Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FunctionID: Add Rust and Swift demanglers to headless Prescript #7429

Merged
merged 1 commit into from
Feb 7, 2025
Merged

FunctionID: Add Rust and Swift demanglers to headless Prescript #7429

merged 1 commit into from
Feb 7, 2025

Conversation

boppitybop
Copy link

@boppitybop boppitybop commented Jan 31, 2025
edited
Loading

Overview

Update FunctionIDHeadlessPrescript to include Rust and Swift demanglers for function ID generation.

Testing

When used with Headless Analyzer, the Rust Demangler no longer is used
image

@gemesa
Copy link
Contributor

gemesa commented Jan 31, 2025

This is such a good change and it solves the namespace stripping problem (at least in case of Rust and Swift binaries). Unfortunately @boppitybop did not explain why but I will do it instead.

When you create a project, import the binaries and analyze them using the proper FID scripts (FunctionIDHeadlessPrescript.java and FunctionIDHeadlessPostscript.java):

$ ./support/analyzeHeadless /home/gemesa/git-repos/my-projects rust-fid -import /home/gemesa/git-repos/tmp/rust-fid/rustc-1.84.0 -recursive -scriptPath /home/gemesa/git-repos/ghidra/Ghidra/Features/FunctionID/ghidra_scripts -preScript FunctionIDHeadlessPrescript.java -postScript FunctionIDHeadlessPostscript.java -overwrite

And create and add an empty FID database (CreateEmptyFidDatabase.java), populate it (CreateMultipleLibraries.java) then list its content (ListFunctions.java):

$ ./support/analyzeHeadless /home/gemesa/git-repos/my-projects rust-fid -propertiesPath /home/gemesa/git-repos/my-projects -scriptPath /home/gemesa/git-repos/ghidra/Ghidra/Features/FunctionID/ghidra_scripts -preScript CreateEmptyFidDatabase.java rust.fidb -postScript CreateMultipleLibraries.java -postScript ListFunctions.java

Then you can see that the namespaces are stripped currently.

$ head -n 10 rust-demangler-enabled.txt 
/rustc-1.84.0/testbin/1.0.0/x64-release-build/rust-rayon steal
/rustc-1.84.0/testbin/1.0.0/x64-release-build/rust-rayon parse_attribute
/rustc-1.84.0/testbin/1.0.0/x64-release-build/rust-rayon rust_panic
/rustc-1.84.0/testbin/1.0.0/x64-release-build/rust-rayon _{{closure}}
/rustc-1.84.0/testbin/1.0.0/x64-release-build/rust-rayon borrow
/rustc-1.84.0/testbin/1.0.0/x64-release-build/rust-rayon rust_begin_unwind
/rustc-1.84.0/testbin/1.0.0/x64-release-build/rust-rayon drop_in_place<core::cell::UnsafeCell<rayon_core::job::JobResult<()>>>
/rustc-1.84.0/testbin/1.0.0/x64-release-build/rust-rayon field
/rustc-1.84.0/testbin/1.0.0/x64-release-build/rust-rayon try_allocate_in
/rustc-1.84.0/testbin/1.0.0/x64-release-build/rust-rayon take_box

After attaching the generated FID DB by Tools --> Function ID --> Attach existing FidDb..., then running Analysis --> One Shot --> Function ID and Analysis --> One Shot --> Demangler Rust:

image

With the changes proposed in this PR the problem is solved:

$ head -n 10 rust-demangler-disabled.txt
/rustc-1.84.0/testbin/1.0.0/x64-release-build/rust-rayon _ZN15crossbeam_deque5deque16Stealer$LT$T$GT$5steal17h9c629289f0beffd0E
/rustc-1.84.0/testbin/1.0.0/x64-release-build/rust-rayon _ZN5gimli4read4unit15parse_attribute17h1da4bb98b37d3f93E
/rustc-1.84.0/testbin/1.0.0/x64-release-build/rust-rayon rust_panic
/rustc-1.84.0/testbin/1.0.0/x64-release-build/rust-rayon _ZN3std3sys9backtrace10_print_fmt28_$u7b$$u7b$closure$u7d$$u7d$17ha9efe81ac091646cE
/rustc-1.84.0/testbin/1.0.0/x64-release-build/rust-rayon _ZN9addr2line4line9LazyLines6borrow17hc400e1c62cd68850E
/rustc-1.84.0/testbin/1.0.0/x64-release-build/rust-rayon rust_begin_unwind
/rustc-1.84.0/testbin/1.0.0/x64-release-build/rust-rayon _ZN4core3ptr93drop_in_place$LT$core..cell..UnsafeCell$LT$rayon_core..job..JobResult$LT$$LP$$RP$$GT$$GT$$GT$17h43bdc1fa176c2f6eE
/rustc-1.84.0/testbin/1.0.0/x64-release-build/rust-rayon _ZN4core3fmt8builders11DebugStruct5field17h5de0c9d5a4ec29cbE
/rustc-1.84.0/testbin/1.0.0/x64-release-build/rust-rayon _ZN5alloc7raw_vec20RawVecInner$LT$A$GT$15try_allocate_in17h82d702159c265b6cE
/rustc-1.84.0/testbin/1.0.0/x64-release-build/rust-rayon _ZN102_$LT$std..panicking..begin_panic_handler..FormatStringPayload$u20$as$u20$core..panic..PanicPayload$GT$8take_box17h6de2b2f0c523c920E

After attaching the generated FID DB by Tools --> Function ID --> Attach existing FidDb..., then running Analysis --> One Shot --> Function ID and Analysis --> One Shot --> Demangler Rust:

image

@gemesa
Copy link
Contributor

gemesa commented Jan 31, 2025
edited
Loading

This PR makes the headless scripting part of #7228 obsolete for Rust and Swift binaries.

@ryanmkurtz ryanmkurtz self-assigned this Feb 3, 2025
@ryanmkurtz ryanmkurtz added Status: Prioritize This is currently being prioritized Status: Internal This is being tracked internally by the Ghidra team and removed Status: Prioritize This is currently being prioritized labels Feb 3, 2025
@ryanmkurtz ryanmkurtz added this to the 11.4 milestone Feb 6, 2025
@ryanmkurtz ryanmkurtz merged commit 41fc219 into NationalSecurityAgency:master Feb 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@ryanmkurtz ryanmkurtz

Labels
Status: Internal This is being tracked internally by the Ghidra team
Projects
None yet
Milestone
11.4
Development

Successfully merging this pull request may close these issues.
3 participants
@boppitybop @gemesa @ryanmkurtz