英文:
Ghidra Python, creating a memory reference to an already defined string
问题
Ghidra 10.3和MS-DOS 16位可执行文件。我在尝试编写脚本以创建内存引用时遇到了问题。目标是查找MOV DX,VALUE的模式,然后如果VALUE被验证为字符串的位置,就创建一个内存引用。除了创建实际引用之外,我已经让一切都正常工作。
例如,对于这行代码:
MOV DX,0x12b1
我想要的结果与右键单击值(0x12b1)然后选择"Create Memory Reference"相同。
我认为我的问题是在我的下面这个函数中误解了这行代码:
createMemoryReference(data, addr, ghidra.program.model.symbol.RefType.DATA)
在下面的函数中:
def tryRefStr(address):
result = False
opcode = getByteAt(address)
if opcode == opcodeMovDX:
valu = getWordAt(address.add(1)) #十六进制值(0x12b1)
addr = getAddress(valu) #将十六进制值转换为地址对象
data = listing.getDefinedDataAt(addr) #从0x12b1获取的数据对象(字符串)
if data is not None:
dtyp = data.getDataType() #0x12b1处对象的数据类型
if str(dtyp) == 'string': #检查它是否是字符串(粗略的方式,我知道)
result = True
createMemoryReference(data, addr, ghidra.program.model.symbol.RefType.DATA)
return result
它不是用内存引用替换MOV DX,VALUE中的VALUE,而是在字符串的位置创建一个引用,或者类似这样的操作。我不太了解,无法准确解释它的操作。
英文:
Ghidra 10.3 and MS-DOS 16-bit executables. I'm having trouble figuring out how to script creating memory references. The goal is to locate patterns for MOV DX,VALUE then create a memory reference for VALUE if it's validated as the location of a string. I have everything working except creating the actual reference.
This line for example.
MOV DX,0x12b1
I want the same result as right clicking the value (0x12b1) and selecting Create Memory Reference.
I think my issue is misunderstanding this line...
createMemoryReference(data, addr, ghidra.program.model.symbol.RefType.DATA)
...in my function below.
def tryRefStr(address):
result = False
opcode = getByteAt(address)
if opcode == opcodeMovDX:
valu = getWordAt(address.add(1)) #hex value (0x12b1)
addr = getAddress(valu) #hex value as address object
data = listing.getDefinedDataAt(addr) #data object from 0x12b1 (the string)
if data is not None:
dtyp = data.getDataType() #datatype of the object at 0x12b1
if str(dtyp) == 'string': #see if it's a string (crude, I know)
result = True
createMemoryReference(data, addr, ghidra.program.model.symbol.RefType.DATA)
return result
Instead of replacing VALUE in MOV DX,VALUE with a memory reference to 0x12b1 it creates a reference at the string's location instead, or something of that nature. I don't understand enough to explain exactly what it's doing.
答案1
得分: 0
我通过反复尝试找到了答案。
我想要的结果是通过以下方式实现的...
instr = listing.getInstructionContaining(addr)
instr.addOperandReference(1, addr, RefType.DATA, SourceType.ANALYSIS)
而不是...
createMemoryReference(data, addr, RefType.DATA)
英文:
I figured it out through trial and error.
The result I wanted is achieved with...
instr = listing.getInstructionContaining(addr)
instr.addOperandReference(1, addr, RefType.DATA, SourceType.ANALYSIS)
Instead of...
createMemoryReference(data, addr, RefType.DATA)
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论