Add specific register CTBP handling

[wosk]

Is it possible to improve callt parsing according to spec? For support this feature, user can set CTBP value in some Proccessor specific dialog in Ghidra. Value can be found in assembly: If CTBP value is set, then Ghidra can set labels to subroutines instead of imediate value in callt.

Also there is a Global Pointer (GP / r4) register. But I don't know, how it can be useful for analyzing.

Thank you for you work!

Firmware dump for test you can find here https://www.mynissanleaf.com/viewtopic.php?t=32034

[esaulenka]

Hello Nikita,

We discussed CALLT issue several year ago ( https://github.com/NationalSecurityAgency/ghidra/pull/1430#issuecomment-578082930 ). But unfortunately, good solution have not found.

CALLT is not a general call, it much more close to JUMP instruction - for example, jmp LP in a CALLT subroutine means 'return from caller function, not from this one'. But if you interpret CALLT as JUMP, you face with another issue: Ghidra cannot include same piece of code into several functions at the same time.

I need an advice from Ghidra team to implement it. I will try to make detailed issue, maybe they can help us. In any case, thanks for sharing binaries - samples that I have tested, didn't use this weird CALLT. BTW, did you found memory map for those MCUs ?

[wosk]

Yep, this one fw executed on µPD70F3423. Specification here http://www.datasheet26.com/circuit/696926/UPD70F3423-%D0%B4%D0%B0%D1%82%D0%B0%D1%88%D0%B8%D1%82.html I use below memory map, with alias for RAM and Peripheral IO regions.