Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix and build extension for Ghidra v10.3 #106

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 5 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -221,14 +221,14 @@ plugin. It allows overriding some fields such as the PID and memory mappings.

```
[INIT]
context = {
"pid": 200,
"mappings": [ [0x400000, 0x7A81158, 0x7681158, "asav941-200.qcow2|lina"] ]
}
context = { "pid": 200, "mappings": [ [0x400000, 0x7A81158, 0x7681158, "asav941-200.qcow2|lina"] ] }
```

Each entry in the mappings is: ``mem_base``, ``mem_end``, ``mem_size``, ``mem_name``.

If doing this with ghidra:
- Make sure the context entry is a single line, or you will get parsing errors in the ghidra output window!
- Make sure the mem_name matches the name of the module (name next to folder icon in program tree window) exactly!

## Bypassing automatic address rebasing

Expand Down Expand Up @@ -987,6 +987,7 @@ Due to the beta status of OllyDbg2 API, only the following features have been im
> !idb <module name> = set given module as the active idb (see !idblist)
> !idbn <n> = set active idb to the n_th client. n should be a valid decimal value
> !translate <base> <addr> <mod> = rebase an address with respect to local module's base
> !insync = synchronize the selected instruction block in the disassembly window.
```

Note: using the **!translate** command from a disassembler (IDA/Ghidra,
Expand Down
Binary file not shown.
Binary file not shown.
2 changes: 1 addition & 1 deletion ext_ghidra/src/main/help/help/topics/retsync/help.html
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
<META name="ProgId" content="FrontPage.Editor.Document">

<TITLE>Skeleton Help File for a Module</TITLE>
<LINK rel="stylesheet" type="text/css" href="../../shared/Frontpage.css">
<LINK rel="stylesheet" type="text/css" href="help/shared/DefaultStyle.css">
</HEAD>

<BODY>
Expand Down
41 changes: 25 additions & 16 deletions ext_windbg/sync/sync/sync.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -458,23 +458,32 @@ EventFilterCb(BOOL *pbIgnoreEvent)
{
if (CommandSize > 1)
{
// Find last command, delimiter is ';'
LastCommand = strrchr(g_CmdBuffer.buffer, 0x3b);

if (LastCommand == NULL){
LastCommand = g_CmdBuffer.buffer;
}
else {
LastCommand++;
}

while (*LastCommand == 0x20){
LastCommand++;
}
bool bTrackingColon = false;
bool bTrackingG = false;

for (ULONG i = CommandSize - 1; i < CommandSize; i--) {
if (bTrackingColon) {
if (g_CmdBuffer.buffer[i] == 'g') {
bTrackingColon = false;
bTrackingG = true;
}
}
else if (bTrackingG) {
if (g_CmdBuffer.buffer[i] == ' ' || g_CmdBuffer.buffer[i] == ';') {
*pbIgnoreEvent = true;
}

// 'Go' command (g, gH, gN), epicly loosy matching
if (*LastCommand == 0x67){
*pbIgnoreEvent = true;
break;
}
else {

if (g_CmdBuffer.buffer[i] == ';') {
bTrackingColon = true;
}
else if (g_CmdBuffer.buffer[i] == 'g') {
bTrackingG = true;
}
}
}
}
}
Expand Down
80 changes: 79 additions & 1 deletion ext_x64dbg/x64dbg_sync/core.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -464,7 +464,8 @@ HRESULT synchelp()
" > !idblist = display list of all IDB clients connected to the dispatcher\n"
" > !idb <module name> = set given module as the active idb (see !idblist)\n"
" > !idbn <n> = set active idb to the n_th client. n should be a valid decimal value\n"
" > !translate <base> <addr> <mod> = rebase an address with respect to local module's base\n\n");
" > !translate <base> <addr> <mod> = rebase an address with respect to local module's base\n"
" > !insync = synchronize the selected instruction block in the disassembly window.\n\n");

return hRes;
}
Expand Down Expand Up @@ -535,6 +536,68 @@ HRESULT idblist()
}


// insync command implementation
HRESULT InsSync()
{
HRESULT hRes = E_FAIL;
DWORD dwRes = 0;
ULONG_PTR PrevBase = g_Base;
HANDLE hProcess = INVALID_HANDLE_VALUE;
SELECTIONDATA sel;

hRes = GuiSelectionGet(GUI_DISASSEMBLY, &sel);
if (FAILED(hRes))
goto INSYNC_FAILURE;

g_Base = DbgFunctions()->ModBaseFromAddr(sel.start);
if (!g_Base)
{
_plugin_logprintf("[insync] InsSync(%p): could not get module base...\n", sel.start);
goto INSYNC_FAILURE;
}

#if VERBOSE >= 2
_plugin_logprintf("[insync] InsSync(%p): module base %p\n", sel.start, g_Base);
#endif

// Check if we are in a new module
if ((g_Base != PrevBase) && g_SyncAuto)
{
hProcess = DbgGetProcessHandle();

dwRes = GetModuleBaseNameA(hProcess, (HMODULE)g_Base, g_NameBuffer, MAX_MODULE_SIZE);
if (dwRes == 0)
{
_plugin_logprintf("[insync] InsSync(%p): could not get module name...\n", sel.start);
goto INSYNC_FAILURE;
}

#if VERBOSE >= 2
_plugin_logprintf("[insync] InsSync(%p): module : \"%s\"\n", sel.start, g_NameBuffer);
#endif

hRes = TunnelSend("[notice]{\"type\":\"module\",\"path\":\"%s\"}\n", g_NameBuffer);
if (FAILED(hRes)) {
return hRes;
}
}

hRes = TunnelSend("[sync]{\"type\":\"loc\",\"base\":%llu,\"offset\":%llu}\n", (ULONG64)g_Base, (ULONG64)sel.start);

return hRes;

INSYNC_FAILURE:
// Inform the dispatcher that an error occured in the instruction sync
if (g_Base != NULL)
{
TunnelSend("[notice]{\"type\":\"dbg_err\"}\n");
g_Base = NULL;
}

return hRes;
}


HRESULT idbn(PSTR Args)
{
HRESULT hRes = S_OK;
Expand Down Expand Up @@ -912,6 +975,17 @@ static bool cbRcmtCommand(int argc, char* argv[])
}


static bool cbInsyncCommand(int argc, char* argv[])
{
#if VERBOSE >= 2
_plugin_logputs("[sync] insync command!");
#endif

InsSync();
return true;
}


static bool cbTranslateCommand(int argc, char* argv[])
{
#if VERBOSE >= 2
Expand Down Expand Up @@ -1040,6 +1114,9 @@ void coreInit(PLUG_INITSTRUCT* initStruct)
if (!_plugin_registercommand(pluginHandle, "!translate", cbTranslateCommand, true))
_plugin_logputs("[sync] error registering the \"!translate\" command!");

if (!_plugin_registercommand(pluginHandle, "!insync", cbInsyncCommand, true))
_plugin_logputs("[sync] error registering the \"!insync\" command");

// initialize globals
g_Synchronized = FALSE;

Expand Down Expand Up @@ -1077,6 +1154,7 @@ void coreStop()
_plugin_unregistercommand(pluginHandle, "!cmt");
_plugin_unregistercommand(pluginHandle, "!rcmt");
_plugin_unregistercommand(pluginHandle, "!translate");
_plugin_unregistercommand(pluginHandle, "!insync");
_plugin_menuclear(hMenu);
}

Expand Down