Automate fixing unaff_
, in_
variables.
#5186
Replies: 2 comments 2 replies
-
Out of curiosity, what compiler is the binary compiled with? |
Beta Was this translation helpful? Give feedback.
-
Hi, I'm developing a Ghidra utility library, and I decided to give it a shot: from ghidralib import *
# Iterate over functions in a reverse topological order, with `_start` function being last.
for func in Program.call_graph().toposort(Function("_start"))[::-1]:
for var in func.high_variables:
if (var.is_input or var.is_unaffected) and var.varnode.is_register:
regname = var.varnode.as_register
print("adding {} to {}".format(regname, func.name))
func.add_register_parameter("uint", regname, "arg_" + regname) This script is pretty short, and seems to work fine for me - at least on a small LTO binary I've tested. I know so much time has passed that you probably solved this problem in another way (or with a bruteforce) but, seeing the upvotes on the question, someone else may benefit.
You were looking at the wrong class. What you wanted is a HighFunction |
Beta Was this translation helpful? Give feedback.
-
Hi. I'm reversing a very big binary, which for some reason does not use standard calling convention.
Moreover, different functions use different calling conventions. For example, one function would expect the first argument to be
passed in
EDX
, and the rest on stack, another function would expect first argument to be passed inESI
and the rest of argument on stackwhile yet another function would expect arguments to be passed in
EAX
andECX
.As a result of the above, Ghidra auto-analysys was only partially successful. In almost every function there are
in_
,unaff_
,extraout_
variables.I am able to manually fix this by providing the appropriate function signature, however as I've mentioned, the binary is huge, and it would really help if there is a way to automate it.
My idea is to traverse the function call graph in DFS order, list all
in_
andunaff_
variables, and update function signature.For example, given some such pseudocode:
I would start with fixing function
boo
:and then I would move to function
foo
:Now, the most important question is. Is there an easier way to fix it? Maybe I can hint Ghidra somehow?
If not, if there is a way to find all uses of
in_
,unaff_
variables in a function? Looking at the Function class documentation I cannot see anything that would help me :/Big thanks:)
Beta Was this translation helpful? Give feedback.
All reactions