al3xtjames
commented
4 years ago Good catch, the reset vector in the firmware volume header is indeed 16 bytes long.
Closed dev747368 closed 4 years ago
al3xtjames
commented
4 years ago Good catch, the reset vector in the firmware volume header is indeed 16 bytes long.
dev747368
commented
4 years ago Cool. FYI, would you be receptive to a pull request that tweaks the way you are doing GFileSystem stuff? You choose to copy the old-style implementation that I'm working on stamping out of the code base.
dev747368
commented
4 years ago Also, do you have some pointers to sample files for these file systems?
al3xtjames
commented
4 years ago al3xtjames
commented
4 years ago Forgot to ask this earlier: do you have an example of a new-style GFileSystem implementation (in Ghidra itself or some other plugin)?
dev747368
commented
4 years ago Basically anything that comes directly from the GFileSystem interface instead of GFileSystemBase. The zip, tar and coff archive file systems are pretty good representations.
Is the size for "Reset Vector" in the "UEFI Firmware Volume Header" part of the javadoc incorrect?
It currently shows as 1, but the code in the ctor that reads the data is reading a 16 byte array into zeroVector.
Also, some of the magic constants sprinkled around (ie. position - 40) make sense if you are calculating the position of the start of the volume header if the size for that field is 16 and not 1.