pabx06
commented
4 years ago That would be nice...
Open cmorin6 opened 4 years ago
pabx06
commented
4 years ago That would be nice...
Kesanov
commented
3 years ago This would be also a great alternative to decompile, modify & recompile a binary https://github.com/NationalSecurityAgency/ghidra/issues/236.
Instead, you could patch one C++ function at a time.
Making it significantly easier to catch the bugs decompilation introduces.
bluec0re
commented
1 year ago Is there any work on this? Anything planned? Designs? Would really love to have this feature
Describe the solution you'd like
It would be nice if we could create an overlay or patch of assembly/pcode to replace a part of the program's assembly passed to the decompiler.
The main use case for this would be to replace some assembly instructions with a function call to materialize inline fonction call(#225 #238). This would be done by creating a fake function in a custom address space (much like what ResolveX86orX64LinuxSyscallsScript.java does) then create a patch containing the assembly or pcode to call this fake functions and pass it to the decompiler to override some existing instructions. This would result in the assembly being replaced by a function call in the decompiler output.
Ideally these patches could be toggled on and off to display or hide the original assembly.
Some example use cases
From the GUI, we could select a range of assembly instruction then create an patch:
From the scripting API we could make script to:
x86_64: eb ff c0 ff c8)Describe alternatives you've considered
The same behavior can be obtained by manually patching the actual program's assembly but: