Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/cached disasm #556

Open
wants to merge 33 commits into
base: master
Choose a base branch
from
Open

Feature/cached disasm #556

wants to merge 33 commits into from

Conversation

dannyp303
Copy link
Collaborator

One sentence summary of this PR (This should go in the CHANGELOG!)
Creates two new disassemblers for OFRAK, ofrak_pyghidra using the PyGhidra feature in the ghidra repository, and ofrak_cached for cacheing binary analysis.

Link to Related Issue(s)
None

Please describe the changes in your request.
ofrak_pyghidra.components: One single unpacker that unpacks the entire binary, down to instruction level, with an option switch to not unpack basic blocks into instructions.

ofrak_pyghidra.standalone(name pending): A utility completely seperate from OFRAK that uses pyghidra to generate the cache file used in ofrak_cached

ofrak_cached.components: OFRAK components that ingest a cached analysis file, associates it with a resource id, and uses it to unpack the binary as requested.

Anyone you think should look at this, specifically?
@rbs-jacob

Dan Pesce and others added 19 commits December 4, 2024 18:39
add initial pyghidra, test fails to load
12f595e
working bb/cb unpacker
4fc4c66
Passes like 70% of tests
4a91519
add gitattributes
cb3c3c1
Update pyghidra code. CodeRegion, ComplexBlock, BasicBlock unpacking
b171a11 
tests are passing
working tests with bb unapcker
11b1bf2
oops, test lines included
d3a6133
add cached disasmbler with simple json format
e64f116
added generation script for pyghidra and updated cached unapcker to n…
37fdfa8 
…ew format
keep analysis dict in memeory
99a0881
dependency inject cache store
5ad4d10
Fix indentation error
a9df7ab
Update cache analysis store to store cache for all unpacked programs
4e069c4
get rid lookup to wokr
8339413
Update pyghidra generator to cli tool, create cached analysis tests u…
826f061 
…sing generated json files
added some metadata with ghidra pie fix and hash checking, all tests …
f084fb9 
…pass
lint
2ba15dd
update executable segment flag in cache file
6bbc9b5
Merge branch 'master' of github.com:dannyp303/ofrak into feature/cach…
381410f 
…ed_disasm
@dannyp303 dannyp303 requested a review from rbs-jacob January 3, 2025 20:16
@rbs-jacob rbs-jacob mentioned this pull request Jan 6, 2025
Open
@rbs-jacob rbs-jacob added this to the 3.3.0 Release milestone Jan 6, 2025
@rbs-jacob rbs-jacob linked an issue Jan 6, 2025 that may be closed by this pull request
Improve Ghidra Support #530
Open
dannyp303
dannyp303 commented Jan 8, 2025
View reviewed changes
disassemblers/ofrak_cached_disassembly/ofrak_cached_disassembly/components/cached_unpacker.py Outdated
)


class CachedProgramUnpacker(Unpacker[None]):
Copy link
Collaborator Author

@dannyp303 dannyp303 Jan 8, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This component is untested due to code regions being unpacked by the ELF unpacker, could be useful for raw binaries, maybe should be removed?

dannyp303
dannyp303 commented Jan 9, 2025
View reviewed changes
disassemblers/ofrak_pyghidra/ofrak_pyghidra/components/pyghidra_components.py
Comment on lines +54 to +55
class CachedCodeRegionModifier(CachedCodeRegionModifier):
pass
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The cached code region unpacker runs this modifier directly, this is a workaround to have it be discoverable with only pyghidra components injected. I tested that it does not cause conflicts if both the cached_disassembly and pyghidra are injected at the same time.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rbs-jacob rbs-jacob Awaiting requested review from rbs-jacob

Assignees

@dannyp303 dannyp303

Labels
None yet
Projects
None yet
Milestone
3.3.0 Release
Development

Successfully merging this pull request may close these issues.

Improve Ghidra Support
2 participants
@dannyp303 @rbs-jacob