ghidra.program.model.mem.MemoryBlock Java Examples
The following examples show how to use
ghidra.program.model.mem.MemoryBlock.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ElfRelocationContext.java From ghidra with Apache License 2.0 | 6 votes |
/** * Dispose relocation context when processing of corresponding relocation table is complete. * Instance should be disposed to allow all program changes to be flushed prior to processing * a subsequent relocation table. */ public void dispose() { Listing listing = program.getListing(); try { String extendedBlockName = MemoryBlock.EXTERNAL_BLOCK_NAME + ".ext"; ProgramFragment extendedFragment = listing.getFragment("Program Tree", extendedBlockName); if (extendedFragment != null) { ProgramFragment externalFragment = listing.getFragment("Program Tree", MemoryBlock.EXTERNAL_BLOCK_NAME); if (externalFragment == null) { extendedFragment.setName(MemoryBlock.EXTERNAL_BLOCK_NAME); } else { externalFragment.move(extendedFragment.getMinAddress(), extendedFragment.getMaxAddress()); externalFragment.getParents()[0].removeChild(extendedBlockName); } } } catch (DuplicateNameException | NotEmptyException | NotFoundException e) { Msg.error(this, "Failed to reconcile extended EXTERNAL block fragment"); } }
Example #2
Source File: ObjectiveC2_ClassAnalyzer.java From ghidra with Apache License 2.0 | 6 votes |
private void processProtocolReferences(ObjectiveC2_State state) throws Exception { state.monitor.setMessage("Objective-C 2.0 Protocol References..."); MemoryBlock block = state.program.getMemory().getBlock(ObjectiveC2_Constants.OBJC2_PROTOCOL_REFS); if (block == null) { return; } ObjectiveC1_Utilities.clear(state, block); long count = block.getSize() / state.pointerSize; state.monitor.initialize((int) count); Address address = block.getStart(); for (int i = 0; i < count; ++i) { if (state.monitor.isCancelled()) { break; } state.monitor.setProgress(i); ObjectiveC1_Utilities.createPointerAndReturnAddressBeingReferenced(state.program, address); address = address.add(state.pointerSize); } }
Example #3
Source File: DwarfDecodeContext.java From ghidra with Apache License 2.0 | 6 votes |
/** * Constructs a Dwarf decode context. * @param program the program containing the encoded data * @param readAddr the address of the encoded data * @param ehBlock the exception handling memory block * @param entryPoint the associated function's entry point */ public DwarfDecodeContext(Program program, Address readAddr, MemoryBlock ehBlock, Address entryPoint) { if (program == null) { throw new NullPointerException("DwarfDecodeContext requires a program"); } if (readAddr == null) { throw new NullPointerException("DwarfDecodeContext requires an address"); } this.program = program; this.addr = readAddr; this.ehBlock = ehBlock; this.functionEntryPoint = entryPoint; }
Example #4
Source File: MipsAddressAnalyzer.java From ghidra with Apache License 2.0 | 6 votes |
Address MipsExtDisassembly(Program program, Instruction instruction, VarnodeContext context, Address target, TaskMonitor monitor) { if (target == null) { return null; } Address addr = flowISA(program, instruction, context, target); if (addr != null) { MemoryBlock block = program.getMemory().getBlock(addr); if (block == null || !block.isExecute() || !block.isInitialized() || block.getName().equals("EXTERNAL")) { return addr; } Disassembler dis = Disassembler.getDisassembler(program, monitor, null); AddressSet disassembleAddrs = dis.disassemble(addr, null); AutoAnalysisManager.getAnalysisManager(program).codeDefined(disassembleAddrs); } return addr; }
Example #5
Source File: PefLoader.java From ghidra with Apache License 2.0 | 6 votes |
/** * TODO determine how to correctly identify TOC location */ private void processTocSymbol(ContainerHeader header, Program program, ImportStateCache importState, MessageLog log, TaskMonitor monitor) { SymbolTable symbolTable = program.getSymbolTable(); List<SectionHeader> sections = header.getSections(); if (sections.size() < 2) { return; } SectionHeader dataSection = sections.get(1); if (!dataSection.isWrite()) {//is not a data section... return; } Address tocAddress = importState.getTocAddress(); if (tocAddress == null) { MemoryBlock dataBlock = importState.getMemoryBlockForSection(dataSection); tocAddress = dataBlock.getStart(); } try { symbolTable.createLabel(tocAddress, PefConstants.TOC, SourceType.IMPORTED); CreateDataCmd cmd = new CreateDataCmd(tocAddress, new PointerDataType()); cmd.applyTo(program); } catch (Exception e) { log.appendException(e); } }
Example #6
Source File: MemoryBlockMap.java From ghidra with Apache License 2.0 | 6 votes |
@Override public int getPixel(Address address) { if (address == null || pixels == null || blocks == null) { return -1; } int curPixel = 0; for (int i = 0; i < blocks.length; i++) { MemoryBlock block = blocks[i]; if (block.contains(address)) { long offset = address.subtract(block.getStart()); return curPixel + Math.round(offset / addressesPerPixel); } curPixel += pixels[i]; } return -1; }
Example #7
Source File: MemoryMergeManagerTest.java From ghidra with Apache License 2.0 | 6 votes |
@Test public void testNameConflictDoNotUseForAll() throws Exception { setupUseForAllConflicts(); merge(); // select each choice and don't UseForAll. selectButtonAndApply(MergeConstants.LATEST_TITLE, false); selectButtonAndApply(MergeConstants.MY_TITLE, false); selectButtonAndApply(MergeConstants.ORIGINAL_TITLE, false); waitForCompletion(); MemoryBlock[] blocks = resultProgram.getMemory().getBlocks(); assertEquals("LatestText", blocks[0].getName()); assertEquals("My_Data", blocks[1].getName()); assertEquals("comment (1)", blocks[2].getComment()); }
Example #8
Source File: TreeManagerTest.java From ghidra with Apache License 2.0 | 6 votes |
@Test public void testMoveBlockOverlap2() throws Exception { treeManager.createRootModule("Test-One"); addBlock("TestBlock", 0x5000, 0x100); MemoryBlock b2 = addBlock("TestTwoBlock", 0x6000, 0x200); addBlock("TestThreeBlock", 0x6500, 0x100); ProgramFragment fragB2 = treeManager.getFragment("Test-One", getAddr(0x6000)); assertEquals(getAddr(0x6000), fragB2.getMinAddress()); assertEquals(getAddr(0x61ff), fragB2.getMaxAddress()); // move b2 to 0x5600 treeManager.moveAddressRange(b2.getStart(), getAddr(0x5600), b2.getSize(), TaskMonitorAdapter.DUMMY_MONITOR); fragB2 = treeManager.getFragment("Test-One", getAddr(0x5600)); assertNotNull(fragB2); assertEquals(getAddr(0x5600), fragB2.getMinAddress()); assertEquals(getAddr(0x57ff), fragB2.getMaxAddress()); }
Example #9
Source File: MOD0Adapter.java From Ghidra-Switch-Loader with ISC License | 6 votes |
@Override public long getGotOffset() { MOD0Header mod0 = this.getMOD0(); if (mod0 == null) return 0; if (mod0.hasLibnxExtension()) { return mod0.getLibnxGotStart() + this.program.getImageBase().getOffset(); } MemoryBlock gotPlt = this.program.getMemory().getBlock(".got.plt"); if (gotPlt == null) return 0; return gotPlt.getEnd().getOffset() + 1; }
Example #10
Source File: ObjectiveC2_DecompilerMessageAnalyzer.java From ghidra with Apache License 2.0 | 6 votes |
private String getSuperClassName(Program program, Varnode input, Function function) { String name = null; SymbolTable symbolTable = program.getSymbolTable(); Namespace namespace = function.getParentNamespace(); SymbolIterator symbolIt = symbolTable.getSymbols(namespace.getName()); while (symbolIt.hasNext()) { Symbol symbol = symbolIt.next(); Address address = symbol.getAddress(); MemoryBlock block = program.getMemory().getBlock(address); if (isObjcDataBlock(block)) { Data data = program.getListing().getDataAt(address); Data superClassData = data.getComponent(1); name = getNameFromData(program, input, true, false, address, superClassData); } } return name; }
Example #11
Source File: DataPlugin.java From ghidra with Apache License 2.0 | 6 votes |
private int getDataTypeSize(Program program, DataType dataType, Address start) { int newSize = dataType.getLength(); if (newSize >= 0) { return newSize; } if (dataType instanceof Dynamic || dataType instanceof FactoryDataType) { MemoryBlock block = program.getMemory().getBlock(start); if (block == null || !block.isInitialized()) { tool.setStatusInfo( dataType.getName() + " may only be applied on initialized memory"); return -1; } } DataTypeInstance dataTypeInstance = DataTypeInstance.getDataTypeInstance(dataType, new DumbMemBufferImpl(program.getMemory(), start)); if (dataTypeInstance == null) { tool.setStatusInfo("Unallowed data type at " + start + ": " + dataType.getName()); return -1; } return dataTypeInstance.getLength(); }
Example #12
Source File: MemoryBlockUtilTest.java From ghidra with Apache License 2.0 | 6 votes |
@Test public void testUninitializedConflictMiddle() throws Exception { MemoryBlockUtils.createUninitializedBlock(prog, false, "a", space.getAddress(3000), 3000, "Acomment", "Asource", true, true, true, log); byte[] cdata = new byte[1000]; Arrays.fill(cdata, (byte) 0xc); MemoryBlockUtils.createInitializedBlock(prog, false, "c", space.getAddress(4000), new ByteArrayInputStream(cdata), 1000, "Ccomment", "Csource", false, false, false, log, TaskMonitor.DUMMY); MemoryBlock[] blocks = prog.getMemory().getBlocks(); assertEquals(2, blocks.length); assertEquals("a", blocks[0].getName()); assertEquals("c", blocks[1].getName()); assertEquals(3000, blocks[0].getSize()); assertEquals(1000, blocks[1].getSize()); assertTrue(!blocks[0].isInitialized()); assertTrue(blocks[1].isInitialized()); }
Example #13
Source File: GoToQuery.java From ghidra with Apache License 2.0 | 6 votes |
private boolean goToSymbolInMemoryBlock(String scopeName, String symbolStr, Program program) { List<Symbol> globalSymbols = program.getSymbolTable().getLabelOrFunctionSymbols(symbolStr, null); if (globalSymbols.isEmpty()) { return false; } List<Symbol> matchingSymbols = new ArrayList<>(); for (Symbol symbol : globalSymbols) { Address address = symbol.getAddress(); MemoryBlock block = program.getMemory().getBlock(address); if (block != null && block.getName().equals(scopeName)) { matchingSymbols.add(symbol); } } if (matchingSymbols.isEmpty()) { return false; } return gotoLabels(program, matchingSymbols); }
Example #14
Source File: AddBlockModelTest.java From ghidra with Apache License 2.0 | 6 votes |
@Test public void testCreateOverlayBlock2() throws Exception { model.setBlockName(".test"); model.setStartAddress(getAddr(0x01001000)); model.setLength(100); model.setBlockType(MemoryBlockType.DEFAULT); model.setOverlay(true); model.setInitializedType(InitializedType.INITIALIZED_FROM_VALUE); model.setInitialValue(0xa); assertTrue(model.execute()); MemoryBlock block = null; AddressSpace[] spaces = program.getAddressFactory().getAddressSpaces(); AddressSpace ovSpace = null; for (AddressSpace space : spaces) { if (space.isOverlaySpace()) { ovSpace = space; Address blockAddr = space.getAddress(0x1001000); block = program.getMemory().getBlock(blockAddr); break; } } assertNotNull(block); assertEquals((byte) 0xa, block.getByte(ovSpace.getAddress(0x1001000))); }
Example #15
Source File: PefLoader.java From ghidra with Apache License 2.0 | 6 votes |
private MemoryBlock makeFakeImportBlock(Program program, List<ImportedSymbol> symbols, MessageLog log, TaskMonitor monitor) { int size = symbols.size() * 4; if (size == 0) { return null; } Address start = getImportSectionAddress(program); try { return program.getMemory().createInitializedBlock("IMPORTS", start, size, (byte) 0x00, monitor, false); } catch (Exception e) { log.appendException(e); } return null; }
Example #16
Source File: InstructionSearchPlugin.java From ghidra with Apache License 2.0 | 6 votes |
/** * Returns true if the user has selected one and only one range of * instructions. * * If there are multiple ranges, this could be for two reasons: 1) the user * has (via the mouse) selected more than one set of address ranges, or 2) * the user selects a single region but that region spans memory blocks; * this would be interpreted by the program as being 2 distinct selection * ranges. In both of these cases, we throw an exception with a message that * the caller can log if desired. * * @param selection the program selection * @return true if the selection range is valid * @throws InvalidInputException */ private boolean isSelectionRangeValid(ProgramSelection selection) throws InvalidInputException { Set<String> blockNames = new HashSet<>(); AddressRangeIterator iter = selection.getAddressRanges(); while (iter.hasNext()) { AddressRange range = iter.next(); Address addr = range.getMinAddress(); MemoryBlock block = getCurrentProgram().getMemory().getBlock(addr); blockNames.add(block.getName()); } if (blockNames.size() > 1) { throw new InvalidInputException("Selection range cannot span memory blocks"); } if (selection.getNumAddressRanges() > 1) { throw new InvalidInputException("Selection cannot contain multiple address ranges"); } return selection.getNumAddressRanges() == 1; }
Example #17
Source File: ObjectiveC2_ClassAnalyzer.java From ghidra with Apache License 2.0 | 6 votes |
private void processNonLazyClassReferences(ObjectiveC2_State state) throws Exception { state.monitor.setMessage("Objective-C 2.0 Non-lazy Class Lists..."); MemoryBlock block = state.program.getMemory().getBlock(ObjectiveC2_Constants.OBJC2_NON_LAZY_CLASS_LIST); if (block == null) { return; } ObjectiveC1_Utilities.clear(state, block); long count = block.getSize() / state.pointerSize; state.monitor.initialize((int) count); Address address = block.getStart(); for (int i = 0; i < count; ++i) { if (state.monitor.isCancelled()) { break; } state.monitor.setProgress(i); ObjectiveC1_Utilities.createPointerAndReturnAddressBeingReferenced(state.program, address); address = address.add(state.pointerSize); } }
Example #18
Source File: MemoryBytePatternSearcher.java From ghidra with Apache License 2.0 | 6 votes |
private long getNumToSearch(Program program, AddressSetView searchSet) { long numAddresses = 0; MemoryBlock[] blocks = program.getMemory().getBlocks(); for (MemoryBlock block : blocks) { // check if entire block has anything that is searchable if (!block.isInitialized()) { continue; } if (doExecutableBlocksOnly && !block.isExecute()) { continue; } if (searchSet != null && !searchSet.isEmpty() && !searchSet.intersects(block.getStart(), block.getEnd())) { continue; } numAddresses += block.getSize(); } return numAddresses; }
Example #19
Source File: iOS_KextStubFixupAnalyzer.java From ghidra with Apache License 2.0 | 5 votes |
private void markupNonLazySymbolPointerSection(Program program, MemoryBlock block, TaskMonitor monitor) { ReferenceManager referenceManager = program.getReferenceManager(); Listing listing = program.getListing(); listing.clearCodeUnits(block.getStart(), block.getEnd(), false); Address address = block.getStart(); while (!monitor.isCancelled()) { if (address.compareTo(block.getEnd()) > 0) { break; } int length; try { Data data = listing.createData(address, new PointerDataType()); Reference[] references = data.getReferencesFrom(); for (Reference reference : references) { if (monitor.isCancelled()) { break; } referenceManager.delete(reference); } length = data.getLength(); } catch (Exception e) { return; } address = address.add(length); } }
Example #20
Source File: MemoryMergeManagerTest.java From ghidra with Apache License 2.0 | 5 votes |
@Test public void testNameConflictUseForAllPickMy() throws Exception { setupUseForAllConflicts(); merge(); // select My and UseForAll selectButtonAndUseForAllThenApply(MergeConstants.MY_TITLE, true); MemoryBlock[] blocks = resultProgram.getMemory().getBlocks(); assertEquals("My_Text", blocks[0].getName()); assertEquals("My_Data", blocks[1].getName()); assertEquals("My_Resource", blocks[2].getComment()); }
Example #21
Source File: ObjectiveC2_MessageAnalyzer.java From ghidra with Apache License 2.0 | 5 votes |
private boolean isCStringBlock(Program program, Address address) { MemoryBlock block = program.getMemory().getBlock(address); if (block != null) { if (block.getName().equals(SectionNames.TEXT_CSTRING)) { return true; } } return false; }
Example #22
Source File: MemoryTypeProgramLocationBasedTableColumn.java From ghidra with Apache License 2.0 | 5 votes |
private void updateForWrite(MemoryBlock block, StringBuffer buffy, StringBuffer tooltipBuffy) { if (block.isWrite()) { buffy.append("<b>W</b>"); tooltipBuffy.append("<image src=\"" + onIcon.getDescription() + "\">"); } else { buffy.append(HTMLUtilities.colorString(disabledColor, "W")); tooltipBuffy.append("<image src=\"" + offIcon.getDescription() + "\">"); } tooltipBuffy.append(HTMLUtilities.spaces(2)).append("Write<br>"); }
Example #23
Source File: BlockPanel.java From ghidra with Apache License 2.0 | 5 votes |
/** Creates labels for the block names */ private void buildLabels() { removeAll(); setLayout(null); Container parent = getParent(); MemoryBlock[] blocks = map.getBlocks(); if (blocks == null) { return; } for (MemoryBlock block : blocks) { JLabel label = new GDLabel(block.getName()); label.setFont(FONT); label.setHorizontalAlignment(SwingConstants.CENTER); label.setToolTipText(block.getName()); Rectangle rect = map.getBlockPosition(block); int height = getHeight(); int width = metrics.stringWidth(block.getName()); if (rect.width < width) { label.setText("..."); } int labelWidth = Math.min(rect.width, width); labelWidth = Math.max(labelWidth, 3); int labelHeight = height - 1; int x = rect.x + (rect.width - 1) / 2 - labelWidth / 2; int y = 0; label.setBounds(x, y, labelWidth, labelHeight); add(label); } invalidate(); if (parent != null) { parent.validate(); } }
Example #24
Source File: DexCondenseFillerBytesAnalyzer.java From ghidra with Apache License 2.0 | 5 votes |
@Override public boolean analyze( Program program, AddressSetView set, TaskMonitor monitor, MessageLog log ) throws Exception { AlignmentDataType alignmentDataType = new AlignmentDataType( ); Address address = toAddr( program, DexUtil.METHOD_ADDRESS ); MemoryBlock block = program.getMemory().getBlock( address ); if ( block == null ) { log.appendMsg( "Can't locate block with method byte code!" ); return false; } AddressSet blockSet = new AddressSet( block.getStart( ), block.getEnd( ) ); AddressSetView undefinedSet = program.getListing().getUndefinedRanges( blockSet, true, monitor ); monitor.setMaximum( undefinedSet.getNumAddressRanges() ); monitor.setProgress( 0 ); monitor.setMessage( "DEX: condensing filler bytes" ); AddressRangeIterator addressRanges = undefinedSet.getAddressRanges(); while ( addressRanges.hasNext( ) ) { monitor.checkCanceled( ); monitor.incrementProgress( 1 ); AddressRange addressRange = addressRanges.next(); if ( isRangeAllSameBytes( program, addressRange, (byte) 0xff, monitor ) ) { program.getListing().createData( addressRange.getMinAddress(), alignmentDataType, (int)addressRange.getLength() ); } } //collapseFillerBytes( program, monitor ); return true; }
Example #25
Source File: iOS_KextStubFixupAnalyzer.java From ghidra with Apache License 2.0 | 5 votes |
private Namespace getOrCreateNameSpace(Program program, MemoryBlock block) throws DuplicateNameException, InvalidInputException { SymbolTable symbolTable = program.getSymbolTable(); Namespace parent = program.getGlobalNamespace(); Namespace namespace = symbolTable.getNamespace(block.getName(), parent); if (namespace != null) { return namespace; } return symbolTable.createNameSpace(parent, block.getName(), SourceType.ANALYSIS); }
Example #26
Source File: MemoryMapProvider.java From ghidra with Apache License 2.0 | 5 votes |
/** * Merge the selected blocks. */ private void mergeBlocks() { ArrayList<MemoryBlock> blocks = new ArrayList<>(); int rows[] = memTable.getSelectedRows(); for (int element : rows) { MemoryBlock block = mapModel.getBlockAt(element); blocks.add(block); } memTable.clearSelection(); memManager.mergeBlocks(blocks); }
Example #27
Source File: DemangledThunk.java From ghidra with Apache License 2.0 | 5 votes |
private Function findThunkedFunction(Program program, Address thunkAddress, DemanglerOptions options, TaskMonitor monitor) throws Exception { // Safeguard: restrict to function contained within same block as thunk (may be unnecessary) MemoryBlock block = program.getMemory().getBlock(thunkAddress); if (block == null) { return null; } Symbol s = SymbolUtilities.getExpectedLabelOrFunctionSymbol(program, mangled, err -> Msg.warn(this, err)); if (s == null) { Address thunkedAddr = CreateThunkFunctionCmd.getThunkedAddr(program, thunkAddress, false); if (thunkedAddr != null) { s = program.getSymbolTable().getPrimarySymbol(thunkedAddr); } } if (s == null || !block.contains(s.getAddress())) { return null; } Address addr = s.getAddress(); DemanglerOptions subOptions = new DemanglerOptions(options); subOptions.setApplySignature(true); thunkedFunctionObject.applyTo(program, addr, subOptions, monitor); return program.getFunctionManager().getFunctionAt(addr); }
Example #28
Source File: ObjectiveC2_ClassAnalyzer.java From ghidra with Apache License 2.0 | 5 votes |
private void processImageInfo(ObjectiveC2_State state, BinaryReader reader) throws Exception { state.monitor.setMessage("Objective-C 2.0 Image Information..."); MemoryBlock block = state.program.getMemory().getBlock(ObjectiveC2_Constants.OBJC2_IMAGE_INFO); if (block == null) { return; } Address address = block.getStart(); reader.setPointerIndex(address.getOffset()); ObjectiveC2_ImageInfo imageInfo = new ObjectiveC2_ImageInfo(state, reader); imageInfo.applyTo(); }
Example #29
Source File: ObjectiveC2_MessageAnalyzer.java From ghidra with Apache License 2.0 | 5 votes |
private boolean isObjcDataBlock(Program program, Address address) { MemoryBlock block = program.getMemory().getBlock(address); if (block != null) { if (block.getName().equals(ObjectiveC2_Constants.OBJC2_DATA)) { return true; } } return false; }
Example #30
Source File: ObjectiveC2_DecompilerMessageAnalyzer.java From ghidra with Apache License 2.0 | 5 votes |
private boolean isClassNameBlock(MemoryBlock block) { if (block != null) { if (block.getName().equals("__objc_classname")) { return true; } } return false; }