Ghidra: Ghidra API GetFunctionContaining not working

Created on 25 Oct 2019  路  6Comments  路  Source: NationalSecurityAgency/ghidra

Describe the bug
I created a custom script to create functions and search specific instructions inside of those functions. After getting the address of a single instruction, I tried to call the getFunctionContaining(address), but it always returns null.
I'm not using the auto analysis feature, on the contrary, I'm running with the -noanalysis parameter.

To Reproduce
Steps to reproduce the behaviour:

  1. Analyse a binary through script only
  2. Get the address of an instruction
  3. Try to get the function containing the instruction with getFunctionContaining
  4. Receive a null pointer

Expected behaviour
I expected the getFunctionContaining to actually return the address.

Screenshots
Nope.

Attachments
Nope.

Environment (please complete the following information):

  • OS: MacOs Catalina 10.15
  • Java Version: 12
  • Ghidra Version: 9.1-Beta

Additional context
-> The functions I defined contain multiple references to unknown addresses as jal (Address that does not exist on file)
-> I'm not executing the auto analysis from ghidra because the binary under analysis is not an executable file, it is a firmware for an embedded device.
-> GetFunctionBefore works.

API Bug
Source
picture aosti

Most helpful comment

Try reversing the order.

picture ghidra1 on 29 Oct 2019
🎉1 👍1

All 6 comments

getFunctionContaining will return null if no function contains the specified address.
As a sanity check you can check if a defined function contains an address through the FunctionManager interface.

currentProgram.getFunctionManager().isInFunction(currentAddress) will return True if the program has a defined function containing the specified address.

astrelsky picture astrelsky on 25 Oct 2019
👍1

It also returned false. I find it strange, because the disassembler shows the instructions as belonging to a single function. All of the functions were created using FlatProgramAPI.createFunction(address, null).

aosti picture aosti on 25 Oct 2019

If the FlatProgramAPI.createFunction was performed prior to disassembly of the instructions within the new function, the function will not have a body. With auto-analysis disabled the update of the function body will be performed. It's unclear when and how your disassembly was performed in relation to function creation.

ghidra1 picture ghidra1 on 29 Oct 2019

I'm calling createFunction and then disassembling.

aosti picture aosti on 29 Oct 2019

Try reversing the order.

ghidra1 picture ghidra1 on 29 Oct 2019
🎉1 👍1

Yeap, it works. :)

aosti picture aosti on 30 Oct 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

awsaba picture awsaba  路  3Comments
CalcProgrammer1 picture CalcProgrammer1  路  3Comments
ghost picture ghost  路  3Comments
Barakat picture Barakat  路  3Comments
forkoz picture forkoz  路  3Comments