Indirect call flows (#96)

6313165c · Melvin Klimke · Enkelmann · 514be103 · 6313165c
Commit 6313165c authored Nov 03, 2020 by Melvin Klimke Committed by Enkelmann Nov 03, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 26 additions and 7 deletions

PcodeExtractor.java ghidra/p_code_extractor/PcodeExtractor.java +26 -7

No files found.
--- a/ghidra/p_code_extractor/PcodeExtractor.java
+++ b/ghidra/p_code_extractor/PcodeExtractor.java
@@ -56,6 +56,7 @@ public class PcodeExtractor extends GhidraScript {
    Term<Program> program = null;
    FunctionManager funcMan;
+    HashMap<String, Integer> functionEntryPoints;
    ghidra.program.model.listing.Program ghidraProgram;
    VarnodeContext context;
    String cpuArch;
@@ -79,6 +80,8 @@ public class PcodeExtractor extends GhidraScript {
        cpuArch = getCpuArchitecture();
        program = createProgramTerm();
+        functionEntryPoints = new HashMap<String, Integer>();
+        setFunctionEntryPoints();
        Project project = createProject();
        program = iterateFunctions(simpleBM, listing);
@@ -91,6 +94,24 @@ public class PcodeExtractor extends GhidraScript {
    /**
+     * Adds all entry points of internal and external function to a global hash map
+     * This will later speed up the cast of indirect Calls.
+     */
+    protected void setFunctionEntryPoints() {
+        // Add external symbols and internal function addresses to hash map
+        int funcCounter = 0;
+        for(ExternSymbol sym : program.getTerm().getExternSymbols()){
+            functionEntryPoints.put(sym.getAddress(), funcCounter);
+            funcCounter++;
+        }
+        for(Function func : funcMan.getFunctionsNoStubs(true)) {
+            functionEntryPoints.put(func.getEntryPoint().toString(), funcCounter);
+            funcCounter++;
+        }
+    }
+    /**
     * 
     * @return: CPU architecture as string.
     * 
@@ -998,13 +1019,11 @@ public class PcodeExtractor extends GhidraScript {
     * Resolves the target id for an indirect jump
     */
    protected Tid getTargetTid(Varnode target) {
-        if (!target.isRegister() && !target.isUnique()) {
+        Address[] flowDestinations = PcodeBlockData.instruction.getFlows();
-            Reference[] referenced = ghidraProgram.getReferenceManager().getReferencesFrom(target.getAddress());
+        if(flowDestinations.length == 1) {
-            if(referenced.length != 0) {
+            for(Address flow : flowDestinations) {
-                for (ExternSymbol symbol : program.getTerm().getExternSymbols()) {
+                if(functionEntryPoints.containsKey(flow.toString())){
-                    if (symbol.getAddress().equals(referenced[0].getToAddress().toString())) {
+                    return new Tid(String.format("sub_%s", flow.toString()), flow.toString());
-                        return symbol.getTid();
-                    }
                }
            }
        }