Closed mariaWitch closed 1 year ago
mariaWitch
commented
1 year ago I should mention that I am attempting to use this on a .XBE file, which is a modified Windows PE Executable. In that sense, is there a way to override the plugin so that it still shows it's options for this file format?
astrelsky
commented
1 year ago I should mention that I am attempting to use this on a .XBE file, which is a modified Windows PE Executable. In that sense, is there a way to override the plugin so that it still shows it's options for this file format?
Do Ghidra's built in RTTI and other PE analyzers show up for this format? It may be a bit hacky but there should be a way to make them appear if they aren't.
mariaWitch
commented
1 year ago 
This is what I have down at the bottom of the auto analysis.
astrelsky
commented
1 year ago
The class analyzer for PE files relies on the "Windows x86 PE RTTI analyzer", if it hasn't been run then there would be no data to find. I'm currently assuming that it is not available because this check fails.
It would be a bit hacky, but you can try changing the metadata being checked in a script temporarily to run the analyzers.
When I am using Ghidra 10.2.2 or 10.1.2, the analysis tools for CPP Class Analyzer do not appear at all. This occurs on both Windows and Linux hosts. There are no obvious error logs coming from Ghidra either.