Closed escape209 closed 5 months ago
It looks like it's trying to apply relocations to a linked ELF file for some reason.
Might be a regression due to #50, looking now
So this seems to be a strange case - this is an executable ELF which is fully linked, but also includes a full relocation table. Since it's fully linked, it already has its relocations applied.
When many MIPS relocations are calculated, the target field of the instruction to be modified is often used as an offset or "addend" which is added to the relocation value. But since the relocation has already been applied in our case, the addend
is the relocation itself! For an explicit example, applying a R_MIPS_26
relocation to an already relocated jal
instruction will effectively double the target address value. That effect is causing the Ghidra analyzer to completely explode, because it's forced to create functions that don't exist.
Now, why is this only happening after #50? I believe it's because we weren't handling addends correctly according to the MIPS ABI. So applying the relocation to the relocated target would produce the same value.
Thankfully, in your case, I think you can just tell Ghidra to not perform symbol relocation/patching:
I tested this with your binary and it seems to analyze perfectly. Can you try this out?
Yes, it works as expected with Perform Symbol Relocations unchecked.
Starting with SP12, I've been running into major issues with analysis of the ELF for Burnout Beta v0.40 PAL.
I was using extension version SP11 with Ghidra 10.4 previously, and had no issues with the same ELF.
Log output from SP12 + Ghidra 11.0:
Successful analysis using SP11 + Ghidra 10.4:![javaw_JvaBZ7znE3](https://github.com/chaoticgd/ghidra-emotionengine-reloaded/assets/8225831/b2dfee69-288a-4cf7-9bee-f9c2b4fa458f)
Analysis using SP12 + Ghidra 11.0:![javaw_FPeRAlQCME](https://github.com/chaoticgd/ghidra-emotionengine-reloaded/assets/8225831/1122e44e-a041-43ab-b6c9-52fef6a8b601)
I also tried the Burnout Revenge July 14th ELF with both versions and it seems to work fine, so I don't think this is an issue with my own installation in particular.
Additional Info