, Ghidra was built to solve scaling and teaming problems on
 complex SRE efforts and to provide a customizable and extensible SRE research platform.  NSA has
 applied Ghidra SRE capabilities to a variety of problems that involve analyzing malicious code and
 generating deep insights for NSA analysts who seek a better understanding of potential
 vulnerabilities in networks and systems.
 # What's New in Ghidra 11.3
 This release includes new features, enhancements, performance improvements, quite a few bug fixes,
 and many pull-request contributions. Thanks to all those who have contributed their time, thoughts,
@ -44,7 +61,7 @@ provides better results.
 ## PyGhidra
 The PyGhidra Python library, originally developed by the Department of Defense Cyber Crime Center 
-(DC3) under the name "Pyhidra", is a Python library that provides direct access to the Ghidra API 
+(DC3) under the name *Pyhidra*, is a Python library that provides direct access to the Ghidra API 
 within a native CPython 3 interpreter using JPype. PyGhidra contains some conveniences for setting 
 up analysis on a given sample and running a Ghidra script locally. It also contains a Ghidra plugin 
 to allow the use of CPython 3 from the Ghidra GUI.
@ -54,15 +71,15 @@ To launch Ghidra in PyGhidra mode, run `./support/pyghidra` (or `support\pyghidr
 for more information.
 ## Visual Studio Code
-Ghidra 11.2 introduced a `VSCodeProjectScript.java` GhidraScript to assist in setting up Visual
+Ghidra 11.2 introduced a `VSCodeProjectScript.java` GhidraScript to assist in setting up Visual Studio Code
-Studio Code project folders for Ghidra module development and debugging. This GhidraScript has been
+project folders for Ghidra module development and debugging. This GhidraScript has been replaced in 
-replaced in Ghidra 11.3 by 2 new actions, accessible from a *CodeBrowser* tool:
+Ghidra 11.3 by 2 new actions, accessible from a *CodeBrowser* tool:
-+ *Tools→Create VSCode Module Project...*
+ *Tools -> Create VSCode Module Project...*
 + "*Edit Script with Visual Studio Code*" button in the Script Manager
 The "*Create VSCode Module Project...*" action provides the same capability as the old
-`VSCodeProjectScript.java` GhidraScript, creating a Visual Studio Code project folder that contains
+`VSCodeProjectScript.java` GhidraScript, creating a Visual Studio Code project folder that contains a
-a skeleton module which can be used to build a variety of different Ghidra extension points
+skeleton module which can be used to build a variety of different Ghidra extension points
 (Plugins, Analyzers, Loaders, etc). Launchers are also provided to run and debug the module in
 Ghidra, as well as a Gradle task to export the module as a distributable Ghidra extension zip file.
@ -73,7 +90,7 @@ alternative to Eclipse, while maintaining all of the core fuctionality you would
 (auto complete, hover, navigation, etc).
 Ghidra will do its best to automatically locate your Visual Studio Code installation, but if cannot
-find it, it can be set via the Front-End GUI at *Edit→Tool Options→Visual Studio Code
+find it, it can be set via the Front-End GUI at *Edit -> Tool Options -> Visual Studio Code
 Integration*.
 ## Debugger
@ -87,17 +104,16 @@ kernel, and our dbgeng connector can now debug a Windows kernel running in a VM
 ## Emulator
 We have introduced a new accelerated p-code emulator that uses Jit-in-Time translation (JIT). 
 This is *not* currently integrated in the UI but is available for scripting and plugin developers. 
-Its implementation is named `JitPcodeEmulator`, and it's a near drop-in replacement for 
+Its implementation is named `JitPcodeEmulator`, and it's a near drop-in replacement for `PcodeEmulator`. 
-`PcodeEmulator`. See its javadoc for usage and implementation details. The JIT emulator is
+See its javadoc for usage and implementation details. The JIT emulator is very new, so there may 
-very new, so there may still be many bugs.
+still be many bugs.
 ## Source File Information
 Source file and line information can now be added to Ghidra using a Program's SourceFileManager. 
 The DWARF, PDB, and Go analyzers now record this information by default. Source information can also
 be added programmatically; see the example scripts in the *SourceMapping* script category. 
-Source information can be viewed in the *"Source Map"* Listing Field or the 
+Source information can be viewed in the *"Source Map"* Listing Field or the `SourceFilesTablePlugin`, 
-`SourceFilesTablePlugin`, which is accessible from the Code Browser via 
+which is accessible from the Code Browser via *Window -> Source Files and Transforms*.
 *Window→Source Files and Transforms*.
 The *"View Source..."* Listing action, enabled on addresses with source file information, opens a 
 source file at the correct line in either Eclipse or Visual Studio Code (there is a *"Source Files 
@ -110,25 +126,27 @@ The Function Graph has had a number of improvements:
 + Added new *"Flow Chart"* layouts
 + Position of the satellite view can be configured
 + Ctrl-Space toggles between the Listing and the Function Graph (starting fully zoomed in vs. fully
-  zoomed out is controlled by a Function Graph option).
+  zoomed out is controlled by a Function Graph option)
 ## String Translation and Text Search
-* String translation has an additional translator available using the LibreTranslate service.
+ String translation has an additional translator available using the LibreTranslate service.
  The LibreTranslate project (currently hosted at libretranslate.com) is an independent project
  that provides an open source translation package that can be self-hosted, meaning you can translate
  strings without sending them to a second party to translate, using an existing LibreTranslate server.
  For more information search for LibreTranslate in the online Ghidra help pages.
-**NOTE:** The LibreTranslate plugin is not enabled by default, and is added in the *File→Configure* menu.
+  **NOTE:** The LibreTranslate plugin is not enabled by default, and is added in the 
  *File -> Configure* menu.
-* The ability to search the text of all decompiled functions has been added.  Decompilation during search occurs
+ The ability to search the text of all decompiled functions has been added.  Decompilation during
-on the fly, so the latest decompilation results of all functions are used for the search.  The search can take
+  search occurs on the fly, so the latest decompilation results of all functions are used for the
-some time depending on the number and size of functions in your binary.  The new action can be found at 
+  search.  The search can take some time depending on the number and size of functions in your binary.
-*Search→Decompiled Text...*.
+  The new action can be found at *Search -> Decompiled Text...*.
 ## Processors
-
+ The x86 EVEX instruction write and read masking has been implemented for all AVX-512 instructions.
-+ The x86 EVEX instruction write and read masking has been implemented for all AVX-512 instructions.  The handling of the mask is necessary as semantics are added for individual AVX-512 instructions.
+  The handling of the mask is necessary as semantics are added for individual AVX-512 instructions.
-+ TI_MSP430 decompilation has been improved through numerous changes to the processor's compiler specifications file.
+ TI_MSP430 decompilation has been improved through numerous changes to the processor's compiler
  specifications file.
 + Corrected ARM VFPv2 instructions which were not disassembling correctly.
 ## Other Improvements 
@ -136,14 +154,15 @@ some time depending on the number and size of functions in your binary.  The new
  HTML versions are provided alongside the Markdown files for convenience. Converting all relevant
  documents to Markdown remains an ongoing process.  **NOTE:** There are no plans to convert the
  internal Ghidra help system to Markdown, as the Java Help library does not support it.
-+ Libraries can now be loaded into an already-imported program with the *File→Load Libraries...*
+ Libraries can now be loaded into an already-imported program with the *File -> Load Libraries...*
  action.
-+ The CParser macro pre-processing will now halt on *"#error"* directives.  This change had a ripple effect and uncovered
+ The CParser macro pre-processing will now halt on *"#error"* directives.  This change had a ripple
-a myriad of bugs which have been addressed.  In addition, the interim parsing output has been improved to allow easier
+  effect and uncovered a myriad of bugs which have been addressed.  In addition, the interim parsing
-diagnosis when problems in parsing occur due to incorrect define values or other header file issues.
+  output has been improved to allow easier diagnosis when problems in parsing occur due to incorrect
-Finally, a new `CreateUEFIGDTArchivesScript.java` parsing script has been added to parse UEFI header files available from
+  define values or other header file issues.
-`github.com/tianocore/edk2`.  Using a script vice released pre-parsed GDT files allows the end user to parse the correct
+ Finally, a new `CreateUEFIGDTArchivesScript.java` parsing script has been added to parse UEFI header files
-version with a configuration fitting their needs.
+  available from `github.com/tianocore/edk2`.  Using a script vice released pre-parsed GDT files allows the
  end user to parse the correct version with a configuration fitting their needs.
 ## Additional Bug Fixes and Enhancements
 Numerous other new features, improvements, and bug fixes are fully listed in the 
--- a/Ghidra/Features/MicrosoftCodeAnalyzer/src/main/java/ghidra/app/plugin/prototype/MicrosoftCodeAnalyzerPlugin/TEBAnalyzer.java
+++ b/Ghidra/Features/MicrosoftCodeAnalyzer/src/main/java/ghidra/app/plugin/prototype/MicrosoftCodeAnalyzerPlugin/TEBAnalyzer.java
@ -104,24 +104,29 @@ public class TEBAnalyzer extends AbstractAnalyzer {
 	@Override
 	public boolean added(Program program, AddressSetView set, TaskMonitor monitor, MessageLog log)
 			throws CancelledException {
 		if (!program.hasExclusiveAccess()) {
 			log.appendMsg(
 				"WARNING: Unable to perform Thread Environment Block (TEB) analysis - exclusive checkout required");
 			return false;
 		}
 		MemoryBlock block = program.getMemory().getBlock(ThreadEnvironmentBlock.BLOCK_NAME);
 		if (block != null) {
 			return true;
 		}
 		try {
 			ThreadEnvironmentBlock teb = new ThreadEnvironmentBlock(program, winVersion);
 			setTEBAddress(program, teb);
 		boolean commit = true;
 		int transactionID = program.startTransaction("Thread Environment Block");
 		try {
 			teb.createBlocksAndSymbols();
 			teb.setRegisterValue();
 			return true;
 		}
 		catch (Exception e) {
-			Msg.error(this, "Unable to create the Thread Environment Block");
+			log.appendMsg("Failed to create the Thread Environment Block (TEB) - see console log");
-			commit = false;
+			Msg.error(this, "Failed to create the Thread Environment Block (TEB)", e);
 		}
-		program.endTransaction(transactionID, commit);
+		return false;
 		return true;
 	}
 	@Override
--- a/Ghidra/Features/PyGhidra/src/main/py/src/pyghidra/launcher.py
+++ b/Ghidra/Features/PyGhidra/src/main/py/src/pyghidra/launcher.py
@ -109,17 +109,6 @@ class _PyGhidraImportLoader:
    def exec_module(self, fullname):
        pass
 class _GhidraBundleFinder(importlib.machinery.PathFinder):
    """ (internal) Used to find modules in Ghidra bundle locations """
    def find_spec(self, fullname, path=None, target=None):
        from ghidra.app.script import GhidraScriptUtil
        GhidraScriptUtil.acquireBundleHostReference()
        for directory in GhidraScriptUtil.getEnabledScriptSourceDirectories():
            spec = super().find_spec(fullname, [directory.absolutePath], target)
            if spec is not None:
                return spec
        return None
@contextlib.contextmanager
 def _plugin_lock():
@ -401,9 +390,8 @@ class PyGhidraLauncher:
            **jpype_kwargs
        )
-        # Install hooks into python importlib
+        # Install hook into python importlib
        sys.meta_path.append(_PyGhidraImportLoader())
        sys.meta_path.append(_GhidraBundleFinder())
        imports.registerDomain("ghidra")