lab313ru / ghidra_amiga_ldr Goto Github PK

I have Ghidra 9.2.2, and the current 9.2 release of the plugin.

1. I attempted to install the extension and it refused and told me the extension version was wrong.
2. I edited the version file from 9.2 to 9.2.2.
3. I attempted to install the extension and it installed, I restarted Ghidra as requested.
4. I attempted to import an executable file and it only offered Binary file.
5. I click on the (i) icon beside the file type list in the import dialog and see the following.

For my current project it would be nice to have address entries in the program relocation table.

I know that the initial relocation fixup handler has been removed in v1.4 (in the meantime Ghidra requires a different ExtensionPoint class name suffix) and I'm aware of the problems with changing the image base or moving any segments.

Currently I'm trying to build a function ID database from the amiga.lib and Ghidra's hash code skips the bytes referenced by the relocation table. Well, there are still some other issues to solve (FID generator limits, missing cdecl in the processor language spec, ...), but I want to be sure that the relocated bytes do not change the hash.

I also tried to add a pattern file to the loader in data/patterns (amiga-pattern-test.zip). The function is detected and renamed, but it would result in one huge file and it doesn't help with the function prototypes.

Is anyone working on this or another bigger task? Else I would try to create a PR, but it will probably touch a lot of code...

Best regards, Nico

I can see there is some SymbolHunk handling code in the HunkSegment.

But how is this stuff called ? I'm a bit at a loss here.

Could we get a release for 9.1-PUBLIC?

Also, I'd like to talk to @lab313ru about an Amiga compression library, where would be the best place to talk?

When adding the extension to Ghidra, I got an exception.

"Extension version for [...] is incompatible with Ghidra"

I edited "ghidra_amiga_ldr\extension.properties" to set "version=10.0" to "10.1.1" (Ghidra's current version) to see what would happen.
.
.
After installing the extension, restarting Ghidra, and attempting to import an Amiga executable, I get a different exception.

"ClassNotFoundException: ghidra.formats.gfilesystem.factory.GFileSystemFactoryFull"
.
.
The following discussion might help...

NationalSecurityAgency/ghidra#3781 (comment)

"[...] a non-standard GFileSystem (from a custom extension or plugin) installed that is built against the previous version of Ghidra."

"[...] the "GFileSystemFactoryFull" interface was deleted between 10.0 and 10.1. [...]"

"[...] GFileSystemFactoryByteProvider is the newer interface. There are a few methods on the base GFileSystem interface that have changed as well, to remove File / InputStreams from method signatures and replace them with ByteProviders. [...]"

.
Sorry I can't offer a PR for what's probably a trivial revision. This is my first time trying Ghidra.

`Analysis Task: Amiga Library Calls -
java.lang.NullPointerException
at amigahunk.AmigaHunkAnalyzer$1.evaluateContext(AmigaHunkAnalyzer.java:221)
at ghidra.program.util.SymbolicPropogator.flowConstants(SymbolicPropogator.java:502)
at ghidra.program.util.SymbolicPropogator.flowConstants(SymbolicPropogator.java:389)
at ghidra.program.util.SymbolicPropogator.flowConstants(SymbolicPropogator.java:188)
at amigahunk.AmigaHunkAnalyzer.flowConstants(AmigaHunkAnalyzer.java:239)
at amigahunk.AmigaHunkAnalyzer.added(AmigaHunkAnalyzer.java:159)
at ghidra.app.plugin.core.analysis.AnalysisScheduler.runAnalyzer(AnalysisScheduler.java:185)
at ghidra.app.plugin.core.analysis.AnalysisTask.applyTo(AnalysisTask.java:39)
at ghidra.app.plugin.core.analysis.AutoAnalysisManager$AnalysisTaskWrapper.run(AutoAnalysisManager.java:685)
at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:785)
at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:664)
at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:629)
at ghidra.app.plugin.core.analysis.AnalysisBackgroundCommand.applyTo(AnalysisBackgroundCommand.java:62)
at ghidra.framework.plugintool.mgr.BackgroundCommandTask.run(BackgroundCommandTask.java:101)
at ghidra.framework.plugintool.mgr.ToolTaskManager.run(ToolTaskManager.java:315)
at java.base/java.lang.Thread.run(Thread.java:832)

Build Date: 2020-Feb-12 1149 EST
Ghidra Version: 9.1.2
Java Home: /Library/Java/JavaVirtualMachines/jdk-14.0.2.jdk/Contents/Home
JVM Version: Oracle Corporation 14.0.2
OS: Mac OS X 10.15.6 x86_64`

I may to attach loaded binary if it's needed.

Is it possible for the plugin to populate the equates like Resource has available?

From Ghidra's "Install Extensions" window clicking on the "+" it doesn't seem to work whether I select the Zip archive, or decompress it into a directory and try to select various levels of that directory.

If I copy the directory into the Ghidra/Extensions/ folder and then go the the "Install Extensions" window, it shows up, but in red with only "@extname@" in the "Name" field, the "Description" field does look correct, and the "Version" field is blank.

In this state it fails to recognize an Amiga executable that the "file" command does identify as being one. After restarting Ghidra nothing changes.

Do I have to first build it in Eclipse? If so, how?

Quite a few OS structs are misaligned due to the default alignment of 4 byte. They need to be aligned to 2 byte.

Hi,

I wonder what the current status of this project is? The readme doesn't state if it's usable or not as I'm interested in using this.

Thank you for your work.
I managed to build the plugin - it shows in installed extensions.
What is supposed to happen when I try to open an amiga executable? Unfortunately I do not see any options that would give me a clue. What am I doing wrong? Some screenshots below.

Hi,

thanks for this nice plugin. Is there a way to use the plugin (library call analyzer) with Amiga binary files without hunk data, f.e. bootblocks?

Will there be some kind (even if it is very simple) of documentation in the future?

Best regards

this seems to be a useful plugin .. but it is an annoying and a unnessarry waste of time that there is no doc for howto build/install/use it. a short coverage of the below key points would fix that;

1. prerequitites: install Java (same JRE that was used to build Ghirda - ps: there should be a better error message when the build detects an "incorrect" Java version) and Gradle
2. build: using the gradle command mentioned in build.gradle.
3. install: manually copy the build result from the "dist" folder to your %GHIDRA%/Extensions/Ghidra/ folder (it seems silly that this is not performed automatically - since that folder had already to be configured for the build command..). activate plugin in Ghidra (see File/Install Extensions menu) and restart Ghidra
4. usage: within Ghidra there is no plugin-menu - instead the plugin automatically triggers the first time a suitable hunk-file is opened (i.e. you need to remove/re-add files that you already had in your existing project..)

The limitation to such low addresses as a hurdle for disassembling some applications.

I'm having a bit of a hard time changing the label of A6-relative, negative offsets to other libraries than exec. I almost always end up renaming the exec aliases instead. The decompiler stills insist on using A5 as a parameter instead of choosing the right prototype for the syscall. Is there a simple way to just switch labels? If I double click on the alias I can see the operand references to all libraries I have selected, but clicking on the right name just points to the corresponding definition in the .fd file.