Ghidra: Ghidra cannot load the x86 16bit binary with big segment offset

Created on 18 May 2020  路  1Comment  路  Source: NationalSecurityAgency/ghidra

Describe the bug
Some executables have a code segment at 0xffe, and in Ghidra's MzLoader.java, it's using
space.getAddress(Conv.shortToInt(dos.e_cs()) + csStart, 0); to calculate the segment value.
The Conv.shortToInt will zero padding the higher 16 bit, resulting an unsigned short.
However the dos.e_cs() can be negative, and this is causing problem.
Several places in MzLoader.java also have this problem :)

Attachments
This example is from DEFCON Quals 2020
BBS.zip

Environment (please complete the following information):

  • Ghidra Version: 9.1 & Master branch manually built version
picture NyaMisty
👍1

Most helpful comment

I also encountered this problem and have mostly fixed it in my fork. I'll have to clean up a bit and then I'll create a pull request.

picture lkempf on 19 May 2020
👍3

>All comments

I also encountered this problem and have mostly fixed it in my fork. I'll have to clean up a bit and then I'll create a pull request.

lkempf picture lkempf on 19 May 2020
👍3
Was this page helpful?
0 / 5 - 0 ratings

Related issues

huettenhain picture huettenhain  路  3Comments
chibicitiberiu picture chibicitiberiu  路  3Comments
loudinthecloud picture loudinthecloud  路  3Comments
toor-de-force picture toor-de-force  路  3Comments
astrelsky picture astrelsky  路  3Comments