yetangitu/ghidra
1
0
Fork 0
mirror of https://github.com/NationalSecurityAgency/ghidra.git synced 2025-10-06 03:50:02 +02:00
Code Issues Releases Wiki Activity
15577 commits 3 branches 48 tags 436 MiB
Commit graph

15577 commits

This branch
This branch
All branches
Author SHA1 Message Date
ghidra1
2f439d6909 GP-0 Set release version to 11.4.2 2025-07-30 10:11:39 -04:00
ghidra1
cc932b12b2 GP-5888 Corrected regression error in stack editor 2025-07-30 10:09:35 -04:00
ghizard
b85c2b5947 GP-5884 - PDB CPP - Reconstruct parent source order 2025-07-30 09:16:06 -04:00
Ryan Kurtz
369804843c GP-0: Fixing docker README file location 2025-07-30 07:56:15 -04:00
Ryan Kurtz
dbb9e7feee Merge remote-tracking branch 'origin/patch' 2025-07-29 15:34:48 -04:00
Ryan Kurtz
0d8f57ba2f Merge remote-tracking branch 'origin/GP-4400_ghintern_mlextension_improvements' 2025-07-29 15:22:49 -04:00
ghidra1
fe7cbd8ee8 GP-0 Updated ChangeHistory for 11.4.1 release 2025-07-29 14:31:09 -04:00
Ryan Kurtz
5712017eb1 Merge remote-tracking branch 'origin/GP-0_ryanmkurtz_extract' 2025-07-29 14:07:13 -04:00
ghidra1
bfd1e3dbea Merge remote-tracking branch 'origin/patch' 2025-07-29 14:03:18 -04:00
ghidra1
a3137e33d7 GP-5881 Corrected regression error with Structure editor change 2025-07-29 14:00:21 -04:00
James
168cbc7e7a GP-4400 minor tweaks 2025-07-29 17:47:44 +00:00
Ryan Kurtz
b239500645 GP-0: Adding instructions stating to not extract the Ghidra zip on top 
of an existing installation
 2025-07-29 11:29:32 -04:00
Ryan Kurtz
b76bbb843f Merge remote-tracking branch 'origin/GP-5853_Dan_ARM-VLD-and-VST--SQUASHED' 2025-07-29 10:35:14 -04:00
Dan
352fed0d95 GP-5853: Initial implementation of ARM Neon VLD/VSTn instructions. 2025-07-29 14:32:54 +00:00
RibShark
e7cad294c9
Fix 80251 "ANL Rm,#data" showing as "ADD" 
Should be self explanatory, looks like it was just a typo.
 2025-07-29 14:59:32 +01:00
RibShark
cca3fcc208
Fix ANL Areg,Data for 80251 in source mode 
ANL Areg,Data should be GROUP1 rather than GROUP2, the incorrect group causes the instruction to fail to decode on source mode 80251
 2025-07-29 14:57:07 +01:00
ghintern
efb837ef34 GP-4400: ML extension improvements 2025-07-29 13:47:26 +00:00
Ryan Kurtz
0af58800f5 Merge remote-tracking branch 'origin/GP-1-dragonmacher-review-tool-close-bug' 2025-07-29 09:45:21 -04:00
Ryan Kurtz
7fb7f5df1b Merge remote-tracking branch 'origin/GP-1-dragonmacher-action-context-fix' 2025-07-29 09:44:57 -04:00
Ryan Kurtz
c892ad1695 Merge remote-tracking branch 'origin/GP-1-dragonmacher-color-chooser-history-fix' 2025-07-29 09:44:28 -04:00
Ryan Kurtz
6c85ba4563 Merge remote-tracking branch 
'origin/GP-5759_ghidorahrex_PR-8192_p1pkin_sh4_fsca_fix' (Closes #8192)
 2025-07-29 09:12:19 -04:00
Ryan Kurtz
391a052e55 Merge remote-tracking branch 'origin/patch' 2025-07-29 09:10:56 -04:00
ghidorahrex
4abf6d55ad GP-5766: Fixed instruction AVX512 disassembly errors 2025-07-29 08:56:43 -04:00
Ryan Kurtz
9b8468b6b6 Merge remote-tracking branch 
'origin/GP-5592_ghidorahrex_PR-7982_niooss-ledger_ebpf-ISA-v4' into
patch (Closes #7982)
 2025-07-29 08:53:18 -04:00
Nicolas Iooss
24d19f6e8c Add eBPF ISA v4 instructions 
In 2023, the eBPF instruction set was modified to add several
instructions related to signed operations (load with sign-extension,
signed division, etc.), a 32-bit jump instruction and some byte-swap
instructions. This became version 4 of eBPF ISA.

Here are some references about this change:

- https://pchaigno.github.io/bpf/2021/10/20/ebpf-instruction-sets.html
  (a blog post about eBPF instruction set extensions)
- https://lore.kernel.org/bpf/4bfe98be-5333-1c7e-2f6d-42486c8ec039@meta.com/
  (documentation sent to Linux Kernel mailing list)
- https://www.rfc-editor.org/rfc/rfc9669.html#name-sign-extension-load-operati
  (IETF's BPF Instruction Set Architecture standard defined the new
  instructions)
- https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/kernel/bpf/core.c?h=v6.14#n1859
  (implementation of signed division and remainder in Linux kernel.
  This shows that 32-bit signed DIV and signed MOD are zero-extending
  the result in DST)
- https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/kernel/bpf/core.c?h=v6.14#n2135
  (implementation of signed memory load in Linux kernel)
- https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1f9a1ea821ff25353a0e80d971e7958cd55b47a3
  (commit which added signed memory load instructions in Linux kernel)

This can be tested with a recent enough version of clang and LLVM (this
works with clang 19.1.4 on Alpine 3.21).
For example for signed memory load instructions:

    signed int sext_8bit(signed char x) {
        return x;
    }

produces:

    $ clang -O0 -target bpf -mcpu=v4 -c test.c -o test.ebpf
    $ llvm-objdump -rd test.ebpf
    ...
    0000000000000000 <sext_8bit>:
           0:  73 1a ff ff 00 00 00 00  *(u8 *)(r10 - 0x1) = r1
           1:  91 a1 ff ff 00 00 00 00  r1 = *(s8 *)(r10 - 0x1)
           2:  bc 10 00 00 00 00 00 00  w0 = w1
           3:  95 00 00 00 00 00 00 00  exit

(The second instruction is a signed memory load)

Instruction MOVS (Sign extend register MOV) uses offset to encode the
conversion (whether the source register is to be considered as signed
8-bit, 16-bit or 32-bit integer). The mnemonic for these instructions is
quite unclear:

- They are all named MOVS in the proposal
  https://lore.kernel.org/bpf/4bfe98be-5333-1c7e-2f6d-42486c8ec039@meta.com/
- LLVM and Linux disassemblers only display pseudo-code (`r0 = (s8)r1`)
- RFC 9669 (https://datatracker.ietf.org/doc/rfc9669/) uses MOVSX for
  all instructions.
- GCC uses MOVS for all instructions:
  https://github.com/gcc-mirror/gcc/blob/releases/gcc-14.1.0/gcc/config/bpf/bpf.md?plain=1#L326-L365

To make the disassembled code clearer, decode such instructions with a
size suffix: MOVSB, MOVSH, MOVSW.

The decoding of instructions 32-bit JA, BSWAP16, BSWAP32 and BSWAP64 is
straightforward.
 2025-07-29 12:45:06 +00:00
Ryan Kurtz
1929357e1d Merge remote-tracking branch 'origin/patch' 2025-07-29 08:33:22 -04:00
Ryan Kurtz
0d8a39a07a Merge remote-tracking branch 
'origin/GP-5857_ghidorahrex_PR-7979_niooss-ledger_ebpf-fix-load-zext'
into patch (Closes #7979)
 2025-07-29 08:24:03 -04:00
Ryan Kurtz
b4239911c9 Merge remote-tracking branch 
'origin/GP-5858_ghidorahrex_PR-7929_niooss-ledger_fix-ebpf-call-operand'
into patch (Closes #7929)
 2025-07-29 08:21:27 -04:00
Ryan Kurtz
179263a592 Merge remote-tracking branch 
'origin/GP-5593_ghidorahrex_PR-7985_niooss-ledger_ebpf-fix-semantic-byte-swap-instructions'
into patch (Closes #7985)
 2025-07-29 08:19:37 -04:00
Ryan Kurtz
28b46c5c93 Merge remote-tracking branch 
'origin/GP-5336_ghidorahrex_PR-7065_philpem_6805_hcs08_xidx_fix' into
patch (Closes #7065, Closes #7064)
 2025-07-29 08:16:11 -04:00
Ryan Kurtz
ce924f8ab5 Merge remote-tracking branch 'origin/GP-4977_DescriptorDecoderFix' 2025-07-29 10:14:27 +00:00
dragonmacher
24532a377d Minor refactor for tool closing bug in extension apps 2025-07-28 18:18:04 -04:00
caheckman
c05acfed1d Fix for testGetReturnTypeOfMethodDescriptor 2025-07-28 22:06:06 +00:00
ghidra1
1449eef894 Merge remote-tracking branch 'origin/patch' 2025-07-28 17:03:48 -04:00
ghidra1
296778319e GP-5881 Minor Structure editor event handling improvement 2025-07-28 17:01:42 -04:00
ghidra1
a63b39d14f GP-0 Added exception detail for composite resolution error 2025-07-28 14:58:31 -04:00
Ryan Kurtz
47bd5a50cb Merge remote-tracking branch 
'origin/GP-5871_dev747368_dwarf_strings_charset_option' (Closes #8346)
 2025-07-28 17:29:11 +00:00
Ryan Kurtz
1b7fae31f9 Merge remote-tracking branch 'origin/patch' 2025-07-28 17:28:07 +00:00
Ryan Kurtz
1486a06165 Merge remote-tracking branch 
'origin/GP-5877_Dan_fixReDisassembler--SQUASHED' into patch
(Closes #8382)
 2025-07-28 17:25:05 +00:00
Ryan Kurtz
b729d9b217 Merge remote-tracking branch 
'origin/GP-5876-dragonmacher-vt-column-exception-patch' into patch
(Closes #8094)
 2025-07-28 17:23:02 +00:00
Ryan Kurtz
538ee96e69 GP-0: Fixing javadoc (Closes #8369) 2025-07-28 15:57:42 +00:00
Ryan Kurtz
67ba8d5f6b Merge remote-tracking branch 'origin/patch' 2025-07-28 15:49:57 +00:00
Dan
39c0a83c0c GP-5877: Fix Patch Instruction action in some Harvard architectures. 2025-07-28 15:48:40 +00:00
Ryan Kurtz
60ff7c9791 Merge remote-tracking branch 'origin/GP-5867_dev747368_dwarf_only_iterate_defined_dtc' into patch 2025-07-28 15:46:50 +00:00
Dan
851264808b GP-5795: Add a "Comment" column in the "Watches" table. 2025-07-28 15:29:01 +00:00
Ryan Kurtz
598efa66d9 Merge remote-tracking branch 'origin/patch' 2025-07-28 12:44:07 +00:00
Ryan Kurtz
6f339247ef Merge remote-tracking branch 
'origin/GP-5788_Dan_addActionForciblyCloseTxes--SQUASHED' into patch
(Closes #8298)
 2025-07-28 12:41:31 +00:00
Ryan Kurtz
790fe71c41 Merge remote-tracking branch 'origin/GP-5553_Dan_lessTimingOut' into patch 2025-07-28 12:39:41 +00:00
Ryan Kurtz
89534eecaf Merge remote-tracking branch 'origin/patch' 2025-07-28 12:34:13 +00:00
Ryan Kurtz
35202441cc Merge remote-tracking branch 
'origin/GP-5764_ghidra007_rttiscript_vfunctions_dont_force_thiscalls--SQUASHED'
into patch (Closes #8163)
 2025-07-28 12:32:06 +00:00