329 lines
12 KiB
Java
329 lines
12 KiB
Java
package re3lib;
|
|
|
|
import java.io.File;
|
|
import java.io.PrintWriter;
|
|
import java.io.StringWriter;
|
|
import java.util.ArrayList;
|
|
import java.util.HashSet;
|
|
import java.util.Hashtable;
|
|
import java.util.Iterator;
|
|
import java.util.List;
|
|
import java.util.regex.Matcher;
|
|
import java.util.regex.Pattern;
|
|
|
|
import ghidra.app.decompiler.ClangLine;
|
|
import ghidra.app.decompiler.ClangSyntaxToken;
|
|
import ghidra.app.decompiler.ClangToken;
|
|
import ghidra.app.decompiler.DecompileResults;
|
|
import ghidra.app.decompiler.PrettyPrinter;
|
|
import ghidra.app.script.GhidraScript;
|
|
import ghidra.program.model.address.Address;
|
|
import ghidra.program.model.listing.Function;
|
|
import ghidra.program.model.pcode.HighFunction;
|
|
import ghidra.program.model.pcode.HighSymbol;
|
|
import ghidra.program.model.pcode.PcodeOp;
|
|
import ghidra.program.model.pcode.Varnode;
|
|
import re3lib.GlobalDumper.GlobalRec;
|
|
|
|
public class FunctionDumper {
|
|
GhidraScript script;
|
|
GlobalDumper globalDumper;
|
|
|
|
public HashSet<Address> functionAddrBlackList = new HashSet<>();
|
|
|
|
public boolean createdFile = false;
|
|
// Collects functions called by the current function
|
|
public HashSet<Function> functionReferences = new HashSet<>();
|
|
|
|
static final Pattern fieldAccessRegex = Pattern.compile("^_([0-9]+)_([0-9]+)_$");
|
|
|
|
public FunctionDumper(GhidraScript script, GlobalDumper globalDumper) {
|
|
this.script = script;
|
|
this.globalDumper = globalDumper;
|
|
initFunctionBlacklist();
|
|
}
|
|
|
|
boolean isValidFunction(Function function) {
|
|
if (functionAddrBlackList.contains(function.getEntryPoint()))
|
|
return false;
|
|
if (function.getComment() != null) {
|
|
if (function.getComment().startsWith("/i"))
|
|
return false;
|
|
if (function.getComment().startsWith("library function"))
|
|
return false;
|
|
}
|
|
if (function.getName().startsWith("crt_"))
|
|
return false;
|
|
return true;
|
|
}
|
|
|
|
void initFunctionBlacklist() {
|
|
functionAddrBlackList = Utils.loadFunctionBlacklist(RecompileConfig.INSTANCE.functionBlacklistPath);
|
|
|
|
// Build blacklist if not loaded
|
|
if (functionAddrBlackList == null) {
|
|
boolean modified = false;
|
|
Iterator<Function> functionsIt = script.getCurrentProgram().getFunctionManager().getFunctions(true).iterator();
|
|
while (functionsIt.hasNext()) {
|
|
Function function = functionsIt.next();
|
|
if (functionAddrBlackList.contains(function.getEntryPoint())) {
|
|
continue;
|
|
}
|
|
|
|
String comment = function.getComment();
|
|
boolean isIgnoredFunction = false;
|
|
if (comment != null && comment.contains("Library Function")) {
|
|
script.println("Adding library function " + function.getName() + " to blacklist");
|
|
script.println("ac:" + functionAddrBlackList.size() + " jj:"
|
|
+ functionAddrBlackList.contains(function.getEntryPoint()) + " "
|
|
+ function.getEntryPoint());
|
|
isIgnoredFunction = true;
|
|
}
|
|
|
|
if (function.getName().startsWith("crt_")) {
|
|
script.println("Adding crt function " + function.getName() + " to blacklist");
|
|
isIgnoredFunction = true;
|
|
}
|
|
|
|
if (isIgnoredFunction) {
|
|
// Decompile and trace
|
|
PCallTracer tracer = new PCallTracer();
|
|
tracer.setBlacklist(functionAddrBlackList);
|
|
tracer.traceCalls(function);
|
|
for (Function f : tracer.out) {
|
|
script.println(" Adding " + f.getName() + " to blacklist");
|
|
functionAddrBlackList.add(f.getEntryPoint());
|
|
modified = true;
|
|
}
|
|
}
|
|
}
|
|
|
|
if (modified) {
|
|
Utils.saveFunctionBlacklist(functionAddrBlackList, RecompileConfig.INSTANCE.functionBlacklistPath);
|
|
}
|
|
}
|
|
}
|
|
|
|
public static boolean isDumpedFix(Function function) {
|
|
String sanitizedFunctionName = Utils.sanitizeIdentifier(function.getName());
|
|
String fileName = sanitizedFunctionName + ".cxx";
|
|
File f0 = new File(RecompileConfig.INSTANCE.dirDecompFix, fileName);
|
|
return f0.exists();
|
|
}
|
|
|
|
public static boolean isDumpedAuto(Function function) {
|
|
String sanitizedFunctionName = Utils.sanitizeIdentifier(function.getName());
|
|
String fileName = sanitizedFunctionName + ".cxx";
|
|
File f0 = new File(RecompileConfig.INSTANCE.dirDecompAuto, fileName);
|
|
return f0.exists();
|
|
}
|
|
|
|
public void dump(Function function)
|
|
throws Exception {
|
|
String sanitizedFunctionName = Utils.sanitizeIdentifier(function.getName());
|
|
String fileName = sanitizedFunctionName + ".cxx";
|
|
|
|
// Remove the stub file, since we now use the decompiled file
|
|
File stubFile = new File(RecompileConfig.INSTANCE.dirDecompStub, fileName);
|
|
if (stubFile.exists()) {
|
|
script.println("Removing function stub " + stubFile);
|
|
stubFile.delete();
|
|
createdFile = true;
|
|
}
|
|
|
|
File f0 = new File(RecompileConfig.INSTANCE.dirDecompFix, fileName);
|
|
if (f0.exists()) {
|
|
script.println("Func " + function.getName() + " skipped (gh_fix)");
|
|
f0 = new File(RecompileConfig.INSTANCE.dirDecompRef, fileName);
|
|
} else {
|
|
f0 = new File(RecompileConfig.INSTANCE.dirDecompAuto, fileName);
|
|
if (f0.exists()) {
|
|
f0.delete();
|
|
} else {
|
|
createdFile = true;
|
|
}
|
|
}
|
|
|
|
script.println("Processing " + function.getName() + " => " + f0.toString());
|
|
|
|
List<Function> externalFunctionCalls = new ArrayList<>();
|
|
|
|
DecompileResults decompRes = RecompileConfig.INSTANCE.decompCache.getOrInsert(function);
|
|
try (PrintWriter writer2 = new PrintWriter(f0, "UTF-8")) {
|
|
writer2.println("// AUTO-GENERATED FILE, MOVE TO 'gh_fix' FOLDER PREVENT OVERWRITING!!!!! ");
|
|
writer2.println();
|
|
writer2.println("#include <r3/binders/auto.h>");
|
|
writer2.println("#include <gh_global.h>");
|
|
writer2.println();
|
|
writer2.println("extern \"C\" {");
|
|
|
|
HighFunction highFunction = decompRes.getHighFunction();
|
|
|
|
HashSet<String> headers = new HashSet<>();
|
|
StringWriter codeWriter = new StringWriter();
|
|
|
|
PrettyPrinter pp = new PrettyPrinter(decompRes.getFunction(), decompRes.getCCodeMarkup(), null);
|
|
Iterator<ClangLine> lines = pp.getLines().iterator();
|
|
while (lines.hasNext()) {
|
|
ClangLine line = lines.next();
|
|
for (int i = 0; i < line.getIndent(); i++) {
|
|
codeWriter.write(' ');
|
|
}
|
|
|
|
List<ClangToken> tokens = new ArrayList<>();
|
|
// Parse preliminary line tokens
|
|
for (int i = 0; i < line.getNumTokens(); i++) {
|
|
ClangToken token = line.getToken(i);
|
|
if (token.getText().equals("__cdecl") || token.getText().equals("__thiscall")
|
|
|| token.getText().equals("__stdcall")) {
|
|
// Remove function declaration
|
|
continue;
|
|
}
|
|
if (!token.getText().isEmpty())
|
|
tokens.add(token);
|
|
}
|
|
|
|
// Preprocess tokens
|
|
boolean prevDot = false;
|
|
for (int t = 0; t < tokens.size(); t++) {
|
|
ClangToken token = tokens.get(t);
|
|
|
|
boolean thisDot = false;
|
|
// script.println("Token: " + token.toString());
|
|
if (token.toString().equals(".")) {
|
|
// println("Found dot: " + token.toString() + " - " + token.getClass());
|
|
thisDot = true;
|
|
}
|
|
|
|
if (prevDot) {
|
|
// println("Possible field access: " + token.getText());
|
|
if (token instanceof ClangSyntaxToken) {
|
|
// Parse _4_4_ sub-access using regex
|
|
String text = token.getText();
|
|
Matcher matcher = fieldAccessRegex.matcher(text);
|
|
if (matcher.matches()) {
|
|
int offset = Integer.parseInt(matcher.group(1));
|
|
int size = Integer.parseInt(matcher.group(2));
|
|
// println("MATCHED: " + token.getText() + " - " + token.getSyntaxType() + " - "
|
|
// + token.getVarnode() + " - "
|
|
// + token.getPcodeOp());
|
|
|
|
// Replace tokens with + Field<offset, size>
|
|
ClangToken replacement = new ClangToken(token.Parent(), " + Field<" + offset + ", " + size + ">()");
|
|
tokens.remove(t);
|
|
tokens.remove(t - 1);
|
|
tokens.add(t - 1, replacement);
|
|
t--;
|
|
}
|
|
}
|
|
}
|
|
|
|
// Extract memory references
|
|
HighSymbol gsym = token.getHighSymbol(highFunction);
|
|
if (gsym != null) {
|
|
var symStorage = gsym.getStorage();
|
|
var sym = gsym.getSymbol();
|
|
|
|
Address address;
|
|
if (symStorage.isUnassignedStorage()) {
|
|
address = sym.getAddress();
|
|
} else {
|
|
address = gsym.getStorage().getMinAddress();
|
|
}
|
|
|
|
// Check if it's a function pointer, otherwise add to globals
|
|
if (address.isMemoryAddress()) {
|
|
// script.println("Address: " + address + " - " + sym.getName());
|
|
Function maybeFunction = script.getFunctionAt(address);
|
|
if (maybeFunction != null) {
|
|
externalFunctionCalls.add(maybeFunction);
|
|
} else {
|
|
script.println("Add globals " + address + " - " + gsym.getName() + " - " + token.getText());
|
|
globalDumper.addGlobal(address, gsym);
|
|
}
|
|
}
|
|
}
|
|
|
|
// Extract external function calls
|
|
PcodeOp op = token.getPcodeOp();
|
|
if (op != null && op.getOpcode() == PcodeOp.CALL) {
|
|
// println("PcodeOp: " + op.toString() + " - " + op.getInput(0).toString());
|
|
Varnode target = op.getInput(0);
|
|
if (target.isAddress()) {
|
|
Address callAddr = target.getAddress();
|
|
Function calledFunction = script.getFunctionAt(callAddr);
|
|
if (calledFunction != null) {
|
|
if (isValidFunction(calledFunction)) {
|
|
externalFunctionCalls.add(calledFunction);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
prevDot = thisDot;
|
|
}
|
|
|
|
// Print tokens
|
|
for (int t = 0; t < tokens.size(); t++) {
|
|
ClangToken token = tokens.get(t);
|
|
codeWriter.write(token.toString());
|
|
}
|
|
codeWriter.write('\n');
|
|
}
|
|
|
|
for (Function externalFunction : externalFunctionCalls) {
|
|
String proto = externalFunction.getSignature().getPrototypeString(false);
|
|
headers.add("" + proto
|
|
+ "; // " + externalFunction.getEntryPoint() + " // "
|
|
+ externalFunction.getName());
|
|
}
|
|
|
|
for (String header : headers) {
|
|
writer2.println(header);
|
|
}
|
|
writer2.println();
|
|
writer2.print("// " + function.getEntryPoint());
|
|
writer2.print(codeWriter.toString());
|
|
writer2.println("}");
|
|
writer2.println();
|
|
}
|
|
|
|
// Possibly generate stubs for external functions
|
|
for (Function externalFunction : externalFunctionCalls) {
|
|
String sanitizedExtFunctionName = Utils.sanitizeIdentifier(externalFunction.getName());
|
|
fileName = sanitizedExtFunctionName + ".cxx";
|
|
File f2 = new File(RecompileConfig.INSTANCE.dirDecompFix, fileName);
|
|
File f3 = new File(RecompileConfig.INSTANCE.dirDecompAuto, fileName);
|
|
if (f2.exists() || f3.exists()) {
|
|
// script.println("Skipping external function: " + externalFunction.getName() +
|
|
// " - " + externalFunction.getEntryPoint());
|
|
continue;
|
|
}
|
|
|
|
File f4 = new File(RecompileConfig.INSTANCE.dirDecompStub, fileName);
|
|
script.println("Generating function stub for " + externalFunction.getName() + " => " + f4.toString());
|
|
|
|
try (PrintWriter writer2 = new PrintWriter(f4, "UTF-8")) {
|
|
writer2.println("// AUTO-GENERATED FILE!!!!");
|
|
writer2.println("// This function has yet to be decompiled using 'Dump Current Function' in ghidra");
|
|
writer2.println("// with possible manualy fixes");
|
|
writer2.println();
|
|
writer2.println("#include <r3/binders/auto.h>");
|
|
writer2.println("#include <gh_global.h>");
|
|
writer2.println("#include <stdexcept>");
|
|
writer2.println();
|
|
writer2.println("// " + externalFunction.getEntryPoint());
|
|
writer2.println("// " + externalFunction.getName());
|
|
writer2.println("extern \"C\" " + externalFunction.getSignature().getPrototypeString(false) + " {");
|
|
writer2.println(" // TODO: Implement this function");
|
|
writer2
|
|
.println(" throw GHStubException(\"Function not implemented: " + externalFunction.getName() + "\");");
|
|
writer2.println("}");
|
|
}
|
|
|
|
if (!f4.exists()) {
|
|
createdFile = true;
|
|
}
|
|
}
|
|
}
|
|
}
|