ghidra.app.util.opinion.BinaryLoader Java Examples

The following examples show how to use ghidra.app.util.opinion.BinaryLoader. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: PEUtil.java    From ghidra with Apache License 2.0 6 votes vote down vote up 
static public boolean canAnalyze(Program program) {
	String format = program.getExecutableFormat();
	if (format.equals(PeLoader.PE_NAME)) {
		return true;
	}
	if (format.equals(BinaryLoader.BINARY_NAME)) {
		MemoryByteProvider mbp =
			new MemoryByteProvider(program.getMemory(),
				program.getAddressFactory().getDefaultAddressSpace());
		try {
			FactoryBundledWithBinaryReader reader =
				new FactoryBundledWithBinaryReader(RethrowContinuesFactory.INSTANCE, mbp, true/*LittleEndian*/);
			DOSHeader dosHeader = DOSHeader.createDOSHeader(reader);
			if (dosHeader.e_magic() == DOSHeader.IMAGE_DOS_SIGNATURE) {
				int peHeaderStartIndex = dosHeader.e_lfanew();
				int peMagicNumber = reader.readInt(peHeaderStartIndex);
				if (peMagicNumber == Constants.IMAGE_NT_SIGNATURE) {
					return true;
				}
			}
		}
		catch (IOException e) {
		}
	}
	return false;
}
Example #2
Source File: ElfBinaryAnalysisCommand.java    From ghidra with Apache License 2.0 6 votes vote down vote up 
@Override
public boolean canApply(Program program) {
	try {
		Options options = program.getOptions("Program Information");
		String format = options.getString("Executable Format", null);
		if (!BinaryLoader.BINARY_NAME.equals(format)) {
			return false;
		}
		Memory memory = program.getMemory();
		byte[] magicBytes = new byte[ElfConstants.MAGIC_BYTES.length];
		memory.getBytes(program.getAddressFactory().getDefaultAddressSpace().getAddress(0),
			magicBytes);
		return Arrays.equals(magicBytes, ElfConstants.MAGIC_BYTES);
	}
	catch (Exception e) {
		return false;
	}
}
Example #3
Source File: MachoBinaryAnalysisCommand.java    From ghidra with Apache License 2.0 6 votes vote down vote up 
@Override
public boolean canApply(Program program) {
	try {
		Options options = program.getOptions("Program Information");
		String format = options.getString("Executable Format", null);
		if (!BinaryLoader.BINARY_NAME.equals(format)) {
			return false;
		}
		Memory memory = program.getMemory();
		Address address = getAddress(program);
		int magic = memory.getInt(address);
		return MachConstants.isMagic(magic);
	}
	catch (Exception e) {
	}
	return false;
}
Example #4
Source File: DyldCacheAnalyzer.java    From ghidra with Apache License 2.0 5 votes vote down vote up 
@Override
public boolean canAnalyze(Program program) {
	Options options = program.getOptions("Program Information");
	String format = options.getString("Executable Format", null);
	if (!BinaryLoader.BINARY_NAME.equals(format)) {
		return false;
	}
	return DyldCacheUtils.isDyldCache(program);
}
Example #5
Source File: ISO9660Analyzer.java    From ghidra with Apache License 2.0 4 votes vote down vote up 
private Offset checkSignatures(Program program) {
	int magicLen = ISO9660Constants.MAGIC_BYTES.length;
	byte[] signatureArray = new byte[magicLen];

	try {
		Options options = program.getOptions("Program Information");
		String format = options.getString("Executable Format", null);
		if (!BinaryLoader.BINARY_NAME.equals(format)) {
			return Offset.NotFound;
		}

		MemoryBlock[] blocks = program.getMemory().getBlocks();
		if (blocks.length != 1) {
			return Offset.NotFound;
		}

		AddressSpace addressSpace = program.getAddressFactory().getDefaultAddressSpace();
		if (!(blocks[0].getStart().getAddressSpace().equals(addressSpace))) {
			return Offset.NotFound;
		}

		long blockSize = blocks[0].getSize();

		//block must start at zero
		if (blocks[0].getStart().getOffset() != 0L) {
			return Offset.NotFound;
		}

		//is the block initialized
		if (!blocks[0].isInitialized()) {
			return Offset.NotFound;
		}

		ByteProvider provider = new MemoryByteProvider(program.getMemory(), addressSpace);
		BinaryReader reader = new BinaryReader(provider, true);

		//Make sure that the current programs max offset is at least big enough to check
		//for the ISO's max address location of a signature
		if (blockSize < ISO9660Constants.MIN_ISO_LENGTH1) {
			return Offset.NotFound;
		}

		//Check first possible signature location
		reader.setPointerIndex(ISO9660Constants.SIGNATURE_OFFSET1_0x8001);
		signatureArray = reader.readNextByteArray(magicLen);
		if (Arrays.equals(signatureArray, ISO9660Constants.MAGIC_BYTES)) {
			//Where to start the reader during mark up
			return Offset.Offset1;
		}

		if (blockSize < ISO9660Constants.MIN_ISO_LENGTH2) {
			return Offset.NotFound;
		}

		//Check second possible signature location
		reader.setPointerIndex(ISO9660Constants.SIGNATURE_OFFSET2_0x8801);
		signatureArray = reader.readNextByteArray(magicLen);
		if (Arrays.equals(signatureArray, ISO9660Constants.MAGIC_BYTES)) {
			//Where to start the reader during mark up
			return Offset.Offset2;
		}

		if (blockSize < ISO9660Constants.MIN_ISO_LENGTH3) {
			return Offset.NotFound;
		}
		//Check third possible signature location
		reader.setPointerIndex(ISO9660Constants.SIGNATURE_OFFSET3_0x9001);
		signatureArray = reader.readNextByteArray(magicLen);
		if (Arrays.equals(signatureArray, ISO9660Constants.MAGIC_BYTES)) {
			//Where to start the reader during mark up
			return Offset.Offset3;
		}

	}
	catch (Exception e) {
		Msg.error(this, "Error when checking for ISO9660 file signatures", e);
	}

	//Signature is not found at any of the three possible address locations
	return Offset.NotFound;
}
Example #6
Source File: HeadlessAnalyzer.java    From ghidra with Apache License 2.0 4 votes vote down vote up 
private Program loadProgram(File file) throws VersionException, InvalidNameException,
		DuplicateNameException, CancelledException, IOException {

	MessageLog messageLog = new MessageLog();
	Program program = null;

	// NOTE: we must pass a null DomainFolder to the AutoImporter so as not to
	// allow the DomainFile to be saved at this point.  DomainFile should be 
	// saved after all applicable analysis/scripts are run.

	if (options.loaderClass == null) {
		// User did not specify a loader
		if (options.language == null) {
			program = AutoImporter.importByUsingBestGuess(file, null, this, messageLog,
				TaskMonitor.DUMMY);
		}
		else {
			program = AutoImporter.importByLookingForLcs(file, null, options.language,
				options.compilerSpec, this, messageLog, TaskMonitor.DUMMY);
		}
	}
	else {
		// User specified a loader
		if (options.language == null) {
			program = AutoImporter.importByUsingSpecificLoaderClass(file, null,
				options.loaderClass, options.loaderArgs, this, messageLog, TaskMonitor.DUMMY);
		}
		else {
			program = AutoImporter.importByUsingSpecificLoaderClassAndLcs(file, null,
				options.loaderClass, options.loaderArgs, options.language, options.compilerSpec,
				this, messageLog, TaskMonitor.DUMMY);
		}
	}

	if (program == null) {
		Msg.error(this, "The AutoImporter could not successfully load " +
			file.getAbsolutePath() +
			" with the provided import parameters. Please ensure that any specified" +
			" processor/cspec arguments are compatible with the loader that is used during" +
			" import and try again.");

		if (options.loaderClass != null && options.loaderClass != BinaryLoader.class) {
			Msg.error(this,
				"NOTE: Import failure may be due to missing opinion for \"" +
					options.loaderClass.getSimpleName() +
					"\". If so, please contact Ghidra team for assistance.");
		}

		return null;
	}

	return program;
}