binexport: ghidra: plt/got thunking not handled by Ghidra when indirect global register is used

mandiant / capa

The FLARE team's open-source tool to identify capabilities in executable files.

https://mandiant.github.io/capa/

Apache License 2.0

4.9k stars 564 forks source link

binexport: ghidra: plt/got thunking not handled by Ghidra when indirect global register is used #2123

Closed mike-hunhoff closed 3 months ago

mike-hunhoff commented 5 months ago

Documenting this as a known issue here. Ghidra developers are aware and I've asked for clarification if there is a fix planned. Otherwise, we'll likely need to handle this in capa.

see a881dd981034d225cc2a298358fccccc9792df478c81d7e678d12b6658fe266a for example of bug.

mike-hunhoff commented 5 months ago

It's in the works https://github.com/NationalSecurityAgency/ghidra/issues/5825#issuecomment-2150712959 🎉

mike-hunhoff commented 3 months ago

Fixed in Ghidra 11.1.2