Ghidra_9.2_build

[Fernando Mercês]

Ghidra v9.2 (November 2020)

New Features

Graphing

• A new graph service and implementation was created. The graph service provides basic graphing capabilities. It was also used to generate several different types of graphs including code block graphs, call graphs, and AST graphs. In addition, an export graph service was created that supports various formats. (GP-211)
• PDB. Added a new, prototype, platform-independent PDB analyzer that processes and applies data types and symbols to a program from a raw (non-XML-converted) PDB file, allowing users to more easily take advantage of PDB information. (GT-3112)
• Processors. Added M8C SLEIGH processor specification. (GT-3052)
• Processors. Added support for the RISC-V processor. (GT-3389, Issue #932)
• Processors. Added support for the Motorola 6809 processor. (GT-3390, Issue #1201)
• Processors. Added CP1600-series processor support. (GT-3426, Issue #1383)
• Processors. Added V850 processor module. (GT-3523, Issue #1430)
• Improvements

Analysis

• Increased the speed of the Embedded Media Analyzer, which was especially poor for large programs, by doing better checking and reducing the number of passes over the program. (GT-3258)
• Analysis. Improved the performance of the RTTI analyzer. (GT-3341, Issue #10)
• Analysis. The handling of Exception records found in GCC-compiled binaries has been sped up dramatically. In addition, incorrect code disassembly has been corrected. (GT-3374)
• Analysis. Updated Auto-analysis to preserve work when encountering recoverable exceptions. (GT-3599)
• Analysis. Improved efficiency when creating or checking for functions and namespaces which overlap. (GP-21)
• Analysis. Added partial support of Clang for Windows. (GP-64)
• Analysis. RTTI structure processing speed has been improved with a faster technique for finding the root RTTI type descriptor. (GP-168, Issue #2075)
• API. The performance of adding large numbers of data types to the same category has been improved. (GT-3535)
• API. Added the BigIntegerNumberInputDialog that allows users to enter integer values larger than Integer.MAX_VALUE (2147483647). (GT-3607)
• API. Made JSON more available using GSON. (GP-89, Issue #1982)
• Basic Infrastructure. Introduced an extension point priority annotation so users can control extension point ordering. (GT-3350, Issue #1260)
• Basic Infrastructure. Changed file names in launch.bat to always run executables from System32. (GT-3614, Issue #1599)
• Basic Infrastructure. Unknown platforms now default to 64-bit. (GT-3615, Issue #1499)
• Basic Infrastructure. Updated sevenzipjbinding library to version 16.02-2.01. (GP-254)
• Build. Ghidra's native Windows binaries can now be built using Visual Studio 2019. (GT-3277, Issue #999)
• Build. Extension builds now exclude gradlew artifacts from zip file. (GT-3631, Issue #1763)
• Build. Reduced the number of duplicated help files among the build jar files. (GP-57, Issue #2144)
• Build. Git commit hash has been added to application.properties file for every build (not just releases). (GP-67)
• Contrib. Extensions are now installed to the user's settings directory, not the Ghidra installation directory. (GT-3639, Issue #1960)
• Data Types. Added mutability data settings (constant, volatile) for Enum datatype. (GT-3415)
• Data Types. Improved Structure Editor's Edit Component action to work on array pointers. (GP-205, Issue #1633)
• Decompiler. Added Secondary Highlights to the Decompiler. This feature allows the user to create a highlight for a token to show all occurrences of that token. Further, multiple secondary highlights are allowed at the same time, each using a unique color. See the Decompiler help for more information. (GT-3292, Issue #784)
• Decompiler. Added heuristics to the Decompiler to better distinguish whether a constant pointer refers to something in the CODE or DATA address space, for Harvard architectures. (GT-3468)
• Decompiler. Improved Decompiler analysis of local variables with small data types, eliminating unnecessary casts and mask operations. (GT-3525)
• Decompiler. Documentation for the Decompiler, accessible from within the Code Browser, has been rewritten and extended. (GP-166)
• Decompiler. The Decompiler can now display the namespace path (or part of it) of symbols it renders. With the default display configuration, the minimal number of path elements necessary are printed to fully resolve the symbol within the current scope. (GP-236)
• Decompiler. The Decompiler now respects the Charset and Translate settings for string literals it displays. (GP-237)
• Decompiler. The Decompiler's analysis of array accesses is much improved. It can detect more and varied access patterns produced by optimized code, even if the base offset is not contained in the array. Multi-dimensional arrays are detected as well. (GP-238, Issue #461, #1348)
• Decompiler. Extended the Decompiler's support for analyzing class methods. The class data type is propagated through the this pointer even in cases where the full prototype of the method is not known. The methods isThisPointer() and isHiddenReturn() are now populated in HighSymbol objects and are accessible in Ghidra scripts. (GP-239, Issue #2151)
• Decompiler. The Decompiler will now infer a string pointer from a constant that addresses the interior of a string, not just the beginning. (GP-240, Issue #1502)
• Decompiler. The Decompiler now always prints the full precision of floating-point values, using the minimal number of characters in either fixed point or scientific notation. (GP-241, Issue #778)
• Decompiler. The Decompiler's Auto Create Structure command now incorporates into new structures data-type information from function prototypes. The Auto Fill in Structure variant of the command will override undefined and other more general data-types with discovered data-types if they are more specific. (GP-242)
• Demangler. Modified Microsoft Demangler (MDMang) to handle symbols represented by MD5 hash codes when their normal mangled length exceeds 4096. (GT-3409, Issue #1344)
• Demangler. Upgraded the GNU Demangler to version 2.33.1. Added support for the now-deprecated GNU Demangler version 2.24 to be used as a fallback option for demangling. (GT-3481, Issue #1195, #1308, #1451, #1454)
• Demangler. The Demangler now more carefully applies information if generic changes have been made. Previously if the function signature had changed in any way from default, the demangler would not attempt to apply any information including the function name. (GP-12)
• Demangler. Changed MDMang so cast operator names are complete within the qualified function name, effecting what is available from internal API. (GP-13)
• Demangler. Added additional MDMang Extended Types such as char8_t, char16_t, and char32_t. (GP-14)
• Documentation. Removed Eclipse BuildShip instructions from the DevGuide. (GT-3634, Issue #1735)
• FID. Regenerated FunctionID databases. Added support for Visual Studio versions 2017 and 2019. (GP-170)
• Function Diff. Users may now add functions ad-hoc to existing function comparison panels. (GT-2229)
• Function Graph. Added Navigation History Tool option for Function Graph to signal it to produce fewer navigation history entries. (GT-3233, Issue #1115)
• GUI. Users can now view the Function Tag window to see all functions associated with a tag, without having to inspect the Listing. (GT-3054)
• GUI. Updated the Copy Special action to work on the current address when there is no selection. (GT-3155, Issue #1000)
• GUI. Significantly improved the performance of filtering trees in the Ghidra GUI. (GT-3225)
• GUI. Added many optimizations to increase the speed of table sorting and filtering. (GT-3226, Issue #500)
• GUI. Improved performance of bit view component recently introduced to Structure Editor. (GT-3244, Issue #1141)
• GUI. Updated usage of timestamps in the UI to be consistent. (GT-3286)
• GUI. Added tool actions for navigating to the next/previous functions in the navigation history. (GT-3291, Issue #475)
• GUI. Filtering now works on all tables in the Function Tag window. (GT-3329)
• GUI. Updated the Ghidra File Chooser so that users can type text into the list and table views in order to quickly jump to a desired file. (GT-3396)
• GUI. Improved the performance of the Defined Strings table. (GT-3414, Issue #1259)
• GUI. Updated Ghidra to allow users to set a key binding to perform an equivalent operation to double-clicking the XREF field in the Listing. See the Show Xrefs action in the Tool Options... Key Bindings section. (GT-3446)
• GUI. Improved mouse wheel scrolling in Listing and Byte Viewers. (GT-3473)
• GUI. Ghidra's action context mechanism was changed so that actions that modify the program are not accidentally invoked in the wrong context, thus possibly modifying the program in ways the user did not want or without the user knowing that it happened. This also fixed an issue where the navigation history drop-down menu did not represent the locations that would be used if the next/previous buttons were pressed. (GT-3485)
• GUI. Updated Ghidra tables to defer updating while analysis is running. (GT-3604)
• GUI. Updated Font Size options to allow the user to set any font size. (GT-3606, Issue #160, #1541)
• GUI. Added ability to overlay text on an icon. (GP-41)
• GUI. Updated Ghidra options to allow users to clear default key binding values. (GP-61, Issue #1681)
• GUI. ToggleDirectionAction button now shows in snapshot windows. (GP-93)
• GUI. Added a new action to the Symbol Tree to allow users to convert a Namespace to a Class. (GP-225, Issue #2301)
• Importer. Updated the XML Loader to parse symbol names for namespaces. (GT-3293)
• Importer:ELF. Added support for processing Android packed ELF Relocation Tables. (GT-3320, Issue #1192)
• Importer:ELF. Added ELF import opinion for ARM BE8. (GT-3642, Issue #1187)
• Importer:ELF. Added support for ELF RELR relocations, such as those produced for Android. (GP-348)
• Importer:MachO. DYLD Loader can now load x86_64 DYLD from macOS. (GT-3611, Issue #1566)
• Importer:PE. Improved parsing of Microsoft ordinal map files produced with DUMPBIN /EXPORTS (see Ghidra/Features/Base/data/symbols/README.txt). (GT-3235)
• Jython. Upgraded Jython to version 2.7.2. (GP-109)
• Listing. In the PCode field of the Listing, accesses of varnodes in the unique space are now always shown with the size of the access. Fixed bug which would cause the PCode emulator to reject valid pcode in rare instances. (GP-196)
• Listing:Data. Improved handling and display of character sequences embedded in operands or integer values. (GT-3347, Issue #1241)
• Multi-User:Ghidra Server. Added ability to specify initial Ghidra Server user password (-a0 mode only) for the svrAdmin add and reset commands. (GT-3640, Issue #321)
• Processors. Updated AVR8 ATmega256 processor model to reflect correct memory layout specification. (GT-933)
• Processors. Implemented semantics for vstmia/db vldmia/db, added missing instructions, and fixed shift value for several instructions for the ARM/Thumb NEON instruction set. (GT-2567)
• Processors. Added the XMEGA variant of the AVR8 processor with general purpose registers moved to a non-memory-mapped register space. (GT-2909)
• Processors. Added support for x86 SALC instruction. (GT-3367, Issue #1303)
• Processors. Implemented pcode for 6502 BRK instruction. (GT-3375, Issue #1049)
• Processors. Implemented x86 PTEST instruction. (GT-3380, Issue #1295)
• Processors. Added missing instructions to ARM language module. (GT-3394)
• Processors. Added support for RDRAND and RDSEED instructions to x86-32. (GT-3413)
• Processors. Improved x86 breakpoint disassembly. (GT-3421, Issue #872)
• Processors. Added manual index file for the M6809 processor. (GT-3449, Issue #1414)
• Processors. Corrected issues related to retained instruction context during a language upgrade. In some rare cases this retained context could interfere with the instruction re-disassembly. This context-clearing mechanism is controlled by a new pspec property: resetContextOnUpgrade. (GT-3531)
• Processors. Updated PIC24/PIC30 index file to match latest manual. Added support for dsPIC33C. (GT-3562)
• Processors. Added missing call-fixup to handle call side-effects for 32 bit gcc programs for get_pc_thunk.ax/si. (GP-10)
• Processors. Added ExitProcess to PEFunctionsThatDoNotReturn. (GP-35)
• Processors. External Disassembly field in the Listing now shows Thumb disassembly when appropriate TMode context has been established on a memory location. (GP-49)
• Processors. Changed RISC-V jump instructions to the more appropriate goto instead of call. (GP-54, Issue #2120)
• Processors. Updated AARCH64 to v8.5, including new MTE instructions. (GP-124)
• Processors. Added support for floating point params and return for SH4 processor calling conventions. (GP-183, Issue #2218)
• Processors. Added semantic support for many AARCH64 neon instructions. Addresses for register lanes are now precalculated, reducing the amount of p-code generated. (GP-343)
• Processors. Updated RISCV processor to include reorganization, new instructions, and fixes to several instructions. (GP-358, Issue #2333)
• Program API. Improved multi-threaded ProgramDB access performance. (GT-3262)
• Scripting. Improved ImportSymbolScript.py to import functions in addition to generic labels. (GT-3249, Issue #946)
• Scripting. Python scripts can now call protected methods from the GhidraScript API. (GT-3334, Issue #1250)
• Scripting. Updated scripting feature with better change detection, external jar dependencies, and modularity. (GP-4)
• Scripting. Updated the GhidraDev plugin (v2.1.1) to support Python Debugging when PyDev is installed via the Eclipse dropins directory. (GP-186, Issue #1922)
• Sleigh. Error messages produced by the SLEIGH compiler have been reformatted to be more consistent in layout as well as more descriptive and more consistent in providing line number information. (GT-3174)

Download