search

NationalSecurityAgency / ghidra

Ghidra is a software reverse engineering (SRE) framework
https://www.nsa.gov/ghidra
Apache License 2.0
51.95k stars 5.9k forks source link

PPC4xx Processor Missing instructions #6929

Open PJ-Zetier opened 2 months ago

PJ-Zetier commented 2 months ago

Describe the bug The PowerPC 4xx processor module is missing support for key instructions, specifically the Multiply half word instructions (mulhw) and isel (Integer Select) instructions. This is affecting disassembly and decompilation for binaries that use these instructions, leading to incorrect or incomplete analysis.

To Reproduce Steps to reproduce the behavior:

Open a PowerPC 4xx (PPC440) ELF binary that includes multiply half word or instruction select instructions.
Load the binary into Ghidra.
Attempt to analyze or disassemble sections of the code that should contain these instructions.
See error or incorrect disassembly output.

Expected behavior Ghidra should recognize and handle mulhw and isel instructions during disassembly and decompilation, producing the correct instruction output without errors.

Screenshots N/A for now, but will add if needed.

Attachments N/A

Environment (please complete the following information):

OS: Ubuntu 18.04
Java Version: 21.0.4
Ghidra Version: 11.1.1
Ghidra Origin: official GitHub distro 11.1.1_PUBLIC

Additional context This issue was identified during reverse engineering work on a both a PowerPC 405 and 440 binary.

GhidorahRex commented 2 months ago

isel is an issue for several variants. Currently it's stuck in quicciii.sinc but it should probably be moved to ppc_instructions.sinc instead. For the mulhw instructions they should be present - they're in ppc_instructions.sinc so I'm not sure why they would be missing. Can you paste the bits for the mulhw instructions here and which processor ID you're using?

PJ-Zetier commented 2 months ago

In ppc_instructions.sinc The @include for mulhwInstructions.sinc is wrapped in an @ifndef guard for NoLegacyIntegerMultiplyAccumulate which is not defined in ppc_324xx*.slaspec which is why the instructions are not included.

GhidorahRex commented 2 months ago

In ppc_instructions.sinc The @include for mulhwInstructions.sinc is wrapped in an @ifndef guard for NoLegacyIntegerMultiplyAccumulate which is not defined in ppc_324xx*.slaspec which is why the instructions are not included.

The ifndef guard implies that if it is not defined it will be included. Those instructions should be included. That's why I wanted the language ID and some bytes. I created a dummy 4xx test binary and was able to get some instructions to decompile, so I'd like to figure out exactly which ones are not decompiling.

mulhw_4xx

PJ-Zetier commented 1 month ago

I dont know why my brain saw ifndef as ifdef.. Like i even typed out ifndef.. sorry for that.. I think the issue on our end is primarily the isel, I believe I incorrectly added mulh* instructions in the ticket. I had assumed the file was still set to 4xx but someone had moved it over to quickIII for the isel instruction..

PJ-Zetier commented 1 month ago

@GhidorahRex currently waiting for the engineer that had the mulh* issue to get in.. will update later today

PJ-Zetier commented 1 month ago

Apologies, we couldn't reproduce the mulh* issue so disregard. However, the isel is still an issue.