Java Code Examples for ghidra.program.model.mem.Memory#getLong()

The following examples show how to use ghidra.program.model.mem.Memory#getLong() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: GenericRefernenceBaseRelocationFixupHandler.java    From ghidra with Apache License 2.0 6 votes vote down vote up 
private boolean handleGenerically64(Program program, Relocation relocation,
		Address oldImageBase, Address newImageBase) throws MemoryAccessException,
		CodeUnitInsertionException {
	long diff = newImageBase.subtract(oldImageBase);

	Address address = relocation.getAddress();
	Memory memory = program.getMemory();
	long value = memory.getLong(address);
	long newValue = value + diff;

	Address candiateRelocationValue = newImageBase.getNewAddress(newValue);
	if (hasMatchingReference(program, address, candiateRelocationValue)) {
		return process64BitRelocation(program, relocation, oldImageBase, newImageBase);
	}

	return false;
}
Example 2
Source File: IPCAnalyzer.java    From Ghidra-Switch-Loader with ISC License 4 votes vote down vote up 
protected List<IPCVTableEntry> createVTableEntries(Program program, ElfCompatibilityProvider elfProvider, List<Address> vtAddrs) throws MemoryAccessException, AddressOutOfBoundsException, IOException
{
    List<IPCVTableEntry> out = Lists.newArrayList();
    Memory mem = program.getMemory();
    AddressSpace aSpace = program.getAddressFactory().getDefaultAddressSpace();
    
    for (Address vtAddr : vtAddrs)
    {
        long vtOff = vtAddr.getOffset();
        long rttiBase = mem.getLong(vtAddr.add(0x8));
        String name = String.format("SRV_%X::vtable", vtOff);
        
        // Attempt to find the name if the vtable has RTTI
        if (rttiBase != 0)
        {
            Address rttiBaseAddr = aSpace.getAddress(rttiBase);
            MemoryBlock rttiBaseBlock = mem.getBlock(rttiBaseAddr);
            
            // RTTI must be within the data block
            if (rttiBaseBlock != null && rttiBaseBlock.getName().equals(".data"))
            {
                Address thisAddr = aSpace.getAddress(mem.getLong(rttiBaseAddr.add(0x8)));
                MemoryBlock thisBlock = mem.getBlock(thisAddr);
                
                if (thisBlock != null && thisBlock.getName().equals(".rodata"))
                {
                    String symbol = elfProvider.getReader().readTerminatedString(thisAddr.getOffset(), '\0');
                    
                    if (!symbol.isEmpty() && symbol.length() <= 512)
                    {
                        if (!symbol.startsWith("_Z"))
                            symbol = "_ZTV" + symbol;
                        
                        name = demangleIpcSymbol(symbol);
                    }
                }
            }
        }
        
        Map<Address, Address> gotDataSyms = this.getGotDataSyms(program, elfProvider);
        List<Address> implAddrs = new ArrayList<>();
        long funcVtOff = 0x30;
        long funcOff = 0;
        
        // Find all ipc impl functions in the vtable
        while ((funcOff = mem.getLong(vtAddr.add(funcVtOff))) != 0)
        {
            Address funcAddr = aSpace.getAddress(funcOff);
            MemoryBlock funcAddrBlock = mem.getBlock(funcAddr);
            
            if (funcAddrBlock != null && funcAddrBlock.getName().equals(".text"))
            {
                implAddrs.add(funcAddr);
                funcVtOff += 0x8;
            }
            else break;
        
            if (gotDataSyms.values().contains(vtAddr.add(funcVtOff)))
            {
                break;
            }
        }
        
        Set<Address> uniqueAddrs = new HashSet<Address>(implAddrs);
        
        // There must be either 1 unique function without repeats, or more than one unique function with repeats allowed
        if (uniqueAddrs.size() <= 1 && implAddrs.size() != 1)
        {
            Msg.warn(this, String.format("Insufficient unique addresses for vtable at 0x%X", vtAddr.getOffset()));
            
            for (Address addr : uniqueAddrs)
            {
                Msg.info(this, String.format("    Found: 0x%X", addr.getOffset()));
            }
            
            implAddrs.clear();
        }
        
        // Some IPC symbols are very long and Ghidra crops them off far too early by default.
        // Let's shorten these.
        String shortName = shortenIpcSymbol(name);
        
        var entry = new IPCVTableEntry(name, shortName, vtAddr, implAddrs);
        Msg.info(this, String.format("VTable Entry: %s @ 0x%X", entry.abvName, entry.addr.getOffset()));
        out.add(entry);
    }
    
    return out;
}
Example 3
Source File: RelocationFixupHandler.java    From ghidra with Apache License 2.0 4 votes vote down vote up 
public boolean process64BitRelocation(Program program, Relocation relocation,
		Address oldImageBase, Address newImageBase) throws MemoryAccessException,
		CodeUnitInsertionException {

	long diff = newImageBase.subtract(oldImageBase);

	Address address = relocation.getAddress();
	Memory memory = program.getMemory();
	long value = memory.getLong(address);
	long newValue = value + diff;

	InstructionStasher instructionStasher = new InstructionStasher(program, address);

	memory.setLong(address, newValue);

	instructionStasher.restore();

	return true;
}