This commit is contained in:
parent
faf2e134f2
commit
f1b346fb0e
|
|
@ -10,17 +10,21 @@ import ghidra.program.model.symbol.Reference;
|
|||
import java.util.*;
|
||||
import java.io.*;
|
||||
import re3lib.RemanConfig;
|
||||
import ghidra.util.task.TaskMonitor;
|
||||
|
||||
public class FindRelocations extends GhidraScript {
|
||||
private Set<Address> foundRelocations = new HashSet<>();
|
||||
private PrintWriter outputFile;
|
||||
|
||||
long addrMin, addrMax;
|
||||
|
||||
@Override
|
||||
public void run() throws Exception {
|
||||
RemanConfig.INSTANCE = new RemanConfig(this);
|
||||
RemanConfig.INSTANCE.createDirectories();
|
||||
|
||||
addrMin = RemanConfig.INSTANCE.staticMemoryBlockStart.getOffset();
|
||||
addrMax = RemanConfig.INSTANCE.staticMemoryBlockEnd.getOffset();
|
||||
|
||||
// Create output file for relocations
|
||||
File relocFile = new File(RemanConfig.INSTANCE.outputDir, "relocations.txt");
|
||||
outputFile = new PrintWriter(new FileWriter(relocFile));
|
||||
|
|
@ -111,12 +115,12 @@ public class FindRelocations extends GhidraScript {
|
|||
private boolean isRelocatableInstruction(String mnemonic) {
|
||||
// Instructions that commonly use absolute addresses
|
||||
return mnemonic.equals("mov") || mnemonic.equals("lea") ||
|
||||
mnemonic.equals("call") || mnemonic.equals("jmp") ||
|
||||
mnemonic.equals("push") || mnemonic.equals("cmp") ||
|
||||
mnemonic.equals("test") || mnemonic.equals("add") ||
|
||||
mnemonic.equals("sub") || mnemonic.equals("and") ||
|
||||
mnemonic.equals("or") || mnemonic.equals("xor") ||
|
||||
mnemonic.startsWith("j"); // conditional jumps
|
||||
mnemonic.equals("call") || mnemonic.equals("jmp") ||
|
||||
mnemonic.equals("push") || mnemonic.equals("cmp") ||
|
||||
mnemonic.equals("test") || mnemonic.equals("add") ||
|
||||
mnemonic.equals("sub") || mnemonic.equals("and") ||
|
||||
mnemonic.equals("or") || mnemonic.equals("xor") ||
|
||||
mnemonic.startsWith("j"); // conditional jumps
|
||||
}
|
||||
|
||||
private void analyzeOperand(Instruction instruction, int opIndex) {
|
||||
|
|
@ -127,7 +131,7 @@ public class FindRelocations extends GhidraScript {
|
|||
Address addr = (Address) obj;
|
||||
if (isInMainMemorySpace(addr)) {
|
||||
recordRelocation(instruction.getAddress(), addr,
|
||||
instruction.getMnemonicString(), "operand_" + opIndex);
|
||||
instruction.getMnemonicString(), "operand_" + opIndex);
|
||||
}
|
||||
} else if (obj instanceof Scalar) {
|
||||
Scalar scalar = (Scalar) obj;
|
||||
|
|
@ -138,7 +142,7 @@ public class FindRelocations extends GhidraScript {
|
|||
Address addr = currentProgram.getAddressFactory().getDefaultAddressSpace().getAddress(value);
|
||||
if (isInMainMemorySpace(addr)) {
|
||||
recordRelocation(instruction.getAddress(), addr,
|
||||
instruction.getMnemonicString(), "scalar_" + opIndex);
|
||||
instruction.getMnemonicString(), "scalar_" + opIndex);
|
||||
}
|
||||
} catch (Exception e) {
|
||||
// Invalid address, ignore
|
||||
|
|
@ -170,7 +174,7 @@ public class FindRelocations extends GhidraScript {
|
|||
|
||||
long value = 0;
|
||||
for (int i = 0; i < bytes.length; i++) {
|
||||
value |= ((long)(bytes[i] & 0xFF)) << (i * 8);
|
||||
value |= ((long) (bytes[i] & 0xFF)) << (i * 8);
|
||||
}
|
||||
|
||||
if (looksLikeAddress(value)) {
|
||||
|
|
@ -203,17 +207,19 @@ public class FindRelocations extends GhidraScript {
|
|||
}
|
||||
|
||||
private boolean isInMainMemorySpace(Address addr) {
|
||||
if (addr == null) return false;
|
||||
if (addr == null)
|
||||
return false;
|
||||
|
||||
// Check if address is in a loaded memory block
|
||||
return currentProgram.getMemory().contains(addr) &&
|
||||
!addr.getAddressSpace().isOverlaySpace();
|
||||
!addr.getAddressSpace().isOverlaySpace();
|
||||
}
|
||||
|
||||
private boolean looksLikeAddress(long value) {
|
||||
// Heuristic: check if value is in reasonable address range
|
||||
// Adjust these ranges based on your target architecture
|
||||
return value >= 0x400000 && value <= 0x7FFFFFFF; // Typical executable range
|
||||
return value >= addrMin
|
||||
&& value <= addrMax; // Typical executable range
|
||||
}
|
||||
|
||||
private boolean usesAbsoluteAddressing(Instruction instruction, Reference ref) {
|
||||
|
|
@ -245,11 +251,11 @@ public class FindRelocations extends GhidraScript {
|
|||
if (foundRelocations.add(toAddr)) {
|
||||
String instructionBytes = getInstructionBytesString(fromAddr);
|
||||
String line = String.format("0x%s -> 0x%s (%s) [%s] | %s",
|
||||
fromAddr.toString(),
|
||||
toAddr.toString(),
|
||||
instruction,
|
||||
type,
|
||||
instructionBytes);
|
||||
fromAddr.toString(),
|
||||
toAddr.toString(),
|
||||
instruction,
|
||||
type,
|
||||
instructionBytes);
|
||||
println(line);
|
||||
outputFile.println(line);
|
||||
outputFile.flush();
|
||||
|
|
@ -263,7 +269,8 @@ public class FindRelocations extends GhidraScript {
|
|||
byte[] bytes = instruction.getBytes();
|
||||
StringBuilder sb = new StringBuilder();
|
||||
for (int i = 0; i < bytes.length; i++) {
|
||||
if (i > 0) sb.append(" ");
|
||||
if (i > 0)
|
||||
sb.append(" ");
|
||||
sb.append(String.format("%02x", bytes[i] & 0xFF));
|
||||
}
|
||||
return sb.toString();
|
||||
|
|
@ -275,7 +282,8 @@ public class FindRelocations extends GhidraScript {
|
|||
currentProgram.getMemory().getBytes(addr, bytes);
|
||||
StringBuilder sb = new StringBuilder();
|
||||
for (int i = 0; i < bytes.length; i++) {
|
||||
if (i > 0) sb.append(" ");
|
||||
if (i > 0)
|
||||
sb.append(" ");
|
||||
sb.append(String.format("%02x", bytes[i] & 0xFF));
|
||||
}
|
||||
return sb.toString();
|
||||
|
|
|
|||
Loading…
Reference in New Issue