12212156 code reverse engineering project in Ghidra

[jonofmac]

Awesome to see you were posting on here. I stumbled across your request on Ghidra for adding CPU32 support and pointed NSFW towards it too. I was playing with your SLEIGH file for cpu32 and didn't have much luck myself getting it to compile. It would be extremely helpful to get this working with us.

NSFW, I'll take a look at your powershell scripts. I'm not familiar with powershell but I'm a big linux user, hopefully can figure some of it out, but I've never used IDA PRO lol

Is there a reason you chose powershell over a platform agnostic scripting language?

[jonofmac]

Few things:
1) All my XDFs seem to be encrypted, opening them in a text viewer shows nothing but gibberish.

2) I'm not sure how to export a label list from Ghidra so that I can see the syntax of the file. Not even sure what they call that file at all... I can handle creating a script to port between idc and whatever ghidra uses. Just need to figure out how to export my list of labels I've done on my own decompiling....

However, with some searching, I stumbled across what looks like someone has already done the work: https://gist.github.com/hax0kartik/e...534aa8de84817c


If you go to Window -> Script Manager -> ImportSymbolsScript.py, it looks like it'll import a text file in the format for:
"SYMBOLNAME 0xADDRESS" where each line is a different symbol. Not sure about labeling functions, but I guess we're really just looking for labeling certain labels. Weird that I can't define a type...


EDIT:

I apologize for the rubber ducky debugging I do, but I figure some of it might help.
I figured out how to export symbols in Ghidra.
Window -> Symbol Table (Command-T is the short cut)
Select the symbols you want to export, right click, and select export -> CSV file

[NSFW]

Is there a reason you chose powershell over a platform agnostic scripting language?

I don't understand the question. :)

https://docs.microsoft.com/en-us/pow...w=powershell-7

Also, it's just what I'm familiar with. And it has pretty good support for XML, so parsing XDFs was easy.

[jonofmac]

I don't understand the question. :)

https://docs.microsoft.com/en-us/pow...w=powershell-7

Also, it's just what I'm familiar with. And it has pretty good support for XML, so parsing XDFs was easy.

I did not realize it was ported to Linux. Never used it on anything but Windows.

Also as a note, I'm jlvaldez over on pcmhacking, didn't keep my names the same. I'd change them to be consistent if it were possible lol.

Anyway, I started writing a new script for Ghidra to import the .csv files that it exports symbols in. No idea why it cannot import its own exports out of the box... Anyway, it's not complete, not close to complete, but I got to call it a night and figured it'll get someone going.

The path to install it is <Ghidra_root>/Features/Python/ghidra_scripts/

Then go to Window -> Script Manager, select "ImportSymbolsCSV.py" and run it, select a .csv file (I zipped an example .csv file that has 2 symbols for some P59 OS I have). It successfully adds the symbols and changes the data type. This may be something I should get up on some GitHub repository..

Here's the API I was referring to. Apparently the python interpreter implements jython as well so the APIs are visible to python. Kinda cool.
From some comments I found on GitHub, FlatProgramAPI and GhidraScript are the two classes that get imported automatically. Seems to be an early python implementation too. Python 2.7ish? 3+ syntax is not working for it.

https://ghidra.re/ghidra_docs/api/gh...rogramAPI.html

[NSFW]

This script will produce a CSV file with all of the names and addresses from an XDF.

[NSFW]

This script, with this PidList.txt file, will generate labels for the functions that get the values of all of the pids. I've also included output for the '2156 bin file that I have, however I'm not sure I used the right number of parameters when I ran the script.

I ran it like this:

.\Generate-PidLabels.ps1 -Path .\12212156.bin -TableAddress 1F64 -ParameterCount 308 > pidlabels.csv