From 255b8e5fc6e7dd2bf1f455addd49df9c39db90fb Mon Sep 17 00:00:00 2001 From: James Chambers Date: Tue, 5 Mar 2024 15:11:29 -0500 Subject: [PATCH] handle VARIABLE varnode in GoFuncCallStrings --- ghidra_scripts/GoFuncCallStrings.java | 4 +++- src/main/java/ghostrings/PcodeUtil.java | 10 +++++++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/ghidra_scripts/GoFuncCallStrings.java b/ghidra_scripts/GoFuncCallStrings.java index 79c7ed8..e61f9e1 100644 --- a/ghidra_scripts/GoFuncCallStrings.java +++ b/ghidra_scripts/GoFuncCallStrings.java @@ -82,7 +82,9 @@ protected List callParamsCheck(PcodeOpAST pcodeOpAST) { addrCandidates.addAll(addrs.stream() .map(addr -> new AddressCandidate(addr, 0xdeadbeef, pcodeOpAST)) .collect(Collectors.toList())); - continue; + constants.removeAll(addrs.stream() + .map(addr -> addr.getOffset()) + .collect(Collectors.toList())); } List lens = filterLengthConstants(constants); diff --git a/src/main/java/ghostrings/PcodeUtil.java b/src/main/java/ghostrings/PcodeUtil.java index 40a710a..0c64a1b 100644 --- a/src/main/java/ghostrings/PcodeUtil.java +++ b/src/main/java/ghostrings/PcodeUtil.java @@ -234,12 +234,12 @@ private static List getConstantInputs(FlatProgramAPI programAPI, Varnode v return results; } + PcodeOp def = varnode.getDef(); + if (varnode.isConstant()) { results.add(varnode.getOffset()); - } else if (varnode.isRegister() && varnode.getDef() != null) { + } else if (varnode.isRegister() && def != null) { // Register may hold a constant - PcodeOp def = varnode.getDef(); - switch (def.getOpcode()) { case PcodeOp.LOAD: // Check for LOAD op that loaded a constant into the register, @@ -276,6 +276,10 @@ private static List getConstantInputs(FlatProgramAPI programAPI, Varnode v } break; } + } else if (def != null && def.getOpcode() == PcodeOp.PIECE) { + for (Varnode pieceInput: def.getInputs()) { + results.addAll(getConstantInputs(programAPI, pieceInput, depth + 1)); + } } return results;