Closed M3NIX closed 1 month ago
c-eax
commented
2 months ago Hi, Ghidralligator is base on Ghidra 10.1.5 version which is quite old. Maybe the SLA format changed a little. The good way would be to migrate Ghidralligator code on the latest Ghidra version. In the mean time, can you try to regenerate your SLA using Ghidra 10.1.5 ?
M3NIX
commented
2 months ago Hi, I have downloaded the release package of Ghidra 10.1.5 and there these next2 symbols do not exist in the tricore .sla file. That would match your thought about a changed SLA format in the newer versions.
After that I tried to compile the current spec files with the older ghidra 10.1.5:
git clone git@github.com:NationalSecurityAgency/ghidra.git && cd ghidra
git checkout Ghidra_10.1.5_build
# copy tricore processor spec files from master to Ghidra/Processors/tricore/data/languages/
gradle -I gradle/support/fetchDependencies.gradle init
gradle tricore:sleighCompileUnfortunately that resulted in an error which seems to be caused by the usage of a new built-in p-code function lzcount (commit from last Mar 3, 2023) which did not exist back then (10.1.5 was released Jul 27, 2022):
> Task :tricore:sleighCompile FAILED
Compiling ./data/languages/tricore.slaspec:
tricore.sinc:1840: unknown macro, userop, or specific symbol 'lzcount' in macro, user operation, or subpiece application
Unrecoverable error(s), halting compilation
java.lang.NullPointerException: Cannot invoke "ghidra.pcodeCPort.slgh_compile.ExprTree.setOutput(ghidra.sleigh.grammar.Location, ghidra.pcodeCPort.semantics.VarnodeTpl)" because "e" is null
at ghidra.sleigh.grammar.SleighCompiler.assignment(SleighCompiler.java:6759)
at ghidra.sleigh.grammar.SleighCompiler.statement(SleighCompiler.java:6001)
at ghidra.sleigh.grammar.SleighCompiler.statements(SleighCompiler.java:5848)
at ghidra.sleigh.grammar.SleighCompiler.code_block(SleighCompiler.java:5795)
at ghidra.sleigh.grammar.SleighCompiler.semantic(SleighCompiler.java:5705)
at ghidra.sleigh.grammar.SleighCompiler.ctorsemantic(SleighCompiler.java:3573)
at ghidra.sleigh.grammar.SleighCompiler.constructor(SleighCompiler.java:3483)
at ghidra.sleigh.grammar.SleighCompiler.constructorlike(SleighCompiler.java:3034)
0 languages successfully compiledI just found the commit in the ghidra repo which introduced the next2 instruction: https://github.com/NationalSecurityAgency/ghidra/commit/8d4a6c213ea252eec6dcb79079a6820a09418584
So I agree with you that the best solution would be to migrate Ghidralligator to a newer Ghidra version! Therefore I have started a PR #5
Hello,
while working with the tricore architecture I noticed that Ghidralligator is crashing.
terminate called after throwing an instance of 'SleighError'After some digging I noticed that in the process of loading and parsing the
.slafile it crashes because of this line:In your code you can find this switch statement which is not looking for the
next2symbol and therefore throwing the error: https://github.com/airbus-cyber/ghidralligator/blob/master/src/slghsymbol.cc#L232-L262Stacktrace:
I have also found this line in the
.slafile:This is not causing any crash, but I am not sure if it is correctly handled by Ghidralligator either because of no mentioning of it in your codebase.
Here you can find a reference to these elements in the Ghidra codebase if that is helping you: https://github.com/NationalSecurityAgency/ghidra/blob/master/Ghidra/Framework/SoftwareModeling/src/main/java/ghidra/pcode/utils/SlaFormat.java#L170-L171
If you can point me to the correct files I can try to create a PR. For the
<next2_sym_headI think the implementation is quite easy. I have started a fork. Maybe you can have a look at my commit: https://github.com/M3NIX/ghidralligator/commit/e6da571e19552155209b62d8fc99576a9ead5a4b For the<next2_symI am not so sure because of the large pcodeparse.cc file.Thanks!