Ghidra: Finding Potential References (Undefined Pointers)
I am looking to find a way to find data references to an address. I have noticed that the reference manager does not detect it as a reference if said reference has not yet been defined as a pointer. (ie displays "? -> 00304e50" instead of '"St9type_info" -> 00304e50') Currently the only thing I have been able to get working is to convert the address to a long, then to a byte[] is the proper endianness and length and then search for that. Unfortunately this is time consuming and error prone.
Is there a way I can grab an array or iterator over all the potential references?
astrelsky
All 3 comments
May be findDirectReferences method of ProgramMemoryUtil class help you:
ProgramMemoryUtil programMemoryUtil = new ProgramMemoryUtil();
Set<Address> directReferences = ProgramMemoryUtil
.findDirectReferences(currentProgram,
2, // change, if you want find more
currentAddress,
monitor);
saruman9
on 16 May 2019
May be
findDirectReferencesmethod ofProgramMemoryUtilclass help you:ProgramMemoryUtil programMemoryUtil = new ProgramMemoryUtil(); Set<Address> directReferences = ProgramMemoryUtil .findDirectReferences(currentProgram, 2, // change, if you want find more currentAddress, monitor);
Yes this exactly what I was looking for. Since it is a static method there is no need to instantiate the class. Thank you so much. I should be able to have GNU rtti done soon now.
astrelsky
on 16 May 2019
Since it is a static method there is no need to instantiate the class.
Exactly. I forgot to delete ProgramMemoryUtil programMemoryUtil = new ProgramMemoryUtil();.
saruman9
on 17 May 2019
Related issues
CalcProgrammer1
路
3Comments
astrelsky
路
3Comments
huettenhain
路
3Comments
gemini00
路
3Comments
toor-de-force
路
3Comments
Most helpful comment
May be
findDirectReferencesmethod ofProgramMemoryUtilclass help you: