Ghidra: [PowerPC] Ghidra decompiler doesn't understand non-r2 SDA

Created on 4 Apr 2019 · 11Comments · Source: NationalSecurityAgency/ghidra

Context: GameCube and Wii are compiled with two Small Data Area/Table Of Contents (SDA/TOC) registers, that it reserves for single-instruction data manipulation, r2 and r13. Right now it looks like it only understands r2.
Whenever it hits r13, it sets a variable and then manually shows the (r13 - 0x____) as a variable, instead of knowing that there's a variable there, which gives really terrible decompilation results.

Screenshot_444

Bug

Source

NWPlayer123

Most helpful comment

Did you actually set r2/r13? @derek57 @RenaKunisaki
You need to actually set it, and then modify the address range to the whole thing, maybe a re-analyze, and then it should work.
If you're doing GameCube/Wii, https://github.com/Cuyler36/Ghidra-GameCube-Loader will auto-find the values for you with a custom analysis option.

Screenshot_466
Screenshot_467
Screenshot_468
Screenshot_469

NWPlayer123 on 12 Dec 2019

❤2

All 11 comments

Some PowerPC code I've seen even uses r2,r13,r14,r15,r16 (GM E98 ECU; not sure which compiler this is).

tmbinc on 4 Apr 2019

👍1

Just looking at the screenshot, it looks like r13 may be getting treated as a save register, which I think is a non-standard ABI. You could try adding r13 to the unaffected list in the cspec to see if this helps decompilation. Its hard to tell from the screenshot, but I'm assuming you're using ppc_32_be.cspec. Look for the lines:

  <unaffected>
    <register name="r14"/>
    <register name="r15"/>
    <register name="r16"/>
    <register name="r17"/>

Add a " line, then save and restart.

You also might want to investigate turning on in-lining or applying a call-fixup for the _savegpr_26 function. It looks suspiciously like an internal compiler function.

caheckman on 5 Apr 2019

@caheckman yeah,
1) GameCube/Wii are big endian aka PPC32BE
2) restgpr and savegpr are part of the Metrowerks/CodeWarrior EABI w/e, I just didn't bother fixing the def and inlining for the screenshot
3) I'll try that and report back. I haven't figured out how to refresh decomp but I'll take your word that it just needs a restart

NWPlayer123 on 6 Apr 2019

@caheckman it works, papa bless
Screenshot_450
Screenshot_451

NWPlayer123 on 6 Apr 2019

@NWPlayer123:

I came across this a few days ago:

https://github.com/aldelaro5/ghidra-gekko-broadway-lang

Would you mind creating a pull request which the guy maintaining this plugin could add there in order to make decompilation of the Broadway / Gekko stuff even better? I mean also this stuff you described here. I came across this as well upon decompilation of the debugger kernel which was a royal pain in the a**...

Thanks in advance.

derek57 on 26 Apr 2019

@NWPlayer123:

I came across this a few days ago:

https://github.com/aldelaro5/ghidra-gekko-broadway-lang

Would you mind creating a pull request which the guy maintaining this plugin could add there in order to make decompilation of the Broadway / Gekko stuff even better? I mean also this stuff you described here. I came across this as well upon decompilation of the debugger kernel which was a royal pain in the a**...

Thanks in advance.

It's already been fixed 20 days ago: https://github.com/aldelaro5/ghidra-gekko-broadway-lang/commit/d4a57a619f3659d0fc302f5478bc06042fb69dba