search

astrelsky / Ghidra-Cpp-Class-Analyzer

Ghidra C++ Class and Run Time Type Information Analyzer
MIT License
633 stars 46 forks source link

GCC Analyzers don't work for mac osx GCC #36

Closed ILOVEPIE closed 1 year ago

ILOVEPIE commented 3 years ago

When analyzing a GCC compiled .dylib for Mac OSX the analyzers don't work.

astrelsky commented 3 years ago

In the python terminal with the .dylib opened what does currentProgram.getCompilerSpec().getCompilerSpecID().getIdAsString() produce?

The method GnuUtils.isGnuCompiler() should be what is being used to check this. The analyzers would be disabled if it returns false.

Edit: please forgive me it appears I misread the issue. May you attach a .dynlib I may use to investigate?

ILOVEPIE commented 3 years ago

ill try that command on my dylib im decompiling later tonight

On Thu, Mar 25, 2021 at 7:46 PM Julian Uy @.***> wrote:

@.***MacBook-Pro:~/Desktop/x$ gcc-10 --version gcc-10 (Homebrew GCC 10.2.0_4) 10.2.0 Copyright (C) 2020 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

sample compiled test.c and test.dylib test.zip https://github.com/astrelsky/Ghidra-Cpp-Class-Analyzer/files/6208806/test.zip

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/astrelsky/Ghidra-Cpp-Class-Analyzer/issues/36#issuecomment-807869863, or unsubscribe https://github.com/notifications/unsubscribe-auth/AACB45V5UR4C24XKTAPWYELTFPRRHANCNFSM4ZYCPAEQ .

uyjulian commented 3 years ago

It won't work because it is not a proper test file. I am currently attempting to get a proper test case compiled (InheritanceTests).

~Julian Uy

On Thu, Mar 25, 2021 at 9:13 PM Patrick Martin @.***> wrote:

ill try that command on my dylib im decompiling later tonight

On Thu, Mar 25, 2021 at 7:46 PM Julian Uy @.***> wrote:

@.***MacBook-Pro:~/Desktop/x$ gcc-10 --version gcc-10 (Homebrew GCC 10.2.0_4) 10.2.0 Copyright (C) 2020 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

sample compiled test.c and test.dylib test.zip < https://github.com/astrelsky/Ghidra-Cpp-Class-Analyzer/files/6208806/test.zip

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub < https://github.com/astrelsky/Ghidra-Cpp-Class-Analyzer/issues/36#issuecomment-807869863 , or unsubscribe < https://github.com/notifications/unsubscribe-auth/AACB45V5UR4C24XKTAPWYELTFPRRHANCNFSM4ZYCPAEQ

.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/astrelsky/Ghidra-Cpp-Class-Analyzer/issues/36#issuecomment-807880075, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAM4OHXZODAWUT3EW7XVAUDTFPUVPANCNFSM4ZYCPAEQ .

ILOVEPIE commented 3 years ago

Nothing shows up in the class hierarchy tree is the issue I've been having. It appears the analyzers somewhat work as the methods are recognized as class member functions when you look at the names but the class hierarchy isn't generated for some reason.

astrelsky commented 3 years ago

Nothing shows up in the class hierarchy tree is the issue I've been having. It appears the analyzers somewhat work as the methods are recognized as class member functions when you look at the names but the class hierarchy isn't generated for some reason.

I'm going to try to take a look this weekend. I have limited access to internet resources though so I won't make any promises.

astrelsky commented 3 years ago

So, the good news is that it appears to be a minor issue with how external symbols are being handled. I should have a solution shortly.

astrelsky commented 3 years ago

@ILOVEPIE if you can build the extension may you try the master branch please?

ILOVEPIE commented 3 years ago

sure i'll need a little bit of time to do so as im a little busy atm

astrelsky commented 3 years ago

sure i'll need a little bit of time to do so as im a little busy atm

Not a problem, there's no rush.

ammaraskar commented 1 year ago

Hey, I recently ran into a similar issue and just stepped through the extension through a debugger. I found that getTypeInfo was returning null and ended up making a quick hacky change that seemed to help run the analyzer on a mac-gcc binary. Sadly this is just a binary I have so I can't make a small reproducible example right now.

The code change for reference if this helps you get a clue as to what might be happening or helps someone else on mac.

diff --git a/src/main/java/ghidra/app/cmd/data/rtti/gcc/TypeInfoUtils.java b/src/main/java/ghidra/app/cmd/data/rtti/gcc/TypeInfoUtils.java
index bb9961e..2912d8a 100644
--- a/src/main/java/ghidra/app/cmd/data/rtti/gcc/TypeInfoUtils.java
+++ b/src/main/java/ghidra/app/cmd/data/rtti/gcc/TypeInfoUtils.java
@@ -214,6 +214,9 @@ public class TypeInfoUtils {
                        if (reloc.getSymbolName().startsWith(VtableModel.MANGLED_PREFIX)) {
                                return reloc.getSymbolName().substring(VtableModel.MANGLED_PREFIX.length());
                        }
+                       if (reloc.getSymbolName().startsWith("_" + VtableModel.MANGLED_PREFIX)) {
+                               return reloc.getSymbolName().substring(("_" + VtableModel.MANGLED_PREFIX).length());
+                       }
                        Address relocationAddress = getAbsoluteAddress(program, address);
                        if (relocationAddress == null || relocationAddress.getOffset() == 0) {
                                return "";
astrelsky commented 1 year ago

Hey, I recently ran into a similar issue and just stepped through the extension through a debugger. I found that getTypeInfo was returning null and ended up making a quick hacky change that seemed to help run the analyzer on a mac-gcc binary. Sadly this is just a binary I have so I can't make a small reproducible example right now.

The code change for reference if this helps you get a clue as to what might be happening or helps someone else on mac.

diff --git a/src/main/java/ghidra/app/cmd/data/rtti/gcc/TypeInfoUtils.java b/src/main/java/ghidra/app/cmd/data/rtti/gcc/TypeInfoUtils.java
index bb9961e..2912d8a 100644
--- a/src/main/java/ghidra/app/cmd/data/rtti/gcc/TypeInfoUtils.java
+++ b/src/main/java/ghidra/app/cmd/data/rtti/gcc/TypeInfoUtils.java
@@ -214,6 +214,9 @@ public class TypeInfoUtils {
                        if (reloc.getSymbolName().startsWith(VtableModel.MANGLED_PREFIX)) {
                                return reloc.getSymbolName().substring(VtableModel.MANGLED_PREFIX.length());
                        }
+                       if (reloc.getSymbolName().startsWith("_" + VtableModel.MANGLED_PREFIX)) {
+                               return reloc.getSymbolName().substring(("_" + VtableModel.MANGLED_PREFIX).length());
+                       }
                        Address relocationAddress = getAbsoluteAddress(program, address);
                        if (relocationAddress == null || relocationAddress.getOffset() == 0) {
                                return "";

That's odd that there are two underscores. I see no problem with this hack fix from a quick glance.

ILOVEPIE commented 1 year ago

IIRC this has something to do with constructors and deconstructors.