Ghidra: How does one access the "Section Headers" from the API?

Created on 2 Apr 2019  路  2Comments  路  Source: NationalSecurityAgency/ghidra 
@Override
public boolean canAnalyze(Program program) {
    // TODO: Examine 'program' to determine of this analyzer should analyze it.  Return true
    // if it can.
    return false;
}

To figure out whether I can analyze the program, I want to look at the Section Headers of the (in this case Elf) binary.

I want to check whether .MY_SECTION (e.g. .bss) is available, how can I do this? I know from readelf that it is there, but I cannot find it in the symbols.

Question
Source
picture felberj

All 2 comments

If it sufficient to get the information you need from our memory map, you can just iterator over program.getMemory().getBlocks(), checking the name of each block. If the memory map doesn't provide exactly what you need, you'll have to start examining the bytes at your desired MemoryBlock.

ryanmkurtz picture ryanmkurtz on 2 Apr 2019
👍1

Alternatively, this should work:

ByteProvider provider = new MemoryByteProvider(program.getMemory(),
    program.getAddressFactory().getDefaultAddressSpace());
CoffFileHeader header = new CoffFileHeader(provider);
List<CoffSectionHeader> sections = header.getSections();
for (CoffSectionHeader section : sections) {
    if ((section.getFlags() & CoffSectionHeaderFlags.STYP_BSS) != 0) {
        ....

(possibly with some exception handling for the new CoffFileHeader)

d-millar picture d-millar on 2 Apr 2019
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

chibicitiberiu picture chibicitiberiu  路  3Comments
awsaba picture awsaba  路  3Comments
Merculous picture Merculous  路  3Comments
astrelsky picture astrelsky  路  3Comments
0x6d696368 picture 0x6d696368  路  3Comments