chaoticgd / ghidra-emotionengine-reloaded Goto Github PK
View Code? Open in Web Editor NEWAn extension for Ghidra that adds support for the PlayStation 2.
License: Apache License 2.0
An extension for Ghidra that adds support for the PlayStation 2.
License: Apache License 2.0
Hello Chaoticgd and Beardypig
I have a PS2 elf file with debug symbols extracted from a released Japanese soccer game (The extracted .elf file can be downloaded here https://drive.google.com/file/d/132KLm-plYiv3_UhJhHjP54FrTqBDA6LO/view?usp=sharing) that is unfortunately not loading correctly in Ghidra when using your emotion engine reloaded extension.
It is also happening for a second japanese PS2 soccer game (this game contains 2 elf files not 1) and the elf files are available here https://drive.google.com/file/d/11GG7dmsZkWURFCwSghLUaGtCBmoMUmww/view?usp=sharing
The majority of the functions in the symbol tree appear red for these games when loaded and are not clickable after the full analysis is performed.
There are errors reported in the log when I am initially loading the elf file into Ghidra and these are as follows:
There were too many messages to display.
134088 messages have been truncated.
Loading file:///C:/Temp/SLPM_622.17?MD5=d7346afe69aaf1dc6da3ee0536444014...
Skipping zero-length segment [12,Loadable segment] at address ram:01bc8000
Skipping section [formation.ovl] with invalid size 0x0
Skipping section [memorycard.ovl] with invalid size 0x0
Skipping section [select1.ovl] with invalid size 0x0
Skipping section [training.ovl] with invalid size 0x0
Skipping section [ovltest.ovl] with invalid size 0x0
Skipping section [title.ovl] with invalid size 0x0
Skipping section [ending.ovl] with invalid size 0x0
Skipping section [enter.ovl] with invalid size 0x0
Skipping section [game.ovl] with invalid size 0x0
Skipping section [leagcup.ovl] with invalid size 0x0
Skipping section [select.ovl] with invalid size 0x0
Skipping section [heap] with invalid size 0x0
Skipping section [filelist.ovl] with invalid size 0x0
_mips_gp0_value=0x1927470
Unable to perform relocation: Type = 2 (0x2) at 01a432f4 (Symbol = FclsF_MakeInfo) - Block is non-existent
Unable to perform relocation: Type = 2 (0x2) at 01a432e8 (Symbol = FclsD_MakeInfo) - Block is non-existent
Unable to perform relocation: Type = 2 (0x2) at 01a432e4 (Symbol = FclsI_MakeInfo) - Block is non-existent
Unable to perform relocation: Type = 2 (0x2) at 01a432e0 (Symbol = FclsR_MakeInfo) - Block is non-existent
The full error list can be viewed here.txt
I originally extracted the elf file from the PS2 game's bin file using "Elf Extract" https://www.psx-place.com/threads/elf-extractor-by-pelvicthrustman.19166/
And after restarting Ghidra, I double checked the extension is installed and I started a new project and loaded the Elf file.
Do you have have any idea or solution on how I can successfully load this elf file into Ghidra. Thank you for your work on the extension.
I tried making an overlay for RAM as described here;
https://psi-rockin.github.io/ps2tek/#memorymap
but didn't help.
Alot of structs with base classes are missing names
The decompile window always shows the syscall as syscall(0)
, and not the actual syscall number. Based on various documentation I have found and the code I am working through, the EE uses v1
as the syscall number register, which is apparently a non-standard convention on MIPS.
Description
I see a long (30-60+ second?) UI lockup when the filter in the Symbol Tree is short, eg a single character or a couple (I test with "m" or "ma"). After this delay, the tree is filtered as expected. With the filter entered, renaming a label will cause the same sort of lag to appear.
I also notice:
I initially thought that this was a Ghidra bug, but when I was filling out the bug report I realised that with this extension disabled, the issue went away.
I only see this issue on macOS, it works perfectly on Windows.
To Reproduce
Environment
ghidra-emotionengine-reloaded
- v2.1.12Log
2023-12-30 | 19:09:07 | ERROR | (Swing) Timed-out waiting to run a Swing task--potential deadlock!
-- | -- | -- | --
| | | Threads State:
| | | java.lang.Throwable
2023-12-30 | 19:09:07 | ERROR | (AbstractWorker) Unexpected error processing job: GTreeFilterTask java.lang.RuntimeException: Timed-out waiting to run a Swing task--potential deadlock!
| | | at ghidra.util.Swing.runNow(Swing.java:177)
| | | at docking.widgets.tree.GTreeTask.runOnSwingThread(GTreeTask.java:45)
| | | at docking.widgets.tree.tasks.GTreeExpandAllTask.expandPath(GTreeExpandAllTask.java:90)
| | | at docking.widgets.tree.tasks.GTreeExpandAllTask.expandNode(GTreeExpandAllTask.java:80)
| | | at docking.widgets.tree.tasks.GTreeExpandAllTask.expandNode(GTreeExpandAllTask.java:84)
| | | at docking.widgets.tree.tasks.GTreeExpandAllTask.expandNode(GTreeExpandAllTask.java:84)
| | | at docking.widgets.tree.tasks.GTreeExpandAllTask.run(GTreeExpandAllTask.java:45)
| | | at docking.widgets.tree.GTreeFilterTask.expandInSameTask(GTreeFilterTask.java:77)
| | | at docking.widgets.tree.GTreeFilterTask.run(GTreeFilterTask.java:58)
| | | at ghidra.util.worker.AbstractWorker$JobCallback.process(AbstractWorker.java:133)
| | | at ghidra.util.worker.AbstractWorker$JobCallback.process(AbstractWorker.java:123)
| | | at generic.concurrent.ConcurrentQ$CallbackCallable.call(ConcurrentQ.java:658)
| | | at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317)
| | | at generic.concurrent.FutureTaskMonitor.run(FutureTaskMonitor.java:76)
| | | at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
| | | at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
| | | at java.base/java.lang.Thread.run(Thread.java:1583)
| | | Caused by: ghidra.util.exception.UnableToSwingException: Timed-out waiting for Swing thread lock in 20 SECONDS
| | | at ghidra.util.Swing.waitFor(Swing.java:256)
| | | at ghidra.util.Swing.runNow(Swing.java:235)
| | | at ghidra.util.Swing.runNow(Swing.java:163)
When loading Kingdom Hearts (SLPS_25105) there are some VU macro mode opcodes that aren't recognized, disassembling stops and a bookmark is added with the text Error [Bad Instruction]: Unable to resolve constructor at (address) low from (other address)
for example:
according to ee-objdump the unrecognized instruction is vsqrt Q,vf5x
(bytes BD 03 25 4A
)
Here's the decoding of other problematic instructions with ee-objdump as a sample:
vaddr (hex) | bytes (little endian) | ee-objdump output |
---|---|---|
1bb110 | 4b8d29ff | vclipw.xy vf5,vf13w |
1bb114 | 4b8d31ff | vclipw.xy vf6,vf13w |
1bb118 | 4b8e29ff | vclipw.xy vf5,vf14w |
1bb11c | 4b8e31ff | vclipw.xy vf6,vf14w |
1bb13c | 4a4c29ff | vclipw.z vf5,vf12w |
1bb140 | 4a4c31ff | vclipw.z vf6,vf12w |
Game: https://hiddenpalace.org/Sly_Cooper_and_the_Thievius_Raccoonus_(May_19,_2002_prototype)
Lots of imported types contain this invalid type *__null__-1_-1
:
As an example, take the VECTOR
class.
The struct as emitted with the C exporter is:
struct VECTOR { // 0x10
/* 0x0 */ union { // 0x4
/* 0x0 */ AS3 as;
/* 0x0 */ float x;
};
/* 0x4 */ float y;
/* 0x8 */ float z;
/* 0xc */ float gUnused;
};
Not sure if significant, but on import the following errors are printed:
STABS> Type lookup failed: FE
STABS> Type lookup failed: FE
STABS> Type lookup failed: FE
STABS> Type lookup failed: FE
STABS> Type lookup failed: ASO
STABS> Type lookup failed: rtx_def
Using the latest version of PCSX2 Nightly (v1.7.5040) and ghidra-emotionengine-reloaded
(commit 71e6094)
Unexpected: 7-Zip returned unsupported method
java.io.IOException: Unexpected: 7-Zip returned unsupported method
at ghidra.file.formats.sevenzip.SevenZipFileSystem$SZExtractCallback.extractOperationResultToException(SevenZipFileSystem.java:529)
at ghidra.file.formats.sevenzip.SevenZipFileSystem$SZExtractCallback.setOperationResult(SevenZipFileSystem.java:495)
at net.sf.sevenzipjbinding.impl.InArchiveImpl.nativeExtract(Native Method)
at net.sf.sevenzipjbinding.impl.InArchiveImpl.extract(InArchiveImpl.java:113)
at ghidra.file.formats.sevenzip.SevenZipFileSystem.getByteProvider(SevenZipFileSystem.java:343)
at ghidra.formats.gfilesystem.GFileSystem.getInputStreamHelper(GFileSystem.java:201)
at ghidra.formats.gfilesystem.GFileSystem.getInputStream(GFileSystem.java:145)
at PCSX2SaveStateImporter.getBuffer(PCSX2SaveStateImporter.java:52)
at PCSX2SaveStateImporter.loadMainMemory(PCSX2SaveStateImporter.java:59)
at PCSX2SaveStateImporter.run(PCSX2SaveStateImporter.java:36)
at ghidra.app.script.GhidraScript.executeNormal(GhidraScript.java:399)
at ghidra.app.script.GhidraScript.doExecute(GhidraScript.java:254)
at ghidra.app.script.GhidraScript.execute(GhidraScript.java:232)
at ghidra.app.plugin.core.script.RunScriptTask.run(RunScriptTask.java:47)
at ghidra.util.task.Task.monitoredRun(Task.java:134)
at ghidra.util.task.TaskRunner.lambda$startTaskThread$0(TaskRunner.java:106)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:833)
---------------------------------------------------
Build Date: 2023-Aug-29 1442 EDT
Ghidra Version: 10.3.3
Java Home: C:\Program Files\Eclipse Adoptium\jdk-17.0.6.10-hotspot
JVM Version: Eclipse Adoptium 17.0.6
OS: Windows 11 10.0 amd64
Workstation: WIN32
Running Ghidra 10.2.3 Windows with latest version of ghidra emotion engine reloaded if the STABS analysis is run twice then every types in the project become corrupted and a new project needs to be recreated if it save.
Game: https://hiddenpalace.org/Sly_Cooper_and_the_Thievius_Raccoonus_(May_19,_2002_prototype)
Also on import:
STABS> Type lookup failed: FE
STABS> Type lookup failed: FE
STABS> Type lookup failed: FE
STABS> Type lookup failed: FE
STABS> Type lookup failed: ASO
STABS> Type lookup failed: rtx_def
Possibly related to #16.
Whenever I want to load a save state (.p2s file) I'm getting the following error.
Am I using it wrong or is there a bug?
newPosition > limit: (34822610 > 33554432)
java.lang.IllegalArgumentException: newPosition > limit: (34822610 > 33554432)
at java.base/java.nio.Buffer.createPositionException(Buffer.java:341)
at java.base/java.nio.Buffer.position(Buffer.java:316)
at java.base/java.nio.ByteBuffer.position(ByteBuffer.java:1516)
at PCSX2SaveStateImporter.loadMainMemory(PCSX2SaveStateImporter.java:82)
at PCSX2SaveStateImporter.run(PCSX2SaveStateImporter.java:36)
at ghidra.app.script.GhidraScript.executeNormal(GhidraScript.java:397)
at ghidra.app.script.GhidraScript.doExecute(GhidraScript.java:252)
at ghidra.app.script.GhidraScript.execute(GhidraScript.java:230)
at ghidra.app.plugin.core.script.RunScriptTask.run(RunScriptTask.java:47)
at ghidra.util.task.Task.monitoredRun(Task.java:134)
at ghidra.util.task.TaskRunner.lambda$startTaskThread$0(TaskRunner.java:106)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:833)
---------------------------------------------------
Build Date: 2023-May-10 1508 EDT
Ghidra Version: 10.3
Java Home: C:\Program Files\Java\jdk-17.0.2
JVM Version: Oracle Corporation 17.0.2
OS: Windows 11 10.0 amd64
Workstation: ***********
Tried to analyze the Sly 1 May proto on the newest version and got the following error.
STABS> Type lookup failed: FE
STABS> Type lookup failed: FE
STABS> Type lookup failed: FE
STABS> Type lookup failed: FE
STABS> Type lookup failed: ASO
STABS> Type lookup failed: rtx_def
A symbol named _start already exists at this address!
ghidra.util.exception.DuplicateNameException: A symbol named _start already exists at this address!
at ghidra.program.database.symbol.SymbolManager.checkDuplicateSymbolName(SymbolManager.java:469)
at ghidra.program.database.symbol.SymbolDB.doSetNameAndNamespace(SymbolDB.java:611)
at ghidra.program.database.symbol.SymbolDB.setNameAndNamespace(SymbolDB.java:674)
at ghidra.program.database.symbol.FunctionSymbol.setNameAndNamespace(FunctionSymbol.java:83)
at ghidra.program.database.symbol.SymbolDB.setName(SymbolDB.java:538)
at ghidra.program.database.function.FunctionDB.setName(FunctionDB.java:261)
at ghidra.emotionengine.symboltable.StabsImporter.setFunctionName(StabsImporter.java:350)
at ghidra.emotionengine.symboltable.StabsImporter.importFunctions(StabsImporter.java:287)
at ghidra.emotionengine.symboltable.StabsImporter.doImport(StabsImporter.java:181)
at ghidra.emotionengine.symboltable.StabsAnalyzer.added(StabsAnalyzer.java:84)
at ghidra.app.plugin.core.analysis.AnalysisScheduler.runAnalyzer(AnalysisScheduler.java:186)
at ghidra.app.plugin.core.analysis.AnalysisTask.applyTo(AnalysisTask.java:39)
at ghidra.app.plugin.core.analysis.AutoAnalysisManager$AnalysisTaskWrapper.run(AutoAnalysisManager.java:688)
at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:788)
at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:667)
at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:632)
at ghidra.app.plugin.core.analysis.AnalysisBackgroundCommand.applyTo(AnalysisBackgroundCommand.java:58)
at ghidra.framework.plugintool.mgr.BackgroundCommandTask.run(BackgroundCommandTask.java:102)
at ghidra.framework.plugintool.mgr.ToolTaskManager.run(ToolTaskManager.java:336)
at java.base/java.lang.Thread.run(Thread.java:1589)
Demangler GNU> Unable to demangle symbol: _GLOBAL_$I$g_gc at 0011b660. Message: Expected the demangled string to contain a namespace
Demangler GNU> Unable to demangle symbol: _GLOBAL_$D$g_gc at 0011b688. Message: Expected the demangled string to contain a namespace
Demangler GNU> Unable to demangle symbol: _GLOBAL_$I$g_splotheapPair at 0011cd78. Message: Expected the demangled string to contain a namespace
Demangler GNU> Unable to demangle symbol: _GLOBAL_$D$g_splotheapPair at 0011cda0. Message: Expected the demangled string to contain a namespace
Demangler GNU> Unable to demangle symbol: _GLOBAL_$I$InitBei__FP3BEIP3CLQffi at 0013a460. Message: Expected the demangled string to contain a namespace
Demangler GNU> Unable to demangle symbol: _GLOBAL_$I$StartupCatalog__Fv at 001450c8. Message: Expected the demangled string to contain a namespace
Demangler GNU> Unable to demangle symbol: _GLOBAL_$I$StartupCm__Fv at 0014bb38. Message: Expected the demangled string to contain a namespace
Demangler GNU> Unable to demangle symbol: _GLOBAL_$I$g_fontDebug at 00166798. Message: Expected the demangled string to contain a namespace
Demangler GNU> Unable to demangle symbol: _GLOBAL_$I$g_gifs at 00167a10. Message: Expected the demangled string to contain a namespace
Demangler GNU> Unable to demangle symbol: _GLOBAL_$I$g_dro at 001710d8. Message: Expected the demangled string to contain a namespace
Demangler GNU> Unable to demangle symbol: _GLOBAL_$I$InitKeyhole__FP7KEYHOLE at 0018c150. Message: Expected the demangled string to contain a namespace
Demangler GNU> Unable to demangle symbol: _GLOBAL_$I$PushMenu__FP4BLOTP2MIiiiPcii at 0019e7a8. Message: Expected the demangled string to contain a namespace
Demangler GNU> Unable to demangle symbol: _GLOBAL_$D$PushMenu__FP4BLOTP2MIiiiPcii at 0019e7d0. Message: Expected the demangled string to contain a namespace
Demangler GNU> Unable to demangle symbol: _GLOBAL_$I$g_mpeg at 001a1818. Message: Expected the demangled string to contain a namespace
Demangler GNU> Unable to demangle symbol: _GLOBAL_$I$InitPo__FP2PO at 001a4be8. Message: Expected the demangled string to contain a namespace
Demangler GNU> Unable to demangle symbol: _GLOBAL_$I$AchzFromRespk__F5RESPK at 001a6730. Message: Expected the demangled string to contain a namespace
Demangler GNU> Unable to demangle symbol: _GLOBAL_$I$g_lifectr at 001c1cf8. Message: Expected the demangled string to contain a namespace
Demangler GNU> Unable to demangle symbol: _GLOBAL_$I$g_asprbuf at 001d7620. Message: Expected the demangled string to contain a namespace
Demangler GNU> Unable to demangle symbol: _GLOBAL_$I$g_transition at 001f9738. Message: Expected the demangled string to contain a namespace
Demangler GNU> Unable to demangle symbol: _GLOBAL_$I$RGBA_Distortion at 001fcea8. Message: Expected the demangled string to contain a namespace
Demangler GNU> Unable to demangle symbol: _GLOBAL_$I$U_WmFadedLevels at 0020ddf0. Message: Expected the demangled string to contain a namespace
Starting with SP12, I've been running into major issues with analysis of the ELF for Burnout Beta v0.40 PAL.
I was using extension version SP11 with Ghidra 10.4 previously, and had no issues with the same ELF.
Log output from SP12 + Ghidra 11.0:
DEBUG (PackedDatabaseCache) Using cached packed database: C:\Programs\Ghidra\ghidra_11.0_PUBLIC\Ghidra\Features\Base\data\typeinfo\generic\generic_clib.gdt
DEBUG (ToolTaskManager) Background processing started...
DEBUG (ToolTaskManager) Exec Task Auto Analysis
ERROR (SleighInstructionPrototype) Pcode error at 00283760: Program does not contain referenced instruction: 00283764
ERROR (SleighInstructionPrototype) Pcode error at 0028bcc0: Program does not contain referenced instruction: 0028bcc4
ERROR (SleighInstructionPrototype) Pcode error at 00292e40: Program does not contain referenced instruction: 00292e44
ERROR (SleighInstructionPrototype) Pcode error at 002950a0: Program does not contain referenced instruction: 002950a4
ERROR (SleighInstructionPrototype) Pcode error at 002822e0: Program does not contain referenced instruction: 002822e4
ERROR (SleighInstructionPrototype) Pcode error at 0029de50: Program does not contain referenced instruction: 0029de54
ERROR (SleighInstructionPrototype) Pcode error at 0029de58: Program does not contain referenced instruction: 0029de5c
DEBUG (CreateThunkFunctionCmd) Created new external location for address 004a5340: <EXTERNAL>::EXT_FUN_004a5340
DEBUG (CreateThunkFunctionCmd) Created new external location for address 004a2b20: <EXTERNAL>::EXT_FUN_004a2b20
DEBUG (CreateThunkFunctionCmd) Created new external location for address 003657a0: <EXTERNAL>::EXT_FUN_003657a0
DEBUG (CreateThunkFunctionCmd) Created new external location for address 00398940: <EXTERNAL>::EXT_FUN_00398940
DEBUG (CreateThunkFunctionCmd) Created new external location for address 004cdbe0: <EXTERNAL>::EXT_FUN_004cdbe0
DEBUG (CreateThunkFunctionCmd) Created new external location for address 004a9c20: <EXTERNAL>::EXT_FUN_004a9c20
DEBUG (CreateThunkFunctionCmd) Created new external location for address 00395e00: <EXTERNAL>::EXT_FUN_00395e00
DEBUG (CreateThunkFunctionCmd) Created new external location for address 00478e40: <EXTERNAL>::EXT_FUN_00478e40
DEBUG (CreateThunkFunctionCmd) Created new external location for address 00478b80: <EXTERNAL>::EXT_FUN_00478b80
DEBUG (CreateThunkFunctionCmd) Created new external location for address 00416b20: <EXTERNAL>::EXT_FUN_00416b20
DEBUG (CreateThunkFunctionCmd) Created new external location for address 00395cc0: <EXTERNAL>::EXT_FUN_00395cc0
DEBUG (CreateThunkFunctionCmd) Created new external location for address 0047d220: <EXTERNAL>::EXT_FUN_0047d220
DEBUG (CreateThunkFunctionCmd) Created new external location for address 004b27e0: <EXTERNAL>::EXT_FUN_004b27e0
DEBUG (CreateThunkFunctionCmd) Created new external location for address 004cd7c0: <EXTERNAL>::EXT_FUN_004cd7c0
DEBUG (CreateThunkFunctionCmd) Created new external location for address 004cd980: <EXTERNAL>::EXT_FUN_004cd980
ERROR (SleighInstructionPrototype) Pcode error at 002822e0: Program does not contain referenced instruction: 002822e4
ERROR (SleighInstructionPrototype) Pcode error at 00283760: Program does not contain referenced instruction: 00283764
ERROR (SleighInstructionPrototype) Pcode error at 0028bcc0: Program does not contain referenced instruction: 0028bcc4
ERROR (SleighInstructionPrototype) Pcode error at 00292e40: Program does not contain referenced instruction: 00292e44
ERROR (SleighInstructionPrototype) Pcode error at 002950a0: Program does not contain referenced instruction: 002950a4
ERROR (CreateFunctionCmd) Failed to create function at 002342f0 since its body contains referring thunk at 002342e0
ERROR (CreateFunctionCmd) Failed to create function at 00242320 since its body contains referring thunk at 002422e0
ERROR (SleighInstructionPrototype) Pcode error at 00283760: Program does not contain referenced instruction: 00283764
DEBUG (CreateThunkFunctionCmd) Created new external location for address 04300ff8: <EXTERNAL>::EXT_FUN_04300ff8
WARN (SimpleBlockModel) WARNING: Invalid delay slot instruction found at 00229ad0
WARN (SimpleBlockModel) WARNING: Invalid delay slot instruction found at 00229ad0
WARN (SimpleBlockModel) WARNING: Invalid delay slot instruction found at 00253588
WARN (SimpleBlockModel) WARNING: Invalid delay slot instruction found at 00253158
WARN (SimpleBlockModel) WARNING: Invalid delay slot instruction found at 00251580
WARN (SimpleBlockModel) WARNING: Invalid delay slot instruction found at 0021db70
WARN (SimpleBlockModel) WARNING: Invalid delay slot instruction found at 0021db70
WARN (SimpleBlockModel) WARNING: Invalid delay slot instruction found at 0021db70
WARN (SimpleBlockModel) WARNING: Invalid delay slot instruction found at 0021db70
WARN (SimpleBlockModel) WARNING: Invalid delay slot instruction found at 0021db70
WARN (SimpleBlockModel) WARNING: Invalid delay slot instruction found at 0021db70
WARN (ClearFlowAndRepairCmd) WARNING! Repairing body of function at 00109d40
ERROR (ClearFlowAndRepairCmd) ... function body repair failed due to overlap with another function: 00109d40
WARN (ClearFlowAndRepairCmd) WARNING! Repairing body of function at 00109e58
ERROR (ClearFlowAndRepairCmd) ... function body repair failed due to overlap with another function: 00109e58
WARN (ClearFlowAndRepairCmd) WARNING! Repairing body of function at 0010e2f8
ERROR (ClearFlowAndRepairCmd) ... function body repair failed due to overlap with another function: 0010e2f8
ERROR (SleighInstructionPrototype) Pcode error at 002822e0: Program does not contain referenced instruction: 002822e4
ERROR (SleighInstructionPrototype) Pcode error at 0028bcc0: Program does not contain referenced instruction: 0028bcc4
ERROR (SleighInstructionPrototype) Pcode error at 00292e40: Program does not contain referenced instruction: 00292e44
ERROR (SleighInstructionPrototype) Pcode error at 002950a0: Program does not contain referenced instruction: 002950a4
WARN (DecompileCallback) Decompiling 001102c0: Unable to read bytes at ram:0061c9c0
WARN (DecompileCallback) Decompiling 001035d8: Unable to read bytes at ram:0061b980
WARN (DecompileCallback) Decompiling 00101100: Unable to read bytes at ram:0061b280
WARN (DecompileCallback) Decompiling 00100b60: Unable to read bytes at ram:0061b160
WARN (DecompileCallback) Decompiling 00123168: Unable to read bytes at ram:0061e320
WARN (DecompileCallback) Decompiling 0010e460: Unable to read bytes at ram:0061c730
WARN (DecompileCallback) Decompiling 00101b50: Unable to read bytes at ram:0061b380
WARN (DecompileCallback) Decompiling 00133430: Unable to read bytes at ram:00620960
WARN (DecompileCallback) Decompiling 0013b210: Unable to read bytes at ram:00620e40
WARN (DecompileCallback) Decompiling 001012d0: Unable to read bytes at ram:0061b300
WARN (DecompileCallback) Decompiling 0014a850: Unable to read bytes at ram:00621800
WARN (DecompileCallback) Decompiling 00141470: Unable to read bytes at ram:00621460
WARN (DecompileCallback) Decompiling 00141bb0: Unable to read bytes at ram:006214a0
WARN (DecompileCallback) Decompiling 00125658: Unable to read bytes at ram:0061ead0
WARN (DecompileCallback) Decompiling 00125658: Unable to read bytes at ram:0061ead0
WARN (DecompileCallback) Decompiling 0015c620: Unable to read bytes at ram:00622160
WARN (DecompileCallback) Decompiling 00145af0: Unable to read bytes at ram:006216e0
WARN (DecompileCallback) Decompiling 00151fd0: Unable to read bytes at ram:006218e0
WARN (DecompileCallback) Decompiling 001558b0: Unable to read bytes at ram:00621d40
WARN (DecompileCallback) Decompiling 0016c840: Unable to read bytes at ram:00627c60
WARN (DecompileCallback) Decompiling 0016c840: Unable to read bytes at ram:00627c00
WARN (DecompileCallback) Decompiling 0016c840: Unable to read bytes at ram:00627ba0
WARN (DecompileCallback) Decompiling 00161b70: Unable to read bytes at ram:006228c0
WARN (DecompileCallback) Decompiling 00161b70: Unable to read bytes at ram:00622860
WARN (DecompileCallback) Decompiling 00161b70: Unable to read bytes at ram:00622800
WARN (DecompileCallback) Decompiling 00162f10: Unable to read bytes at ram:00622920
WARN (DecompileCallback) Decompiling 00161b70: Unable to read bytes at ram:006228c0
WARN (DecompileCallback) Decompiling 00161b70: Unable to read bytes at ram:00622860
WARN (DecompileCallback) Decompiling 00161b70: Unable to read bytes at ram:00622800
WARN (DecompileCallback) Decompiling 00145e60: Unable to read bytes at ram:00621740
WARN (DecompileCallback) Decompiling 00161b70: Unable to read bytes at ram:006228c0
WARN (DecompileCallback) Decompiling 00161b70: Unable to read bytes at ram:00622860
WARN (DecompileCallback) Decompiling 00161b70: Unable to read bytes at ram:00622800
WARN (DecompileCallback) Decompiling 00168010: Unable to read bytes at ram:00623760
WARN (DecompileCallback) Decompiling 0016c840: Unable to read bytes at ram:00627c60
WARN (DecompileCallback) Decompiling 0016c840: Unable to read bytes at ram:00627c00
WARN (DecompileCallback) Decompiling 0016c840: Unable to read bytes at ram:00627ba0
WARN (DecompileCallback) Decompiling 0016c840: Unable to read bytes at ram:00627c60
WARN (DecompileCallback) Decompiling 0016c840: Unable to read bytes at ram:00627c00
WARN (DecompileCallback) Decompiling 0016c840: Unable to read bytes at ram:00627ba0
WARN (DecompileCallback) Decompiling 0011a3e0: Unable to read bytes at ram:0061dda0
WARN (DecompileCallback) Decompiling 00198b10: Unable to read bytes at ram:0063a840
WARN (DecompileCallback) Decompiling 00121890: Unable to read bytes at ram:0061e100
WARN (DecompileCallback) Decompiling 001860f0: Unable to read bytes at ram:006295c0
WARN (DecompileCallback) Decompiling 00198d20: Unable to read bytes at ram:0063a880
WARN (DecompileCallback) Decompiling 00196950: Unable to read bytes at ram:0063a020
WARN (DecompileCallback) Decompiling 00196950: Unable to read bytes at ram:00639fc0
WARN (DecompileCallback) Decompiling 001b27c0: Unable to read bytes at ram:0063b920
WARN (DecompileCallback) Decompiling 001a0808: Unable to read bytes at ram:0063b100
WARN (DecompileCallback) Decompiling 001a0808: Unable to read bytes at ram:0063b140
WARN (DecompileCallback) Decompiling 001a0808: Unable to read bytes at ram:0063b100
WARN (DecompileCallback) Decompiling 001a0808: Unable to read bytes at ram:0063b140
WARN (DecompileCallback) Decompiling 00186660: Unable to read bytes at ram:00629660
WARN (DecompileCallback) Decompiling 00195a50: Unable to read bytes at ram:00639f40
WARN (DecompileCallback) Decompiling 00123eb0: Unable to read bytes at ram:0061e720
WARN (DecompileCallback) Decompiling 0016cbe0: Unable to read bytes at ram:00627cc0
WARN (DecompileCallback) Decompiling 001b55d0: Unable to read bytes at ram:0063d0a0
WARN (DecompileCallback) Decompiling 00160140: Unable to read bytes at ram:006227a0
WARN (DecompileCallback) Decompiling 00196950: Unable to read bytes at ram:0063a020
WARN (DecompileCallback) Decompiling 00196950: Unable to read bytes at ram:00639fc0
WARN (DecompileCallback) Decompiling 001e8130: Unable to read bytes at ram:0063fb20
WARN (DecompileCallback) Decompiling 001a2c20: Unable to read bytes at ram:0063b200
WARN (DecompileCallback) Decompiling 001ece20: Unable to read bytes at ram:00640760
WARN (DecompileCallback) Decompiling 001ece20: Unable to read bytes at ram:006406e0
WARN (DecompileCallback) Decompiling 001edf90: Unable to read bytes at ram:006407e0
WARN (DecompileCallback) Decompiling 001ece20: Unable to read bytes at ram:00640760
WARN (DecompileCallback) Decompiling 001ece20: Unable to read bytes at ram:006406e0
WARN (DecompileCallback) Decompiling 001ef480: Unable to read bytes at ram:006422a0
WARN (DecompileCallback) Decompiling 001e3400: Unable to read bytes at ram:0063f860
WARN (DecompileCallback) Decompiling 001f2480: Unable to read bytes at ram:00642540
WARN (DecompileCallback) Decompiling 001f1340: Unable to read bytes at ram:00642460
WARN (DecompileCallback) Decompiling 001f1340: Unable to read bytes at ram:00724c84
WARN (DecompileCallback) Decompiling 001f1340: Unable to read bytes at ram:00642400
WARN (DecompileCallback) Decompiling 001f1340: Unable to read bytes at ram:006423a0
WARN (DecompileCallback) Decompiling 001ef140: Unable to read bytes at ram:00642220
WARN (DecompileCallback) Decompiling 001f1340: Unable to read bytes at ram:00642460
WARN (DecompileCallback) Decompiling 001f1340: Unable to read bytes at ram:00724c84
WARN (DecompileCallback) Decompiling 001f1340: Unable to read bytes at ram:00642400
WARN (DecompileCallback) Decompiling 001f1340: Unable to read bytes at ram:006423a0
WARN (DecompileCallback) Decompiling 001e1780: Unable to read bytes at ram:0063f7e0
WARN (DecompileCallback) Decompiling 001f1340: Unable to read bytes at ram:00642460
WARN (DecompileCallback) Decompiling 001f1340: Unable to read bytes at ram:00724c84
WARN (DecompileCallback) Decompiling 001f1340: Unable to read bytes at ram:00642400
WARN (DecompileCallback) Decompiling 001f1340: Unable to read bytes at ram:006423a0
WARN (DecompileCallback) Decompiling 001f1340: Unable to read bytes at ram:00642460
WARN (DecompileCallback) Decompiling 001f1340: Unable to read bytes at ram:00724c84
WARN (DecompileCallback) Decompiling 001f1340: Unable to read bytes at ram:00642400
WARN (DecompileCallback) Decompiling 001f1340: Unable to read bytes at ram:006423a0
WARN (DecompileCallback) Decompiling 001f2d80: Unable to read bytes at ram:00642780
WARN (DecompileCallback) Decompiling 001f3250: Unable to read bytes at ram:00642840
WARN (DecompileCallback) Decompiling 001fd330: Unable to read bytes at ram:006456e0
WARN (DecompileCallback) Decompiling 001fdfc0: Unable to read bytes at ram:00645760
WARN (DecompileCallback) Decompiling 001f26d0: Unable to read bytes at ram:00642600
WARN (DecompileCallback) Decompiling 00206a10: Unable to read bytes at ram:00645c20
WARN (DecompileCallback) Decompiling 00254960: Unable to read bytes at ram:006468a0
WARN (DecompileCallback) Decompiling 002548c0: Unable to read bytes at ram:00646860
WARN (DecompileCallback) Decompiling 00262370: Unable to read bytes at ram:00646a60
WARN (DecompileCallback) Decompiling 00216fa0: Unable to read bytes at ram:00645e20
WARN (DecompileCallback) Decompiling 002559d0: Unable to read bytes at ram:006468e0
WARN (DecompileCallback) Decompiling 00262ba0: Unable to read bytes at ram:00646b80
WARN (DecompileCallback) Decompiling 002646c0: Unable to read bytes at ram:00646fe0
WARN (DecompileCallback) Decompiling 00235f20: Unable to read bytes at ram:006466a0
WARN (DecompileCallback) Decompiling 00250bf0: Unable to read bytes at ram:00646800
ERROR (SleighInstructionPrototype) Pcode error at 0028bcc0: Program does not contain referenced instruction: 0028bcc4
ERROR (SleighInstructionPrototype) Pcode error at 002950a0: Program does not contain referenced instruction: 002950a4
ERROR (SleighInstructionPrototype) Pcode error at 00283760: Program does not contain referenced instruction: 00283764
ERROR (SleighInstructionPrototype) Pcode error at 00292e40: Program does not contain referenced instruction: 00292e44
ERROR (SleighInstructionPrototype) Pcode error at 002822e0: Program does not contain referenced instruction: 002822e4
ERROR (SleighInstructionPrototype) Pcode error at 0029de58: Program does not contain referenced instruction: 0029de5c
ERROR (SleighInstructionPrototype) Pcode error at 0029de50: Program does not contain referenced instruction: 0029de54
INFO (ApplyDataArchiveAnalyzer) Applied data type archive: generic_clib
ERROR (SleighInstructionPrototype) Pcode error at 002822e0: Program does not contain referenced instruction: 002822e4
ERROR (SleighInstructionPrototype) Pcode error at 0029de58: Program does not contain referenced instruction: 0029de5c
ERROR (SleighInstructionPrototype) Pcode error at 0029de50: Program does not contain referenced instruction: 0029de54
ERROR (SleighInstructionPrototype) Pcode error at 0028bcc0: Program does not contain referenced instruction: 0028bcc4
ERROR (SleighInstructionPrototype) Pcode error at 00292e40: Program does not contain referenced instruction: 00292e44
ERROR (SleighInstructionPrototype) Pcode error at 002950a0: Program does not contain referenced instruction: 002950a4
INFO (AutoAnalysisManager) Analysis Log Messages
STABS> [D:\a\ccc\ccc\ccc\analysis.cpp:13] error: No .mdebug section.
INFO (AutoAnalysisManager) -----------------------------------------------------
ASCII Strings 0.489 secs
Apply Data Archives 0.179 secs
Call Convention ID 0.731 secs
Call-Fixup Installer 0.036 secs
Create Address Tables 0.350 secs
Create Address Tables - One Time 0.053 secs
Create Function 0.361 secs
Data Reference 0.088 secs
Decompiler Switch Analysis 2.809 secs
Demangler GNU 0.405 secs
Disassemble Entry Points 5.154 secs
Disassemble Entry Points - One Time 0.012 secs
Embedded Media 0.031 secs
External Entry References 0.039 secs
External Symbol Resolver 0.000 secs
Function Start Search 0.149 secs
MIPS-R5900 Constant Reference Analyzer 14.115 secs
Non-Returning Functions - Discovered 0.957 secs
Non-Returning Functions - Known 0.035 secs
Reference 0.167 secs
STABS 1.924 secs
Shared Return Calls 0.460 secs
Stack 17.332 secs
Subroutine References 0.232 secs
Subroutine References - One Time 0.000 secs
-----------------------------------------------------
Total Time 46 secs
-----------------------------------------------------
DEBUG (ToolTaskManager) Auto Analysis task finish (46.245 secs)
DEBUG (ToolTaskManager) Queue - Auto Analysis
DEBUG (ToolTaskManager) (0.0 secs)
DEBUG (ToolTaskManager) Auto Analysis task complete (46.281 secs)
DEBUG (ToolTaskManager) Background processing complete (46.286 secs)
INFO (RecoveryMgr) Fri Jan 05 01:07:14 GMT 2024 Recovery snapshot created: C:\Projects\Ghidra\b1\test\b1test.rep\idata\00\~00000001.db\snapshotA.grf
Successful analysis using SP11 + Ghidra 10.4:
Analysis using SP12 + Ghidra 11.0:
I also tried the Burnout Revenge July 14th ELF with both versions and it seems to work fine, so I don't think this is an issue with my own installation in particular.
First, thanks for all your work in maintaining CCC and this extension - both have been very helpful!
I'm currently analyzing a binary ([SCUS-97101] Twisted Metal: Black (NTSC)
) which contains many debug symbols (functions, globals, C structs). There are quite a few C structs which are typedef
d to be a different name. An example looks like:
typedef _hierstack HierStack;
struct _hierstack { // 0x30
/* 0x00 */ FVECTOR3 eo;
/* 0x0c */ HierHead **node;
/* 0x10 */ uint16 matIdx;
/* 0x12 */ uint16 eoCnt;
/* 0x14 */ uint32 numKids;
/* 0x18 */ uint32 *gsCtx;
/* 0x1c */ float fade;
/* 0x20 */ HierAnimCharInstance *animCharInst;
/* 0x24 */ uint32 unused1;
/* 0x28 */ uint32 unused2;
/* 0x2c */ uint32 unused3;
};
typedef _hierstackinfo HierStackInfo;
struct _hierstackinfo { // 0x60
/* 0x00 */ HierStack curStack;
/* 0x30 */ HierStack *stack;
/* 0x34 */ int stackIdx;
/* 0x38 */ CS *gCs;
/* 0x3c */ int32 fovFlag;
/* 0x40 */ uint32 *lightDir;
/* 0x44 */ uint32 texLastUsedCnt;
/* 0x48 */ uint32 *texBinE;
/* 0x4c */ int32 lastEoCnt;
/* 0x50 */ int32 unused;
/* 0x54 */ int32 matIdx;
};
However, when I import the binary into Ghidra and run the STABS
analyzer on the binary, many of these typedefs are substituted for their underlying types, and the typedefs are completely lost (and not imported into Ghidra).
It seems like CCC's stdump
is correctly parsing the typedefs, since stdump json SCUS_971.01
produces JSON with the typedefs included:
{
"descriptor": "type_name",
"name": "HierStack",
"storage_class": "typedef",
"stabs_type_number": 933,
"files": [232, 309],
"source": "cross_reference",
"type_name": "_hierstack"
}
Would you happen to know what's causing this behavior and how it can be mitigated? I'm not particularly familiar with the code, but I can try to submit a patch if I can get a general idea of what might be happening.
Thanks!
hey.
apparently i came across an game executable (SLPS_200.66) weighing at under 2MB (1,67MB to be exact) in which your extension tries to do out-of-bounds function jumps like these
here are the error messages, from the Bookmarks section
Type | Category | Description | Location | Label | Code Unit | Mem Block |
---|---|---|---|---|---|---|
Error | Bad Instruction | Could not follow disassembly flow into non-existing memory at 0020b140 (flow from 00100080) | 00100080 | jal SUB_0020b140 | main | |
Error | Bad Instruction | Could not follow disassembly flow into non-existing memory at 0029ade0 (flow from 00100098) | 00100098 | jal SUB_0029ade0 | main | |
Error | Bad Instruction | Could not follow disassembly flow into non-existing memory at 0020a480 (flow from 001000a0) | 001000a0 | j LAB_0020a480 | main |
tbh to get the "correct" function jumps you have to divide out-of-bounds offset values for those jumps by 2, like so
0020b140 / 2 = 001058a0
0029ade0 / 2 = 0014d6f0
0020a480 / 2 = 00105240
but even that feels like a workaround at best, so i'm not sure if there's any way to "fix" this issue entirely without breaking stuff with other PS2 ELFs at this point
Wondering if the extension supports them, if not, perhaps you know a way to load them into Ghidra?
An error occurred while running auto-analysis on the Sly 1 May 2002 proto. It looked like it happened after the "Variadic Function Signature Override" step began. I believe I had all the analyzer options checked except for "Condense Filler Bytes" and "Elf Scalar Operand References". Here is the stack trace:
Data type _reent___new has _reent within it.
java.lang.IllegalArgumentException: Data type _reent___new has _reent within it.
at ghidra.program.database.data.StructureDB.replaceAtOffset(StructureDB.java:1561)
at ghidra.emotionengine.symboltable.StdumpAST$InlineStructOrUnion.addField(StdumpAST.java:336)
at ghidra.emotionengine.symboltable.StdumpAST$InlineStructOrUnion.fill(StdumpAST.java:283)
at ghidra.emotionengine.symboltable.StabsImporter.importDataTypes(StabsImporter.java:260)
at ghidra.emotionengine.symboltable.StabsImporter.doImport(StabsImporter.java:177)
at ghidra.emotionengine.symboltable.StabsAnalyzer.added(StabsAnalyzer.java:84)
at ghidra.app.plugin.core.analysis.AnalysisScheduler.runAnalyzer(AnalysisScheduler.java:186)
at ghidra.app.plugin.core.analysis.AnalysisTask.applyTo(AnalysisTask.java:39)
at ghidra.app.plugin.core.analysis.AutoAnalysisManager$AnalysisTaskWrapper.run(AutoAnalysisManager.java:688)
at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:788)
at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:667)
at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:632)
at ghidra.app.plugin.core.analysis.AnalysisBackgroundCommand.applyTo(AnalysisBackgroundCommand.java:58)
at ghidra.framework.plugintool.mgr.BackgroundCommandTask.run(BackgroundCommandTask.java:102)
at ghidra.framework.plugintool.mgr.ToolTaskManager.run(ToolTaskManager.java:336)
at java.base/java.lang.Thread.run(Thread.java:1589)
Caused by: ghidra.program.model.data.DataTypeDependencyException: Data type _reent___new has _reent within it.
at ghidra.program.database.data.CompositeDB.checkAncestry(CompositeDB.java:288)
at ghidra.program.database.data.StructureDB.replaceAtOffset(StructureDB.java:1485)
... 15 more
STABS> Type lookup failed: FE
STABS> Type lookup failed: FE
STABS> Type lookup failed: FE
STABS> Type lookup failed: FE
STABS> Type lookup failed: ASO
STABS> Type lookup failed: rtx_def
Plugin version: 2.1.2
Ghidra version: 10.2.3
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.