Last active
August 13, 2023 17:45
-
-
Save DRKV333/b4bb2e8e84de5c056629171bbaf3f190 to your computer and use it in GitHub Desktop.
A Ghidra script for grabbing Otherland packet formats
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import java.util.Iterator; | |
| import ghidra.app.decompiler.DecompInterface; | |
| import ghidra.app.decompiler.DecompileOptions; | |
| import ghidra.app.decompiler.DecompileResults; | |
| import ghidra.app.script.GhidraScript; | |
| import ghidra.app.services.ConsoleService; | |
| import ghidra.framework.plugintool.util.OptionsService; | |
| import ghidra.program.model.address.Address; | |
| import ghidra.program.model.listing.Bookmark; | |
| import ghidra.program.model.listing.BookmarkManager; | |
| import ghidra.program.model.listing.Function; | |
| import ghidra.program.model.pcode.PcodeBlockBasic; | |
| import ghidra.program.model.pcode.PcodeOp; | |
| public class OtherprotoHelper extends GhidraScript { | |
| private static final String BOOKMARK_OL_TYPE = "OLType"; | |
| private ConsoleService console; | |
| private BookmarkManager bookmark; | |
| private DecompInterface decomp; | |
| @Override | |
| protected void run() throws Exception { | |
| console = state.getTool().getService(ConsoleService.class); | |
| bookmark = currentProgram.getBookmarkManager(); | |
| setupDecomp(); | |
| processAtAddress(currentAddress); | |
| } | |
| private void setupDecomp() { | |
| decomp = new DecompInterface(); | |
| DecompileOptions opts = new DecompileOptions(); | |
| OptionsService optsService = state.getTool().getService(OptionsService.class); | |
| if (optsService != null) { | |
| opts.grabFromToolAndProgram(null, optsService.getOptions("Decompiler"), currentProgram); | |
| } | |
| decomp.setOptions(opts); | |
| decomp.toggleSyntaxTree(true); | |
| decomp.toggleCCode(false); | |
| decomp.setSimplificationStyle("normalize"); | |
| decomp.openProgram(currentProgram); | |
| } | |
| private void processAtAddress(Address address) { | |
| Function func = getFunctionContaining(address); | |
| processFunction(func); | |
| } | |
| private void processFunction(Function func) { | |
| DecompileResults res = decomp.decompileFunction(func, 3600, monitor); | |
| for (PcodeBlockBasic bb : res.getHighFunction().getBasicBlocks()) { | |
| processBB(bb); | |
| printSlim("..."); | |
| } | |
| } | |
| private void processBB(PcodeBlockBasic bb) { | |
| Iterator<PcodeOp> iter = bb.getIterator(); | |
| while (iter.hasNext()) { | |
| PcodeOp op = iter.next(); | |
| if (op.getOpcode() == PcodeOp.CALL) | |
| printSlim("- type: " + getPrintType(op)); | |
| } | |
| } | |
| private String getPrintType(PcodeOp op) { | |
| Address calleeAddress = op.getInput(0).getAddress(); | |
| Bookmark[] bookmarks = bookmark.getBookmarks(calleeAddress); | |
| for (Bookmark bm : bookmarks) { | |
| if (bm.getCategory().equals(BOOKMARK_OL_TYPE)) | |
| return replaceWithArgs(bm.getComment(), op); | |
| } | |
| String placeholder = "??? " + calleeAddress.toString(); | |
| Function callee = getFunctionAt(calleeAddress); | |
| if (callee != null) | |
| placeholder = placeholder + " (" + callee.getName() + ")"; | |
| return placeholder; | |
| } | |
| private String replaceWithArgs(String template, PcodeOp op) { | |
| for (int i = 1; i < op.getNumInputs(); i++) { | |
| template = template.replace("{" + (i - 1) + "}", Long.toString(op.getInput(i).getOffset())); | |
| } | |
| return template; | |
| } | |
| private void printSlim(String message) { | |
| console.addMessage("", message); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment