Ghidra: External references for raw binary

Created on 10 Mar 2019  路  5Comments  路  Source: NationalSecurityAgency/ghidra

Describe the bug
Functions from external programs in raw binary file dispayed in decompiler as func_0x00009190 or func_0x1

To Reproduce
Steps to reproduce the behavior:

  1. Load raw binary file (module of firmware), which contains calls of external functions.
  2. Load additional raw binary file (shared library for modules of firmware) and set it as external program.
  3. Open module of firmware in CodeBrowser and find undefined call of function
    2019-03-10_135341_579834901

  1. Add external reference for CALL
    2019-03-10_141449_360263728

    2019-03-10_135238_373525765

    Name of function in decompiler:
    2019-03-10_135304_749179163

    or

    1. Create new block of memory (addresses of shared library).

    2. Create reference in called function.
      2019-03-10_135605_340318275

      Name of function in decompiler:
      2019-03-10_135615_665112316

Expected behavior
Name of function in decompiler should be displayed as in external function.

Environment (please complete the following information):

  • OS: Linux
  • Java Version: 11.0
  • Ghidra Version: 9.0

Additional context
How can I create external reference in idiomatic way for raw binaries? Adding external reference for all CALL (JMP and others) is a very time consuming process. Can I automate it without script?

How can I export functions (signatures too) from Exports of shared library to Import of module of firmware and synchronize them in future? I do it manually now: reverse engineering functions in shared library, then changing signatures in functions of Imports in module of firmware.

Bug
Source
picture saruman9
👍2

Most helpful comment

Could you make the script into a PR?

I developed the script in the context of the project at work (NDA). When I finish the project, I will make a PR. While you can use prototype.

picture saruman9 on 22 May 2019
👍3

All 5 comments

I developed a script for temporary use. It find all references to functions from all external programs (shared libraries) and set external references, set name and prototype (signature) of functions.

script

test

saruman9 picture saruman9 on 10 Mar 2019
1

Could you make the script into a PR?

goosenphil picture goosenphil on 19 Apr 2019

Could you make the script into a PR?

I developed the script in the context of the project at work (NDA). When I finish the project, I will make a PR. While you can use prototype.

saruman9 picture saruman9 on 22 May 2019
👍3

As I promised, I'm publishing the script for finding external references in raw binaries. It's far from ideal, but you can use it as example for developing more complex scripts/plugins.

saruman9 picture saruman9 on 27 Apr 2020
🎉1

As I promised, I'm publishing the script for finding external references in raw binaries. It's far from ideal, but you can use it as example for developing more complex scripts/plugins.

Thank you very much for this contribution :)

goosenphil picture goosenphil on 29 Apr 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

woachk picture woachk  路  33Comments
astrelsky picture astrelsky  路  21Comments
SocraticBliss picture SocraticBliss  路  26Comments
tzizi picture tzizi  路  17Comments
rszibele picture rszibele  路  35Comments