search

tslater2006 / esp32_flash_loader

Ghidra Loader for ESP32 Flash Dumps
20 stars 9 forks source link

Analysis off by 1 byte #1

Closed Ebiroll closed 4 years ago

Ebiroll commented 4 years ago

When performing analysis, not enough padding is used, i.e. for the function at 400d43fc analysis start at 0x400d43f Any way to fix this? I also want to remove the label and perform reanalysis at the correct address, but I cannot define a function on Data. Any tips on how to do this in ghidra?

This is the incorrect analysis as the first 0 should have been ignored. If analysis is performed at address 400d43fc, not 400d43fb then things make more sense.

 LAB_ram_400d43fb+1                              XREF[0,1]:   ram:400d2b9f(R)  
ram:400d43fb 00 36 41        srli       a3,a0,0x6
ram:400d43fe 00              ??         00h
ram:400d43ff a1 56 f0        l32r       a10,LAB_ram_400d0558
ram:400d4402 65 fb ff        call8      LAB_ram_400d43b7+1
ram:400d4405 2d 0a           mov.n      a2,a10
ram:400d4407 1d f0           retw.n

This should have been,

                         **************************************************************
                         *                          FUNCTION                          *
                         **************************************************************
                         esp_err_t __stdcall nvs_flash_init(void)
         esp_err_t         a2:4           <RETURN>
                         nvs_flash_init                                  XREF[2]:     Entry Point(*), 
                                                                                      app_main:400d2b9f(R)  
ram:400d43fc 36 41 00        entry      a1,0x20
ram:400d43ff a1 56 f0        l32r       a10,PTR_DAT_ram_3f40377c_ram_400d0558            = ram:3f40377c
ram:400d4402 65 fb ff        call8      nvs_flash_init_partition
ram:400d4405 2d 0a           mov.n      a2=>DAT_ram_3f40377c,a10                         = 6Eh    n
ram:400d4407 1d f0           retw.n
Ebiroll commented 4 years ago

I partailly solved the problem by introducing dummy pad instructions, https://github.com/Ebiroll/ghidra-xtensa/commit/201ffbb26b13cb51881cafcab07054f9facce522

Is there anyway to load the SVD file manually?

tslater2006 commented 4 years ago

Closing the issue, the analysis issues are with the xtensa processor plugin, not the esp32 loader.

Re: SVD, there is an SVD python script for ghidra, though I do not know if it works with my SVD