GP-1044 Fixed promotion of namespaces to only verified classes and ad…

…ded creation of typeinfo structs in stripped gcc binaries
NationalSecurityAgency · Jun 16, 2021 · 020df70 · 020df70
1 parent cde02a9
commit 020df70
Show file tree

Hide file tree

Showing 5 changed files with 503 additions and 191 deletions.
diff --git a/Ghidra/Features/Decompiler/ghidra_scripts/RecoverClassesFromRTTIScript.java b/Ghidra/Features/Decompiler/ghidra_scripts/RecoverClassesFromRTTIScript.java
@@ -163,6 +163,11 @@ public void run() throws Exception {
 		}
 		else if (isGcc()) {
 
+			boolean runGcc = askYesNo("GCC Class Recovery Still Under Development",
+				"I understand that gcc class recovery is still under development and my results will be incomplete but want to run this anyway.");
+			if (!runGcc) {
+				return;
+			}
 			nameVfunctions = true;
 			recoverClassesFromRTTI = new RTTIGccClassRecoverer(currentProgram, currentLocation,
 				state.getTool(), this, BOOKMARK_FOUND_FUNCTIONS,
@@ -545,25 +550,6 @@ private boolean hasConstructorDestructorDiscrepancy(RecoveredClass recoveredClas
 		return true;
 	}
 
-
-
-	//TODO: call this before create data in debug mode from script
-	private void findClassesWithErrors(List<RecoveredClass> recoveredClasses)
-			throws CancelledException {
-
-		Iterator<RecoveredClass> iterator = recoveredClasses.iterator();
-		while (iterator.hasNext()) {
-			monitor.checkCanceled();
-			RecoveredClass recoveredClass = iterator.next();
-			if (hasConstructorDestructorDiscrepancy(recoveredClass)) {
-				println(recoveredClass.getName() + " has function on both c and d lists");
-			}
-		}
-	}
-
-
-
-
 	/**
 	 * Method to analyze the program changes with the decompiler parameter ID analyzer
 	 * @param set the set of addresses to analyze

diff --git a/Ghidra/Features/Decompiler/ghidra_scripts/classrecovery/RTTIClassRecoverer.java b/Ghidra/Features/Decompiler/ghidra_scripts/classrecovery/RTTIClassRecoverer.java
@@ -131,25 +131,25 @@ public List<RecoveredClass> createRecoveredClasses() {
 
 	/**
 	 * Method to promote the namespace is a class namespace. 
-	 * @param vftableNamespace the namespace for the vftable
+	 * @param namespace the namespace for the vftable
 	 * @return true if namespace is (now) a class namespace or false if it could not be promoted.
 	 */
-	public Namespace promoteToClassNamespace(Namespace vftableNamespace) {
+	public Namespace promoteToClassNamespace(Namespace namespace) {
 
 		try {
-			Namespace newClass = NamespaceUtils.convertNamespaceToClass(vftableNamespace);
+			Namespace newClass = NamespaceUtils.convertNamespaceToClass(namespace);
 
 			SymbolType symbolType = newClass.getSymbol().getSymbolType();
 			if (symbolType == SymbolType.CLASS) {
 				return newClass;
 			}
 			Msg.debug(this,
-				"Could not promote " + vftableNamespace.getName() + " to a class namespace");
+				"Could not promote " + namespace.getName() + " to a class namespace");
 			return null;
 		}
 		catch (InvalidInputException e) {
 
-			Msg.debug(this, "Could not promote " + vftableNamespace.getName() +
+			Msg.debug(this, "Could not promote " + namespace.getName() +
 				" to a class namespace because " + e.getMessage());
 			return null;
 		}