⚡ add funcname analyzer

Author: hijiki51

.project

@@ -10,9 +10,15 @@
 			<arguments>
 			</arguments>
 		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.buildship.core.gradleprojectbuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
 	</buildSpec>
 	<natures>
 		<nature>org.eclipse.jdt.core.javanature</nature>
+		<nature>org.eclipse.buildship.core.gradleprojectnature</nature>
 	</natures>
 	<linkedResources>
 		<link>
@@ -21,4 +27,15 @@
 			<location>/Users/felber/ctf/ghidra_9.0.4</location>
 		</link>
 	</linkedResources>
+	<filteredResources>
+		<filter>
+			<id>1631794475296</id>
+			<name></name>
+			<type>30</type>
+			<matcher>
+				<id>org.eclipse.core.resources.regexFilterMatcher</id>
+				<arguments>node_modules|.git|__CREATED_BY_JAVA_LANGUAGE_SERVER__</arguments>
+			</matcher>
+		</filter>
+	</filteredResources>
 </projectDescription>

src/main/java/gotools/GoFunctionNameAnalyzer.java

@@ -6,6 +6,7 @@
 import ghidra.app.util.importer.MessageLog;
 import ghidra.program.model.address.Address;
 import ghidra.program.model.address.AddressSetView;
+import ghidra.program.model.data.IntegerDataType;
 import ghidra.program.model.data.StringDataType;
 import ghidra.program.model.listing.CodeUnit;
 import ghidra.program.model.listing.Data;
@@ -22,14 +23,12 @@
 
 public class GoFunctionNameAnalyzer extends AnalyzerBase {
   public GoFunctionNameAnalyzer() {
-    super("Go Function Name Analyzer", "Recovers function names in go binaries.",
-        AnalyzerType.BYTE_ANALYZER);
+    super("Go Function Name Analyzer", "Recovers function names in go binaries.", AnalyzerType.BYTE_ANALYZER);
     setPriority(AnalysisPriority.DATA_TYPE_PROPOGATION.before());
   }
 
   @Override
-  public boolean added(Program p, AddressSetView set, TaskMonitor monitor, MessageLog log)
-      throws CancelledException {
+  public boolean added(Program p, AddressSetView set, TaskMonitor monitor, MessageLog log) throws CancelledException {
     MemoryBlock gopcln;
     try {
       gopcln = getGopclntab(p);
@@ -48,23 +47,28 @@ public boolean added(Program p, AddressSetView set, TaskMonitor monitor, Message
 
   private void recoverGoFunctions(Program p, TaskMonitor m, MessageLog log, MemoryBlock gopc)
       throws MemoryAccessException {
+    // TODO this only works for 64bit binaries
     long pointerSize = 8;
     Address a = gopc.getStart();
     int goVersionMagic = p.getMemory().getInt(a);
-    a.add(8);
+    try {
+      createData(p, a, new IntegerDataType());
+    } catch (Exception e) {
+      log.appendException(e);
+    }
+    a = a.add(pointerSize);
+
     // https://github.com/golang/go/blob/release-branch.go1.16/src/debug/gosym/pclntab.go#L169
     if (goVersionMagic == 0xfffffffb) {
-      getInformation12(p, m, log, a, pointerSize);
-    }
-    else {
-      getInformation116(p, m, log, a, pointerSize);
+      getInformation12(p, m, log, gopc, a, pointerSize);
+    } else {
+      getInformation116(p, m, log, gopc, a, pointerSize);
     }
   }
-    }
-    // TODO this only works for 64bit binaries
-  }
-  private void getInformation12(Program p, TaskMonitor m, MessageLog log, MemoryBlock gopc, Address a, long pointerSize){
-     // skip unimportant header
+
+  private void getInformation12(Program p, TaskMonitor m, MessageLog log, MemoryBlock gopc, Address a, long pointerSize)
+      throws MemoryAccessException {
+    // skip unimportant header
     long size = p.getMemory().getLong(a);
     a = a.add(pointerSize);
     for (int i = 0; i < size; i++) {
@@ -95,11 +99,78 @@ private void getInformation12(Program p, TaskMonitor m, MessageLog log, MemoryBl
         continue;
       }
       if (f == null) {
-        CreateFunctionCmd cmd =
-            new CreateFunctionCmd(functionName, funcPointer, null, SourceType.ANALYSIS);
+        CreateFunctionCmd cmd = new CreateFunctionCmd(functionName, funcPointer, null, SourceType.ANALYSIS);
+        if (!cmd.applyTo(p, m)) {
+          log.appendMsg(
+              String.format("Unable to create function at %s, (expected %s)\n", d.getAddress(), d.getValue()));
+        }
+        continue;
+      } else if (f.getName().equals(functionName)) {
+        continue;
+      }
+      try {
+        f.setName(functionName, SourceType.ANALYSIS);
+        p.getListing().setComment(funcPointer, CodeUnit.EOL_COMMENT, "from gotool");
+      } catch (DuplicateNameException | InvalidInputException e) {
+        log.appendException(e);
+        continue;
+      }
+    }
+  }
+
+  private void getInformation116(Program p, TaskMonitor m, MessageLog log, MemoryBlock gopc, Address a,
+      long pointerSize) throws MemoryAccessException {
+    Address funcDataTable, currentFuncTable;
+    long size = p.getMemory().getLong(a);
+    a = a.add(pointerSize * 2);
+    long funcNameTableOffset = p.getMemory().getLong(a);
+    a = a.add(pointerSize * 4);
+    long funcDataTableOffset = p.getMemory().getLong(a);
+    funcDataTable = gopc.getStart().add(funcDataTableOffset);
+    currentFuncTable = gopc.getStart().add(funcDataTableOffset);
+
+    for (int i = 0; i < size; i++) {
+      long funcEntryPoint, funcDataOffset;
+      int funcNameOffset;
+      try {
+        funcEntryPoint = p.getMemory().getLong(currentFuncTable);
+        currentFuncTable = currentFuncTable.add(pointerSize);
+
+        funcDataOffset = p.getMemory().getLong(currentFuncTable);
+        currentFuncTable = currentFuncTable.add(pointerSize);
+
+        funcNameOffset = p.getMemory().getInt(funcDataTable.add(funcDataOffset + pointerSize));
+      } catch (Exception e) {
+        log.appendException(e);
+        continue;
+      }
+
+      Address namePointer = gopc.getStart().add(funcNameTableOffset + funcNameOffset);
+      Data d;
+      try {
+        d = createData(p, namePointer, new StringDataType());
+        p.getListing().setComment(namePointer, CodeUnit.EOL_COMMENT, d.getValue().toString());
+      } catch (Exception e) {
+        log.appendException(e);
+        continue;
+      }
+      Address funcPointer = p.getAddressFactory().getDefaultAddressSpace().getAddress(funcEntryPoint);
+      Function f = p.getFunctionManager().getFunctionAt(funcPointer);
+      String functionName = (String) (d.getValue());
+      if (functionName.startsWith("type..") || functionName.endsWith(".")) {
+        // TODO what to do with it?
+        p.getListing().setComment(funcPointer, CodeUnit.EOL_COMMENT, functionName);
+        continue;
+      }
+      if (gopc.contains(funcPointer)) {
+        log.appendMsg(String.format("skipped %s because it is in the section", functionName));
+        continue;
+      }
+      if (f == null) {
+        CreateFunctionCmd cmd = new CreateFunctionCmd(functionName, funcPointer, null, SourceType.ANALYSIS);
         if (!cmd.applyTo(p, m)) {
-          log.appendMsg(String.format(
-              "Unable to create function at %s, (expected %s)\n", d.getAddress(), d.getValue()));
+          log.appendMsg(
+              String.format("Unable to create function at %s, (expected %s)\n", d.getAddress(), d.getValue()));
         }
         continue;
       } else if (f.getName().equals(functionName)) {
@@ -113,5 +184,4 @@ private void getInformation12(Program p, TaskMonitor m, MessageLog log, MemoryBl
       }
     }
   }
-  private void getInformation116(){}
 }

src/main/java/gotools/GoReturntypeAnalyzer.java

@@ -23,14 +23,12 @@
 import ghidra.program.model.data.DataType;
 import ghidra.program.model.data.StructureDataType;
 import ghidra.program.model.data.Undefined8DataType;
-import ghidra.program.model.listing.*;
 import ghidra.program.model.listing.Function;
 import ghidra.program.model.listing.Parameter;
 import ghidra.program.model.listing.ParameterImpl;
 import ghidra.program.model.listing.Program;
 import ghidra.program.model.listing.Variable;
 import ghidra.program.model.listing.VariableStorage;
-import ghidra.program.model.symbol.*;
 import ghidra.program.model.symbol.RefType;
 import ghidra.program.model.symbol.Reference;
 import ghidra.program.model.symbol.ReferenceManager;
@@ -55,8 +53,7 @@ public GoReturntypeAnalyzer() {
   }
 
   @Override
-  public boolean added(Program p, AddressSetView set, TaskMonitor monitor, MessageLog log)
-      throws CancelledException {
+  public boolean added(Program p, AddressSetView set, TaskMonitor monitor, MessageLog log) throws CancelledException {
     this.detectReturnTypes(p, monitor, log);
     return true;
   }
@@ -73,11 +70,11 @@ private void detectReturnTypes(Program p, TaskMonitor m, MessageLog log, Functio
     int minWrite = Integer.MAX_VALUE;
     m.setMessage(String.format("return type analysis of %s", f.getName()));
     if (!f.getName().contains("main.A")) {
-      //return;
+      // return;
     }
     try {
       f.setCallingConvention("go__stdcall");
-      //f.setCallingConvention("unknown");
+      // f.setCallingConvention("unknown");
     } catch (InvalidInputException e) {
       log.appendException(e);
     }
@@ -113,8 +110,7 @@ private void detectReturnTypes(Program p, TaskMonitor m, MessageLog log, Functio
       numberOfRet = (maxWrite - minWrite) / pointerSize + 1;
     }
     if (totalArgReturnVals > 10) {
-      log.appendMsg(String.format(
-          "Skipped function %s because it has %d arguments", f.getName(), totalArgReturnVals));
+      log.appendMsg(String.format("Skipped function %s because it has %d arguments", f.getName(), totalArgReturnVals));
       return;
     }
     long numberOfArgs = totalArgReturnVals - numberOfRet;
@@ -131,11 +127,9 @@ private void detectReturnTypes(Program p, TaskMonitor m, MessageLog log, Functio
         if (params != null && params.length > i) {
           newParams.add(params[i]);
         } else {
-          VariableStorage v =
-                  f.getCallingConvention().getArgLocation(i, params, new Undefined8DataType(), p);
+          VariableStorage v = f.getCallingConvention().getArgLocation(i, params, new Undefined8DataType(), p);
           try {
-            Variable var =
-                    new ParameterImpl(null, new Undefined8DataType(), v, p, SourceType.ANALYSIS);
+            Variable var = new ParameterImpl(null, new Undefined8DataType(), v, p, SourceType.ANALYSIS);
             newParams.add(var); // TODO why so complicated?!
           } catch (InvalidInputException e) {
             log.appendException(e);
@@ -144,8 +138,8 @@ private void detectReturnTypes(Program p, TaskMonitor m, MessageLog log, Functio
         }
       }
       try {
-        f.replaceParameters(newParams, Function.FunctionUpdateType.DYNAMIC_STORAGE_ALL_PARAMS,
-                false, SourceType.ANALYSIS);
+        f.replaceParameters(newParams, Function.FunctionUpdateType.DYNAMIC_STORAGE_ALL_PARAMS, false,
+            SourceType.ANALYSIS);
       } catch (DuplicateNameException | InvalidInputException e) {
         log.appendException(e);
         return;
@@ -166,8 +160,7 @@ private void detectReturnTypes(Program p, TaskMonitor m, MessageLog log, Functio
             f.setReturn(t, new VariableStorage(p, minWrite, t.getLength()), SourceType.IMPORTED);
             break;
           default:
-            StructureDataType s =
-                new StructureDataType(String.format("ret_%d", f.getSymbol().getID()), 0);
+            StructureDataType s = new StructureDataType(String.format("ret_%d", f.getSymbol().getID()), 0);
             for (int i = 0; i < numberOfRet; i++) {
               s.add(new Undefined8DataType());
             }
@@ -179,7 +172,7 @@ private void detectReturnTypes(Program p, TaskMonitor m, MessageLog log, Functio
         log.appendException(e);
       }
     }
-    System.out.printf("Function %s has %d arguments and %d return values. Max offset: %d\n",
-        f.getName(), numberOfArgs, numberOfRet, maxOffset);
+    System.out.printf("Function %s has %d arguments and %d return values. Max offset: %d\n", f.getName(), numberOfArgs,
+        numberOfRet, maxOffset);
   }
 }