handle VARIABLE varnode in GoFuncCallStrings

nccgroup · Mar 5, 2024 · 255b8e5 · 255b8e5
1 parent eec9708
commit 255b8e5
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 4 deletions.
diff --git a/ghidra_scripts/GoFuncCallStrings.java b/ghidra_scripts/GoFuncCallStrings.java
@@ -82,7 +82,9 @@ protected List<CandidateGroup> callParamsCheck(PcodeOpAST pcodeOpAST) {
                 addrCandidates.addAll(addrs.stream()
                         .map(addr -> new AddressCandidate(addr, 0xdeadbeef, pcodeOpAST))
                         .collect(Collectors.toList()));
-                continue;
+                constants.removeAll(addrs.stream()
+                        .map(addr -> addr.getOffset())
+                        .collect(Collectors.toList()));
             }
 
             List<Integer> lens = filterLengthConstants(constants);

diff --git a/src/main/java/ghostrings/PcodeUtil.java b/src/main/java/ghostrings/PcodeUtil.java
@@ -234,12 +234,12 @@ private static List<Long> getConstantInputs(FlatProgramAPI programAPI, Varnode v
             return results;
         }
 
+        PcodeOp def = varnode.getDef();
+
         if (varnode.isConstant()) {
             results.add(varnode.getOffset());
-        } else if (varnode.isRegister() && varnode.getDef() != null) {
+        } else if (varnode.isRegister() && def != null) {
             // Register may hold a constant
-            PcodeOp def = varnode.getDef();
-
             switch (def.getOpcode()) {
             case PcodeOp.LOAD:
                 // Check for LOAD op that loaded a constant into the register,
@@ -276,6 +276,10 @@ private static List<Long> getConstantInputs(FlatProgramAPI programAPI, Varnode v
                 }
                 break;
             }
+        } else if (def != null && def.getOpcode() == PcodeOp.PIECE) {
+            for (Varnode pieceInput: def.getInputs()) {
+                results.addAll(getConstantInputs(programAPI, pieceInput, depth + 1));
+            }
         }
 
         return results;