Ghidra: How to make Function ID analysis work on ARM?
Hi,
I am trying to use the function ID analysis of Ghidra, but I can't seem to get it working. The documentation says that "Function ID" can be triggered as a one-shot analysis or by auto analysis, however it doesn't appear in the lists at all for me. What could be the reason?
The file I analyze is a raw binary, I have set the language to "ARM:LE:32:v8" (though I discovered later that my file actually runs on ARMv7). The button does appear if I open an x86 ELF file.
blastrock
All 4 comments
I believe it only appears if you have a fidb open for the language of the binary you're analyzing. I don't think there are any arm signatures provided with ghidra.
astrelsky
on 1 Mar 2020
Thanks for the response! I have finally nailed down my issue.
If you open a file in a language for which you don't have any fidb, the Function ID analysis won't appear. However, attaching a fidb is not enough to make it appear, you then need to close and reopen CodeBrowser.
I don't know if this behavior is intentional, maybe it should be fixed, or mentioned in the documentation?
blastrock
on 1 Mar 2020
Thanks for the response! I have finally nailed down my issue.
If you open a file in a language for which you don't have any fidb, the Function ID analysis won't appear. However, attaching a fidb is not enough to make it appear, you then need to close and reopen CodeBrowser.
I don't know if this behavior is intentional, maybe it should be fixed, or mentioned in the documentation?
The requirement of closing and reopening the code browser is probably not intentional but a side effect of how the available analyzers are determined. It may be necessary to trigger the list of analyzers to be reevaluated upon attaching or removing a fidb.
astrelsky
on 1 Mar 2020
_target of interest_ a raw BIN : "ARM:BE:32:v8T" a raw bin program mixed ARM/thumb
i am trying to make a FID database for an "ARM:BE:32:v8" library
And guess what
ARM:BE:32:v8 != ARM:BE:32:v8t
spent 1 hours trying to figure out why the populate button didn't work
So for ghidra world you either go full ARM and ARM-FID-DB or full thumb mode and THUMB-FID-DB but not both together.
While the main feature of ARM cpu is being able to switch thumb/ARM instruction set on the fly....
it like choosing to disassemble for intel processor without backward compatible instruction set.
What made intel processor successful:
1) Worst architecture than a Harvard architecture. People have a tendencies to choose what is worst for them.
2) Backward compatible with previous instruction set. So 99% of corporate drone wants it so they can use previous DOS version with new CPU hardware.
3) Continue to grow and build up on this paradigm until you reach the height of the grotesque . then ???
Moral of the story to build a multi billion dollar company : Customers aren't expert except for
wrongly choosing.
pabx06
on 12 Aug 2020
Related issues
rrivera1849
路
3Comments
Merculous
路
3Comments
gemini00
路
3Comments
loudinthecloud
路
3Comments
huettenhain
路
3Comments
Most helpful comment
_target of interest_ a raw BIN : "ARM:BE:32:v8T" a raw bin program mixed ARM/thumb
i am trying to make a FID database for an "ARM:BE:32:v8" library
And guess what
ARM:BE:32:v8 != ARM:BE:32:v8t
spent 1 hours trying to figure out why the populate button didn't work
So for ghidra world you either go full ARM and ARM-FID-DB or full thumb mode and THUMB-FID-DB but not both together.
While the main feature of ARM cpu is being able to switch thumb/ARM instruction set on the fly....
it like choosing to disassemble for intel processor without backward compatible instruction set.
What made intel processor successful:
1) Worst architecture than a Harvard architecture. People have a tendencies to choose what is worst for them.
2) Backward compatible with previous instruction set. So 99% of corporate drone wants it so they can use previous DOS version with new CPU hardware.
3) Continue to grow and build up on this paradigm until you reach the height of the grotesque . then ???
Moral of the story to build a multi billion dollar company : Customers aren't expert except for
wrongly choosing.