How to build? about ghidra-cpp-class-analyzer HOT 7 CLOSED

Will do. In the meantime try running
gradle buildExtension
and let me know if it successfully builds.

from ghidra-cpp-class-analyzer.

Before I commit this to the readme if you may walk through this and provide some feedback it would be appreciated.

Building

Prior to building, the version number in extension.properties must be correctly
set to the target version of ghidra it is being built for.

• Ghidra_9.0.4: version=9.0.4
• Ghidra_9.1-BETA: version=9.1-BETA
• Ghidra_9.1-DEV: version=9.1

Once the version has been correctly set, run the following command in a terminal of your choice.

gradle buildExtension

Upon completion the output will be located in the dist folder.

Installation

Extract the archive to a destination folder of your choice.
Launch ghidra and from the project manager go to file->Install Extensions...
Click the + icon near the top right corner of the window.
Select the the path of the extracted Ghidra-Cpp-Class-Analyzer folder and select OK.
After restarting ghidra the plugin will be installed and ready for use.
You will know it has been successfully installed if the TypeInfo datatype appears within the BuiltInTypes datatype manager.

from ghidra-cpp-class-analyzer.

Thanks! It should also mention to set the GHIDRA_INSTALL_DIR environment variable (it's already printed very nicely but it should still be mentioned). The version thing is a bit weird because my build (2019-09-23) says "Version 9.1-BETA" and below that "Build DEV" so I'm not sure if I should use 9.1-BETA or 9.1 in the version field.

But in both cases, running env GHIDRA_INSTALL_DIR=/opt/ghidra gradle buildExtension leads to

> Task :compileJava FAILED
/tmp/Ghidra-Cpp-Class-Analyzer/src/main/java/ghidra/app/plugin/prototype/GccRttiAnalyzer.java:12: error: cannot access CancelOnlyWrappingTaskMonitor
import ghidra.util.task.CancelOnlyWrappingTaskMonitor;
                       ^
  bad class file: /opt/ghidra/Ghidra/Framework/Generic/lib/Generic.jar(ghidra/util/task/CancelOnlyWrappingTaskMonitor.class)
    class file has wrong version 55.0, should be 52.0
    Please remove or make sure it appears in the correct subdirectory of the classpath.

FAILURE: Build failed with an exception.

Because of this I can't follow the "Installation" section yet :)

from ghidra-cpp-class-analyzer.

After googling the issue quickly, I realized that this is because my default java is Java 8 but switching the default to Java 12 worked fine and it compiled. Now I'm hitting an issue that, because Ghidra is installed in /opt, I can't seem to install extensions:

Will continue tomorrow.

from ghidra-cpp-class-analyzer.

If you downloaded ghidra from ghidra-sre.org then it is Ghidra_9.1-BETA. Ghidra_9.1-DEV would be a current build of the Ghidra repo. Java 11 or later is one of ghidra's minimum requirement's

The Ghidra Extension Notes should help with the latest issue. It's basically going to have you install it manually.

The GHIDRA_INSTALL_DIR environment variable used to be part of setting up ghidra but this no longer appears to be the case since I can't find it in the instructions. I'll add it to the build instructions.

from ghidra-cpp-class-analyzer.

Java 11+ doesn't have to be the default because Ghidra automatically picks Java 11 or higher if the default is e.g. Java 8.

Installing the extension manually (into $GHIDRA_INSTALL_DIR/Ghidra/Extensions) worked fine and I now have the plugin enabled.

Also I've installed Ghidra with the package manager (using https://aur.archlinux.org/packages/ghidra-bin/) so that's why it's in a root-owned directory and I've never set GHIDRA_INSTALL_DIR or anything because the packaging script does everything for me.

As for usage, is it that you just analyze the project as normal (with the GCC C++ analyzers active)? There's also talk in the readme about

run the GccRtti analyzer and then run parse_vtable_db.py

from ghidra-cpp-class-analyzer.

Java 11+ doesn't have to be the default because Ghidra automatically picks Java 11 or higher if the default is e.g. Java 8.

Installing the extension manually (into $GHIDRA_INSTALL_DIR/Ghidra/Extensions) worked fine and I now have the plugin enabled.

Also I've installed Ghidra with the package manager (using https://aur.archlinux.org/packages/ghidra-bin/) so that's why it's in a root-owned directory and I've never set GHIDRA_INSTALL_DIR or anything because the packaging script does everything for me.

As for usage, is it that you just analyze the project as normal (with the GCC C++ analyzers active)? There's also talk in the readme about

run the GccRtti analyzer and then run parse_vtable_db.py

Yep. I recommend running the C++ Class Analyzer after running the parse_vtable_db.py script if your binary doesn't have symbols. This is to prevent the vtable structs from having the function definitions the default FUN_{address} instead of an actual name. You can find the 'db' json file in the data folder of a release. It isn't included in the repo because of size and the potential to change drastically.

There is only a json file for gcc as I am having problems with the large number of thunks in Visual Studio binaries that ghidra cannot properly detect. I need to setup some way of keeping track of the thunk depth.

If you run into any problems with the analyzers, which I'm sure you will, just raise an issue and I will look into it. This is the first thing I've ever programmed in Java so I still have much to learn. I also learned yesterday that the fill-classes option in the class analyzer currently doesn't work on architectures that have the this parameter in the stack (which means x86). I need to find a way to work that out.

I have attached the gcc_vtable_db.json file to the latest release separately so you don't need to download the binaries with it.

from ghidra-cpp-class-analyzer.