diff --git a/README.md b/README.md index c671f76..a235dc0 100755 --- a/README.md +++ b/README.md @@ -41,20 +41,21 @@ More information are provided in the **Features description** section. ## Requirements -* IDA Pro 7.x and Python2 or IDA Pro 7.4 and Python3 - * Not compatible with IDA Home - -* `requests` and `pygments` installed. +* GhIDA has a Python 2 and Python 3 version: + * For Python 2 requires IDA Pro 7.x + * For Python 3 requires IDA Pro >= 7.4 + * GhIDA is not compatible with *IDA Home* + +* `requests` and `pygments` Python (2 or 3) packages * A local installation of [Ghidra](https://ghidra-sre.org/InstallationGuide.html#Install) or [Ghidraaas](https://github.com/Cisco-Talos/Ghidraaas). + * Use Ghidra version 9.1.2 ## Installation ![Decompiler settings image](img/ghida_config.png) -* IDA Pro 7.x - * Install `requests` and `pygments` in Python 2 or Python 3. ``` pip install requests @@ -67,11 +68,12 @@ pip install pygments * The first time GhIDA is launched (Ctrl+Alt+D or *Edit* > *Plugins* > *GhIDA Decompiler*), a settings form is displayed, as shown in the previous image. * If you want to use GhIDA with a local installation of Ghidra: - * [Install Ghidra](https://ghidra-sre.org/InstallationGuide.html#Install) - * Fill the *installation path* (path of the `ghidra_9.x.x` folder) + * [Download](https://ghidra-sre.org/releaseNotes_9.2.html) and [install Ghidra 9.1.2](https://ghidra-sre.org/InstallationGuide.html#Install) + * Fill the *installation path* (path of the `ghidra_9.1.2_PUBLIC` folder) * Otherwise, if you want to use Ghidraaas: - * Launch a local instance of the server using the [Ghidraaas](https://github.com/Cisco-Talos/Ghidraaas) docker container, and insert `http://0.0.0.0:8080/ghidra/api`. + * Launch a local instance of the server using the [Ghidraaas](https://github.com/Cisco-Talos/Ghidraaas) docker container + * Check the *Use Ghidraaas server* box, and insert `http://0.0.0.0:8080/ghidra/api`. * To run GhIDA: * Ctrl+Alt+D @@ -97,7 +99,7 @@ By default, the disassembler view is synchronized with the decompiler view. By c **To disable the synchronization** (in the disassembler view) *right-click > Disable decompiler view synchronization*. ### Code syntax highlight -Decompiled code is syntax-highlighted using the [pygments](http://pygments.org/) python library. +Decompiled code is syntax-highlighted using the [pygments](http://pygments.org/) Python library. ### Code navigation In the decompiler view, double click (or *right-click > Goto*) over the name of a function to open it in the decompile and disassembler view. @@ -137,7 +139,7 @@ To avoid retype GhIDA configuration each time IDA is opened, the configuration i ## Technical details -Under the hood, GhIDA exports the IDA project using [idaxml.py](https://github.com/NationalSecurityAgency/ghidra/blob/master/GhidraBuild/IDAPro/Python/7xx/python/idaxml.py), a python library shipped with Ghidra, then it directly invokes Ghidra in headless mode without requiring any additional analysis. When GhIDA is called the first time, it uses `idaxml` to create two files: a XML file which embeds a program description according to the IDA analysis (including functions, data, symbols, comments, etc) and a `.bytes` file that contains the binary code of the program under analysis. While the binary file does not change during the time, the XML file is recreated each time the user invalidates the GhIDA cache, in order to take into account the updates the user did in the program analysis. To obtain the decompiled code, GhIDA uses [`FunctionDecompile.py`](ghida_plugin/ghidra_plugin/FunctionDecompile.py), a Ghidra plugin in python that exports to a JSON file the decompiled code of a selected function. +Under the hood, GhIDA exports the IDA project using [idaxml.py](https://github.com/NationalSecurityAgency/ghidra/blob/master/GhidraBuild/IDAPro/Python/7xx/python/idaxml.py), a Python library shipped with Ghidra, then it directly invokes Ghidra in headless mode without requiring any additional analysis. When GhIDA is called the first time, it uses `idaxml` to create two files: a XML file which embeds a program description according to the IDA analysis (including functions, data, symbols, comments, etc) and a `.bytes` file that contains the binary code of the program under analysis. While the binary file does not change during the time, the XML file is recreated each time the user invalidates the GhIDA cache, in order to take into account the updates the user did in the program analysis. To obtain the decompiled code, GhIDA uses [`FunctionDecompile.py`](ghida_plugin/ghidra_plugin/FunctionDecompile.py), a Ghidra plugin in Python that exports to a JSON file the decompiled code of a selected function. Exporting the IDA's IDB and calling Ghidra in headless mode add a small overhead to the decompilation process, but it allows to abstract the low-level communication with the Ghidra decompiler. diff --git a/ghida.py b/ghida.py index ecac6fe..10183b0 100644 --- a/ghida.py +++ b/ghida.py @@ -72,7 +72,8 @@ def activate(self, ctx): if DECOMP_VIEW: DECOMP_VIEW.Show() else: - print("GhIDA:: [DEBUG] DECOMP_VIEW non existing") + # print("GhIDA:: [DEBUG] DECOMP_VIEW non existing") + pass return 1 # This action is always available. @@ -92,7 +93,7 @@ def __init__(self, view): # Say hello when invoked. def activate(self, ctx): - print("GhIDA:: [DEBUG] GoToCustViewerHandler HELLO") + # print("GhIDA:: [DEBUG] GoToCustViewerHandler HELLO") goto() return 1 @@ -109,7 +110,7 @@ def __init__(self, view): # Say hello when invoked. def activate(self, ctx): - print("GhIDA:: [DEBUG] AddCommentCustViewerHandler HELLO") + # print("GhIDA:: [DEBUG] AddCommentCustViewerHandler HELLO") DECOMP_VIEW.add_comment() return 1 @@ -126,7 +127,7 @@ def __init__(self, view): # Say hello when invoked. def activate(self, ctx): - print("GhIDA:: [DEBUG] RenameCustViewerHandler HELLO") + # print("GhIDA:: [DEBUG] RenameCustViewerHandler HELLO") DECOMP_VIEW.rename_symbol() return 1 @@ -194,7 +195,7 @@ def view_loc_changed(self, widget, curloc, prevloc): # ------------------------------------------------------------ def goto(shift=False): - print("GhIDA:: [DEBUG] goto called") + # print("GhIDA:: [DEBUG] goto called") symbol = None ret = ida_kernwin.get_highlight(ida_kernwin.get_current_viewer()) @@ -216,7 +217,7 @@ def goto(shift=False): # Update IDA DECOMP view ea = gl.convert_address(address) - print("GhIDA:: [DEBUG] update view to %s" % ea) + # print("GhIDA:: [DEBUG] update view to %s" % ea) DECOMP_VIEW.switch_to_address(ea) return True @@ -341,7 +342,7 @@ def update(self, ea, decompiled, do_show=True): # Update the cache DECOMPILED_CACHE.update_decompiled_cache(ea, decompiled) - print("GhIDA:: [DEBUG] GhIDA DECOM view updated to %s" % ea) + # print("GhIDA:: [DEBUG] GhIDA DECOM view updated to %s" % ea) return def switch_to_address(self, ea): @@ -357,7 +358,7 @@ def add_comment(self): """ Add a commment to the selected line """ - print("GhIDA:: [DEBUG] add_comment called") + # print("GhIDA:: [DEBUG] add_comment called") colored_line = self.GetCurrentLine(notags=1) if not colored_line: idaapi.warning("Select a line") @@ -397,8 +398,8 @@ def add_comment(self): # Add comment to cache COMMENTS_CACHE.add_comment_to_cache(self.__ea, num_line, full_comment) - print("GhIDA:: [DEBUG] Added comment to #line: %d (%s)" % - (num_line, new_text)) + # print("GhIDA:: [DEBUG] Added comment to #line: %d (%s)" % + # (num_line, new_text)) return def add_comments(self, comment_list): @@ -423,7 +424,7 @@ def add_comments(self, comment_list): self.EditLine(lineno, new_line) self.Refresh() - print("GhIDA:: [DEBUG] updated comments terminated") + # print("GhIDA:: [DEBUG] updated comments terminated") return def rename_symbol(self): @@ -467,7 +468,7 @@ def rename_symbol(self): gl.updated_symbol_name_for_address(symbol, address, new_name) # Update symbol name in IDA DISASM view. - print("GhIDA:: [DEBUG] New symbol name: %s" % new_name) + # print("GhIDA:: [DEBUG] New symbol name: %s" % new_name) # Update symbol name in the decompiled view new_code = gl.rename_variable_in_text( @@ -553,10 +554,10 @@ def __init__(self): # Say hello when invoked. def activate(self, ctx): - print("GhIDA:: [DEBUG] InvalidateCache HELLO") + # print("GhIDA:: [DEBUG] InvalidateCache HELLO") address = gl.get_current_address() if not address: - print("GhIDA:: [DEBUG] address not found") + # print("GhIDA:: [DEBUG] address not found") return DECOMPILED_CACHE.invalidate_cache(address) @@ -576,7 +577,7 @@ def __init__(self): # Say hello when invoked. def activate(self, ctx): - print("GhIDA:: [DEBUG] DisasmTracker HELLO") + # print("GhIDA:: [DEBUG] DisasmTracker HELLO") if GHIDA_CONF.disasm_tracker: GHIDA_CONF.disasm_tracker = False @@ -612,7 +613,7 @@ def __init__(self): # Say hello when invoked. def activate(self, ctx): - print("GhIDA:: [DEBUG] DisasmsHandler HELLO") + # print("GhIDA:: [DEBUG] DisasmsHandler HELLO") decompile_function_wrapper() return 1 @@ -643,7 +644,7 @@ def register_handlers(): """ Register the handlers for the pop-up menu to interact with the UI """ - print("GhIDA:: [DEBUG] Registering handlers") + # print("GhIDA:: [DEBUG] Registering handlers") # Load a custom icon icon_path = gl.plugin_resource("ghida.png") @@ -720,7 +721,7 @@ def load_configuration(): global COMMENTS_CACHE # Loading the plugin configuration - print("GhIDA:: [DEBUG] Reading GhIDA configuration") + # print("GhIDA:: [DEBUG] Reading GhIDA configuration") GHIDA_CONF = gl.GhidaConfiguration() print("GHIDA_CONF.load_save_cached_code", @@ -929,7 +930,7 @@ def decompile_function_wrapper(cache_only=False, do_show=True): msg += "Press Ctrl-Alt-D or Right click GhIDA decompiler " msg += "to decompile the function." DECOMP_VIEW.clear(msg=msg, do_show=do_show) - print("GhIDA:: [DEBUG] Function code not available in cache.") + # print("GhIDA:: [DEBUG] Function code not available in cache.") return # Cache miss - opt2: Use Ghidra to decompile the function diff --git a/ghida_plugin/comments_cache.py b/ghida_plugin/comments_cache.py index 752320c..31d48d3 100644 --- a/ghida_plugin/comments_cache.py +++ b/ghida_plugin/comments_cache.py @@ -42,8 +42,8 @@ def set_cache_path(self, file_id): file_id = "test" self.__cache_path = os.path.join( tempfile.gettempdir(), COMMENTS_CACHE_FILE % file_id) - print("GhIDA:: [DEBUG] comments_cache_path: %s" % - self.__cache_path) + # print("GhIDA:: [DEBUG] comments_cache_path: %s" % + # self.__cache_path) except Exception: print("GhIDA:: [!] error while setting the comments cache") @@ -51,14 +51,14 @@ def set_cache_path(self, file_id): def invalidate_cache(self): self.__comments_cache = dict() - print("GhIDA:: [DEBUG] comments cache is empty") + # print("GhIDA:: [DEBUG] comments cache is empty") return def add_comments_to_cache(self, address, comments_list): for c in comments_list: self.__comment_cache[address] = c - ll = len(comments_list) - print("GhIDA:: [DEBUG] addedd %d comments to cache (%s)" % ll) + # ll = len(comments_list) + # print("GhIDA:: [DEBUG] addedd %d comments to cache (%s)" % ll) return def add_comment_to_cache(self, address, line_num, comment): @@ -70,17 +70,17 @@ def add_comment_to_cache(self, address, line_num, comment): if t[0] == line_num: self.__comments_cache[address].remove(t) self.__comments_cache[address].append((line_num, comment)) - print("GhIDA:: [DEBUG] addedd comments (%s, %d) to cache" % - (address, line_num)) - print("GhIDA:: [DEBUG] %d elements in cache" % - len(self.__comments_cache)) + # print("GhIDA:: [DEBUG] addedd comments (%s, %d) to cache" % + # (address, line_num)) + # print("GhIDA:: [DEBUG] %d elements in cache" % + # len(self.__comments_cache)) return def get_comments_cache(self, address): if address in self.__comments_cache: - print("GhIDA:: [DEBUG] comments cache hit (%s)" % address) + # print("GhIDA:: [DEBUG] comments cache hit (%s)" % address) return self.__comments_cache[address] - print("GhIDA:: [DEBUG] comments cache miss (%s)" % address) + # print("GhIDA:: [DEBUG] comments cache miss (%s)" % address) return None def dump_cache_to_json(self): @@ -92,11 +92,11 @@ def dump_cache_to_json(self): def load_cache_from_json(self): try: - print("GhIDA:: [DEBUG] loading comments cache from json") + # print("GhIDA:: [DEBUG] loading comments cache from json") with open(self.__cache_path) as f_in: self.__comments_cache = json.load(f_in) - print("GhIDA:: [DEBUG] loaded %d comments from cache" % len( - self.__comments_cache)) + # print("GhIDA:: [DEBUG] loaded %d comments from cache" % len( + # self.__comments_cache)) except Exception: print("GhIDA:: [!] error while loading comments from %s" % self.__cache_path) diff --git a/ghida_plugin/config.py b/ghida_plugin/config.py index 44fff53..537fa47 100644 --- a/ghida_plugin/config.py +++ b/ghida_plugin/config.py @@ -57,7 +57,7 @@ def set_default_values(self): """ (plugin_path, _) = os.path.split(os.path.realpath(__file__)) self.__ghidra_plugins_path = os.path.join(plugin_path, "ghidra_plugin") - + if _is_unix(): self.__ghidra_install_path = LP self.__ghidra_headless_path = os.path.join( @@ -91,8 +91,8 @@ def read_from_json(self): Avoid the user to always insert the information. """ if not os.path.isfile(self.__config_path): - print("GhIDA:: [DEBUG] Configuration not found." + - "Using default values.") + # print("GhIDA:: [DEBUG] Configuration not found." + + # "Using default values.") return # Read configuration from the file diff --git a/ghida_plugin/decompiled_cache.py b/ghida_plugin/decompiled_cache.py index a0a7441..a6725ac 100644 --- a/ghida_plugin/decompiled_cache.py +++ b/ghida_plugin/decompiled_cache.py @@ -44,7 +44,7 @@ def set_cache_path(self, file_id): file_id = "test" self.__cache_path = os.path.join( tempfile.gettempdir(), CODE_CACHE_FILE % file_id) - print("GhIDA:: [DEBUG] code_cache_path: %s" % self.__cache_path) + # print("GhIDA:: [DEBUG] code_cache_path: %s" % self.__cache_path) except Exception: print("GhIDA:: [!] error while setting the comments cache") @@ -53,33 +53,34 @@ def set_cache_path(self, file_id): def invalidate_cache(self, address=None): if not address: self.__decompiled_cache = dict() - print("GhIDA:: [DEBUG] decompile cache is empty") + # print("GhIDA:: [DEBUG] decompile cache is empty") else: if address in self.__decompiled_cache: del self.__decompiled_cache[address] - print("GhIDA:: [DEBUG] removed item (%s) from cache" % address) + # print("GhIDA:: [DEBUG] removed item (%s) from cache" % address) else: - print("GhIDA:: [DEBUG] item (%s) not found" % address) + # print("GhIDA:: [DEBUG] item (%s) not found" % address) + pass return def add_decompiled_to_cache(self, address, code): self.__decompiled_cache[address] = code - print("GhIDA:: [DEBUG] addedd code to cache (%s)" % address) - print("GhIDA:: [DEBUG] %d elements in cache" % - len(self.__decompiled_cache)) + # print("GhIDA:: [DEBUG] addedd code to cache (%s)" % address) + # print("GhIDA:: [DEBUG] %d elements in cache" % + # len(self.__decompiled_cache)) return def update_decompiled_cache(self, address, code): if address in self.__decompiled_cache: self.__decompiled_cache[address] = code - print("GhIDA:: [DEBUG] cache updated (%s)" % address) + # print("GhIDA:: [DEBUG] cache updated (%s)" % address) return def get_decompiled_cache(self, address): if address in self.__decompiled_cache: - print("GhIDA:: [DEBUG] decompiled cache hit (%s)" % address) + # print("GhIDA:: [DEBUG] decompiled cache hit (%s)" % address) return self.__decompiled_cache[address] - print("GhIDA:: [DEBUG] decompiled cache miss (%s)" % address) + # print("GhIDA:: [DEBUG] decompiled cache miss (%s)" % address) return None def dump_cache_to_json(self): @@ -91,11 +92,11 @@ def dump_cache_to_json(self): def load_cache_from_json(self): try: - print("GhIDA:: [DEBUG] loading decomp cache from json") + # print("GhIDA:: [DEBUG] loading decomp cache from json") with open(self.__cache_path) as f_in: self.__decompiled_cache = json.load(f_in) - print("GhIDA:: [DEBUG] loaded %d items from cache" % len( - self.__decompiled_cache)) + # print("GhIDA:: [DEBUG] loaded %d items from cache" % len( + # self.__decompiled_cache)) except Exception: print("GhIDA:: [!] error while loading code from %s" % self.__cache_path) diff --git a/ghida_plugin/idaxml.py b/ghida_plugin/idaxml.py index 4be5462..7ef6c18 100644 --- a/ghida_plugin/idaxml.py +++ b/ghida_plugin/idaxml.py @@ -311,7 +311,7 @@ def export_xml(self, filename): self.display_summary('Export') idc.msg('\nDatabase exported to: ' + self.filename + '\n') - print("GhIDA:: [DEBUG] found %d symbols" % len(SYMBLE_TABLE_DICT)) + # print("GhIDA:: [DEBUG] found %d symbols" % len(SYMBLE_TABLE_DICT)) return # TODO: Test decompiler comments in batch and gui modes @@ -1322,7 +1322,7 @@ def export_program(self): # to Ghidra definitions. For x86 binaries, look at x86.ldefs # specifications. compiler_name = ida_typeinf.get_compiler_name(self.inf.cc.id) - print("GhIDA:: [DEBUG] compiler name: %s" % compiler_name) + # print("GhIDA:: [DEBUG] compiler name: %s" % compiler_name) new_compiler_name = '' if addr_model == '16-bit': @@ -1374,7 +1374,7 @@ def export_program(self): print("GhIDA [!] unknown compiler not supported by Ghidra") return False - print("GhIDA:: [DEBUG] new_compiler_name: %s" % new_compiler_name) + # print("GhIDA:: [DEBUG] new_compiler_name: %s" % new_compiler_name) # self.write_attribute( # NAME, ida_typeinf.get_compiler_name(self.inf.cc.id)) diff --git a/ghida_plugin/lib.py b/ghida_plugin/lib.py index d875a00..1d7ec24 100644 --- a/ghida_plugin/lib.py +++ b/ghida_plugin/lib.py @@ -107,7 +107,7 @@ def export_ida_project_to_xml(): global EXPORT_XML_FILE xml_file_path, bin_file_path = get_ida_exported_files() - print("GhIDA:: [DEBUG] EXPORT_XML_FILE: %s" % EXPORT_XML_FILE) + # print("GhIDA:: [DEBUG] EXPORT_XML_FILE: %s" % EXPORT_XML_FILE) # Check if files are alredy available if os.path.isfile(xml_file_path) and \ @@ -118,7 +118,7 @@ def export_ida_project_to_xml(): EXPORT_XML_FILE = False # Otherwise call the XML exporter IDA plugin - print("GhIDA:: [DEBUG] Exporting IDA project into XML format") + # print("GhIDA:: [DEBUG] Exporting IDA project into XML format") st = idc.set_ida_state(idc.IDA_STATUS_WORK) xml = XmlExporter(1) @@ -339,7 +339,7 @@ def ghidraaas_checkin_thread(bin_file_path, r = requests.post("%s/ida_plugin_checkin/" % ghidra_server_url, files=bb, timeout=TIMEOUT) - print("GhIDA:: [DEBUG] Check-in status code: %d" % r.status_code) + # print("GhIDA:: [DEBUG] Check-in status code: %d" % r.status_code) if r.status_code == 200: print("GhIDA:: [INFO] Check-in completed") queue.put(True) @@ -395,13 +395,13 @@ def ghidraaas_checkin(bin_file_path, filename, ghidra_server_url): # Thread terminated if not t1.isAlive(): stop = True - print("GhIDA:: [DEBUG] Thread terminated.") + # print("GhIDA:: [DEBUG] Thread terminated.") continue - print("GhIDA:: [DEBUG] Joining check-in thread.") + # print("GhIDA:: [DEBUG] Joining check-in thread.") t1.join(0) q_result = queue.get_nowait() - print("GhIDA:: [DEBUG] Thread joined. Got queue result.") + # print("GhIDA:: [DEBUG] Thread joined. Got queue result.") idaapi.hide_wait_box() return q_result @@ -427,7 +427,7 @@ def ghidraaas_checkout_thread(md5_hash, ghidra_server_url): json=json.dumps(data), timeout=TIMEOUT) - print("GhIDA:: [DEBUG] Check-out status code: %d" % r.status_code) + # print("GhIDA:: [DEBUG] Check-out status code: %d" % r.status_code) if r.status_code != 200: print("GhIDA:: [!] Check-out error: %s (%s)" % (r.reason, r.text)) @@ -472,12 +472,12 @@ def ghidraaas_checkout(ghidra_server_url): if not t1.isAlive(): stop = True - print("GhIDA:: [DEBUG] Thread terminated.") + # print("GhIDA:: [DEBUG] Thread terminated.") continue - print("GhIDA:: [DEBUG] Joining check-out thread.") + # print("GhIDA:: [DEBUG] Joining check-out thread.") t1.join(0) - print("GhIDA:: [DEBUG] Thread joined") + # print("GhIDA:: [DEBUG] Thread joined") idaapi.hide_wait_box() return @@ -517,7 +517,7 @@ def ghidraaas_decompile_thread(address, r = requests.post("%s/ida_plugin_get_decompiled_function/" % ghidra_server_url, files=bb, timeout=TIMEOUT) - print("GhIDA:: [DEBUG] Decompilation status code: %d" % r.status_code) + # print("GhIDA:: [DEBUG] Decompilation status code: %d" % r.status_code) if r.status_code == 200: print("GhIDA:: [INFO] Decompilation completed") @@ -593,13 +593,13 @@ def ghidraaas_decompile(address, if not t1.isAlive(): stop = True - print("GhIDA:: [DEBUG] Thread terminated.") + # print("GhIDA:: [DEBUG] Thread terminated.") continue - print("GhIDA:: [DEBUG] Joining decompilation thread.") + # print("GhIDA:: [DEBUG] Joining decompilation thread.") t1.join(0) q_result = queue.get_nowait() - print("GhIDA:: [DEBUG] Thread joined. Got queue result.") + # print("GhIDA:: [DEBUG] Thread joined. Got queue result.") idaapi.hide_wait_box() return q_result @@ -623,7 +623,7 @@ def decompile_function(address, Decompile function at address @address """ try: - print("GhIDA:: [DEBUG] Decompiling %s" % address) + # print("GhIDA:: [DEBUG] Decompiling %s" % address) xml_file_path, bin_file_path = export_ida_project_to_xml() diff --git a/ghida_plugin/utility.py b/ghida_plugin/utility.py index 2398d98..7eb2e2d 100644 --- a/ghida_plugin/utility.py +++ b/ghida_plugin/utility.py @@ -127,28 +127,28 @@ def from_ghidra_to_ida_syntax_conversion(symbol): if re.match(r"FUN_[0-9a-fA-F]{1,16}", symbol): hex_addr = symbol.split("FUN_")[1].lstrip('0') symbol = "sub_" + hex_addr.upper() - print("GhIDA:: [DEBUG] %s" % symbol) + # print("GhIDA:: [DEBUG] %s" % symbol) return symbol # Special case for symbols named DAT_ by Ghidra elif re.match(r"DAT_[0-9a-fA-F]{1,16}", symbol): hex_addr = symbol.split("DAT_")[1].lstrip('0') symbol = "unk_" + hex_addr.upper() - print("GhIDA:: [DEBUG] %s" % symbol) + # print("GhIDA:: [DEBUG] %s" % symbol) return symbol # Special case for symbols named DAT_ by Ghidra elif re.match(r"_DAT_[0-9a-fA-F]{1,16}", symbol): hex_addr = symbol.split("_DAT_")[1].lstrip('0') symbol = "unk_" + hex_addr.upper() - print("GhIDA:: [DEBUG] %s" % symbol) + # print("GhIDA:: [DEBUG] %s" % symbol) return symbol # Special case for hex values / addresses in Ghidra elif re.match(r"0x[0-9a-fA-F]{1,16}", symbol): hex_addr = symbol.replace('0x', '') symbol = hex_addr.upper() + 'h' - print("GhIDA:: [DEBUG] %s" % symbol) + # print("GhIDA:: [DEBUG] %s" % symbol) return symbol return None @@ -172,7 +172,7 @@ def from_ida_to_ghidra_syntax_conversion(symbol): elif len(hex_addr) <= 16: hex_addr = '0' * (16 - len(hex_addr)) + hex_addr symbol = "FUN_" + hex_addr.lower() - print("GhIDA:: [DEBUG] %s" % symbol) + # print("GhIDA:: [DEBUG] %s" % symbol) return symbol # Special case for symbols named DAT_ by IDA @@ -183,14 +183,14 @@ def from_ida_to_ghidra_syntax_conversion(symbol): elif len(hex_addr) <= 16: hex_addr = '0' * (16 - len(hex_addr)) + hex_addr symbol = "DAT_" + hex_addr.lower() - print("GhIDA:: [DEBUG] %s" % symbol) + # print("GhIDA:: [DEBUG] %s" % symbol) return symbol # Special case for hex values / addresses in IDA elif re.match(r"[0-9a-fA-F]{1,16}h", symbol): hex_addr = symbol.replace('h', '') symbol = '0x' + hex_addr.lower() - print("GhIDA:: [DEBUG] %s" % symbol) + # print("GhIDA:: [DEBUG] %s" % symbol) return symbol return None @@ -231,10 +231,10 @@ def updated_symbol_name_for_address(symbol_name, address, new_symbol_name): address = SYMBLE_TABLE_DICT[symbol_name] del SYMBLE_TABLE_DICT[symbol_name] SYMBLE_TABLE_DICT[new_symbol_name] = address - print("GhIDA:: [DEBUG] updated symbol name in SYMBLE_TABLE_DICT") + # print("GhIDA:: [DEBUG] updated symbol name in SYMBLE_TABLE_DICT") else: SYMBLE_TABLE_DICT[new_symbol_name] = address - print("GhIDA:: [DEBUG] Created new symbol name in SYMBLE_TABLE_DICT") + # print("GhIDA:: [DEBUG] Created new symbol name in SYMBLE_TABLE_DICT") return