yetangitu/ghidra
1
0
Fork 0
mirror of https://github.com/NationalSecurityAgency/ghidra.git synced 2025-10-03 09:49:23 +02:00
Code Issues Releases Wiki Activity
15531 commits 3 branches 48 tags 428 MiB
Commit graph

1798 commits

Author SHA1 Message Date
James
6229740f8b GP-5958 added callfixup for get_pc_thunk.di to x86gcc.cspec 2025-08-27 19:15:30 +00:00
Ryan Kurtz
7a4100d54b Merge remote-tracking branch 'origin/patch' 2025-08-27 11:30:41 -04:00
Ryan Kurtz
5c00ab8e08 Merge remote-tracking branch 
'origin/GP-5906_ghidorahrex_x86_sse4a_instructions--SQUASHED' into patch
(Closes #8335)
 2025-08-27 11:25:24 -04:00
Ryan Kurtz
fc1c06ea39 Merge remote-tracking branch 'origin/patch' 2025-08-27 04:56:05 -04:00
emteere
f391ddb87c GP-5945 Fixed PowerPC e500 instruction extension issues and added function start pattern variants. 2025-08-26 11:59:06 -04:00
ghidorahrex
393e7935af GP-5906: Added x86 SSE4a instructions 2025-08-26 08:33:50 -04:00
James
d9a5ad2ed0 GP-4029 updated mips and ppc language versions 2025-08-25 19:31:22 +00:00
ghintern
d91aebe74e GP-4030: Fix MIPS base and eabi 32/64-bit cspecs 
GP-4029: Update base PowerPC 32/64-bit cspecs
 2025-08-25 19:15:08 +00:00
Ryan Kurtz
4fcc1febdd Merge remote-tracking branch 'origin/GP-5904_ghidorahrex_PR-8394_RibShark_fix-80251-anl-group-fix' 2025-08-22 09:39:30 -04:00
Ryan Kurtz
826e52033e Merge remote-tracking branch 'origin/GP-5903_ghidorahrex_PR-8393_RibShark_80251-anl-name-fix' 2025-08-22 09:38:44 -04:00
Ryan Kurtz
c80f792ee8 Merge remote-tracking branch 'origin/patch' 2025-08-21 06:45:30 -04:00
Ryan Kurtz
3abf7f765e GP-0: Updating Swift documentation links 2025-08-21 06:42:41 -04:00
Ryan Kurtz
bcefa8bf09 Merge remote-tracking branch 'origin/patch' 2025-08-19 07:22:55 -04:00
Ryan Kurtz
729642cbf6 Merge remote-tracking branch 'origin/GP-5912_emteere_SuperH_GBR' into 
patch (Closes #4387)
 2025-08-19 05:57:47 -04:00
Ryan Kurtz
6773801f6e Merge remote-tracking branch 'origin/GP-5581_sleighPiecewiseUniques--SQUASHED' 2025-08-18 13:44:28 -04:00
Dan
42115f6df0 GP-5581: Allow optimization by truncation of subpieced unique varnodes. 2025-08-18 17:12:23 +00:00
Ryan Kurtz
29b8cdf394 Merge remote-tracking branch 
'origin/GP-4069_dev747368_dwarf_expression_eval--SQUASHED'
(Closes #5982, Closes #6974, Closes #2322, Closes #5311)
 2025-08-12 06:07:44 -04:00
ghidra1
520c6b7b98 Merge remote-tracking branch 'origin/patch' 2025-08-11 17:55:15 -04:00
ghidra1
f7138da6f7 GP-5918 Corrected ELF Relocation regression for MIPS 64-bit introduced 
with GP-5826 in Ghidra 11.4.1
 2025-08-11 13:00:58 -04:00
dev747368
e908ab6fbf DWARF expression handling refactor 
Cleanup logic of expression evaluation, stub out resolution of register
values to a callback in case we want to use constant propagation to try
to allow successful calculations, and add support for default static
values for treating an arch's stack frame register (e.g. RBP) like the
static CFA value we already have support for.

Add option to decorate params and local vars with their DWARF storage
location info.

Handle arrays with unspecified element type.
 2025-08-11 11:21:28 -04:00
emteere
28313c6574 GP-5912 Adding SH2 GBR register to the preserved by call list 2025-08-07 12:44:05 +00:00
Ryan Kurtz
b76bbb843f Merge remote-tracking branch 'origin/GP-5853_Dan_ARM-VLD-and-VST--SQUASHED' 2025-07-29 10:35:14 -04:00
Dan
352fed0d95 GP-5853: Initial implementation of ARM Neon VLD/VSTn instructions. 2025-07-29 14:32:54 +00:00
RibShark
e7cad294c9
Fix 80251 "ANL Rm,#data" showing as "ADD" 
Should be self explanatory, looks like it was just a typo.
 2025-07-29 14:59:32 +01:00
RibShark
cca3fcc208
Fix ANL Areg,Data for 80251 in source mode 
ANL Areg,Data should be GROUP1 rather than GROUP2, the incorrect group causes the instruction to fail to decode on source mode 80251
 2025-07-29 14:57:07 +01:00
Ryan Kurtz
6c85ba4563 Merge remote-tracking branch 
'origin/GP-5759_ghidorahrex_PR-8192_p1pkin_sh4_fsca_fix' (Closes #8192)
 2025-07-29 09:12:19 -04:00
Ryan Kurtz
391a052e55 Merge remote-tracking branch 'origin/patch' 2025-07-29 09:10:56 -04:00
ghidorahrex
4abf6d55ad GP-5766: Fixed instruction AVX512 disassembly errors 2025-07-29 08:56:43 -04:00
Nicolas Iooss
24d19f6e8c Add eBPF ISA v4 instructions 
In 2023, the eBPF instruction set was modified to add several
instructions related to signed operations (load with sign-extension,
signed division, etc.), a 32-bit jump instruction and some byte-swap
instructions. This became version 4 of eBPF ISA.

Here are some references about this change:

- https://pchaigno.github.io/bpf/2021/10/20/ebpf-instruction-sets.html
  (a blog post about eBPF instruction set extensions)
- https://lore.kernel.org/bpf/4bfe98be-5333-1c7e-2f6d-42486c8ec039@meta.com/
  (documentation sent to Linux Kernel mailing list)
- https://www.rfc-editor.org/rfc/rfc9669.html#name-sign-extension-load-operati
  (IETF's BPF Instruction Set Architecture standard defined the new
  instructions)
- https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/kernel/bpf/core.c?h=v6.14#n1859
  (implementation of signed division and remainder in Linux kernel.
  This shows that 32-bit signed DIV and signed MOD are zero-extending
  the result in DST)
- https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/kernel/bpf/core.c?h=v6.14#n2135
  (implementation of signed memory load in Linux kernel)
- https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1f9a1ea821ff25353a0e80d971e7958cd55b47a3
  (commit which added signed memory load instructions in Linux kernel)

This can be tested with a recent enough version of clang and LLVM (this
works with clang 19.1.4 on Alpine 3.21).
For example for signed memory load instructions:

    signed int sext_8bit(signed char x) {
        return x;
    }

produces:

    $ clang -O0 -target bpf -mcpu=v4 -c test.c -o test.ebpf
    $ llvm-objdump -rd test.ebpf
    ...
    0000000000000000 <sext_8bit>:
           0:  73 1a ff ff 00 00 00 00  *(u8 *)(r10 - 0x1) = r1
           1:  91 a1 ff ff 00 00 00 00  r1 = *(s8 *)(r10 - 0x1)
           2:  bc 10 00 00 00 00 00 00  w0 = w1
           3:  95 00 00 00 00 00 00 00  exit

(The second instruction is a signed memory load)

Instruction MOVS (Sign extend register MOV) uses offset to encode the
conversion (whether the source register is to be considered as signed
8-bit, 16-bit or 32-bit integer). The mnemonic for these instructions is
quite unclear:

- They are all named MOVS in the proposal
  https://lore.kernel.org/bpf/4bfe98be-5333-1c7e-2f6d-42486c8ec039@meta.com/
- LLVM and Linux disassemblers only display pseudo-code (`r0 = (s8)r1`)
- RFC 9669 (https://datatracker.ietf.org/doc/rfc9669/) uses MOVSX for
  all instructions.
- GCC uses MOVS for all instructions:
  https://github.com/gcc-mirror/gcc/blob/releases/gcc-14.1.0/gcc/config/bpf/bpf.md?plain=1#L326-L365

To make the disassembled code clearer, decode such instructions with a
size suffix: MOVSB, MOVSH, MOVSW.

The decoding of instructions 32-bit JA, BSWAP16, BSWAP32 and BSWAP64 is
straightforward.
 2025-07-29 12:45:06 +00:00
Ryan Kurtz
1929357e1d Merge remote-tracking branch 'origin/patch' 2025-07-29 08:33:22 -04:00
Ryan Kurtz
0d8a39a07a Merge remote-tracking branch 
'origin/GP-5857_ghidorahrex_PR-7979_niooss-ledger_ebpf-fix-load-zext'
into patch (Closes #7979)
 2025-07-29 08:24:03 -04:00
Ryan Kurtz
b4239911c9 Merge remote-tracking branch 
'origin/GP-5858_ghidorahrex_PR-7929_niooss-ledger_fix-ebpf-call-operand'
into patch (Closes #7929)
 2025-07-29 08:21:27 -04:00
Ryan Kurtz
179263a592 Merge remote-tracking branch 
'origin/GP-5593_ghidorahrex_PR-7985_niooss-ledger_ebpf-fix-semantic-byte-swap-instructions'
into patch (Closes #7985)
 2025-07-29 08:19:37 -04:00
Ryan Kurtz
28b46c5c93 Merge remote-tracking branch 
'origin/GP-5336_ghidorahrex_PR-7065_philpem_6805_hcs08_xidx_fix' into
patch (Closes #7065, Closes #7064)
 2025-07-29 08:16:11 -04:00
Ryan Kurtz
ce924f8ab5 Merge remote-tracking branch 'origin/GP-4977_DescriptorDecoderFix' 2025-07-29 10:14:27 +00:00
caheckman
c05acfed1d Fix for testGetReturnTypeOfMethodDescriptor 2025-07-28 22:06:06 +00:00
Ryan Kurtz
1b7fae31f9 Merge remote-tracking branch 'origin/patch' 2025-07-28 17:28:07 +00:00
Dan
39c0a83c0c GP-5877: Fix Patch Instruction action in some Harvard architectures. 2025-07-28 15:48:40 +00:00
ghidra1
4a0e95ecd3 GP-3091 ppc64 ELF improvements for 32-bit addressing. Fixed default ELF 
GOT markup boundary condition.  Fixed improper EXTERNAL symbols with
.pltgot. prefix and duplication.
 2025-07-25 14:19:18 -04:00
Ryan Kurtz
cc177afc8f Merge remote-tracking branch 'origin/patch' 2025-07-21 13:17:27 -04:00
Ryan Kurtz
3cfa867ac3 Merge remote-tracking branch 'origin/GP-5843_emteere_MIPS64FunctionStarts' into patch 2025-07-21 13:14:06 -04:00
Ryan Kurtz
9628d10220 Merge remote-tracking branch 'origin/patch' 2025-07-18 15:21:52 -04:00
Ryan Kurtz
edf42d82d9 Merge remote-tracking branch 'origin/GP-5846_ghidra1_PPC64_ELFRelocations' into patch 2025-07-18 15:17:45 -04:00
ghidra1
006bd8d423 GP-5846 Corrected ELF PowerPC 64-bit relocation processing bugs 
affecting ELFv2 use and R_PPC64_JMP_SLOT relocation
 2025-07-18 12:00:34 -04:00
Ryan Kurtz
fde33a5821 Merge remote-tracking branch 'origin/patch' 2025-07-18 06:19:25 -04:00
Ryan Kurtz
e69ce4104b Merge remote-tracking branch 'origin/GP-5804_emteere_FixDefaultSymbolicPropRecordState' into patch 2025-07-18 06:15:13 -04:00
emteere
3468c4b502 GP-5843 Added MIPS64 function start patterns 2025-07-17 22:42:00 +00:00
Ryan Kurtz
88bfdeb429 Merge remote-tracking branch 'origin/GP-4356_ghintern_avr8_cspec--SQUASHED' 2025-07-17 06:19:47 -04:00
ghintern
991a4b440c GP-4356: fixes to avr8 cspec and elf extension, and additions to decompiler model rules 2025-07-16 20:22:28 +00:00
Ryan Kurtz
2c10392a79 Merge remote-tracking branch 'origin/GP-5211_ghintern_riscv_cspec--SQUASHED' 2025-07-16 13:31:25 -04:00