Java Code Examples for ghidra.program.model.mem.Memory#getInt()
The following examples show how to use
ghidra.program.model.mem.Memory#getInt() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: PEUtil.java From ghidra with Apache License 2.0 | 6 votes |
|
static boolean isValidGuidPointer(Program program, Address addr) {
Memory memory = program.getMemory();
AddressFactory addressFactory = program.getAddressFactory();
AddressSpace defaultSpace = addressFactory.getDefaultAddressSpace();
try {
int addrAsInt = memory.getInt(addr);
Address pointedToAddr =
addressFactory.getAddress(defaultSpace.getBaseSpaceID(), addrAsInt);
if (memory.contains(pointedToAddr)) {
GuidInfo guidInfo = GuidUtil.getKnownGuid(program, pointedToAddr);
if (guidInfo != null) {
return true;
}
}
}
catch (MemoryAccessException e) {
}
return false;
}
Example 2
| Source File: RelocationFixupHandler.java From ghidra with Apache License 2.0 | 6 votes |
|
protected boolean process32BitRelocation(Program program, Relocation relocation,
Address oldImageBase, Address newImageBase) throws MemoryAccessException,
CodeUnitInsertionException {
long diff = newImageBase.subtract(oldImageBase);
Address address = relocation.getAddress();
Memory memory = program.getMemory();
int value = memory.getInt(address);
int newValue = (int) (value + diff);
InstructionStasher instructionStasher = new InstructionStasher(program, address);
memory.setInt(address, newValue);
instructionStasher.restore();
return true;
}
Example 3
| Source File: GenericRefernenceBaseRelocationFixupHandler.java From ghidra with Apache License 2.0 | 6 votes |
|
private boolean handleGenerically32(Program program, Relocation relocation,
Address oldImageBase, Address newImageBase) throws MemoryAccessException,
CodeUnitInsertionException {
long diff = newImageBase.subtract(oldImageBase);
Address address = relocation.getAddress();
Memory memory = program.getMemory();
long value = memory.getInt(address) & 0xffffffff;
int newValue = (int) (value + diff);
Address candiateRelocationValue = newImageBase.getNewAddress(newValue);
if (hasMatchingReference(program, address, candiateRelocationValue)) {
return process32BitRelocation(program, relocation, oldImageBase, newImageBase);
}
return false;
}
Example 4
| Source File: AppleSingleDoubleBinaryAnalysisCommand.java From ghidra with Apache License 2.0 | 6 votes |
|
@Override
public boolean canApply(Program program) {
try {
Memory memory = program.getMemory();
int magicNumber =
memory.getInt(program.getAddressFactory().getDefaultAddressSpace().getAddress(0));
if (magicNumber == AppleSingleDouble.SINGLE_MAGIC_NUMBER ||
magicNumber == AppleSingleDouble.DOUBLE_MAGIC_NUMBER) {
return true;
}
}
catch (Exception e) {
// expected, ignore
}
return false;
}
Example 5
| Source File: MachoBinaryAnalysisCommand.java From ghidra with Apache License 2.0 | 6 votes |
|
@Override
public boolean canApply(Program program) {
try {
Options options = program.getOptions("Program Information");
String format = options.getString("Executable Format", null);
if (!BinaryLoader.BINARY_NAME.equals(format)) {
return false;
}
Memory memory = program.getMemory();
Address address = getAddress(program);
int magic = memory.getInt(address);
return MachConstants.isMagic(magic);
}
catch (Exception e) {
}
return false;
}
Example 6
| Source File: ClassFileAnalysisState.java From ghidra with Apache License 2.0 | 5 votes |
|
/**
* Walk through the {@link MethodInfoJava} objects in {@link ClassFileJava} and
* create a map from Address to the corresponding object
* @throws MemoryAccessException
*/
private void buildMethodMap() throws MemoryAccessException {
methodMap = new HashMap<>();
MethodInfoJava[] methods = classFile.getMethods();
Memory memory = program.getMemory();
AddressSpace defaultAddressSpace = program.getAddressFactory().getDefaultAddressSpace();
for (int i = 0, max = methods.length; i < max; ++i) {
Address methodIndexAddress = JavaClassUtil.toLookupAddress(program, i);
int offset = memory.getInt(methodIndexAddress);
Address methodStart = defaultAddressSpace.getAddress(offset);
methodMap.put(methodStart, methods[i]);
}
}
Example 7
| Source File: PEUtil.java From ghidra with Apache License 2.0 | 5 votes |
|
static boolean isValidPointer(Program program, Address addr) {
Memory memory = program.getMemory();
AddressFactory addressFactory = program.getAddressFactory();
AddressSpace defaultSpace = addressFactory.getDefaultAddressSpace();
try {
int addrAsInt = memory.getInt(addr);
Address pointedToAddr =
addressFactory.getAddress(defaultSpace.getBaseSpaceID(), addrAsInt);
return memory.contains(pointedToAddr);
}
catch (MemoryAccessException e) {
}
return false;
}
Example 8
| Source File: PefDebug.java From ghidra with Apache License 2.0 | 5 votes |
|
public PefDebug(Memory memory, Address address) throws MemoryAccessException {
unknown = memory.getInt(address);
type = memory.getInt(address.add(0x4));
flags = memory.getInt(address.add(0x8));
distance = memory.getInt(address.add(0xc));
nameLength = memory.getShort(address.add(0x10)) & 0xffff;
byte [] stringBytes = new byte[nameLength];
memory.getBytes(address.add(0x12), stringBytes);
name = new String(stringBytes);
}
Example 9
| Source File: PIC30_ElfRelocationHandler.java From ghidra with Apache License 2.0 | 4 votes |
|
@Override
public void relocate(ElfRelocationContext elfRelocationContext, ElfRelocation relocation, Address relocationAddress)
throws MemoryAccessException, NotFoundException {
int type = relocation.getType();
if (type == R_PIC30_NONE) {
return;
}
Program program = elfRelocationContext.getProgram();
Memory memory = program.getMemory();
int symbolIndex = relocation.getSymbolIndex();
int addend = (int) relocation.getAddend();
if (symbolIndex == 0) {// TODO
return;
}
long relocWordOffset = (int) relocationAddress.getAddressableWordOffset();
ElfSymbol sym = elfRelocationContext.getSymbol(symbolIndex);
int symbolValue = (int) elfRelocationContext.getSymbolValue(sym); // word offset
int oldValue = memory.getInt(relocationAddress);
short oldShortValue = memory.getShort(relocationAddress);
int newValue;
ElfHeader elf = elfRelocationContext.getElfHeader();
if (elf.e_machine() == ElfConstants.EM_DSPIC30F) {
switch (type) {
case R_PIC30_16: // 2
newValue = (symbolValue + addend + oldShortValue) & 0xffff;
memory.setShort(relocationAddress, (short) newValue);
break;
case R_PIC30_32: // 3
newValue = symbolValue + addend + oldValue;
memory.setInt(relocationAddress, newValue);
break;
case R_PIC30_FILE_REG_WORD_WITH_DST: // 7
int reloc = symbolValue >> 1;
reloc += addend;
reloc += oldValue >> 4;
reloc &= 0x7fff;
newValue = (reloc << 4) | (oldValue & ~0x7fff0);
memory.setInt(relocationAddress, newValue);
break;
case R_PIC30_WORD: // 8
case R_PIC30_WORD_TBLOFFSET: // 0x15
reloc = symbolValue;
reloc += addend;
reloc += oldValue >> 4;
reloc &= 0xffff;
newValue = (reloc << 4) | (oldValue & ~0x0ffff0);
memory.setInt(relocationAddress, newValue);
break;
case R_PIC30_WORD_TBLPAGE: // 0x18
reloc = symbolValue >> 16;
reloc += addend;
reloc += oldValue >> 4;
reloc &= 0xffff;
if (isEDSVariant(elfRelocationContext)) {
reloc |= 0x100;
}
newValue = (reloc << 4) | (oldValue & ~0x0ffff0);
memory.setInt(relocationAddress, newValue);
break;
case R_PIC30_PCREL_BRANCH: // 0x1c
newValue = (int) (symbolValue - relocWordOffset + oldShortValue - 2);
newValue >>>= 1;
memory.setShort(relocationAddress, (short) (newValue & 0xffff));
break;
default:
String symbolName = sym.getNameAsString();
markAsUnhandled(program, relocationAddress, type, symbolIndex, symbolName,
elfRelocationContext.getLog());
break;
}
}
}
Example 10
| Source File: SPARC_ElfRelocationHandler.java From ghidra with Apache License 2.0 | 4 votes |
|
@Override
public void relocate(ElfRelocationContext elfRelocationContext, ElfRelocation relocation,
Address relocationAddress) throws MemoryAccessException, NotFoundException {
ElfHeader elf = elfRelocationContext.getElfHeader();
if (elf.e_machine() != ElfConstants.EM_SPARC &&
elf.e_machine() != ElfConstants.EM_SPARC32PLUS) {
return;
}
Program program = elfRelocationContext.getProgram();
Memory memory = program.getMemory();
int type = relocation.getType();
if (type == SPARC_ElfRelocationConstants.R_SPARC_NONE) {
return;
}
int symbolIndex = relocation.getSymbolIndex();
long addend = relocation.getAddend(); // will be 0 for REL case
long offset = (int) relocationAddress.getOffset();
ElfSymbol sym = elfRelocationContext.getSymbol(symbolIndex);
String symbolName = sym != null ? sym.getNameAsString() : null;
long symbolValue = elfRelocationContext.getSymbolValue(sym);
int oldValue = memory.getInt(relocationAddress);
int newValue = 0;
switch (type) {
case SPARC_ElfRelocationConstants.R_SPARC_DISP32:
newValue = (int) (symbolValue + addend - offset);
memory.setInt(relocationAddress, oldValue | newValue);
break;
case SPARC_ElfRelocationConstants.R_SPARC_WDISP30:
newValue = (int) (symbolValue + addend - offset) >>> 2;
memory.setInt(relocationAddress, oldValue | newValue);
break;
case SPARC_ElfRelocationConstants.R_SPARC_HI22:
newValue = ((int) symbolValue + (int) addend) >>> 10;
memory.setInt(relocationAddress, oldValue | newValue);
break;
case SPARC_ElfRelocationConstants.R_SPARC_LO10:
newValue = ((int) symbolValue + (int) addend) & 0x3FF;
memory.setInt(relocationAddress, oldValue | newValue);
break;
case SPARC_ElfRelocationConstants.R_SPARC_JMP_SLOT:
// should copy address of symbol in EXTERNAL block
case SPARC_ElfRelocationConstants.R_SPARC_32:
newValue = (int) symbolValue + (int) addend;
memory.setInt(relocationAddress, newValue);
break;
// we punt on this because it's not linked yet!
case SPARC_ElfRelocationConstants.R_SPARC_GLOB_DAT:
newValue = (int) symbolValue;
memory.setInt(relocationAddress, newValue);
break;
case SPARC_ElfRelocationConstants.R_SPARC_RELATIVE:
newValue = (int) elf.getImageBase() + (int) addend;
memory.setInt(relocationAddress, newValue);
break;
case SPARC_ElfRelocationConstants.R_SPARC_UA32:
newValue = (int) symbolValue + (int) addend;
memory.setInt(relocationAddress, newValue);
break;
case SPARC_ElfRelocationConstants.R_SPARC_COPY:
markAsWarning(program, relocationAddress, "R_SPARC_COPY", symbolName, symbolIndex,
"Runtime copy not supported", elfRelocationContext.getLog());
break;
default:
markAsUnhandled(program, relocationAddress, type, symbolIndex, symbolName,
elfRelocationContext.getLog());
break;
}
}
Example 11
| Source File: FindUndefinedFunctionsFollowUpScript.java From ghidra with Apache License 2.0 | 4 votes |
|
private Address findFrag(Address a) throws Exception {
// looking for something like this:
// 01e328e4 r3 80 00 20 blr // end of prev func
// 01e328e8 94 ?? 94h
// 01e328e9 21 ?? 21h
// 01e328ea ff ?? FFh
// 01e328eb e0 ?? E0h
// 01e328ec 2c ?? 2Ch
// 01e328ed 03 ?? 03h
// 01e328ee 00 ?? 00h
// 01e328ef 00 ?? 00h
// undefined FUN_01e328f0 // <-- Address a
// 01e328f0 7c 08 02 a6 mfspr r0,LR
// 01e328f4 39 80 00 31 li r12,0x31
// ...
//
// if there are 1-6 undefined instructions before Address a and
// a "b" or "blr" instruction before that, then return the address
// of the dword following the "b" or "blr" instruction -- else
// return null
Memory mem = currentProgram.getMemory();
// save start address before we start scanning backward
Address sa = a;
Listing listing = currentProgram.getListing();
// memory bounds checking is hard-coded -- yes...bad
// try to find up to 6 undefined instructions before start address
while (a.getOffset() > 0x1800000 && sa.getOffset() - a.getOffset() < 24 &&
listing.isUndefined(a.subtract(4), a.subtract(1)) && isInstruction(a.subtract(4))) {
if (monitor.isCancelled())
return (null);
a = a.subtract(4);
}
// if the dword we are pointing to isn't undefined, we didn't find frag
if (!listing.isUndefined(a, a.add(3)))
return (null);
// if we didn't find an instruction, then we didn't find a frag
if (listing.getInstructionAt(a.subtract(4)) == null)
return (null);
// if instruction isn't a "b" and isn't a "blr", we didn't find a frag
int val = mem.getInt(a.subtract(4));
if ((val & 0xfc000000) != 0x48000000 && val != 0x4e800020)
return (null);
// at this point, assume that we found a frag, starting at a
return (a);
}
Example 12
| Source File: FindUndefinedFunctionsFollowUpScript.java From ghidra with Apache License 2.0 | 4 votes |
|
private Address findHead(Address a) throws Exception {
// looking for something like this:
// undefined FUN_01e328e8
// 01e328e8 94 21 ff e0 stwu r1,-0x20(r1)
// 01e328ec 2c 03 00 00 cmpwi r3,0x0
// undefined FUN_01e328f0 // <-- Address a
// 01e328f0 7c 08 02 a6 mfspr r0,LR
// 01e328f4 39 80 00 31 li r12,0x31
// ...
// if there are 1-6 defined instructions before Address a, none
// of them are "b" or "blr", and the first one is defined as the
// start of a function, then return the address defined as the
// start of a function -- else return null
Memory mem = currentProgram.getMemory();
// save start address before we start scanning backward
Address sa = a;
Listing listing = currentProgram.getListing();
// memory bounds checking is hard-coded -- yes...bad
// try to find up to 6 instructions before start address that don't
// include "b" or "blr" and start with instruction defined as start
// of function
int val = mem.getInt(a.subtract(4));
while (a.getOffset() > 0x1800000 && sa.getOffset() - a.getOffset() < 24 &&
listing.getInstructionAt(a.subtract(4)) != null &&
((val & 0xfc000000) != 0x48000000 && val != 0x4e800020) &&
listing.getFunctionAt(a.subtract(4)) == null) {
if (monitor.isCancelled())
return (null);
a = a.subtract(4);
val = mem.getInt(a.subtract(4));
}
// if we found a "b" or "blr", we didn't find a function header
if ((val & 0xfc000000) == 0x48000000 || val == 0x4e800020)
return (null);
// if the instruction before the one we are pointing to isn't
// a function entry point, we didn't find a function header
if (listing.getFunctionAt(a.subtract(4)) == null)
return (null);
// at this point, assume that we found a function header, starting at a-4
return (a.subtract(4));
}
