search

clearbluejar / ghidrecomp

Python Command-Line Ghidra Decompiler
GNU General Public License v3.0
93 stars 9 forks source link

using as a library #28

Open djn3m0 opened 1 month ago

djn3m0 commented 1 month ago

Hi,

from argparse import Namespace
import ghidrecomp
...
...
...
    def decompile_elf2(self, binary_path, output_file):
        ns = Namespace(bin=binary_path, cppexport=False, filters=None, project_path='ghidra_projects', gdt=None, output_path='ghidrecomps', skip_cache=False, sym_file_path=None, symbols_path='symbols', skip_symbols=False, thread_count=4, va=False, fa=False, max_ram_percent=50.0, print_flags=False, callgraphs=False, callgraph_filter='.', max_display_depth=None, max_time_cg_gen=5, cg_direction='calling', bsim=False, bsim_sig_path='bsim-xmls', bsim_template='medium_nosize', bsim_cat=None)
        a = ghidrecomp.decompile(ns)
        print(a)

but as result i get,

> python .\main.py
Starting decompliations: Namespace(bin='c:\\Users\\user\\Desktop\\putty.exe', cppexport=False, filters=None, project_path='ghidra_projects', gdt=None, output_path='ghidrecomps', skip_cache=False, sym_file_path=None, symbols_path='symbols', skip_symbols=False, thread_count=4, va=False, fa=False, max_ram_percent=50.0, print_flags=False, callgraphs=False, callgraph_filter='.', max_display_depth=None, max_time_cg_gen=5, cg_direction='calling', bsim=False, bsim_sig_path='bsim-xmls', bsim_template='medium_nosize', bsim_cat=None)
INFO  Using log config file: jar:file:/C:/Program%20Files/ghidra_11.1.2_PUBLIC_20240709/ghidra_11.1.2_PUBLIC/Ghidra/Framework/Generic/lib/Generic.jar!/generic.log4j.xml (LoggingInitialization)
INFO  Using log file: C:\Users\user\AppData\Roaming\ghidra\ghidra_11.1.2_PUBLIC\application.log (LoggingInitialization)
INFO  Loading user preferences: C:\Users\user\AppData\Roaming\ghidra\ghidra_11.1.2_PUBLIC\preferences (Preferences)
INFO  Searching for classes... (ClassSearcher)
INFO  Ignoring class 'ghidra.GhidraClassLoader' from 'C:\Program Files\ghidra_11.1.2_PUBLIC_20240709\ghidra_11.1.2_PUBLIC\Ghidra\Framework\Utility\lib\Utility.jar'. Already found at 'C:\Program Files\ghidra_11.1.2_PUBLIC_20240709\ghidra_11.1.2_PUBLIC\Ghidra\Framework\Utility\lib\Utility.jar'. (ClassSearcher)
INFO  Ignoring class 'generic.jar.GClassLoader' from 'C:\Program Files\ghidra_11.1.2_PUBLIC_20240709\ghidra_11.1.2_PUBLIC\Ghidra\Framework\Utility\lib\Utility.jar'. Already found at 'C:\Program Files\ghidra_11.1.2_PUBLIC_20240709\ghidra_11.1.2_PUBLIC\Ghidra\Framework\Utility\lib\Utility.jar'. (ClassSearcher)
INFO  Class search complete (937 ms) (ClassSearcher)
INFO  Initializing SSL Context (SSLContextInitializer)
INFO  Initializing Random Number Generator... (SecureRandomFactory)
INFO  Random Number Generator initialization complete: SHA1PRNG (SecureRandomFactory)
INFO  Trust manager disabled, cacerts have not been set (ApplicationTrustManagerFactory)
INFO  Opening project: C:\projects\DD\dp\bixbite\ghidrecomps\ghidra_projects\putty.exe-5efef6cc9cd24baeeed71c1107fc32df\putty.exe-5efef6cc9cd24baeeed71c1107fc32df (DefaultProject)
Setting up Symbol Server for symbols...
path: ghidrecomps\symbols level: 1
Loaded well known C:\Program Files\ghidra_11.1.2_PUBLIC_20240709\ghidra_11.1.2_PUBLIC\Ghidra\Configurations\Public_Release\data\PDB_SYMBOL_SERVER_URLS.pdburl' length: 451'
Symbol Server Configured path: SymbolServerService:
        symbolStore: LocalSymbolStore: [ rootDir: C:\projects\DD\dp\bixbite\ghidrecomps\symbols, storageLevel: -1],
        symbolServers:
                HttpSymbolServer: [ url: https://msdl.microsoft.com/download/symbols/, storageLevel: -1]
                HttpSymbolServer: [ url: https://chromium-browser-symsrv.commondatastorage.googleapis.com/, storageLevel: -1]
                HttpSymbolServer: [ url: https://symbols.mozilla.org/, storageLevel: -1]
Failed to find pdb for putty.exe - .ProgramDB
Using file gdts: [windows_vs12_64]
putty.exe - .ProgramDB already analyzed... skipping
INFO  Opening project: C:\projects\DD\dp\bixbite\ghidrecomps\ghidra_projects\putty.exe-5efef6cc9cd24baeeed71c1107fc32df\putty.exe-5efef6cc9cd24baeeed71c1107fc32df (DefaultProject)
Decompiling 1938 functions using 4 threads
Setup 4 decompliers
Decompiled 53 functions for putty.exe in 1.0268781185150146
1885 decompilations already existed.
Wrote 53 decompilations for putty.exe to ghidrecomps\bins\putty.exe-5efef6cc9cd24baeeed71c1107fc32df\decomps in 0.00799417495727539
Traceback (most recent call last):
  File "FunctionDB.java", line 236, in ghidra.program.database.function.FunctionDB.toString
ghidra.util.exception.ghidra.util.exception.ClosedException: ghidra.util.exception.ClosedException: File is closed

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "FunctionDB.java", line 236, in ghidra.program.database.function.FunctionDB.toString
Exception: Java Exception

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "C:\projects\DD\dp\bixbite\main.py", line 15, in <module>
    decomp.ghidra_decompile("c:\\Users\\user\\Desktop\\putty.exe", "c:\\temp\\test.c")
  File "C:\projects\DD\dp\bixbite\lib\decompil.py", line 200, in ghidra_decompile
    ghid.decompile_elf2(binary_path, output_file)
  File "C:\projects\DD\dp\bixbite\lib\decompil.py", line 111, in decompile_elf2
    print(a)
  File "C:\Python312\Lib\site-packages\pyhidra\properties.py", line 37, in __repr__
    return str(self)
           ^^^^^^^^^
ghidra.framework.model.ghidra.framework.model.DomainObjectException: ghidra.framework.model.DomainObjectException caused by: ghidra.util.exception.ClosedException: File is closed

Why is this happening and how can i fix it?

Thanks

clearbluejar commented 1 month ago

The exception is from the Java side. That error ghidra.framework.model.DomainObjectException can sometimes result from the "program" domain object being closed.

As the decompile function returns return (all_funcs, decompilations, bin_output_path, str(program.compiler), str(program.languageID), callgraphs) and you are calling print, maybe the one of the function references are references the program object? Or maybe printing all_funcs causes ghidra.program.database.function.FunctionDB.toString that reference the closed program. The program object is closed when the function returns. Likely it may need a refactor.

I use the all_funcs in several tests but only call len on all_funcs. https://github.com/clearbluejar/ghidrecomp/blob/main/tests/test_callgraph.py#L20-L25