yetangitu/ghidra
1
0
Fork 0
mirror of https://github.com/NationalSecurityAgency/ghidra.git synced 2025-10-03 09:49:23 +02:00
Code Issues Releases Wiki Activity
15301 commits 3 branches 48 tags 428 MiB
Commit graph

15301 commits

This branch
This branch
All branches
Author SHA1 Message Date
dev747368
e908ab6fbf DWARF expression handling refactor 
Cleanup logic of expression evaluation, stub out resolution of register
values to a callback in case we want to use constant propagation to try
to allow successful calculations, and add support for default static
values for treating an arch's stack frame register (e.g. RBP) like the
static CFA value we already have support for.

Add option to decorate params and local vars with their DWARF storage
location info.

Handle arrays with unspecified element type.
 2025-08-11 11:21:28 -04:00
Ryan Kurtz
483cd9a799 Merge remote-tracking branch 'origin/GP-5795_Dan_commentColumnForWatch' 
(Closes #8302)
 2025-08-06 09:13:44 -04:00
Ryan Kurtz
31dc3a2f11 Merge remote-tracking branch 'origin/GP-5911_dev747368_fix_windows_rootdir_naming' 2025-08-05 13:55:14 -04:00
dev747368
285fe59bcb GP-5911 fix FS & drive letter root dir lookup problem. 
Looking up "c:/" would treat it as the global "/" root dir.
 2025-08-05 17:25:58 +00:00
Ryan Kurtz
e01d4b3710 Merge remote-tracking branch 
'origin/GP-5898_dev747368_faster_jythonplugin_startup' (#7887)
 2025-08-05 12:44:14 -04:00
Ryan Kurtz
ef3bd8b2b7 Merge remote-tracking branch 'origin/GP-4478_ghidranoob_Assembler_F1Help--SQUASHED' 2025-08-04 15:14:25 -04:00
ghidranoob
6096a50042 GP-4478: More review changes 
GP-4478: Review changes
GP-4478 Add help to assembler
Add help to assembler
Initial commit
 2025-08-04 14:41:28 -04:00
Ryan Kurtz
e90c852353 GP-0: Removing use of deprecated Validate.nonNull() 2025-08-04 07:17:08 -04:00
Ryan Kurtz
a60e2d8637 GP-0: Upping Gradle wrapper to 9.0.0 2025-08-04 06:48:15 -04:00
Ryan Kurtz
3307a0b06b Merge remote-tracking branch 'origin/patch' 2025-08-04 06:26:27 -04:00
Ryan Kurtz
22de131dd0 Merge branch 'GP-5901_ryanmkurtz_gradle9' into patch 2025-08-04 06:22:05 -04:00
Ryan Kurtz
2180fd2851 GP-5901: Support for Gradle 9.0.0 2025-08-04 06:21:21 -04:00
Ryan Kurtz
18f7ed85da Merge remote-tracking branch 'origin/GP-5869_DecompilerIndexAndShift' 
(Closes #7474)
 2025-08-01 12:58:25 -04:00
Ryan Kurtz
0a97fd8feb Merge branch 'GP-0_ryanmkurtz_PR-8404_gemesa_bsim-cmd-line-ref' 2025-08-01 06:37:56 -04:00
Andras Gemes
42bc550c0b
BSim: Remove extra characters in CommandLineReference.html 2025-08-01 09:05:51 +02:00
caheckman
943ccd322d GP-5869 Fix for some out of bounds array indices and shift amounts 2025-07-31 22:56:19 +00:00
dev747368
9550bef788 GP-5898 speed up JythonPlugin startup 
Delay printing welcome text until the console is displayed.
 2025-07-31 20:33:09 +00:00
Ryan Kurtz
213a9e48cc Merge remote-tracking branch 'origin/GP-0_ghidragon_splash_screen_update' 2025-07-31 15:25:42 -04:00
Ryan Kurtz
49bdfd8df4 Merge remote-tracking branch 
'origin/GP-5807-dragonmacher-file-choose-slowness--SQUASHED'
(Closes #8284, Closes #4725)
 2025-07-31 15:21:25 -04:00
Ryan Kurtz
c311ecd87d Merge remote-tracking branch 'origin/patch' 2025-07-31 14:14:58 -04:00
ghidra1
ada4b5c4ae GP-0 Update Ghidra patch version to 11.4.2 2025-07-31 13:52:18 -04:00
ghidra1
da059ed907 GP-0 Reverted version to 11.4.1 for patch release 2025-07-31 11:21:23 -04:00
dragonmacher
7202703a60 GP-5807 - File Chooser - Large directory speed ups 2025-07-31 10:44:36 -04:00
Ryan Kurtz
3c0a0fa063 Merge remote-tracking branch 'origin/patch' 2025-07-30 16:17:49 -04:00
Ryan Kurtz
7426d4b685 Merge remote-tracking branch 'origin/GP-5884_ghizard_PDB_CPP_Reconstruct_parent_source_order' 2025-07-30 15:15:03 -04:00
ghidragon
66421c88f9 Tweaks to SplashScreen 2025-07-30 14:46:33 -04:00
ghidra1
2f439d6909 GP-0 Set release version to 11.4.2 2025-07-30 10:11:39 -04:00
ghidra1
cc932b12b2 GP-5888 Corrected regression error in stack editor 2025-07-30 10:09:35 -04:00
ghizard
b85c2b5947 GP-5884 - PDB CPP - Reconstruct parent source order 2025-07-30 09:16:06 -04:00
Ryan Kurtz
369804843c GP-0: Fixing docker README file location 2025-07-30 07:56:15 -04:00
Ryan Kurtz
dbb9e7feee Merge remote-tracking branch 'origin/patch' 2025-07-29 15:34:48 -04:00
Ryan Kurtz
0d8f57ba2f Merge remote-tracking branch 'origin/GP-4400_ghintern_mlextension_improvements' 2025-07-29 15:22:49 -04:00
ghidra1
fe7cbd8ee8 GP-0 Updated ChangeHistory for 11.4.1 release 2025-07-29 14:31:09 -04:00
Ryan Kurtz
5712017eb1 Merge remote-tracking branch 'origin/GP-0_ryanmkurtz_extract' 2025-07-29 14:07:13 -04:00
ghidra1
bfd1e3dbea Merge remote-tracking branch 'origin/patch' 2025-07-29 14:03:18 -04:00
ghidra1
a3137e33d7 GP-5881 Corrected regression error with Structure editor change 2025-07-29 14:00:21 -04:00
James
168cbc7e7a GP-4400 minor tweaks 2025-07-29 17:47:44 +00:00
Ryan Kurtz
b239500645 GP-0: Adding instructions stating to not extract the Ghidra zip on top 
of an existing installation
 2025-07-29 11:29:32 -04:00
Ryan Kurtz
b76bbb843f Merge remote-tracking branch 'origin/GP-5853_Dan_ARM-VLD-and-VST--SQUASHED' 2025-07-29 10:35:14 -04:00
Dan
352fed0d95 GP-5853: Initial implementation of ARM Neon VLD/VSTn instructions. 2025-07-29 14:32:54 +00:00
ghintern
efb837ef34 GP-4400: ML extension improvements 2025-07-29 13:47:26 +00:00
Ryan Kurtz
0af58800f5 Merge remote-tracking branch 'origin/GP-1-dragonmacher-review-tool-close-bug' 2025-07-29 09:45:21 -04:00
Ryan Kurtz
7fb7f5df1b Merge remote-tracking branch 'origin/GP-1-dragonmacher-action-context-fix' 2025-07-29 09:44:57 -04:00
Ryan Kurtz
c892ad1695 Merge remote-tracking branch 'origin/GP-1-dragonmacher-color-chooser-history-fix' 2025-07-29 09:44:28 -04:00
Ryan Kurtz
6c85ba4563 Merge remote-tracking branch 
'origin/GP-5759_ghidorahrex_PR-8192_p1pkin_sh4_fsca_fix' (Closes #8192)
 2025-07-29 09:12:19 -04:00
Ryan Kurtz
391a052e55 Merge remote-tracking branch 'origin/patch' 2025-07-29 09:10:56 -04:00
ghidorahrex
4abf6d55ad GP-5766: Fixed instruction AVX512 disassembly errors 2025-07-29 08:56:43 -04:00
Ryan Kurtz
9b8468b6b6 Merge remote-tracking branch 
'origin/GP-5592_ghidorahrex_PR-7982_niooss-ledger_ebpf-ISA-v4' into
patch (Closes #7982)
 2025-07-29 08:53:18 -04:00
Nicolas Iooss
24d19f6e8c Add eBPF ISA v4 instructions 
In 2023, the eBPF instruction set was modified to add several
instructions related to signed operations (load with sign-extension,
signed division, etc.), a 32-bit jump instruction and some byte-swap
instructions. This became version 4 of eBPF ISA.

Here are some references about this change:

- https://pchaigno.github.io/bpf/2021/10/20/ebpf-instruction-sets.html
  (a blog post about eBPF instruction set extensions)
- https://lore.kernel.org/bpf/4bfe98be-5333-1c7e-2f6d-42486c8ec039@meta.com/
  (documentation sent to Linux Kernel mailing list)
- https://www.rfc-editor.org/rfc/rfc9669.html#name-sign-extension-load-operati
  (IETF's BPF Instruction Set Architecture standard defined the new
  instructions)
- https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/kernel/bpf/core.c?h=v6.14#n1859
  (implementation of signed division and remainder in Linux kernel.
  This shows that 32-bit signed DIV and signed MOD are zero-extending
  the result in DST)
- https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/kernel/bpf/core.c?h=v6.14#n2135
  (implementation of signed memory load in Linux kernel)
- https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1f9a1ea821ff25353a0e80d971e7958cd55b47a3
  (commit which added signed memory load instructions in Linux kernel)

This can be tested with a recent enough version of clang and LLVM (this
works with clang 19.1.4 on Alpine 3.21).
For example for signed memory load instructions:

    signed int sext_8bit(signed char x) {
        return x;
    }

produces:

    $ clang -O0 -target bpf -mcpu=v4 -c test.c -o test.ebpf
    $ llvm-objdump -rd test.ebpf
    ...
    0000000000000000 <sext_8bit>:
           0:  73 1a ff ff 00 00 00 00  *(u8 *)(r10 - 0x1) = r1
           1:  91 a1 ff ff 00 00 00 00  r1 = *(s8 *)(r10 - 0x1)
           2:  bc 10 00 00 00 00 00 00  w0 = w1
           3:  95 00 00 00 00 00 00 00  exit

(The second instruction is a signed memory load)

Instruction MOVS (Sign extend register MOV) uses offset to encode the
conversion (whether the source register is to be considered as signed
8-bit, 16-bit or 32-bit integer). The mnemonic for these instructions is
quite unclear:

- They are all named MOVS in the proposal
  https://lore.kernel.org/bpf/4bfe98be-5333-1c7e-2f6d-42486c8ec039@meta.com/
- LLVM and Linux disassemblers only display pseudo-code (`r0 = (s8)r1`)
- RFC 9669 (https://datatracker.ietf.org/doc/rfc9669/) uses MOVSX for
  all instructions.
- GCC uses MOVS for all instructions:
  https://github.com/gcc-mirror/gcc/blob/releases/gcc-14.1.0/gcc/config/bpf/bpf.md?plain=1#L326-L365

To make the disassembled code clearer, decode such instructions with a
size suffix: MOVSB, MOVSH, MOVSW.

The decoding of instructions 32-bit JA, BSWAP16, BSWAP32 and BSWAP64 is
straightforward.
 2025-07-29 12:45:06 +00:00
Ryan Kurtz
1929357e1d Merge remote-tracking branch 'origin/patch' 2025-07-29 08:33:22 -04:00