Ghidra reverse engineering tool - page 4 - General Discussion and Assistance - CHDK Forum  

Ghidra reverse engineering tool

  • 34 Replies
  • 7035 Views
*

Offline reyalp

  • ******
  • 13054
Re: Ghidra reverse engineering tool
« Reply #30 on: 12 / December / 2020, 00:48:38 »
Advertisements
Ghidra 9.2 was released in November: https://ghidra-sre.org/releaseNotes_9.2.html

There are a lot of changes, but nothing jumps out as being especially important for CHDK development.

It is not compatible with some of my scripts ( get_pinsn_at fails, which breaks ImportCHDKStubs and others). I'll look into fixing this, but for the moment upgrading is not recommended.

While both can be installed at the same time, opening programs with the new version will cause them to be upgraded, which may make them not open in the old version.

Don't forget what the H stands for.

*

Offline reyalp

  • ******
  • 13054
Re: Ghidra reverse engineering tool
« Reply #31 on: 13 / December / 2020, 23:34:05 »
I checked in fixes for the scripts in r5674. However, I noticed that ghidra 9.2 incorrectly disassembles some bl instructions (interpreting them as vst4.* with a warning "Instruction pcode is unimplemented") so I'd recommend sticking with 9.1.2 for now.
Don't forget what the H stands for.

*

Offline reyalp

  • ******
  • 13054
Re: Ghidra reverse engineering tool
« Reply #32 on: 23 / January / 2021, 19:09:24 »
I checked in fixes for the scripts in r5674. However, I noticed that ghidra 9.2 incorrectly disassembles some bl instructions (interpreting them as vst4.* with a warning "Instruction pcode is unimplemented") so I'd recommend sticking with 9.1.2 for now.
9.2.2 was released on Dec 29 and appears to fix this issue. The CHDK scripts work correctly, so I'd say this is the recommended version for new installs now. If you're already on 9.1.x, I haven't seen any really compelling reasons to upgrade, though I think the disassembly may be a bit improved.
Don't forget what the H stands for.

*

Offline reyalp

  • ******
  • 13054
Re: Ghidra reverse engineering tool
« Reply #33 on: 16 / February / 2021, 23:11:44 »
In trunk r5733, I added some files in tools/ghidra_scripts/datatypes that can be used to make Ghidra aware of function prototypes and structure definitions. This can significantly improve decompiler output, both in the identified functions themselves, and in other code that calls them.

The header files are manually created. I thought about trying make the normal CHDK files usable directly in Ghidra, but it seemed pretty impractical so I just started with a copy of lowlevel.h instead. I've added some additional functions that were used elsewhere, as well as some common ones from the stubs that aren't currently used in CHDK. IMO, even outside the direct benefits to analysis, this is a useful place to document functions we have named and understood.

Basic usage from the README.TXT below (I'll add it to the wiki later done ). Ghidra supports several different workflows, but this was what seemed to work best for me after playing around with it for a while.

The program should already be analyzed.

Go to File -> Parse C Source

* Use the small disk icon with ... under it to copy an existing parse configuration, e.g clib.prf
* Name your copy something obviously related to CHDK and camera configuration, e.g. chdk-dryos31
* Select all the header file entries, and use the red X button to delete them
* Use the green + button to add chdk source/tools/ghidra_scripts/fw_functions.h
* Adjust the parse options section to match your platform:
  Remove all entries except
   -D__builtin_va_list=void *
  If your camera uses dryos, add the PLATFORMOSVER value from makefile.inc, like
   -DCAM_DRYOS_REL=31
  If your camera uses 3 argument DebugAssert (see platform_camera.h) add
   -DCAM_3ARG_DebugAssert=1
  This applies to some early vxworks, all digic 6, and some other DryOS 52 and later.
 * Save your parse configuration with the big floppy icon. Note: Parse configurations are global
   within Ghidra, not specific to a particular project or program.
 * Click "Parse to Program", and continue when prompted
 * If a prompt about "Use Open Archives" appears, click continue. It may be covered by a dialog titled "Parsing C Files". If so, move the "Parsing C files" dialog out of the way.
 * If parsing is unsuccessful, the pre-processed output will appear in your system home directory in a file named CParserPlugin.out
 * If parsing succeeds, dismiss the Parse C Source dialog.

In the types manager window, right click on your program, and choose "Apply Function Data Types"

If you update the header files, re-run File -> Parse C Source, select the parse configuration
created earlier, and re-run "Apply Function Data Types".
« Last Edit: 18 / February / 2021, 11:14:31 by reyalp »
Don't forget what the H stands for.


*

Offline reyalp

  • ******
  • 13054
Re: Ghidra reverse engineering tool
« Reply #34 on: 06 / April / 2021, 02:47:32 »
In trunk 5812, I added a script CommentLeventCalls.py to comment calls to "logical event" functions with the names from levent_table

edit:
In 5814, I added ListLeventCalls.py, which lists calls referencing events, specified by name or ID.
« Last Edit: 07 / April / 2021, 01:23:59 by reyalp »
Don't forget what the H stands for.

 

Related Topics