Git Product home page Git Product logo

ghidra-cpp-class-analyzer's Introduction

Run tests Ghidra C++ Class and Run Time Type Information Analyzer

NOTICE

This project has reached its end of life and is no longer being maintained. Ghidra currently provides scripts for RTTI analysis and class reconstruction. These scripts should now be used and improved upon.

API Documentation

A fully built and linked version of the documentation is available at https://astrelsky.github.io/Ghidra-Cpp-Class-Analyzer.

Building

Run the following command in a terminal of your choice.

gradle buildExtension

Upon completion the output will be located in the dist folder.

Installation

Extract the archive to a destination folder of your choice. Launch ghidra and from the project manager go to file->Install Extensions... Click the + icon near the top right corner of the window. Select the the path of the extracted Ghidra-Cpp-Class-Analyzer folder and select OK. After restarting ghidra open the CodeBrowser and go to file->Configure...->Experimental and select ClassTypeInfoManagerPlugin. Restart the CodeBrowser to allow the analyzers to be refreshed.

Features

  • GCC RTTI models and analysis.
  • Vtable analysis and class namespace setting.
  • Constructor/Destructor analysis.
  • Reconstruction of class inheritance models for virtual multiple inheritance.
  • Tree style display of inheritance hierarchy.

Supported Compilers

  • GCC
  • Clang
  • Visual Studio (Control Flow Guard (CFG) not supported)

Inheritance Modeling via the Type Info Tree

Capture

Class Type Info Color Coding

#FFFF00 - Nested Class #28a745 - Basic Class #d73a49 - Abstract Class #0366d6 - Virtual Class #6f42c1 - Virtual Abstract Class

CppClassAnalyzerGhidraScript

Want to make a GhidraScript with easy access to the ClassTypeInfoManager for the currentProgram? Try extending the CppClassAnalyzerGhidraScript class instead of GhidraScript. Unfortunately this is currently only possible for scripts written in Java.

Fill Out Class Decompiler Action

Right clicking within the decompiler window in a __thiscall function with which a ClassTypeInfo exists will contain an action to fill out the class. It behaves similarly to the fill out structure action accept class members are determined via calls to other __thiscall functions.

Dynamic RTTI Handling

For GNU binaries a project archive will need to be created to provide data required for analysis. Each library containing dynamic RTTI will need to be analyzed and copied into the project archive via the TypeInfoTree prior to analyzing the program. In the future an archive wil be distributed for libstdc++.

TODO

  • Graphing
  • Type Info Tree filter
  • Help Documentation

ghidra-cpp-class-analyzer's People

Contributors

astrelsky avatar fmagin avatar freax13 avatar garyttierney avatar mexahotabop avatar velocityra avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

crackercat heruix jack51706 freemanzyq peterg75 james-tate chubbymaggie awhawks pwmoore c002 v-p-b ohyeah521 tobiasfaller jaypikay samunders-core garyttierney sad-dev trietptm-on-coding-algorithms matry11 fmagin velocityra songpyeon tosi-mosi ioo0s ghidrapluginproject mkos11 illusion0001 inno157 clayne gamblingmaster2020 mfkiwl rexchun sagasm muhzii gg-big-org ammaraskar iq-scm enlyze kruniak kthordarson kiwidoggie drabcofficial gmh5225 mobilemutex rollingrock 5l1v3r1 0x5abe letsknowabout bluepeople1

ghidra-cpp-class-analyzer's Issues

ArrayIndexOutOfBounds

Version: 2c8427e
System: ArchLinux
Ghidra: 9.2 (master)

2020-04-08	01:31:43	DEBUG	(MessageLog) Exception appended to MessageLog java.lang.ArrayIndexOutOfBoundsException: Index 0 out of bounds for length 0
			at ghidra.app.cmd.data.rtti.gcc.ClassTypeInfoUtils.sortByMostDerived(ClassTypeInfoUtils.java:327)
			at ghidra.app.plugin.prototype.GccRttiAnalyzer.createVtables(GccRttiAnalyzer.java:272)
			at ghidra.app.plugin.prototype.GccRttiAnalyzer.added(GccRttiAnalyzer.java:149)
			at ghidra.app.plugin.core.analysis.AnalysisScheduler.runAnalyzer(AnalysisScheduler.java:190)
			at ghidra.app.plugin.core.analysis.AnalysisTask.applyTo(AnalysisTask.java:39)
			at ghidra.app.plugin.core.analysis.AutoAnalysisManager$AnalysisTaskWrapper.run(AutoAnalysisManager.java:685)
			at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:785)
			at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:664)
			at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:629)
			at ghidra.app.plugin.core.analysis.AnalysisBackgroundCommand.applyTo(AnalysisBackgroundCommand.java:58)
			at ghidra.framework.plugintool.mgr.BackgroundCommandTask.run(BackgroundCommandTask.java:101)
			at ghidra.framework.plugintool.mgr.ToolTaskManager.run(ToolTaskManager.java:315)
			at java.base/java.lang.Thread.run(Thread.java:830)

How to process a x86:LE:32/64:default:gcc ELF binary

Hi there!

Can anybody please tell me how to process a x86:LE:32/64:default:gcc ELF binary?

I know that in the README.md it says:

Dynamic RTTI Handling

For GNU binaries a project archive will need to be created to provide data required for analysis. Each library containing dynamic RTTI will need to be analyzed and copied into the project archive via the TypeInfoTree prior to analyzing the program. In the future an archive wil be distributed for libstdc++.

I also found the following in the Releases page:

Issues related to empty vtable structs have been fixed. Also attached to this release are gdt archives for x86 and x86_64 libstdc++.so.6. To use them simply drag the file into Ghidra's project manager. Then before running the class analyzer, open the project archive in the ClassTypeInfo Tree. When running the C++ Class Analyzer's with "Use Archived Rtti Data" selected, the analyzer with search through the archived for the data type and use them to apply the data type and function definitions. This is particularly useful for stripped programs.

But for The Love Of God, I CANNOT do it!

I'm not even starting with what's wrong with the above quotes.

It's not that I didn't try, I did, I really did.

For, I don't know, by now maybe 6 hours straight?!?

Ended giving up in frustration, trying everything that I could think of.

However, the extension is working just fine for PE32(+) executables for MS Windows.

So in conclusion, it's working for PE but it's not working for ELF, and I really need it working for ELF.

Can anybody please help me?

Huge thanks!

PS:

These are the binaries (x86:LE:64:default:windows PE & x86:LE:64:default:gcc ELF) and this is the source code for my test program(s) (taken from The Ghidra Book: The Definitive Guide, by Chris Eagle and Kara Nance):

/* rtti.cpp */

#include <iostream>
#include <ctime>

class BaseClass {
public:
	BaseClass();
	virtual void vfunc1() = 0;
	virtual void vfunc2();
	virtual void vfunc3();
	virtual void vfunc4();
private:
	int x;
	int y;
};

class SubClass : public BaseClass {
public:
	SubClass();
	virtual void vfunc1();
	virtual void vfunc3();
	virtual void vfunc5();
private:
	int z;
};

class SubSubClass : public SubClass {
public:
	SubSubClass();
	virtual void vfunc3();
private:
	int z;
};

BaseClass::BaseClass() {
	std::cout << "Base Class constructor called" << std::endl;
}

void BaseClass::vfunc2() {
	std::cout << "Base Class vfunc2() called" << std::endl;
}

void BaseClass::vfunc3() {
	std::cout << "Base Class vfunc3() called" << std::endl;
}

void BaseClass::vfunc4() {
	std::cout << "Base Class vfunc4() called" << std::endl;
}

SubClass::SubClass() {
	std::cout << "Sub Class constructor called" << std::endl;
}

void SubClass::vfunc1() {
	std::cout << "Sub Class vfunc1() called" << std::endl;
}

void SubClass::vfunc3() {
	std::cout << "Sub Class vfunc3() called" << std::endl;
}

void SubClass::vfunc5() {
	std::cout << "Sub Class vfunc5() called" << std::endl;
}

SubSubClass::SubSubClass() {
	std::cout << "Sub Sub Class constructor called" << std::endl;
}

void SubSubClass::vfunc3() {
	std::cout << "Sub Sub Class vfunc3() called" << std::endl;
}

void call_vfunc(BaseClass *bc_ptr) {
	bc_ptr->vfunc3();
}

int main() {
	BaseClass *bc_ptr = new SubClass();
	std::cout << "typdeid(bc_ptr)  = " << typeid(bc_ptr).name() << std::endl;
	std::cout << "typdeid(*bc_ptr) = " << typeid(*bc_ptr).name() << std::endl;
	call_vfunc(bc_ptr);

	SubClass *sc_ptr = dynamic_cast<SubClass*>(bc_ptr);
	std::cout << "typdeid(sc_ptr)  = " << typeid(sc_ptr).name() << std::endl;
	std::cout << "typdeid(*sc_ptr) = " << typeid(*sc_ptr).name() << std::endl;
	call_vfunc(sc_ptr);

	BaseClass *bc_ptr_2;
	srand(time(0));
	if (rand() % 2) {
		bc_ptr_2 = dynamic_cast<SubClass*>(new SubClass());
	}
	else {
		bc_ptr_2 = dynamic_cast<SubClass*>(new SubSubClass());
	}
	std::cout << "typdeid(bc_ptr_2)  = " << typeid(bc_ptr_2).name() << std::endl;
	std::cout << "typdeid(*bc_ptr_2) = " << typeid(*bc_ptr_2).name() << std::endl;
	call_vfunc(bc_ptr_2);

	return 0;
}

Create vtable structs with function pointers

Currently it's very tedious to create the structs representing the vtable in Ghidra. It would be convenient if this extension could create those structs and function pointer types based off of the signatures of the destinations.

NPE analyzing large exe with Windows/VS RTTI

I have run all other analysis tools. This error happens in one-shot mode, as well as, as part of auto analysis. I have tried with and without "Locate Constructors".

Exception throw:

Analysis Task: Windows C++ Class Analyzer - 
java.lang.NullPointerException
	at ghidra.app.plugin.prototype.CppCodeAnalyzerPlugin.wrappers.WindowsVtableModel.getVbtableBuffer(WindowsVtableModel.java:51)
	at ghidra.app.plugin.prototype.CppCodeAnalyzerPlugin.wrappers.WindowsVtableModel.<init>(WindowsVtableModel.java:42)
	at ghidra.app.plugin.prototype.CppCodeAnalyzerPlugin.wrappers.RttiModelWrapper.doGetVtable(RttiModelWrapper.java:374)
	at ghidra.app.plugin.prototype.CppCodeAnalyzerPlugin.wrappers.RttiModelWrapper.<init>(RttiModelWrapper.java:156)
	at ghidra.app.plugin.prototype.CppCodeAnalyzerPlugin.wrappers.RttiModelWrapper.getWrapper(RttiModelWrapper.java:116)
	at ghidra.app.plugin.prototype.CppCodeAnalyzerPlugin.windows.WindowsCppClassAnalyzer.getClassTypeInfoList(WindowsCppClassAnalyzer.java:97)
	at ghidra.app.plugin.prototype.CppCodeAnalyzerPlugin.windows.WindowsCppClassAnalyzer.getClassTypeInfoList(WindowsCppClassAnalyzer.java:115)
	at ghidra.app.plugin.prototype.CppCodeAnalyzerPlugin.AbstractCppClassAnalyzer.added(AbstractCppClassAnalyzer.java:98)
	at ghidra.app.plugin.core.analysis.AnalysisScheduler.runAnalyzer(AnalysisScheduler.java:185)
	at ghidra.app.plugin.core.analysis.AnalysisTask.applyTo(AnalysisTask.java:39)
	at ghidra.app.plugin.core.analysis.AutoAnalysisManager$AnalysisTaskWrapper.run(AutoAnalysisManager.java:685)
	at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:785)
	at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:664)
	at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:629)
	at ghidra.app.plugin.core.analysis.AnalysisBackgroundCommand.applyTo(AnalysisBackgroundCommand.java:62)
	at ghidra.framework.plugintool.mgr.BackgroundCommandTask.run(BackgroundCommandTask.java:101)
	at ghidra.framework.plugintool.mgr.ToolTaskManager.run(ToolTaskManager.java:315)
	at java.base/java.lang.Thread.run(Thread.java:832)

---------------------------------------------------
Build Date: 2020-Feb-12 1149 EST
Ghidra Version: 9.1.2
Java Home: C:\Program Files\AdoptOpenJDK\jdk-14.0.1.7-hotspot
JVM Version: AdoptOpenJDK 14.0.1
OS: Windows 10 10.0 amd64
Workstation: AmysRig

Let me know what else you might need.

Plugin doesn't appear in Configure->Experimental Plugins

The extension (v10.0.3) downloaded from release, is added and checked in the list of installed extensions.
In the Code Browser, however, going to Configure -> Experimental, ClassTypeInfoManagerPlugin isn't showing up.

Ghidra v10.0.3 PUBLIC on Windows 10

Ghidra versions < 9.2 build failure

It has come to my attention that the build will fail with ghidra versions < 9.2. This will be resolved later today. The master branch will work with ghidra 9.2 and a separate branch will be created for older versions. Backward compatibility will be kept until the first public release of ghidra 9.2.

Thank you for your understanding,
Andrew Strelsky

build fail with ghidra 10.0.4 

# /usr/bin/gradle -PGHIDRA_INSTALL_DIR=/opt/ghidra_10.0.4 buildExtension
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true

FAILURE: Build failed with an exception.

* Where:
Script '/opt/ghidra_10.0.4/support/buildExtension.gradle' line: 80

* What went wrong:
A problem occurred evaluating script.
> Could not set unknown property 'archiveBaseName' for task ':buildExtension' of type org.gradle.api.tasks.bundling.Zip.

* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.

* Get more help at https://help.gradle.org

BUILD FAILED in 0s

is maybe my gradle version too old or too new? it is 4.4.1

How to build?

It would be great if there were the steps to build the project and how to load them into ghidra in the readme; or at least a link to where it's explained.

Extension won't install for Ghidra version 10.1.3

I was able to successfully install and build this, but when I go to install it into Ghidra, I get the following error message:

Extension version for [Ghidra-Cpp-Class-Analyzer-master] is incompatible with Ghidra
-----------------------------------------------------
Build Date: 2022-Apr-21 1210 EDT
Ghidra Version 10.1.3
Java Home: <My JDK Home>
JVM Version: Oracle Corporation 18.0.1.1
OS: Windows 10 10.0 amd64
Workstation: <My Workstation>

What could be that cause of this?

Deduce base class function types/names from inheriting ones 

struct Bar {
        virtual int a(int x) = 0;
        virtual int b(double x, double y) = 0;
        virtual int get() = 0;
};

struct Foo : public Bar {
        int a(int ax) override {
                x = ax;
                return x;
        }
        int b(double ax, double ay) override {
                x = ax;
                y = ay;
                return y;
        }
        virtual int get() {
                return y;
        }
        int x;
        int y;
};

int main() {
        Bar* b = new Foo;
        b->a(4);
        b->b(6, 7);
        return b->get();
}

is currently decompiled as:

void main(void)

{
  code *pcVar1;
  Foo *this;
  
  this = (Foo *)operator.new(0x10);
  Foo::Foo(this);
  pcVar1 = (code *)((this->super_Bar)._vptr)->__cxa_pure_virtual;
  (*pcVar1)(this,4,pcVar1);
  (*(code *)((this->super_Bar)._vptr)->__cxa_pure_virtual)
            (0x4018000000000000,0x401c000000000000,this);
  (*(code *)((this->super_Bar)._vptr)->__cxa_pure_virtual)(this);
  return;
}

It should be possible to improve the info in the Bar vtable struct by using the types and names from the Foo vtable struct.

Build Failed During Task: complieJava

ERROR: Cannot find method hasFlexibleArrayComponent()
if (((Structure) type.getDataType()).hasFlexibleArrayComponent()) {
^

Note:
java version "17.0.1" 2021-10-19 LTS
Java(TM) SE Runtime Environment (build 17.0.1+12-LTS-39)
Java HotSpot(TM) 64-Bit Server VM (build 17.0.1+12-LTS-39, mixed mode, sharing)

Thanks for your help!

`UnresolvedClassTypeInfoException`: Unable to locate archived data 

Unable to locate archived data for MWF::ObjActiveBase::typeinfo
ghidra.app.cmd.data.rtti.gcc.UnresolvedClassTypeInfoException: Unable to locate archived data for MWF::ObjActiveBase::typeinfo
	at cppclassanalyzer.plugin.ClassTypeInfoManagerPlugin.getExternalClassTypeInfo(ClassTypeInfoManagerPlugin.java:331)
	at cppclassanalyzer.data.manager.ItaniumAbiClassTypeInfoManager.getExternalClassTypeInfo(ItaniumAbiClassTypeInfoManager.java:77)
	at ghidra.app.cmd.data.rtti.gcc.typeinfo.AbstractSiClassTypeInfoModel.getParentModels(AbstractSiClassTypeInfoModel.java:42)
	at ghidra.app.cmd.data.rtti.gcc.typeinfo.SiClassTypeInfoModel.getParentModels(SiClassTypeInfoModel.java:15)
	at ghidra.app.cmd.data.rtti.gcc.typeinfo.AbstractSiClassTypeInfoModel.getVirtualParents(AbstractSiClassTypeInfoModel.java:47)
	at ghidra.app.cmd.data.rtti.gcc.typeinfo.SiClassTypeInfoModel.getVirtualParents(SiClassTypeInfoModel.java:15)
	at cppclassanalyzer.data.typeinfo.GnuClassTypeInfoDB.fillModelData(GnuClassTypeInfoDB.java:272)
	at cppclassanalyzer.data.typeinfo.AbstractClassTypeInfoDB.<init>(AbstractClassTypeInfoDB.java:67)
	at cppclassanalyzer.data.typeinfo.GnuClassTypeInfoDB.<init>(GnuClassTypeInfoDB.java:49)
	at cppclassanalyzer.data.manager.ItaniumAbiClassTypeInfoManager$GnuRttiRecordWorker.buildType(ItaniumAbiClassTypeInfoManager.java:308)
	at cppclassanalyzer.data.manager.ItaniumAbiClassTypeInfoManager$GnuRttiRecordWorker.buildType(ItaniumAbiClassTypeInfoManager.java:295)
	at cppclassanalyzer.data.manager.AbstractRttiRecordWorker.resolve(AbstractRttiRecordWorker.java:143)
	at cppclassanalyzer.data.manager.ClassTypeInfoManagerDB.resolve(ClassTypeInfoManagerDB.java:401)
	at cppclassanalyzer.data.manager.ItaniumAbiClassTypeInfoManager.getTypeInfo(ItaniumAbiClassTypeInfoManager.java:59)
	at cppclassanalyzer.data.manager.ClassTypeInfoManagerDB.getType(ClassTypeInfoManagerDB.java:336)
	at cppclassanalyzer.data.manager.ClassTypeInfoManagerDB.getType(ClassTypeInfoManagerDB.java:353)
	at cppclassanalyzer.data.manager.ClassTypeInfoManagerDB.getType(ClassTypeInfoManagerDB.java:369)
	at cppclassanalyzer.decompiler.action.FillOutClassAction.isEnabledForDecompilerContext(FillOutClassAction.java:36)
	at ghidra.app.plugin.core.decompile.actions.AbstractDecompilerAction.lambda$isEnabledForContext$0(AbstractDecompilerAction.java:68)
	at ghidra.app.plugin.core.decompile.DecompilerActionContext.checkActionEnablement(DecompilerActionContext.java:147)
	at ghidra.app.plugin.core.decompile.actions.AbstractDecompilerAction.isEnabledForContext(AbstractDecompilerAction.java:67)
	at docking.ComponentPlaceholder.contextChanged(ComponentPlaceholder.java:532)
	at docking.DockingWindowManager.contextChanged(DockingWindowManager.java:2232)
	at docking.AbstractDockingTool.contextChanged(AbstractDockingTool.java:208)
	at ghidra.framework.plugintool.PluginTool.contextChanged(PluginTool.java:1433)
	at ghidra.app.plugin.core.decompile.DecompilerProvider.contextChanged(DecompilerProvider.java:675)
	at ghidra.app.plugin.core.decompile.DecompilerProvider.decompileDataChanged(DecompilerProvider.java:505)
	at ghidra.app.decompiler.component.DecompilerController.setDecompileData(DecompilerController.java:181)
	at ghidra.app.decompiler.component.DecompilerController.loadFromCache(DecompilerController.java:128)
	at ghidra.app.decompiler.component.DecompilerController.display(DecompilerController.java:105)
	at ghidra.app.plugin.core.decompile.DecompilerProvider.setLocation(DecompilerProvider.java:422)
	at ghidra.app.plugin.core.decompile.DecompilePlugin.lambda$new$0(DecompilePlugin.java:75)
	at ghidra.util.task.SwingUpdateManager.swingDoWork(SwingUpdateManager.java:108)
	at ghidra.util.task.AbstractSwingUpdateManager.swingExecutePendingWork(AbstractSwingUpdateManager.java:338)
	at ghidra.util.task.AbstractSwingUpdateManager.timerCallback(AbstractSwingUpdateManager.java:287)
	at ghidra.util.task.AbstractSwingUpdateManager.lambda$new$0(AbstractSwingUpdateManager.java:131)
	at java.desktop/javax.swing.Timer.fireActionPerformed(Timer.java:317)
	at java.desktop/javax.swing.Timer$DoPostEvent.run(Timer.java:249)
	at java.desktop/java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:313)
	at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:770)
	at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:721)
	at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:715)
	at java.base/java.security.AccessController.doPrivileged(Native Method)
	at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:85)
	at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:740)
	at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203)
	at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124)
	at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113)
	at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109)
	at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
	at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90)

I'm getting this exception when clicking anywhere in a particular function, which comes up as a modal dialog. This unfortunately makes it impossible to work on the function.

Any ideas for how I can work around this?

I'm also wondering if I'm doing something wrong with my workflow that may have led to this. I have multiple .so files that are all part of the same Ghidra project. These libraries inherit classes from each other in some cases, so presumably there's RTTI dependencies between them. I saw a note about this in the readme, but I don't quite understand how to handle this. Am I to open all .so files in the project and analyze them with the RTTI analyzers in dependency order?

Also, what happens if you rerun the RTTI analyzers? Will they overwrite data types you've already worked on? Under what circumstances should they be rerun?

Let me know if there's any more info I can provide to help.
Thanks!

InvalidDataTypeException: The Typeinfo at xxxxx is not valid

Log:

2020-04-08	01:31:43	ERROR	(TypeInfoFactory) Unknown Exception ghidra.program.model.data.InvalidDataTypeException: The TypeInfo at 02084150 is not valid
			at ghidra.app.cmd.data.rtti.gcc.typeinfo.SiClassTypeInfoModel.getModel(SiClassTypeInfoModel.java:35)
			at ghidra.app.cmd.data.rtti.gcc.factory.TypeInfoFactory.getTypeInfo(TypeInfoFactory.java:108)
			at ghidra.app.cmd.data.rtti.gcc.typeinfo.AbstractSiClassTypeInfoModel.getParentModels(AbstractSiClassTypeInfoModel.java:39)
			at ghidra.app.cmd.data.rtti.gcc.typeinfo.SiClassTypeInfoModel.getParentModels(SiClassTypeInfoModel.java:14)
			at ghidra.app.cmd.data.rtti.gcc.ClassTypeInfoUtils.sortByMostDerived(ClassTypeInfoUtils.java:327)
			at ghidra.app.plugin.prototype.GccRttiAnalyzer.createVtables(GccRttiAnalyzer.java:272)
			at ghidra.app.plugin.prototype.GccRttiAnalyzer.added(GccRttiAnalyzer.java:149)
			at ghidra.app.plugin.core.analysis.AnalysisScheduler.runAnalyzer(AnalysisScheduler.java:190)
			at ghidra.app.plugin.core.analysis.AnalysisTask.applyTo(AnalysisTask.java:39)
			at ghidra.app.plugin.core.analysis.AutoAnalysisManager$AnalysisTaskWrapper.run(AutoAnalysisManager.java:685)
			at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:785)
			at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:664)
			at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:629)
			at ghidra.app.plugin.core.analysis.AnalysisBackgroundCommand.applyTo(AnalysisBackgroundCommand.java:58)
			at ghidra.framework.plugintool.mgr.BackgroundCommandTask.run(BackgroundCommandTask.java:101)
			at ghidra.framework.plugintool.mgr.ToolTaskManager.run(ToolTaskManager.java:315)
			at java.base/java.lang.Thread.run(Thread.java:830)

At that address:
image

Resource Leak

The ProgramClassTypeInfoManagers are not being closed when the program is closed under unknown conditions.

When process comes to cppclassanalyzer.plugin.ClassTypeInfoManagerPlugin.getExternalClassTypeInfo(ClassTypeInfoManagerPlugin.java:331), it haven't ProjectClassTypeInfoManager instancies in heap.

When process comes to cppclassanalyzer.plugin.ClassTypeInfoManagerPlugin.getExternalClassTypeInfo(ClassTypeInfoManagerPlugin.java:331), it haven't ProjectClassTypeInfoManager instancies in heap. May be i need run something to create it? and load archived data?

ghidra.app.cmd.data.rtti.gcc.UnresolvedClassTypeInfoException: Unable to locate archived data for V************::typeinfo
at cppclassanalyzer.plugin.ClassTypeInfoManagerPlugin.getExternalClassTypeInfo(ClassTypeInfoManagerPlugin.java:331)
at cppclassanalyzer.data.manager.ItaniumAbiClassTypeInfoManager.getExternalClassTypeInfo(ItaniumAbiClassTypeInfoManager.java:77)
at ghidra.app.cmd.data.rtti.gcc.typeinfo.BaseClassTypeInfoModel.getClassModel(BaseClassTypeInfoModel.java:135)
at ghidra.app.cmd.data.rtti.gcc.typeinfo.VmiClassTypeInfoModel.getVirtualParents(VmiClassTypeInfoModel.java:150)
at cppclassanalyzer.data.typeinfo.GnuClassTypeInfoDB.fillModelData(GnuClassTypeInfoDB.java:272)
at cppclassanalyzer.data.typeinfo.AbstractClassTypeInfoDB.(AbstractClassTypeInfoDB.java:67)
at cppclassanalyzer.data.typeinfo.GnuClassTypeInfoDB.(GnuClassTypeInfoDB.java:49)
at cppclassanalyzer.data.manager.ItaniumAbiClassTypeInfoManager$GnuRttiRecordWorker.buildType(ItaniumAbiClassTypeInfoManager.java:308)

NullPointerException when running both the scripts

It shows up when running either the python scripts.
Here the reported trace

Uncaught Exception! 
java.lang.NullPointerException
	at org.python.core.Py.dispatchToChecker(Py.java:2490)
	at org.python.core.Py.isInstance(Py.java:2347)
	at org.python.core.__builtin__.isinstance(__builtin__.java:712)
	at org.python.core.Py.exceptionToString(Py.java:1372)
	at org.python.core.Py.exceptionToBytes(Py.java:1339)
	at org.python.core.Py.displayException(Py.java:1316)
	at org.python.core.PyException.printStackTrace(PyException.java:89)
	at docking.DockingErrorDisplay.buildStackTrace(DockingErrorDisplay.java:146)
	at docking.DockingErrorDisplay.createErrorDialog(DockingErrorDisplay.java:114)
	at docking.DockingErrorDisplay.doShowDialog(DockingErrorDisplay.java:98)
	at docking.DockingErrorDisplay.lambda$showDialog$0(DockingErrorDisplay.java:91)
	at docking.DockingErrorDisplay$$Lambda$614.00000000B9C754A0.run(Unknown Source)
	at java.desktop/java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:313)
	at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:770)
	at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:721)
	at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:715)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:673)
	at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:85)
	at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:740)
	at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203)
	at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124)
	at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113)
	at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109)
	at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
	at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90)

---------------------------------------------------
Build Date: 2019-Sep-23 1119 EDT
Ghidra Version: 9.1-BETA
Java Home: C:\Program Files\AdoptOpenJDK\jdk-12.0.1.12-openj9
JVM Version: AdoptOpenJDK 12.0.1
OS: Windows 10 10.0 amd64
Workstation: DESKTOP-6TBLE83

I'm on latest released version, 1.2

Error constructing plugin

When attempting to configure the ClassTypeInfoManagerPlugin, as per the instructions in the readme, I get: Error constructing plugin: class cppclassanalyzer.plugin.ClassTypeInfoManagerPlugin. I am running the latest release distribution provided on this repository on a build recommended PR for Ghidra that I built myself, as well as running it from the ghidra-batteries-included release.

ghidra.framework.plugintool.util.PluginException: Error constructing plugin: class cppclassanalyzer.plugin.ClassTypeInfoManagerPlugin
	at ghidra.framework.plugintool.util.PluginUtils.instantiatePlugin(PluginUtils.java:196)
	at ghidra.framework.plugintool.PluginManager.addPlugins(PluginManager.java:100)
	at ghidra.framework.plugintool.PluginTool.addPlugins(PluginTool.java:818)
	at ghidra.framework.plugintool.PluginTool.lambda$addPlugin$1(PluginTool.java:805)
	at ghidra.framework.plugintool.PluginTool.lambda$checkedRunSwingNow$3(PluginTool.java:1510)
	at ghidra.util.Swing.doRun(Swing.java:292)
	at ghidra.util.Swing.runNow(Swing.java:208)
	at ghidra.util.Swing.runNow(Swing.java:163)
	at ghidra.framework.plugintool.PluginTool.checkedRunSwingNow(PluginTool.java:1508)
	at ghidra.framework.plugintool.PluginTool.addPlugin(PluginTool.java:804)
	at ghidra.framework.plugintool.PluginConfigurationModel.addPlugin(PluginConfigurationModel.java:148)
	at ghidra.framework.plugintool.dialog.PluginInstallerTableModel.addPlugin(PluginInstallerTableModel.java:165)
	at ghidra.framework.plugintool.dialog.PluginInstallerTableModel.setValueAt(PluginInstallerTableModel.java:133)
	at java.desktop/javax.swing.JTable.setValueAt(JTable.java:2730)
	at java.desktop/javax.swing.JTable.editingStopped(JTable.java:4728)
	at java.desktop/javax.swing.AbstractCellEditor.fireEditingStopped(AbstractCellEditor.java:147)
	at java.desktop/javax.swing.DefaultCellEditor$EditorDelegate.stopCellEditing(DefaultCellEditor.java:370)
	at java.desktop/javax.swing.DefaultCellEditor.stopCellEditing(DefaultCellEditor.java:234)
	at java.desktop/javax.swing.DefaultCellEditor$EditorDelegate.actionPerformed(DefaultCellEditor.java:387)
	at java.desktop/javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1967)
	at java.desktop/javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2308)
	at java.desktop/javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:405)
	at java.desktop/javax.swing.JToggleButton$ToggleButtonModel.setPressed(JToggleButton.java:401)
	at java.desktop/javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:279)
	at java.desktop/java.awt.AWTEventMulticaster.mouseReleased(AWTEventMulticaster.java:297)
	at java.desktop/java.awt.Component.processMouseEvent(Component.java:6632)
	at java.desktop/javax.swing.JComponent.processMouseEvent(JComponent.java:3342)
	at java.desktop/java.awt.Component.processEvent(Component.java:6397)
	at java.desktop/java.awt.Container.processEvent(Container.java:2263)
	at java.desktop/java.awt.Component.dispatchEventImpl(Component.java:5008)
	at java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2321)
	at java.desktop/java.awt.Component.dispatchEvent(Component.java:4840)
	at java.desktop/javax.swing.plaf.basic.BasicTableUI$Handler.repostEvent(BasicTableUI.java:967)
	at java.desktop/javax.swing.plaf.basic.BasicTableUI$Handler.mouseReleased(BasicTableUI.java:1183)
	at java.desktop/java.awt.AWTEventMulticaster.mouseReleased(AWTEventMulticaster.java:297)
	at java.desktop/java.awt.AWTEventMulticaster.mouseReleased(AWTEventMulticaster.java:297)
	at java.desktop/java.awt.AWTEventMulticaster.mouseReleased(AWTEventMulticaster.java:297)
	at java.desktop/java.awt.Component.processMouseEvent(Component.java:6632)
	at java.desktop/javax.swing.JComponent.processMouseEvent(JComponent.java:3342)
	at java.desktop/java.awt.Component.processEvent(Component.java:6397)
	at java.desktop/java.awt.Container.processEvent(Container.java:2263)
	at java.desktop/java.awt.Component.dispatchEventImpl(Component.java:5008)
	at java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2321)
	at java.desktop/java.awt.Component.dispatchEvent(Component.java:4840)
	at java.desktop/java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4918)
	at java.desktop/java.awt.LightweightDispatcher.processMouseEvent(Container.java:4547)
	at java.desktop/java.awt.LightweightDispatcher.dispatchEvent(Container.java:4488)
	at java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2307)
	at java.desktop/java.awt.Window.dispatchEventImpl(Window.java:2772)
	at java.desktop/java.awt.Component.dispatchEvent(Component.java:4840)
	at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:772)
	at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:721)
	at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:715)
	at java.base/java.security.AccessController.doPrivileged(Native Method)
	at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:85)
	at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:95)
	at java.desktop/java.awt.EventQueue$5.run(EventQueue.java:745)
	at java.desktop/java.awt.EventQueue$5.run(EventQueue.java:743)
	at java.base/java.security.AccessController.doPrivileged(Native Method)
	at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:85)
	at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:742)
	at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203)
	at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124)
	at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:117)
	at java.desktop/java.awt.WaitDispatchSupport$2.run(WaitDispatchSupport.java:190)
	at java.desktop/java.awt.WaitDispatchSupport$4.run(WaitDispatchSupport.java:235)
	at java.desktop/java.awt.WaitDispatchSupport$4.run(WaitDispatchSupport.java:233)
	at java.base/java.security.AccessController.doPrivileged(Native Method)
	at java.desktop/java.awt.WaitDispatchSupport.enter(WaitDispatchSupport.java:233)
	at java.desktop/java.awt.Dialog.show(Dialog.java:1070)
	at java.desktop/java.awt.Component.show(Component.java:1716)
	at java.desktop/java.awt.Component.setVisible(Component.java:1663)
	at java.desktop/java.awt.Window.setVisible(Window.java:1031)
	at java.desktop/java.awt.Dialog.setVisible(Dialog.java:1005)
	at docking.DockingDialog.setVisible(DockingDialog.java:341)
	at docking.DockingWindowManager.lambda$doShowDialog$6(DockingWindowManager.java:1727)
	at ghidra.util.Swing.doRun(Swing.java:292)
	at ghidra.util.Swing.runNow(Swing.java:208)
	at ghidra.util.Swing.runNow(Swing.java:163)
	at docking.DockingWindowManager.doShowDialog(DockingWindowManager.java:1731)
	at docking.DockingWindowManager.showDialog(DockingWindowManager.java:1763)
	at docking.AbstractDockingTool.showDialog(AbstractDockingTool.java:154)
	at ghidra.framework.plugintool.dialog.PluginManagerComponent.managePlugins(PluginManagerComponent.java:70)
	at ghidra.framework.plugintool.dialog.PluginManagerComponent$PluginPackageComponent.lambda$createConfigureHyperlink$1(PluginManagerComponent.java:153)
	at docking.widgets.HyperlinkComponent$1.hyperlinkUpdate(HyperlinkComponent.java:66)
	at java.desktop/javax.swing.JEditorPane.fireHyperlinkUpdate(JEditorPane.java:345)
	at java.desktop/javax.swing.text.html.HTMLEditorKit$LinkController.activateLink(HTMLEditorKit.java:899)
	at java.desktop/javax.swing.text.html.HTMLEditorKit$LinkController.mouseClicked(HTMLEditorKit.java:695)
	at java.desktop/java.awt.AWTEventMulticaster.mouseClicked(AWTEventMulticaster.java:278)
	at java.desktop/java.awt.AWTEventMulticaster.mouseClicked(AWTEventMulticaster.java:277)
	at java.desktop/java.awt.AWTEventMulticaster.mouseClicked(AWTEventMulticaster.java:277)
	at java.desktop/java.awt.AWTEventMulticaster.mouseClicked(AWTEventMulticaster.java:277)
	at java.desktop/java.awt.Component.processMouseEvent(Component.java:6635)
	at java.desktop/javax.swing.JComponent.processMouseEvent(JComponent.java:3342)
	at java.desktop/java.awt.Component.processEvent(Component.java:6397)
	at java.desktop/java.awt.Container.processEvent(Container.java:2263)
	at java.desktop/java.awt.Component.dispatchEventImpl(Component.java:5008)
	at java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2321)
	at java.desktop/java.awt.Component.dispatchEvent(Component.java:4840)
	at java.desktop/java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4918)
	at java.desktop/java.awt.LightweightDispatcher.processMouseEvent(Container.java:4556)
	at java.desktop/java.awt.LightweightDispatcher.dispatchEvent(Container.java:4488)
	at java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2307)
	at java.desktop/java.awt.Window.dispatchEventImpl(Window.java:2772)
	at java.desktop/java.awt.Component.dispatchEvent(Component.java:4840)
	at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:772)
	at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:721)
	at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:715)
	at java.base/java.security.AccessController.doPrivileged(Native Method)
	at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:85)
	at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:95)
	at java.desktop/java.awt.EventQueue$5.run(EventQueue.java:745)
	at java.desktop/java.awt.EventQueue$5.run(EventQueue.java:743)
	at java.base/java.security.AccessController.doPrivileged(Native Method)
	at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:85)
	at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:742)
	at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203)
	at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124)
	at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113)
	at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109)
	at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
	at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90)
Caused by: java.lang.reflect.InvocationTargetException
	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
	at ghidra.framework.plugintool.util.PluginUtils.instantiatePlugin(PluginUtils.java:184)
	... 121 more
Caused by: java.lang.NoSuchMethodError: cppclassanalyzer.plugin.typemgr.action.AbstractTypeMgrAction.setEnabled(Z)Z
	at cppclassanalyzer.plugin.typemgr.action.AbstractTypeMgrAction.<init>(AbstractTypeMgrAction.java:24)
	at cppclassanalyzer.plugin.typemgr.action.OpenArchiveAction.<init>(OpenArchiveAction.java:15)
	at cppclassanalyzer.plugin.typemgr.action.TypeInfoArchiveHandler.getOpenAction(TypeInfoArchiveHandler.java:48)
	at cppclassanalyzer.plugin.typemgr.TypeInfoTreeProvider.createActions(TypeInfoTreeProvider.java:63)
	at cppclassanalyzer.plugin.typemgr.TypeInfoTreeProvider.<init>(TypeInfoTreeProvider.java:38)
	at cppclassanalyzer.plugin.ClassTypeInfoManagerPlugin.<init>(ClassTypeInfoManagerPlugin.java:92)
	... 126 more

---------------------------------------------------
Build Date: 2020-Aug-21 2010 UTC
Ghidra Version: 9.2
Java Home: C:\Program Files\Java\jdk-11.0.2
JVM Version: Oracle Corporation 11.0.2
OS: Windows 10 10.0 amd64
Workstation: 192.168.1.102

Support for Ghidra 9.2.3

Ghidra 9.2.3 has changed something in build process and Ghidra-CPP-Class-Analyzer fails to compile against it

java.lang.Exception: Vtable for std::type_info not found

I have two aarch64 binaries with partial symbols I am working with and when I run the GCC RTTI Analyzer on either executable I get the following exception:

(These messages are also written to the application log file)

Vtable for std::type_info not found
java.lang.Exception: Vtable for std::type_info not found
	at cppclassanalyzer.scanner.ItaniumAbiRttiScanner.getStaticReferences(ItaniumAbiRttiScanner.java:314)
	at cppclassanalyzer.scanner.ItaniumAbiRttiScanner.getReferences(ItaniumAbiRttiScanner.java:287)
	at cppclassanalyzer.scanner.ItaniumAbiRttiScanner.applyTypeInfoTypes(ItaniumAbiRttiScanner.java:208)
	at cppclassanalyzer.scanner.ItaniumAbiRttiScanner.doScan(ItaniumAbiRttiScanner.java:140)
	at cppclassanalyzer.scanner.ItaniumAbiRttiScanner.scan(ItaniumAbiRttiScanner.java:132)
	at ghidra.app.plugin.prototype.GccRttiAnalyzer.added(GccRttiAnalyzer.java:119)
	at ghidra.app.plugin.core.analysis.OneShotAnalysisCommand.applyTo(OneShotAnalysisCommand.java:47)
	at ghidra.app.plugin.core.analysis.AutoAnalysisManager$AnalysisTaskWrapper.run(AutoAnalysisManager.java:688)
	at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:788)
	at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:667)
	at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:632)
	at ghidra.app.plugin.core.analysis.AnalysisBackgroundCommand.applyTo(AnalysisBackgroundCommand.java:58)
	at ghidra.framework.plugintool.mgr.BackgroundCommandTask.run(BackgroundCommandTask.java:102)
	at ghidra.framework.plugintool.mgr.ToolTaskManager.run(ToolTaskManager.java:315)
	at java.base/java.lang.Thread.run(Thread.java:832)

commit: 718168727082d96fe0dd6c5b997170205bdc6721
Ghidra Version: 9.2.3
OS: Ubuntu 20.04 LTS

Installation: Can't find plugin in experimental-configure

Ghidra: 9.1.2
OS: Windows10
I have extract archive to folder in Ghidra/Extensions/Ghidra
image

Click the + icon
image

But I can't find "ClassTypeInfoManagerPlugin" in CodeBrowser-file-configure ...->Experimental
image

Please tell me how I can install successfully. Thanks in advance.

Heap out of memory error: Memory hungry

On 64GB RAM with 38GB SWAP machine, analyzing big binaries (about 10-20mb) takes even more than 6 hours (once even 14h on i9-9900k) and most of the binaries just crashing in the middle with an error as the title. I tried to analyze one by one but the same issue occurs. Do you maybe know why the CppClassAnalyzer is so memory hungry?

Regards,
TheAifam5

NullPointerException in AbstractCppClassAnalyzer while analyzing libstdc++

C&P from: NationalSecurityAgency/ghidra#1750

Describe the bug
Importing 64-bit libstdc++.so.6 on ArchLinux from /usr/lib/libstdc++.so.6 throws a single dialog with a text java.lang.NullPointerException with no callstack or any useful error information. In Attachments section I added the log with the callstack.

To Reproduce
Steps to reproduce the behavior:

  1. Load libstdc++.so.6
  2. Analyze with default options + GCC RTTI (Fundamental Types) + C++ Class Analyzer (Fill Class Fields and Locate Constructors)

Expected behavior
IMHO should show more detailed error message like every other plugin does when crashing (I mean the expand button to see more). I don't know if that affected the analysis but such thing should not exists.

Attachments
ArchLinux package containing that file (gcc-libs 9.3.0-1): https://www.archlinux.org/packages/core/x86_64/gcc-libs/

2020-04-12	04:09:12	ERROR	(MessageLog) Exception appended to MessageLog java.lang.NullPointerException
			at ghidra.app.plugin.prototype.CppCodeAnalyzerPlugin.AbstractCppClassAnalyzer.analyzeDestructor(AbstractCppClassAnalyzer.java:241)
			at ghidra.app.plugin.prototype.CppCodeAnalyzerPlugin.AbstractCppClassAnalyzer.fillStructures(AbstractCppClassAnalyzer.java:186)
			at ghidra.app.plugin.prototype.CppCodeAnalyzerPlugin.AbstractCppClassAnalyzer.added(AbstractCppClassAnalyzer.java:108)
			at ghidra.app.plugin.core.analysis.AnalysisScheduler.runAnalyzer(AnalysisScheduler.java:190)
			at ghidra.app.plugin.core.analysis.AnalysisTask.applyTo(AnalysisTask.java:39)
			at ghidra.app.plugin.core.analysis.AutoAnalysisManager$AnalysisTaskWrapper.run(AutoAnalysisManager.java:685)
			at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:785)
			at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:664)
			at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:629)
			at ghidra.app.plugin.core.analysis.AnalysisBackgroundCommand.applyTo(AnalysisBackgroundCommand.java:58)
			at ghidra.framework.plugintool.mgr.BackgroundCommandTask.run(BackgroundCommandTask.java:101)
			at ghidra.framework.plugintool.mgr.ToolTaskManager.run(ToolTaskManager.java:315)
			at java.base/java.lang.Thread.run(Thread.java:830)

Environment:

  • OS: ArchLinux x64
  • Java Version: 13.0.2
  • Ghidra Version: bcb825fb029232175625bc85653ec0e810b1252e

Improve support for binaries without RTTI

I'm not sure exactly what's all possible to do automatically vs manually. At a minimum it would be nice to be able to be able select a vtable in memory and have the vtable struct constructed based on the pointed to functions and their types.

Build error with Ghidra 9.2.2

Building worked fine with 9.1.2, however trying to build for 9.2.2 results in the following error:

$ ls /opt/ghidra
docs        ghidra  ghidra.png  ghidraRun.bat  LICENSE   server
Extensions  Ghidra  ghidraRun   GPL            licenses  support

$ /usr/bin/gradle -PGHIDRA_INSTALL_DIR=/opt/ghidra/ buildExtension --stacktrace
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true

> Task :compileJava FAILED
/prg/tmp/Ghidra-Cpp-Class-Analyzer/src/main/java/ghidra/app/cmd/data/rtti/gcc/GnuUtils.java:14: error: cannot find symbol
import ghidra.framework.model.Tool;
                             ^
  symbol:   class Tool
  location: package ghidra.framework.model
/prg/tmp/Ghidra-Cpp-Class-Analyzer/src/main/java/ghidra/app/plugin/prototype/CppCodeAnalyzerPlugin/windows/WindowsConstructorAnalysisCmd.java:12: error: cannot find symbol
import ghidra.app.util.bin.format.pdb.PdbProgramAttributes;
                                     ^
  symbol:   class PdbProgramAttributes
  location: package ghidra.app.util.bin.format.pdb
2 errors


FAILURE: Build failed with an exception.

* What went wrong:
Execution failed for task ':compileJava'.
> Compilation failed; see the compiler error output for details.

* Try:
Run with --info or --debug option to get more log output. Run with --scan to get full insights.

* Exception is:
org.gradle.api.tasks.TaskExecutionException: Execution failed for task ':compileJava'.
        at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.executeActions(ExecuteActionsTaskExecuter.java:100)
        at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.execute(ExecuteActionsTaskExecuter.java:70)
        at org.gradle.api.internal.tasks.execution.OutputDirectoryCreatingTaskExecuter.execute(OutputDirectoryCreatingTaskExecuter.java:51)
        at org.gradle.api.internal.tasks.execution.SkipUpToDateTaskExecuter.execute(SkipUpToDateTaskExecuter.java:62)
        at org.gradle.api.internal.tasks.execution.ResolveTaskOutputCachingStateExecuter.execute(ResolveTaskOutputCachingStateExecuter.java:54)
        at org.gradle.api.internal.tasks.execution.ValidatingTaskExecuter.execute(ValidatingTaskExecuter.java:60)
        at org.gradle.api.internal.tasks.execution.SkipEmptySourceFilesTaskExecuter.execute(SkipEmptySourceFilesTaskExecuter.java:97)
        at org.gradle.api.internal.tasks.execution.CleanupStaleOutputsExecuter.execute(CleanupStaleOutputsExecuter.java:87)
        at org.gradle.api.internal.tasks.execution.ResolveTaskArtifactStateTaskExecuter.execute(ResolveTaskArtifactStateTaskExecuter.java:52)
        at org.gradle.api.internal.tasks.execution.SkipTaskWithNoActionsExecuter.execute(SkipTaskWithNoActionsExecuter.java:52)
        at org.gradle.api.internal.tasks.execution.SkipOnlyIfTaskExecuter.execute(SkipOnlyIfTaskExecuter.java:54)
        at org.gradle.api.internal.tasks.execution.ExecuteAtMostOnceTaskExecuter.execute(ExecuteAtMostOnceTaskExecuter.java:43)
        at org.gradle.api.internal.tasks.execution.CatchExceptionTaskExecuter.execute(CatchExceptionTaskExecuter.java:34)
        at org.gradle.execution.taskgraph.DefaultTaskGraphExecuter$EventFiringTaskWorker$1.run(DefaultTaskGraphExecuter.java:248)
        at org.gradle.internal.progress.DefaultBuildOperationExecutor$RunnableBuildOperationWorker.execute(DefaultBuildOperationExecutor.java:336)
        at org.gradle.internal.progress.DefaultBuildOperationExecutor$RunnableBuildOperationWorker.execute(DefaultBuildOperationExecutor.java:328)
        at org.gradle.internal.progress.DefaultBuildOperationExecutor.execute(DefaultBuildOperationExecutor.java:199)
        at org.gradle.internal.progress.DefaultBuildOperationExecutor.run(DefaultBuildOperationExecutor.java:110)
        at org.gradle.execution.taskgraph.DefaultTaskGraphExecuter$EventFiringTaskWorker.execute(DefaultTaskGraphExecuter.java:241)
        at org.gradle.execution.taskgraph.DefaultTaskGraphExecuter$EventFiringTaskWorker.execute(DefaultTaskGraphExecuter.java:230)
        at org.gradle.execution.taskgraph.DefaultTaskPlanExecutor$TaskExecutorWorker.processTask(DefaultTaskPlanExecutor.java:123)
        at org.gradle.execution.taskgraph.DefaultTaskPlanExecutor$TaskExecutorWorker.access$200(DefaultTaskPlanExecutor.java:79)
        at org.gradle.execution.taskgraph.DefaultTaskPlanExecutor$TaskExecutorWorker$1.execute(DefaultTaskPlanExecutor.java:104)
        at org.gradle.execution.taskgraph.DefaultTaskPlanExecutor$TaskExecutorWorker$1.execute(DefaultTaskPlanExecutor.java:98)
        at org.gradle.execution.taskgraph.DefaultTaskExecutionPlan.execute(DefaultTaskExecutionPlan.java:626)
        at org.gradle.execution.taskgraph.DefaultTaskExecutionPlan.executeWithTask(DefaultTaskExecutionPlan.java:581)
        at org.gradle.execution.taskgraph.DefaultTaskPlanExecutor$TaskExecutorWorker.run(DefaultTaskPlanExecutor.java:98)
        at org.gradle.internal.concurrent.ExecutorPolicy$CatchAndRecordFailures.onExecute(ExecutorPolicy.java:63)
        at org.gradle.internal.concurrent.ManagedExecutorImpl$1.run(ManagedExecutorImpl.java:46)
        at org.gradle.internal.concurrent.ThreadFactoryImpl$ManagedThreadRunnable.run(ThreadFactoryImpl.java:55)
Caused by: org.gradle.api.internal.tasks.compile.CompilationFailedException: Compilation failed; see the compiler error output for details.
        at org.gradle.api.internal.tasks.compile.JdkJavaCompiler.execute(JdkJavaCompiler.java:50)
        at org.gradle.api.internal.tasks.compile.JdkJavaCompiler.execute(JdkJavaCompiler.java:35)
        at org.gradle.api.internal.tasks.compile.NormalizingJavaCompiler.delegateAndHandleErrors(NormalizingJavaCompiler.java:98)
        at org.gradle.api.internal.tasks.compile.NormalizingJavaCompiler.execute(NormalizingJavaCompiler.java:51)
        at org.gradle.api.internal.tasks.compile.NormalizingJavaCompiler.execute(NormalizingJavaCompiler.java:37)
        at org.gradle.api.internal.tasks.compile.CleaningJavaCompilerSupport.execute(CleaningJavaCompilerSupport.java:35)
        at org.gradle.api.internal.tasks.compile.CleaningJavaCompilerSupport.execute(CleaningJavaCompilerSupport.java:25)
        at org.gradle.api.tasks.compile.JavaCompile.performCompilation(JavaCompile.java:207)
        at org.gradle.api.tasks.compile.JavaCompile.compile(JavaCompile.java:192)
        at org.gradle.api.tasks.compile.JavaCompile.compile(JavaCompile.java:124)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at org.gradle.internal.reflect.JavaMethod.invoke(JavaMethod.java:73)
        at org.gradle.api.internal.project.taskfactory.IncrementalTaskAction.doExecute(IncrementalTaskAction.java:46)
        at org.gradle.api.internal.project.taskfactory.StandardTaskAction.execute(StandardTaskAction.java:39)
        at org.gradle.api.internal.project.taskfactory.StandardTaskAction.execute(StandardTaskAction.java:26)
        at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter$1.run(ExecuteActionsTaskExecuter.java:121)
        at org.gradle.internal.progress.DefaultBuildOperationExecutor$RunnableBuildOperationWorker.execute(DefaultBuildOperationExecutor.java:336)
        at org.gradle.internal.progress.DefaultBuildOperationExecutor$RunnableBuildOperationWorker.execute(DefaultBuildOperationExecutor.java:328)
        at org.gradle.internal.progress.DefaultBuildOperationExecutor.execute(DefaultBuildOperationExecutor.java:199)
        at org.gradle.internal.progress.DefaultBuildOperationExecutor.run(DefaultBuildOperationExecutor.java:110)
        at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.executeAction(ExecuteActionsTaskExecuter.java:110)
        at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.executeActions(ExecuteActionsTaskExecuter.java:92)
        ... 29 more


* Get more help at https://help.gradle.org

BUILD FAILED in 1s
1 actionable task: 1 executed

Handling of inherited interfaces

Here I will be using interfaces to refer to any inherited class of size 0 (or 1 in ghidra) which the __vmi_class_type_info struct defines as being located at offset 0.

Currently interfaces which the __vmi_class_type_info structure defines as being located at offset 0 are being appended to a union named "super_interfaces". It has come to my attention that the way this decompiles may be considered undefined behavior. I also just don't like it. I am looking for some suggestions on how to handle these cases and in the meantime I may go back to searching for the first inherited class declared to be at offset 0 which has a size > 1 and considering that to be the derived base which is actually located at offset 0. All others would be appended to a list in the description or in the comments of that field.

Class Analyzer Not Initialized in Auto Analysis

OS: Windows 64bit
Ghidra Version: 9.2_DEV (3c683ae770cf495deb32588202b00b88e125a4a4)
CPP_Class-Analyzer Version: 9.2_DEV (50e375d)

Describe the bug
Building the most recent version of Ghidra and this extension (50e375d) and running Auto Analysis doesn't produce any results in the ClassInfoType Tree - not even a DataType category to populate. This was tested with a random ELF binary, as well as several of the tests from https://github.com/astrelsky/InheritanceTests including some x86 files and mingw32-w64 files. I've got a script I use to build Ghidra and this extension attached below - this is run using the Git for Windows SDK. Flex and Bison are included with the SDK, and Gradle 5.6.3 was added manually.

To Reproduce
Steps to reproduce behavior:

  1. Build Ghidra
  2. Build Extension
  3. Install Extension
  4. Restart Ghidra
  5. Configure extension in Code Browser
  6. Restart Code Browser
  7. Try to decompile any executable (as far as I'm aware). Easy test is to try libstdc++.so.6.
  8. Check the ClassInfoType Tree Window - there isn't any category or anything

Expected Behavior
Using the 2.0-alpha.3 release of this extension with the most recent build of Ghidra, running the auto-analysis even with default settings results in a Data Type category with the name matching the name of the file being examined, and as the analysis continues it populates with class information. This doesn't happen in the most recent build.

Additional Information
Looking through the commits since the 2.0-alpha.3 it looks like there was quite a bit of refractoring with the extension classes. I'm going to create an actual dev environment with Eclipse to see if I can step through any of this to try and figure it out. I'm pretty bad at programming (as I'm sure will be evidenced by the batch script), and I honestly wouldn't be surprised to find out I'm building this wrong. Also running the "ClassReferences.java" script results in a Null Pointer error, and "ClassReferences.java" and "DynamicCaster.java" are the only scripts available in the CppClassAnalyzer folder.

buildGhidra.sh.txt:

#!/usr/bin/env bash

#various variables varying verily
echo -e "\e[1;42m Setting paths\e[0m"
GIT_PATH=/c/git-sdk-64
GRADLE_PATH=$GIT_PATH/gradle/bin
BISON_PATH=$HOME/Downloads/win_flex_bison-latest
FLEX_PATH=$HOME/Downloads/win_flex_bison-latest
export GHIDRA_INSTALL_DIR="$HOME/downloads/ghidra_9.2_DEV"

if ! hash gradle 2>/dev/null; then
	echo -e "\e[1;42m Adding gradle to PATH\e[0m"
	export PATH=$PATH:$GRADLE_PATH;
fi

if ! hash bison 2>/dev/null; then
	echo -e "\e[1;42m Adding bison to PATH\e[0m"
	export PATH=$PATH:$BISON_PATH;
fi

if ! hash flex 2>/dev/null; then 
	echo -e "\e[1;42m Adding flex to PATH\e[0m"
	export PATH=$PATH:$FLEX_PATH; 
fi

#remove directories for clean install
echo -e "\e[1;42m removing directories\e[0m"
rm -rf $HOME/.ghidra
rm -rf $GHIDRA_INSTALL_DIR
rm -rf $GIT_PATH/ghidra/.gradle
rm -rf $GIT_PATH/ghidra/ghidra
rm -rf $GIT_PATH/ghidra/Ghidra-Cpp-Class-Analyzer
rm -rf $LOCALAPPDATA/ghidra

#clone github repositories
echo -e "\e[1;42m cloning repositories\e[0m"
git clone https://github.com/NationalSecurityAgency/ghidra.git
git clone https://github.com/astrelsky/Ghidra-Cpp-Class-Analyzer.git

#build ghidra
cd ghidra
echo -e "\e[1;42m gradle build init\e[0m"
gradle --init-script gradle/support/fetchDependencies.gradle init
echo -e "\e[1;42m gradle build natives\e[0m"
gradle buildNatives_win64
echo "gradle sleigh compile"
gradle sleighCompile
echo -e "\e[1;42m gradle build ghidra\e[0m"
gradle buildGhidra


#unzip to downloads
#unfortunately this creates an annoying top level directory, so some weird cd and mv is needed
mkdir $GHIDRA_INSTALL_DIR
echo -e "\e[1;42m unzipping ghidra to downloads\e[0m"
unzip $GIT_PATH/ghidra/ghidra/build/dist/ghidra*.zip -d $GHIDRA_INSTALL_DIR
cd $GHIDRA_INSTALL_DIR
cd ghidra*
mv ./* ..
cd ../
rm -rf *_DEV
cd $GIT_PATH/ghidra

#build class analyzer
echo -e "\e[1;42m begin with CPP class analyzer project\e[0m"
cd Ghidra-Cpp-Class-Analyzer
echo -e "\e[1;42m build extension\e[0m"
gradle buildExtension

#copy extension to ghidra directory
echo -e "\e[1;42m copy extension to directory\e[0m"
cp dist/ghidra*.zip $GHIDRA_INSTALL_DIR/extensions/Ghidra/

Ghidra 10.1.4: "String index out of range: 0" when trying to analyze an executable

String index out of range: 0
java.lang.StringIndexOutOfBoundsException: String index out of range: 0
at java.base/java.lang.StringLatin1.charAt(StringLatin1.java:48)
at java.base/java.lang.String.charAt(String.java:711)
at mdemangler.MDMangGhidra.demangle(MDMangGhidra.java:58)
at ghidra.app.cmd.data.TypeDescriptorModel.getMDComplexType(TypeDescriptorModel.java:628)
at ghidra.app.cmd.data.TypeDescriptorModel.doGetTypeName(TypeDescriptorModel.java:445)
at ghidra.app.cmd.data.TypeDescriptorModel.checkTypeNameComponent(TypeDescriptorModel.java:159)
at ghidra.app.cmd.data.TypeDescriptorModel.validateModelSpecificInfo(TypeDescriptorModel.java:116)
at ghidra.app.cmd.data.AbstractCreateDataTypeModel.validate(AbstractCreateDataTypeModel.java:270)
at ghidra.app.cmd.data.AbstractCreateDataTypeModel.isValid(AbstractCreateDataTypeModel.java:399)
at ghidra.app.cmd.data.AbstractCreateDataTypeModel.checkValidity(AbstractCreateDataTypeModel.java:371)
at ghidra.app.cmd.data.TypeDescriptorModel.getTypeName(TypeDescriptorModel.java:410)
at ghidra.app.cmd.data.TypeDescriptorModel.hasComplexType(TypeDescriptorModel.java:455)
at ghidra.app.cmd.data.TypeDescriptorModel.getRefType(TypeDescriptorModel.java:479)
at cppclassanalyzer.analysis.vs.VsCppClassAnalyzer$DescriptorProcessor.process(VsCppClassAnalyzer.java:187)
at cppclassanalyzer.analysis.vs.VsCppClassAnalyzer.buildClassTypeInfoDatabase(VsCppClassAnalyzer.java:132)
at cppclassanalyzer.analysis.vs.VsCppClassAnalyzer.added(VsCppClassAnalyzer.java:71)
at ghidra.app.plugin.core.analysis.AnalysisScheduler.runAnalyzer(AnalysisScheduler.java:186)
at ghidra.app.plugin.core.analysis.AnalysisTask.applyTo(AnalysisTask.java:39)
at ghidra.app.plugin.core.analysis.AutoAnalysisManager$AnalysisTaskWrapper.run(AutoAnalysisManager.java:688)
at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:788)
at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:667)
at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:632)
at ghidra.app.plugin.core.analysis.AnalysisBackgroundCommand.applyTo(AnalysisBackgroundCommand.java:58)
at ghidra.app.plugin.core.analysis.AnalyzeAllOpenProgramsTask$MyAnalysisBackgroundCommand.applyTo(AnalyzeAllOpenProgramsTask.java:372)
at ghidra.framework.plugintool.mgr.BackgroundCommandTask.run(BackgroundCommandTask.java:102)
at ghidra.framework.plugintool.mgr.ToolTaskManager.run(ToolTaskManager.java:319)
at java.base/java.lang.Thread.run(Thread.java:831)

Build Date: 2022-May-19 0956 EDT
Ghidra Version: 10.1.4
Java Home: C:\Program Files\Java\jdk-16.0.2
JVM Version: Oracle Corporation 16.0.2
OS: Windows 10 10.0 amd64
Workstation: DESKTOP-CI9AUNU

Vtable analysis doesn't seem to work on VC++ binaries

Given the following program:

struct Bar {
        virtual int a(int x) = 0;
        virtual int b(double x, double y) = 0;
        virtual int get() = 0;
};

struct Foo : public Bar {
        int a(int ax) override {
                x = ax;
                return x;
        }
        int b(double ax, double ay) override {
                x = ax;
                y = ay;
                return y;
        }
        virtual int get() {
                return y;
        }
        int x;
        int y;
};

int main() {
        Bar* b = new Foo;
        b->a(4);
        b->b(6, 7);
        return b->get();
}

Foo and Bar don't seem to show up in the ClassTypeInfo Tree.

Compile issues with Ghidra 9.1.2

When compiling the extension several issues were found:

  • no definitio/import for TYPEINFO_STRIPPER
  • no definitio/import for NamespaceUtils
/home/foobar/TOOLS/GHIDRDA/Ghidra-Cpp-Class-Analyzer/src/main/java/ghidra/app/cmd/data/rtti/gcc/TypeInfoUtils.java:272: error: cannot find symbol
                        Matcher matcher = TYPEINFO_STRIPPER.matcher(demangled.getSignature());
                        ^
  symbol:   class Matcher
  location: class TypeInfoUtils
/home/foobar/TOOLS/GHIDRDA/Ghidra-Cpp-Class-Analyzer/src/main/java/ghidra/app/cmd/data/rtti/gcc/TypeInfoUtils.java:272: error: cannot find symbol
                        Matcher matcher = TYPEINFO_STRIPPER.matcher(demangled.getSignature());
                                          ^
  symbol:   variable TYPEINFO_STRIPPER
  location: class TypeInfoUtils
/home/foobar/TOOLS/GHIDRDA/Ghidra-Cpp-Class-Analyzer/src/main/java/ghidra/app/cmd/data/rtti/gcc/TypeInfoUtils.java:272: error: method getSignature in class DemangledObject cannot be applied to given types;
                        Matcher matcher = TYPEINFO_STRIPPER.matcher(demangled.getSignature());
                                                                             ^
  required: boolean
  found: no arguments
  reason: actual and formal argument lists differ in length
/home/foobar/TOOLS/GHIDRDA/Ghidra-Cpp-Class-Analyzer/src/main/java/ghidra/app/cmd/data/rtti/gcc/TypeInfoUtils.java:280: error: cannot find symbol
                                                matcher.group(1), null, program, SourceType.ANALYSIS);
                                                                                 ^
  symbol:   variable SourceType
  location: class TypeInfoUtils
/home/foobar/TOOLS/GHIDRDA/Ghidra-Cpp-Class-Analyzer/src/main/java/ghidra/app/cmd/data/rtti/gcc/TypeInfoUtils.java:279: error: cannot find symbol
                                        Namespace ns = NamespaceUtils.createNamespaceHierarchy(
                                                       ^
  symbol:   variable NamespaceUtils
  location: class TypeInfoUtils
/home/foobar/TOOLS/GHIDRDA/Ghidra-Cpp-Class-Analyzer/src/main/java/ghidra/app/cmd/data/rtti/gcc/TypeInfoUtils.java:285: error: cannot find symbol
                                } catch (InvalidInputException e) {
                                         ^
  symbol:   class InvalidInputException
  location: class TypeInfoUtils
/home/foobar/TOOLS/GHIDRDA/Ghidra-Cpp-Class-Analyzer/src/main/java/ghidra/app/cmd/data/rtti/gcc/TypeInfoUtils.java:287: error: cannot find symbol
                                        throw new AssertException(e);
                                                  ^
  symbol:   class AssertException
  location: class TypeInfoUtils
7 errors

Vftables overflow into other type_info structures

Mainly occurs due to the bad _vptr references into the <EXTERNAL> section. Could solve by either checking if an entry is contained within existing, well defined, data starting at that address or by checking if the entry address is a known type_info address.

ArithmeticException: / by zero

I'm running into an exception during analysis with ghidra 9.1:

java.lang.ArithmeticException: / by zero
	at ghidra.program.util.ProgramMemoryUtil.findBytePattern(ProgramMemoryUtil.java:653)
	at ghidra.program.util.ProgramMemoryUtil.findImageBaseOffsets32(ProgramMemoryUtil.java:615)
	at ghidra.app.plugin.prototype.CppCodeAnalyzerPlugin.wrappers.RttiModelWrapper.getRtti3Model(RttiModelWrapper.java:187)
	at ghidra.app.plugin.prototype.CppCodeAnalyzerPlugin.wrappers.RttiModelWrapper.<init>(RttiModelWrapper.java:126)
	at ghidra.app.plugin.prototype.CppCodeAnalyzerPlugin.wrappers.RttiModelWrapper.getWrapper(RttiModelWrapper.java:115)
	at ghidra.app.plugin.prototype.CppCodeAnalyzerPlugin.windows.WindowsCppClassAnalyzer.getClassTypeInfoList(WindowsCppClassAnalyzer.java:97)
	at ghidra.app.plugin.prototype.CppCodeAnalyzerPlugin.windows.WindowsCppClassAnalyzer.getClassTypeInfoList(WindowsCppClassAnalyzer.java:115)
	at ghidra.app.plugin.prototype.CppCodeAnalyzerPlugin.AbstractCppClassAnalyzer.added(AbstractCppClassAnalyzer.java:98)
	at ghidra.app.plugin.core.analysis.AnalysisScheduler.runAnalyzer(AnalysisScheduler.java:185)
	at ghidra.app.plugin.core.analysis.AnalysisTask.applyTo(AnalysisTask.java:39)
	at ghidra.app.plugin.core.analysis.AutoAnalysisManager$AnalysisTaskWrapper.run(AutoAnalysisManager.java:685)
	at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:785)
	at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:664)
	at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:629)
	at ghidra.app.plugin.core.analysis.AnalysisBackgroundCommand.applyTo(AnalysisBackgroundCommand.java:62)
	at ghidra.framework.plugintool.mgr.BackgroundCommandTask.run(BackgroundCommandTask.java:101)
	at ghidra.framework.plugintool.mgr.ToolTaskManager.run(ToolTaskManager.java:315)
	at java.base/java.lang.Thread.run(Thread.java:834)

---------------------------------------------------
Build Date: 2019-Oct-23 1737 EDT
Ghidra Version: 9.1
Java Home: /nix/store/y800x6fvshyj0qb5bdk5adc8d8cgfprq-openjdk-11.0.6-ga/lib/openjdk
JVM Version: Oracle Corporation 11.0.6-internal
OS: Linux 4.19.80 amd64
Workstation: nixos

Duplicated data types with GNU Demangler

Hi @astrelsky!

Thanks a lot for your work on this project. It's very helpful.

I am somewhat new to Ghidra and RE in general, but I seem to have gotten myself into a odd situation. I seem to have duplicate data types for each class recognized by this analyzer and what I'm guessing is the GNU Demangler analyzer.

Perhaps I should have disabled that analysis, and used this one only?

Any tips for deduplicating? It seems that some of the disassembled functions use the Demangler types, while others use those from RTTI.

Thanks!

Plugin: ClassTypeInfoManager name collision

Opening two programs with the same name in the code browser will cause the same ClassTypeInfoManager to be used because the program name is used as a key. The full path in the Ghidra project for the program should be used instead.

InvalidDataTypeException when parsing std classes

I try to analyze a VS C++ binary with Windows C++ Class Analyzer and get this exception:

ghidra.program.model.data.InvalidDataTypeException: Invalid ClassTypeInfo
	at ghidra.app.plugin.prototype.CppCodeAnalyzerPlugin.wrappers.RttiModelWrapper.validate(RttiModelWrapper.java:154)
	at ghidra.app.plugin.prototype.CppCodeAnalyzerPlugin.wrappers.RttiModelWrapper.getParentModels(RttiModelWrapper.java:222)
	at ghidra.app.cmd.data.rtti.gcc.ClassTypeInfoUtils.sortByMostDerived(ClassTypeInfoUtils.java:328)
	at ghidra.app.plugin.prototype.CppCodeAnalyzerPlugin.AbstractCppClassAnalyzer.analyzeVftables(AbstractCppClassAnalyzer.java:298)
	at ghidra.app.plugin.prototype.CppCodeAnalyzerPlugin.windows.WindowsCppClassAnalyzer.analyzeVftables(WindowsCppClassAnalyzer.java:99)
	at ghidra.app.plugin.prototype.CppCodeAnalyzerPlugin.AbstractCppClassAnalyzer.added(AbstractCppClassAnalyzer.java:102)
	at ghidra.app.plugin.core.analysis.OneShotAnalysisCommand.applyTo(OneShotAnalysisCommand.java:47)
	at ghidra.app.plugin.core.analysis.AutoAnalysisManager$AnalysisTaskWrapper.run(AutoAnalysisManager.java:685)
	at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:785)
	at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:664)
	at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:629)
	at ghidra.app.plugin.core.analysis.AnalysisBackgroundCommand.applyTo(AnalysisBackgroundCommand.java:62)
	at ghidra.framework.plugintool.mgr.BackgroundCommandTask.run(BackgroundCommandTask.java:101)
	at ghidra.framework.plugintool.mgr.ToolTaskManager.run(ToolTaskManager.java:315)
	at java.base/java.lang.Thread.run(Thread.java:834)

The exception is generated by the extension, so this should be some valid signaling, not some programming error. Although all members of the RttiModelWrapper object are null (so the causing program structures are not easy to identify), this problem can be in connection with previous "Input model invalid" messages generated by the RttiModelWrapper constructor when parsing std::basic_ifstream and std::basic_ofstream class information.

I assume this can be handled by catching the exception in the calling function (getParentModels()) but I'm not yet familiar with the code so I wouldn't immediately create a PR for this.

cannot find my sample classes

I compiled the following code with g++

#include <iostream> 
using namespace std;
class Student {
public:
	  int id;
	  string name;
};
int main() {
	Student s1;
	s1.id = 201;
	s1.name = "wellcome";
	cout<<s1.id<<endl;
	cout<<s1.name<<endl;
	return 0;
}

Here's g++ version

g++ --version
g++ (Ubuntu 10.3.0-1ubuntu1) 10.3.0

When I analyzed it with ghidra-cpp-class-analyzer, nothing was detected.
would you help me findout whats going on?

NullPointerException in VmiClassTypeInfoModel 

2020-04-12	16:52:29	ERROR	(MessageLog) Exception appended to MessageLog java.lang.NullPointerException
			at ghidra.app.cmd.data.rtti.gcc.typeinfo.VmiClassTypeInfoModel.getVirtualParents(VmiClassTypeInfoModel.java:174)
			at ghidra.app.cmd.data.rtti.gcc.typeinfo.AbstractSiClassTypeInfoModel.getVirtualParents(AbstractSiClassTypeInfoModel.java:88)
			at ghidra.app.cmd.data.rtti.gcc.typeinfo.SiClassTypeInfoModel.getVirtualParents(SiClassTypeInfoModel.java:14)
			at ghidra.app.cmd.data.rtti.gcc.VtableModel.setupVtablePrefixes(VtableModel.java:252)
			at ghidra.app.cmd.data.rtti.gcc.VtableModel.<init>(VtableModel.java:103)
			at ghidra.app.cmd.data.rtti.gcc.VtableModel.<init>(VtableModel.java:71)
			at ghidra.app.cmd.data.rtti.gcc.ClassTypeInfoUtils.getValidVtable(ClassTypeInfoUtils.java:142)
			at ghidra.app.cmd.data.rtti.gcc.ClassTypeInfoUtils.findVtable(ClassTypeInfoUtils.java:105)
			at ghidra.app.cmd.data.rtti.gcc.typeinfo.AbstractClassTypeInfoModel.getVtable(AbstractClassTypeInfoModel.java:77)
			at ghidra.app.cmd.data.rtti.gcc.typeinfo.SiClassTypeInfoModel.getVtable(SiClassTypeInfoModel.java:14)
			at ghidra.app.cmd.data.rtti.gcc.typeinfo.AbstractClassTypeInfoModel.getVtable(AbstractClassTypeInfoModel.java:31)
			at ghidra.app.cmd.data.rtti.ClassTypeInfo.getVtable(ClassTypeInfo.java:68)
			at ghidra.app.plugin.prototype.CppCodeAnalyzerPlugin.AbstractCppClassAnalyzer.setupVftables(AbstractCppClassAnalyzer.java:136)
			at ghidra.app.plugin.prototype.CppCodeAnalyzerPlugin.AbstractCppClassAnalyzer.added(AbstractCppClassAnalyzer.java:104)
			at ghidra.app.plugin.core.analysis.AnalysisScheduler.runAnalyzer(AnalysisScheduler.java:190)
			at ghidra.app.plugin.core.analysis.AnalysisTask.applyTo(AnalysisTask.java:39)
			at ghidra.app.plugin.core.analysis.AutoAnalysisManager$AnalysisTaskWrapper.run(AutoAnalysisManager.java:685)
			at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:785)
			at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:664)
			at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:629)
			at ghidra.app.plugin.core.analysis.AnalysisBackgroundCommand.applyTo(AnalysisBackgroundCommand.java:58)
			at ghidra.framework.plugintool.mgr.BackgroundCommandTask.run(BackgroundCommandTask.java:101)
			at ghidra.framework.plugintool.mgr.ToolTaskManager.run(ToolTaskManager.java:315)
			at java.base/java.lang.Thread.run(Thread.java:830)

Extension doesn't appear in the Experimental Plugin List

I'm using Ghidra 10.1.3 and I successfully installed the most recent version of Ghidra-Cpp-Class-Analyzer.

I have done the following:

  • I checked that it shows up in "Install Extensions..."
  • I checked that it's in the Extensions folder and has the name "Ghidra-Cpp-Class-Analyzer" (which should avoid something like #44)
  • The directory that it lists for the extension in "Install Extensions..." is correct
  • I tried uninstalling and reinstalling
  • I have quit and reopened Ghidra a number of times
  • I have made sure to open the plugin configure window from the code editor.

One thing to note is that I did have to add a gradle.properties to fix a problem I was having with Java, and I did have to edit extension.properties to set the version number to 10.1.3 manually, but I don't see how that could cause a problem here.

Can't compile with Ghidra 9.1.2

Sorry for opening one of "those" issues, but it seems the current experimental branch cannot be compiled against 9.1.2?

This is what I'm getting (only the beginning, since it's very long):

src/main/java/ghidra/app/cmd/data/rtti/gcc/UnresolvedClassTypeInfoException.java:3: error: cannot find symbol
import ghidra.app.util.demangler.Demangled;
                                ^
  symbol:   class Demangled
  location: package ghidra.app.util.demangler
src/main/java/cppclassanalyzer/data/typeinfo/ArchivedClassTypeInfo.java:20: error: cannot find symbol
import ghidra.app.util.demangler.Demangled;
                                ^
  symbol:   class Demangled
  location: package ghidra.app.util.demangler
src/main/java/cppclassanalyzer/data/typeinfo/ArchivedClassTypeInfo.java:69: error: cannot find symbol
        private final Demangled demangled;
                      ^
  symbol:   class Demangled
  location: class ArchivedClassTypeInfo
src/main/java/cppclassanalyzer/data/typeinfo/ArchivedClassTypeInfo.java:152: error: cannot find symbol
        private static Demangled doDemangle(String symbolName) {
                       ^
  symbol:   class Demangled
  location: class ArchivedClassTypeInfo

...

I've run it against a freshly downloaded copy of Ghidra, and I'm using Gradle 6.4 with Java 11 on macOS.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.