ghidra.program.model.symbol.RefType Java Examples

private void checkStackOffsetAssignment(PcodeOp op, Varnode value, TaskMonitor monitor)
		throws CancelledException {
	if (analyzer == null || !(value instanceof VarnodeOperation)) {
		return;
	}
	Varnode output = op.getOutput();
	if (output == null || output.isUnique()) {
		return;
	}
	FrameNode frameNode = ContextState.getFrameNode(value, program.getLanguage());
	if (frameNode == null || !getStackPointerVarnode().equals(frameNode.getFramePointer())) {
		return;
	}
	Varnode[] inputs = op.getInputs();
	for (Varnode input : inputs) {
		if (input.isConstant() || (input.isUnique() && inputs.length != 1)) {
			continue;
		}
		int opIndex = findOpIndex(op, input);
		if (opIndex >= 0) {
			analyzer.stackReference(op, opIndex, (int) frameNode.getFrameOffset(), -1, -1,
				RefType.DATA, monitor);
			return;
		}
	}
}
 

private int computedCall(int from, int to) throws Exception {
	int thisInstructionsSize = 5;

	String fromString = "0x" + Integer.toHexString(from);
	String toString = "0x" + Integer.toHexString(to);
	String endString = "0x" + Integer.toHexString(from + thisInstructionsSize - 1);

	int distance = to - from - thisInstructionsSize;

	byte[] bytes = new byte[thisInstructionsSize];
	bytes[0] = (byte) 0xe8; // Unconditional Call. (and just force computed call ref type.)
	dataConverter.getBytes(distance, bytes, 1);
	clearCodeUnits(fromString, endString, false);
	setBytes(fromString, bytes, true);
	createMemoryReference(fromString, toString, RefType.COMPUTED_CALL, SourceType.ANALYSIS, 0);

	return thisInstructionsSize; // instruction size in bytes.
}
 

/**
 * A method to create dummy edges (with dummy vertices).  This is used to add entry and 
 * exit vertices as needed when a user grouping operation has consumed the entries or exits.
 * The returned edge will connect the current vertex containing the exit to a new dummy 
 * vertex that is a sink for the graph.   Calling this method does not mutate this graph.
 * 
 * @return the edge
 */
public Set<FGEdge> createDummySinks() {

	Set<FGEdge> dummyEdges = new HashSet<>();
	Set<FGVertex> exits = getExitPoints();
	for (FGVertex exit : exits) {
		AbstractFunctionGraphVertex abstractVertex = (AbstractFunctionGraphVertex) exit;
		FGController controller = abstractVertex.getController();
		ListingFunctionGraphVertex newExit = new ListingFunctionGraphVertex(controller,
			abstractVertex.getAddresses(), RefType.UNCONDITIONAL_JUMP, true);
		newExit.setVertexType(FGVertexType.EXIT);
		FGVertex groupVertex = getVertexForAddress(exit.getVertexAddress());
		FGEdgeImpl edge =
			new FGEdgeImpl(groupVertex, newExit, RefType.UNCONDITIONAL_JUMP, options);
		dummyEdges.add(edge);
	}

	return dummyEdges;
}
 

/**
 * A method to create dummy edges (with dummy vertices).  This is used to add entry and 
 * exit vertices as needed when a user grouping operation has consumed the entries or exits.
 * The returned edge will connect the current vertex containing the entry to a new dummy 
 * vertex that is a source for the graph.   Calling this method does not mutate this graph.
 * 
 * @return the edge
 */
public Set<FGEdge> createDummySources() {

	Set<FGEdge> dummyEdges = new HashSet<>();
	Set<FGVertex> entries = getEntryPoints();
	for (FGVertex entry : entries) {
		AbstractFunctionGraphVertex abstractVertex = (AbstractFunctionGraphVertex) entry;
		FGController controller = abstractVertex.getController();
		ListingFunctionGraphVertex newEntry = new DummyListingFGVertex(controller,
			abstractVertex.getAddresses(), RefType.UNCONDITIONAL_JUMP, true);
		newEntry.setVertexType(FGVertexType.ENTRY);
		FGVertex groupVertex = getVertexForAddress(entry.getVertexAddress());
		FGEdgeImpl edge =
			new FGEdgeImpl(newEntry, groupVertex, RefType.UNCONDITIONAL_JUMP, options);
		dummyEdges.add(edge);
	}

	return dummyEdges;
}
 

private int conditionalJump(int from, int to) throws Exception {
	int thisInstructionsSize = 2;

	String fromString = "0x" + Integer.toHexString(from);
	String toString = "0x" + Integer.toHexString(to);
	String endString = "0x" + Integer.toHexString(from + thisInstructionsSize - 1);

	int distance = to - from - thisInstructionsSize;

	byte[] bytes = new byte[thisInstructionsSize];
	bytes[0] = (byte) 0x74; // Conditional Jump.(jump short if equal)
	bytes[1] = (byte) distance;
	clearCodeUnits(fromString, endString, false);
	setBytes(fromString, bytes, true);
	createMemoryReference(fromString, toString, RefType.CONDITIONAL_JUMP, SourceType.ANALYSIS,
		0);

	return thisInstructionsSize; // instruction size in bytes.
}
 

private void checkForIndirectCallFlow(PseudoInstruction inst, FlowType flowType) {
	if (!flowType.isComputed() || flowType.isConditional()) {
		return;
	}
	for (int opIndex = 0; opIndex < inst.getNumOperands(); opIndex++) {
		RefType operandRefType = inst.getOperandRefType(opIndex);
		if (operandRefType.isIndirect()) {
			Address addr = inst.getAddress(opIndex);
			if (addr != null) {
				Function refFunc = program.getFunctionManager().getReferencedFunction(addr);
				if (refFunc != null && refFunc.hasNoReturn()) {
					inst.setFlowOverride(FlowOverride.CALL_RETURN);
					break;
				}
			}
		}
	}
}
 

@Override
public Address getOverridingReference(RefType type) {
	if (!type.isOverride()) {
		return null;
	}
	Address overrideAddress = null;
	for (Reference ref : primaryOverridingReferences) {
		if (ref.getReferenceType().equals(type)) {
			if (overrideAddress == null) {
				overrideAddress = ref.getToAddress();
			}
			else {
				return null; //only allow one primary reference of each type
			}
		}
	}
	return overrideAddress;
}
 

/**
 * This constructor caches the primary and overriding "from" references of {@code instr}.  
 * This cache is never updated; the assumption is that this object is short-lived 
 * (duration of {@link PcodeEmit})  
 * @param instr the instruction
 */
public InstructionPcodeOverride(Instruction instr) {
	this.instr = instr;

	primaryOverridingReferences = new ArrayList<>();
	for (Reference ref : instr.getReferencesFrom()) {
		if (!ref.isPrimary() || !ref.getToAddress().isMemoryAddress()) {
			continue;
		}
		RefType type = ref.getReferenceType();
		if (type.isOverride()) {
			primaryOverridingReferences.add(ref);
		}
		else if (type.isCall() && primaryCallAddress == null) {
			primaryCallAddress = ref.getToAddress();
		}
	}
}
 

private int unconditionalJump(int from, int to) throws Exception {
	int thisInstructionsSize = 2;

	String fromString = "0x" + Integer.toHexString(from);
	String toString = "0x" + Integer.toHexString(to);
	String endString = "0x" + Integer.toHexString(from + thisInstructionsSize - 1);

	int distance = to - from - thisInstructionsSize;

	byte[] bytes = new byte[thisInstructionsSize];
	bytes[0] = (byte) 0xeb; // Unconditional Jump.
	bytes[1] = (byte) distance;
	clearCodeUnits(fromString, endString, false);
	setBytes(fromString, bytes, true);
	createMemoryReference(fromString, toString, RefType.UNCONDITIONAL_JUMP,
		SourceType.ANALYSIS, 0);

	return thisInstructionsSize; // instruction size in bytes.
}
 

private int computedJump(int from, int to) throws Exception {
	int thisInstructionsSize = 2;

	String fromString = "0x" + Integer.toHexString(from);
	String toString = "0x" + Integer.toHexString(to);
	String endString = "0x" + Integer.toHexString(from + thisInstructionsSize - 1);

	int distance = to - from - thisInstructionsSize;

	byte[] bytes = new byte[thisInstructionsSize];
	bytes[0] = (byte) 0xeb; // Unconditional Jump. (and just force computed jump ref type.)
	bytes[1] = (byte) distance;
	clearCodeUnits(fromString, endString, false);
	setBytes(fromString, bytes, true);
	createMemoryReference(fromString, toString, RefType.COMPUTED_JUMP, SourceType.ANALYSIS, 0);

	return thisInstructionsSize; // instruction size in bytes.
}
 

private int conditionalCall(int from, int to) throws Exception {
	int thisInstructionsSize = 5;

	String fromString = "0x" + Integer.toHexString(from);
	String toString = "0x" + Integer.toHexString(to);
	String endString = "0x" + Integer.toHexString(from + thisInstructionsSize - 1);

	int distance = to - from - thisInstructionsSize;

	byte[] bytes = new byte[thisInstructionsSize];
	bytes[0] = (byte) 0xe8; // Unconditional Call. (and just force conditional call ref type.)
	dataConverter.getBytes(distance, bytes, 1);
	clearCodeUnits(fromString, endString, false);
	setBytes(fromString, bytes, true);
	createMemoryReference(fromString, toString, RefType.CONDITIONAL_CALL, SourceType.ANALYSIS,
		0);

	return thisInstructionsSize; // instruction size in bytes.
}
 

private int unconditionalCall(int from, int to) throws Exception {
	int thisInstructionsSize = 5;

	String fromString = "0x" + Integer.toHexString(from);
	String toString = "0x" + Integer.toHexString(to);
	String endString = "0x" + Integer.toHexString(from + thisInstructionsSize - 1);

	int distance = to - from - thisInstructionsSize;

	byte[] bytes = new byte[thisInstructionsSize];
	bytes[0] = (byte) 0xe8; // Unconditional Call.
	dataConverter.getBytes(distance, bytes, 1);
	clearCodeUnits(fromString, endString, false);
	setBytes(fromString, bytes, true);
	createMemoryReference(fromString, toString, RefType.UNCONDITIONAL_CALL,
		SourceType.ANALYSIS, 0);

	return thisInstructionsSize; // instruction size in bytes.
}
 

/**
 * Create the data field for the exception handler frame pointer. Also create the associated 
 * reference, and add an identifying comment.
 * 
 * @param curAddress address of the frame pointer field
 * @param eh_frame_hdr the frame header with encoding information
 * @param curMemBlock the memory block containing this header
 * @return the next address after the frame pointer field
 * @throws MemoryAccessException if the field's memory can't be read
 */
private Address processEncodedFramePointer(Address curAddress,
		ExceptionHandlerFrameHeader eh_frame_hdr, MemoryBlock curMemBlock)
		throws MemoryAccessException {

	/* Create the encoded Exception Handler Frame Pointer */
	DwarfEHDecoder frmPtrDecoder =
		DwarfDecoderFactory.getDecoder(eh_frame_hdr.getEh_FramePtrEncoding());
	Address frmPtrAddr =
		frmPtrDecoder.decodeAddress(new DwarfDecodeContext(program, curAddress, curMemBlock));

	program.getReferenceManager().addMemoryReference(curAddress, frmPtrAddr, RefType.DATA,
		SourceType.ANALYSIS, 0);

	DataType frmPtrDataType = frmPtrDecoder.getDataType(program);

	CreateDataCmd dataCmd = new CreateDataCmd(curAddress, frmPtrDataType);
	dataCmd.applyTo(program);

	SetCommentCmd commentCmd =
		new SetCommentCmd(curAddress, CodeUnit.EOL_COMMENT, "Encoded eh_frame_ptr");
	commentCmd.applyTo(program);

	curAddress = curAddress.add(frmPtrDataType.getLength());
	return curAddress;
}
 

private void createOffcutFunctionReference(Function function, Address fromAddress) {

		Address entryPoint = function.getEntryPoint();
		Address oneByteOff = entryPoint.add(1);

		AddMemRefCmd addRefCmd = new AddMemRefCmd(fromAddress, oneByteOff,
			RefType.UNCONDITIONAL_CALL, SourceType.ANALYSIS, 0);

		RemoveAllReferencesCmd removeRefsCmd = new RemoveAllReferencesCmd(fromAddress);

		int ID = program.startTransaction("Test - Create Reference");
		try {
			removeRefsCmd.applyTo(program);
			addRefCmd.applyTo(program);
		}
		finally {
			program.endTransaction(ID, true);
		}

		program.flushEvents();
		waitForPostedSwingRunnables();
	}
 

private void createStructureInStructure() {
	int id = program.startTransaction("Structure");

	Structure struct = new StructureDataType("ParentStructure", 0);
	Structure child = new StructureDataType("ChildStructure", 0);
	child.add(new ByteDataType());
	child.add(new ByteDataType());

	struct.add(child);
	struct.add(new ByteDataType()); // a child below the first child structure

	CreateStructureCmd cmd = new CreateStructureCmd(struct, addr(NESTED_STRUCT_ADDR));

	cmd.applyTo(program);
	program.endTransaction(id, true);

	// structure at 100101b - create refs to the parent structure and to the
	// child structure (this will be offcut at the parent level), and an element below the
	// first child structure.
	builder.createMemoryReference("1001012", NESTED_STRUCT_ADDR, RefType.DATA,
		SourceType.DEFAULT, 0);
	builder.createMemoryReference("1001013", "100101c", RefType.DATA, SourceType.DEFAULT, 0);
	builder.createMemoryReference("1001014", "100101d", RefType.DATA, SourceType.DEFAULT, 0);
}
 

private DwarfDecodeContext processPersonalityFunctionPointer(Address augmentationDataAddr,
		int augmentationDataIndex, DwarfEHDecoder personalityDecoder)
		throws MemoryAccessException {

	DwarfDecodeContext personalityDecodeContext =
		new DwarfDecodeContext(program, augmentationDataAddr.add(augmentationDataIndex));
	personalityFuncAddr = personalityDecoder.decodeAddress(personalityDecodeContext);

	DataType prnsFuncPtrDt = personalityDecoder.getDataType(program);

	createAndCommentData(program, augmentationDataAddr.add(augmentationDataIndex),
		prnsFuncPtrDt,
		"(CIE Augmentation Data) Personality Function Pointer (" + personalityFuncAddr + ")",
		CodeUnit.EOL_COMMENT);

	program.getReferenceManager().addMemoryReference(
		augmentationDataAddr.add(augmentationDataIndex), personalityFuncAddr, RefType.DATA,
		SourceType.ANALYSIS, 0);
	return personalityDecodeContext;
}
 

@Override
  public void run() throws Exception {
  	
  	Program program = currentProgram;
  	Listing listing = program.getListing(); 
  	
  	// Ask for base address 
  	//  (equals the pc when program hits the switch table, 
  	//   which equals the address of the "add pc, .." instruction + 4)
  	Address pc = askAddress("Address", "Enter switch base address (hex, don't use 0x)");

  	// Get current data value
  	Data data = listing.getDefinedDataAt(currentAddress);
  	long currVal = NumericUtilities.parseHexLong(data.getValue().toString().substring(2));
  	
// Calculate referenced addr
Address refAddr = pc.add(2 * currVal);
	
// Add reference
println("Adding ref " + refAddr.toString() + " to address " + data.getAddressString(false, true));
data.addValueReference(refAddr, RefType.DATA);

  }
 

private ProgramDB buildProgram() throws Exception {
	ProgramBuilder builder = new ProgramBuilder("notepad", ProgramBuilder._X86, this);

	builder.createMemory(".text", "0x1001000", 0x6600);
	builder.createMemory(".data", "0x1008000", 0x600);
	builder.createMemory(".data", "0x1008600", 0x1344);
	builder.createMemory(".rsrc", "0x100a000", 0x5400);
	builder.applyDataType("0x1001000", PointerDataType.dataType, 4);
	builder.setBytes("0x1001008", "01 02 03 04");
	builder.createMemoryReference("1001100", "1001008", RefType.READ, SourceType.DEFAULT);
	builder.createLabel("0x1001008", "ADVAPI32.dll_RegQueryValueExW");
	builder.createExternalReference("0x1001008", "ADVAPI32.dll", "RegQueryValueExW", 0);

	builder.setBytes("1004772", "bf 00 01 00 00", true);
	builder.createMemoryReference("1004700", "1004777", RefType.DATA, SourceType.DEFAULT);
	return builder.getProgram();
}
 

/**
	 * Cache the Constructor state which represents the base
	 * mnemonic, and the operands to that mnemonic
	 * Cache the operand states for each operand in printing order
	 */
	private void cacheMnemonicState() {
		mnemonicState = rootState;
		Constructor ct = mnemonicState.getConstructor();
		int index = ct.getFlowthruIndex();
		while (index >= 0) {
			mnemonicState = mnemonicState.getSubState(index);
			ct = mnemonicState.getConstructor();
			index = ct.getFlowthruIndex();
		}

		opresolve = ct.getOpsPrintOrder();

		opRefTypes = new RefType[opresolve.length];
		Arrays.fill(opRefTypes, null);

//		for(int j=0;j<opstate.length;++j)	// Transform array to states
//			opstate[j] = getStateOperand(mnemonicstate,opstate[j]);
	}
 

private Program buildProgram() throws Exception {
	ProgramBuilder builder = new ProgramBuilder("Test", ProgramBuilder._TOY);
	builder.createMemory(".text", "0x1001000", 0x6600);
	builder.createMemory(".data", "0x1008000", 0x600);
	builder.createMemory(".rsrc", "0x100a000", 0x5400);
	builder.createMemory(".bound_import.table", "0xf0000428", 0xa8);
	builder.createMemory(".debug_data", "0xf0001300", 0x1c);
	builder.applyDataType("f000130d", new DoubleDataType(), 1);
	builder.applyDataType("1001000", new Pointer32DataType(), 7);
	builder.disassemble("0x10036a2", 1);

	// for structure in structure test
	builder.createMemoryReference("1001012", NESTED_STRUCT_ADDR, RefType.DATA,
		SourceType.DEFAULT, 0);
	builder.createMemoryReference("1001013", "10070001", RefType.DATA, SourceType.DEFAULT, 0);
	builder.createMemoryReference("1001014", "10070002", RefType.DATA, SourceType.DEFAULT, 0);

	return builder.getProgram();
}
 

private Program buildProgram() throws Exception {
	ProgramBuilder builder = new ProgramBuilder("Test", ProgramBuilder._X86);
	builder.createMemory(".text", "0x1001000", 0x6600);
	builder.createMemory(".data", "0x1008000", 0x600);
	builder.createMemory(".rsrc", "0x100a000", 0x5400);
	builder.setBytes("1002cf5", "55 8b ec 83 7d 14 00 c2 14 00");
	builder.disassemble("1002cf5", 10);
	DataType dt = new DWordDataType();
	ParameterImpl param = new ParameterImpl(null, dt, builder.getProgram());
	builder.createEmptyFunction("ghidra", "1002cf5", 20, DataType.DEFAULT, param, param, param,
		param, param, param);
	builder.createStackReference("1002cf8", RefType.DATA, 0x14, SourceType.ANALYSIS, 0);
	return builder.getProgram();
}
 

FlowType[] followOnlyUnconditionalJumps() {
	FlowType[] flowsNotToFollow =
		new FlowType[] { RefType.COMPUTED_CALL, RefType.CONDITIONAL_CALL,
			RefType.UNCONDITIONAL_CALL, RefType.COMPUTED_JUMP, RefType.CONDITIONAL_JUMP,
			RefType.INDIRECTION };
	return flowsNotToFollow;
}
 

FlowType[] followOnlyPointers() {
	FlowType[] flowsNotToFollow =
		new FlowType[] { RefType.COMPUTED_CALL, RefType.CONDITIONAL_CALL,
			RefType.UNCONDITIONAL_CALL, RefType.COMPUTED_JUMP, RefType.CONDITIONAL_JUMP,
			RefType.UNCONDITIONAL_JUMP };
	return flowsNotToFollow;
}
 

FlowType[] followOnlyConditionalJumps() {
	FlowType[] flowsNotToFollow =
		new FlowType[] { RefType.COMPUTED_CALL, RefType.CONDITIONAL_CALL,
			RefType.UNCONDITIONAL_CALL, RefType.COMPUTED_JUMP, RefType.UNCONDITIONAL_JUMP,
			RefType.INDIRECTION };
	return flowsNotToFollow;
}
 

private void markupModules(MachHeader header, FlatProgramAPI api, Address baseAddress,
		ProgramModule parentModule, TaskMonitor monitor) throws Exception {
	if (getModuleTableSize() == 0) {
		return;
	}
	SymbolTableCommand symtabCommand = header.getFirstLoadCommand(SymbolTableCommand.class);
	Address moduleStartAddr = baseAddress.getNewAddress(getModuleTableOffset());
	long offset = 0;
	int id = 0;
	for (DynamicLibraryModule module : moduleList) {
		if (monitor.isCancelled()) {
			return;
		}
		DataType moduleDT = module.toDataType();
		Address moduleAddr = moduleStartAddr.add(offset);
		Data moduleData = api.createData(moduleAddr, moduleDT);

		Address stringAddr = baseAddress.getNewAddress(
			symtabCommand.getStringTableOffset() + module.getModuleNameIndex());

		api.createMemoryReference(moduleData, stringAddr, RefType.DATA);
		api.createAsciiString(stringAddr);
		api.setPlateComment(moduleAddr,
			"0x" + Integer.toHexString(id++) + " - " + module.getModuleName());

		offset += moduleDT.getLength();
	}
	api.createFragment(parentModule, "MODULES", moduleStartAddr, offset);
}
 

private void configureProgram() throws Exception {

		//
		// Xrefs
		//
		builder.createMemoryCallReference("0x0100446f", "0x01001004");

		//
		// Labels
		//
		builder.createMemoryReference("0x010036ee", "0x010039fe", RefType.CONDITIONAL_JUMP,
			SourceType.USER_DEFINED);

		//
		// Arrays/Structures
		//		
		DataType type = new IntegerDataType();
		DataType pointer = new PointerDataType(type);
		ArrayDataType array = new ArrayDataType(pointer, 4, pointer.getLength());
		builder.applyDataType("0x01005500", array);

		StructureDataType struct = new StructureDataType("struct_in_array", 0);
		struct.add(new IntegerDataType(), "my_int", "comment 1");
		struct.add(new ByteDataType(), "my_byte", "comment 2");
		array = new ArrayDataType(struct, 4, struct.getLength());
		builder.applyDataType("0x01005520", array);

		struct = new StructureDataType("struct_containing_array", 0);
		array = new ArrayDataType(pointer, 4, pointer.getLength());
		struct.add(new ByteDataType(), "my_byte", "comment 1");
		struct.add(array, "my_array", "comment 2");
		builder.applyDataType("0x01005540", struct);

		// a value that does not point to valid memory
		builder.setBytes("0x01004480", "cc cc cc cc");
		builder.applyDataType("0x01004480", new PointerDataType());
	}
 

private String asString(ReferenceEndpoint rowObject) {
	RefType refType = rowObject.getReferenceType();
	String text = refType.getName();
	if (rowObject.isOffcut()) {
		text = "<html>" + HTMLUtilities.colorString(Color.RED, text + OFFCUT_STRING);
	}
	return text;
}
 

private void createDataReference(String from, String to) {

		int transaction = program.startTransaction("Test - Add Reference");
		try {
			AddMemRefCmd cmd =
				new AddMemRefCmd(addr(from), addr(to), RefType.DATA, SourceType.USER_DEFINED, 0);
			cmd.applyTo(program);
			program.flushEvents();
			waitForPostedSwingRunnables();
		}
		finally {
			program.endTransaction(transaction, true);
		}
	}
 

private Program buildProgram() throws Exception {
	ProgramBuilder builder = new ProgramBuilder("DiffTestPgm1", ProgramBuilder._X86, this);

	builder.createMemory(".text", "0x1001000", 0x6600);
	builder.createMemory(".data", "0x1008000", 0x600);

	// for FunctionMergeManager2Test
	//
	DataType stringPtr = new PointerDataType(new StringDataType());
	DataType byteArray = new ArrayDataType(new ByteDataType(), 1, 1);
	DataType byteArray2 = new ArrayDataType(byteArray, 1, 2);
	DataType byteArray3 = new ArrayDataType(byteArray2, 2, 2);
	program = builder.getProgram();
	Parameter p1 = new ParameterImpl("destStr", stringPtr, 0x8, program);
	Parameter p2 = new ParameterImpl("param_3", DataType.DEFAULT, 0xc, program);
	Parameter p3 = new ParameterImpl("param_4", DataType.DEFAULT, 0x10, program);

	builder.createEmptyFunction(null, null, null, true, "100415a", 10, null, p1, p2, p3);

	p1 = new ParameterImpl("param_1", stringPtr, 0x8, program);
	p2 = new ParameterImpl("param_2", byteArray3, 0xc, program);
	p3 = new ParameterImpl("param_3", new PointerDataType(), 0x10, program);
	Parameter p4 = new ParameterImpl("param_4", new PointerDataType(), 0x14, program);
	Parameter p5 = new ParameterImpl("param_5", byteArray3, 0x18, program);
	builder.createEmptyFunction(null, null, null, true, "1002cf5", 10, null, p1, p2, p3, p4,
		p5);
	builder.createStackReference("1002cf5", RefType.READ, -0x8, SourceType.USER_DEFINED, 0);
	builder.createStackReference("1002cf5", RefType.READ, -0xc, SourceType.USER_DEFINED, 0);

	builder.setProperty(Program.DATE_CREATED, new Date(100000000));// arbitrary, but consistent

	builder.setRegisterValue("DR0", "10022d4", "10022e5", 0x1010101);
	builder.setRegisterValue("DR0", "100230b", "100231c", 0xa4561427);
	builder.setRegisterValue("DR0", "1002329", "100233b", 0x40e20100);
	builder.setRegisterValue("DR0", "1003bfc", "1003c10", 0x91ef0600);
	builder.setRegisterValue("DR0", "1003c1c", "1003c36", 0x71f25b2e);

	return builder.getProgram();
}
 

@Test
public void testMIPNormalCases() throws Exception {
	Reference[] refs; //Array of mnemonic references
	RefType type;    //Type of reference
	Boolean isAddr;
	Instruction inst;

	Program program = env.getProgram("mip.exe.gzf");
	openProgram(program);

	ScriptTaskListener scriptID = env.runScript(script);
	waitForScriptCompletion(scriptID, 60000);
	program.flushEvents();
	waitForPostedSwingRunnables();

	Listing listing = program.getListing();

	Address[] mipTestAddrs = propagateMIPTestAddrs(program);
	for (Address mipTestAddr : mipTestAddrs) {
		inst = listing.getInstructionAt(mipTestAddr);
		refs = inst.getMnemonicReferences();
		//Check a reference exists on the mnemonic
		assertNotNull(refs);
		type = refs[0].getReferenceType();
		isAddr = refs[0].getToAddress().isMemoryAddress();
		//check the reference is a real memory address
		assertTrue(isAddr);
		//check the reference type created is of type DATA
		assertTrue(type.equals(RefType.DATA));
	}

	closeProgram();
}