From 0f093bcc671812fd396d29783fb55cbf5ca38779 Mon Sep 17 00:00:00 2001 From: clearbluejar <3752074+clearbluejar@users.noreply.github.com> Date: Thu, 7 Sep 2023 21:25:13 +0000 Subject: [PATCH] move vt_session to new branch --- .vscode/tasks.json | 37 ------ ghidriff/__init__.py | 3 +- ghidriff/auto_version_tracking_diff.py | 174 ------------------------- ghidriff/correlators.py | 93 ------------- ghidriff/swing_classes.py | 104 --------------- ghidriff/version_tracking_diff.py | 2 +- ghidriff/vt_session.py | 58 --------- 7 files changed, 2 insertions(+), 469 deletions(-) delete mode 100644 .vscode/tasks.json delete mode 100644 ghidriff/auto_version_tracking_diff.py delete mode 100644 ghidriff/swing_classes.py delete mode 100644 ghidriff/vt_session.py diff --git a/.vscode/tasks.json b/.vscode/tasks.json deleted file mode 100644 index 3c7adec..0000000 --- a/.vscode/tasks.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - // See https://go.microsoft.com/fwlink/?LinkId=733558 - // for the documentation about the tasks.json format - "version": "2.0.0", - "tasks": [ - { - "label": "Run Current Python Script in Ghidra Jython", - "type": "shell", - "command": "${config:GHIDRA_HEADLESS}", - "args": [ - "${config:GHIDRA_PROJECTS_PATH}${pathSeparator}${config:PROJECT_NAME}", - "${config:PROJECT_NAME}", - "-postscript", - "${file}" - ], - "problemMatcher": [], - }, - { - "label": "Start ghidra-bridge RPC server", - "type": "shell", - "command": "${config:GHIDRA_HEADLESS}", - "args": [ - "${config:GHIDRA_PROJECTS_PATH}${pathSeparator}${config:PROJECT_NAME}", - "${config:PROJECT_NAME}", - "-scriptPath", - "${config:GHIDRA_BRIDGE_INSTALL_DIR}", - "-propertiesPath", - "${config:GHIDRA_BRIDGE_INSTALL_DIR}", - "-postscript", - "ghidra_bridge_server.py", - "ls" - ], - "problemMatcher": [], - }, - ], - -} \ No newline at end of file diff --git a/ghidriff/__init__.py b/ghidriff/__init__.py index d127d4f..efd6bd6 100644 --- a/ghidriff/__init__.py +++ b/ghidriff/__init__.py @@ -6,8 +6,7 @@ from .version_tracking_diff import VersionTrackingDiff from .simple_diff import SimpleDiff from .structural_graph_diff import StructualGraphDiff -from .auto_version_tracking_diff import AutoVersionTrackingDiff __all__ = [ - "GhidraDiffEngine", "SimpleDiff", "StructualGraphDiff", "VersionTrackingDiff", "AutoVersionTrackingDiff" + "GhidraDiffEngine", "SimpleDiff", "StructualGraphDiff", "VersionTrackingDiff" ] diff --git a/ghidriff/auto_version_tracking_diff.py b/ghidriff/auto_version_tracking_diff.py deleted file mode 100644 index 67871ed..0000000 --- a/ghidriff/auto_version_tracking_diff.py +++ /dev/null @@ -1,174 +0,0 @@ - -from collections import Counter -from time import time -from typing import List, Tuple, TYPE_CHECKING - - -from jpype import JImplements, JOverride, JClass - -from .ghidra_diff_engine import GhidraDiffEngine - -if TYPE_CHECKING: - import ghidra - from ghidra_builtins import * - - -class AutoVersionTrackingDiff(GhidraDiffEngine): - """ - An Ghidra Diff implementation that uses the AutoVersiontRacking task to find matches.using several exact and some fuzzy correlators - See ghidra/tree/master/Ghidra/Features/VersionTracking - - """ - - MIN_FUNC_LEN = 10 - - def find_matches( - self, - p1: "ghidra.program.model.listing.Program", - p2: "ghidra.program.model.listing.Program", - ) -> list: - """ - Find matching and unmatched functions between p1 and p2 - """ - - from ghidra.feature.vt.api.db import VTSessionDB - from ghidra.feature.vt.api.main import VTSession - from ghidra.feature.vt.gui.actions import AutoVersionTrackingTask - from ghidra.feature.vt.gui.plugin import VTPlugin, VTControllerImpl - from ghidra.framework.model import DomainFolder - from ghidra.framework.plugintool import Plugin - from ghidra.framework.plugintool import PluginTool - from ghidra.program.model.listing import Program - from ghidra.util.task import TaskLauncher - from java.lang import Object - # from ghidra.test import TestEnv - from ghidra.framework.project.tool import GhidraTool - from java.lang import String - from javax.swing import SwingUtilities - - from .swing_classes import Launch - - SwingUtilities.invokeAndWait(Launch(self.project, 'toolguy', p1, p2)) - - from ghidra.util.task import ConsoleTaskMonitor - - def _get_private_class(path: str) -> JClass: - from java.lang import ClassLoader - gcl = ClassLoader.getSystemClassLoader() - return JClass(path, loader=gcl) - - # monitor = ConsoleTaskMonitor() - - # name = 'vt-sess1' - - # session: VTSession = VTSessionDB.createVTSession(name, p1, p2, Object()) - - # root = self.project.getRootFolder() - - # root.createFile(name, session, monitor) - - # VTPlugin() - - # env = TestEnv(100, 'test') - - # vtPlugin = env.getPlugin(VTPlugin.getClass()) - - # vtPlugin = _get_private_class('ghidra.feature.vt.gui.plugin.VTPlugin') - - # controller = VTControllerImpl(vtPlugin) - - # controller.openVersionTrackingSession(session) - - # tool = state.getTool(); - # vtPlugin = getPlugin(tool, VTPlugin.class); - # if (vtPlugin == None) { - # tool.addPlugin(VTPlugin.class.getName()); - # vtPlugin = getPlugin(tool, VTPlugin.class); - # } - - # translate matches to expected format [ sym, sym2, match_type ] - matched = [] - unmatched = [] - # for match_addrs, match_types in matches.items(): - - # func = p1.functionManager.getFunctionContaining(match_addrs[0]) - # assert func.entryPoint == match_addrs[0] - # func2 = p2.functionManager.getFunctionContaining(match_addrs[1]) - # assert func2.entryPoint == match_addrs[1] - - # matched.append([func.getSymbol(), func2.getSymbol(), list(match_types.keys())]) - - # skip types will undergo less processing - skip_types = ['BulkBasicBlockMnemonicHash', 'ExternalsName'] - - return [unmatched, matched, skip_types] - - # def find_matches( - # self, - # p1: "ghidra.program.model.listing.Program", - # p2: "ghidra.program.model.listing.Program", - # ) -> list: - # """ - # Find matching and unmatched functions between p1 and p2 - # """ - - # from ghidra.feature.vt.api.main import VTSession - # from ghidra.feature.vt.api.db import VTSessionDB - # from ghidra.feature.vt.api.main import VTSession - # from ghidra.feature.vt.gui.actions import AutoVersionTrackingTask - # from ghidra.feature.vt.gui.plugin import VTPlugin, VTControllerImpl - # from ghidra.framework.model import DomainFolder - # from ghidra.framework.plugintool import Plugin - # from ghidra.framework.plugintool import PluginTool - # from ghidra.program.model.listing import Program - # from ghidra.util.task import TaskLauncher - # from java.lang import Object - # # from ghidra.test import TestEnv - # from ghidra.framework.project.tool import GhidraTool - # from java.lang import String - # from javax.swing import SwingUtilities - - # # tool = GhidraTool(self.project.project, String('toolguy')) - # # toolList = tool.getManagedPlugins() - - # # for t in toolList: - # # print(t) - - # from ghidra.util.task import ConsoleTaskMonitor - - # # def _get_private_class(path: str) -> JClass: - # # from java.lang import ClassLoader - # # gcl = ClassLoader.getSystemClassLoader() - # # return JClass(path, loader=gcl) - - # monitor = ConsoleTaskMonitor() - - # for domainFile in self.project.getRootFolder().getFiles(): - # if domainFile.getContentType() == 'VersionTracking': - # session_df = domainFile - - # df: "ghidra.framework.model.DomainFile" = session_df - - # vtSession: VTSessionDB = df.getDomainObject(Object(), True, True, monitor) - - # matches = vtSession.getMatchSets() - - # for match in matches: - # print(match) - - # # translate matches to expected format [ sym, sym2, match_type ] - # matched = [] - # unmatched = [] - # # for match_addrs, match_types in matches.items(): - - # # func = p1.functionManager.getFunctionContaining(match_addrs[0]) - # # assert func.entryPoint == match_addrs[0] - # # func2 = p2.functionManager.getFunctionContaining(match_addrs[1]) - # # assert func2.entryPoint == match_addrs[1] - - # # matched.append([func.getSymbol(), func2.getSymbol(), list(match_types.keys())]) - - # # skip types will undergo less processing - # skip_types = ['BulkBasicBlockMnemonicHash', 'ExternalsName'] - - # return [unmatched, matched, skip_types] diff --git a/ghidriff/correlators.py b/ghidriff/correlators.py index 1527a60..a4b4bf7 100644 --- a/ghidriff/correlators.py +++ b/ghidriff/correlators.py @@ -10,96 +10,6 @@ import ghidra from ghidra_builtins import * -from ghidra.feature.vt.api.util import VTAbstractProgramCorrelator -from ghidra.feature.vt.api.main import VTProgramCorrelator -from ghidra.feature.vt.api.main import VTScore -from ghidra.framework.options import ToolOptions - - -@JImplements(VTProgramCorrelator, deferred=True) -class MyManualMatchProgramCorrelator: - - MANUAL_SCORE = VTScore(1.0) - NAME = "TEST GUY" - - def __init__(self, src_prog, dst_prog) -> None: - - self.src_prog = src_prog - self.src_addrs = src_prog.getMemory() - self.dst_prog = dst_prog - self.dst_addrs = dst_prog.getMemory() - self.options = ToolOptions(self.NAME) - - # /** - # * Performs the correlation between two programs looking for how well functions in one program - # * correlate to functions in another program. - # * @param session An existing manager that may contain previous results that may - # * influence this correlation. - # * @param monitor a task monitor for reporting progress during the correlation. - # * @return the match set created by this correlator used to store results. - # * - # * @throws CancelledException if the user cancels the correlation via the task monitor. - # */ - # public VTMatchSet correlate(VTSession session, TaskMonitor monitor) throws CancelledException; - - @JOverride - def correlate(self, matchSet, monitor): - print('do_correlate') - - # /** - # * Return the name of the correlator. - # * @return the name of the correlator - # */ - # public String getName(); - @JOverride - def getName(self): - return self.NAME - - # /** - # * Returns a options object populated with the options for this correlator instance. - # */ - # public ToolOptions getOptions(); - @JOverride - def getOptions(self): - return self.options - - # /** - # * Returns the address set associated with this correlator instance. - # * @return the address set associated with this correlator instance. - # */ - # public AddressSetView getSourceAddressSet(); - @JOverride - def getSourceAddressSet(self): - return self.src_addrs - - # /** - # * Returns the source program for this correlator instance. - # * @return the source program for this correlator instance. - # */ - # public Program getSourceProgram(); - @JOverride - def getSourceProgram(self): - return self.src_prog - - # /** - # * Returns the destination program for this correlator instance. - # * @return the destination program for this correlator instance. - # */ - # public Program getDestinationProgram(); - @JOverride - def getDestinationProgram(self): - return self.dst_prog - - # /** - # * Returns the address set associated with this correlator instance. - # * @return the address set associated with this correlator instance. - # */ - # public AddressSetView getDestinationAddressSet(); - @JOverride - def getDestinationAddressSet(self): - return self.dst_addrs - - @JImplements(FunctionHasher, deferred=True) class StructuralGraphHasher: """ @@ -574,9 +484,6 @@ class SwitchSigHasher: @JOverride def hash(self, func: 'ghidra.program.model.listing.Function', monitor: 'ghidra.util.task.TaskMonitor') -> int: - if "00680f84" in func.name: - print(func) - sig = func.getSignature().toString().replace(func.name, '') func_switch_map = get_func_to_switch(func.getProgram()) diff --git a/ghidriff/swing_classes.py b/ghidriff/swing_classes.py deleted file mode 100644 index 5b34033..0000000 --- a/ghidriff/swing_classes.py +++ /dev/null @@ -1,104 +0,0 @@ -from typing import List, Tuple, TYPE_CHECKING -import time -if TYPE_CHECKING: - import ghidra - from ghidra_builtins import * - -from javax.swing import * -import javax -import java - -from jpype import JImplements, JOverride, JClass - -# @JImplements(Runnable, deferred=True) -# class MyGhidraTool: - -# def __init__(self, project, name) -> None: -# self.project = project -# self.name = name - -# @JOverride -# def run(self): -# # perform any required shutdown activities - - -import jpype -import jpype.imports - - -import string -import random - - -def createAndShowGUI(): - print('hello') - # tool = GhidraTool(self.project.project, String(self.name)) - # toolList = tool.getManagedPlugins() - - # for t in toolList: - # print(t) - -# Start an event loop thread to handling gui events - - -@jpype.JImplements(java.lang.Runnable, deferred=True) -class Launch: - - def __init__(self, project, tool_name, p1, p2) -> None: - self.project = project - self.p1 = p1 - self.p2 = p2 - self.tool_name = tool_name - - @jpype.JOverride - def run(self): - - # DO NOT CALL TO ANOTHER PYTHON METHOD - - from java.lang import Object - from ghidra.util.task import ConsoleTaskMonitor - from ghidra.feature.vt.api.db import VTSessionDB - from ghidra.feature.vt.api.main import VTSession - from ghidra.framework.project.tool import GhidraTool - from java.lang import String - from ghidra.feature.vt.gui.plugin import VTPlugin, VTControllerImpl - from ghidra.util.task import ConsoleTaskMonitor - from ghidra.feature.vt.gui.actions import AutoVersionTrackingTask - from ghidra.util.task import TaskLauncher - - monitor = ConsoleTaskMonitor() - - # create session - name = 'vt-sess1' + ''.join(random.choices(string.ascii_uppercase + string.digits, k=5)) - session: VTSession = VTSessionDB.createVTSession(name, self.p1, self.p2, Object()) - root = self.project.getRootFolder() - root.createFile(name, session, monitor) - - print(self.project.project) - tool = GhidraTool(self.project.project, String(self.tool_name)) - print(tool) - print('hi') - print(VTPlugin) - print('hi2') - vtplug = VTPlugin(tool) - print(vtplug.getClass()) - print('hi3') - tool.addPlugin(vtplug) - print('hi4') - toolList = tool.getManagedPlugins() - - for t in toolList: - print(t) - - print('hi5') - controller = VTControllerImpl(vtplug) - print('hi6') - controller.openVersionTrackingSession(session) - autoVtTask = AutoVersionTrackingTask(controller, session, 1.0, 10.0) - print('hi7') - TaskLauncher.launch(autoVtTask) - - for match_set in session.getMatchSets(): - print(match_set) - - # TODO CreateImpliedMatchAction diff --git a/ghidriff/version_tracking_diff.py b/ghidriff/version_tracking_diff.py index 3a8de6e..d7970f7 100644 --- a/ghidriff/version_tracking_diff.py +++ b/ghidriff/version_tracking_diff.py @@ -39,7 +39,7 @@ def find_matches( # Correlators from ghidra.app.plugin.match import ExactMnemonicsFunctionHasher, ExactBytesFunctionHasher, ExactInstructionsFunctionHasher - from .correlators import StructuralGraphExactHasher, StructuralGraphHasher, BulkInstructionsHasher, BulkMnemonicHasher, BulkBasicBlockMnemonicHasher, NamespaceNameParamHasher, NameParamHasher, NameParamRefHasher, SigCallingCalledHasher, StringsRefsHasher, SwitchSigHasher, StrUniqueFuncRefsHasher, MyManualMatchProgramCorrelator + from .correlators import StructuralGraphExactHasher, StructuralGraphHasher, BulkInstructionsHasher, BulkMnemonicHasher, BulkBasicBlockMnemonicHasher, NamespaceNameParamHasher, NameParamHasher, NameParamRefHasher, SigCallingCalledHasher, StringsRefsHasher, SwitchSigHasher, StrUniqueFuncRefsHasher monitor = ConsoleTaskMonitor() diff --git a/ghidriff/vt_session.py b/ghidriff/vt_session.py deleted file mode 100644 index d20d3ba..0000000 --- a/ghidriff/vt_session.py +++ /dev/null @@ -1,58 +0,0 @@ -# Create Implied Matches -# from ghidra.feature.vt.api.db import VTSessionDB -# from ghidra.feature.vt.api.main import VTSession -# from ghidra.feature.vt.api.main import VTMatchInfo, VTAssociationType -# from java.lang import Object - -# def _create_match_info(src_addr, dst_addr, src_len, dst_len, vt_score) -> VTMatchInfo: -# info: VTMatchInfo = VTMatchInfo(None) -# info.setSourceAddress(src_addr) -# info.setDestinationAddress(dst_addr) -# info.setDestinationLength(dst_len) -# info.setSourceLength(src_len) -# info.setSimilarityScore(vt_score) -# info.setConfidenceScore(vt_score) -# info.setAssociationType(VTAssociationType.FUNCTION) - -# return info - -# session: VTSession = VTSessionDB.createVTSession(name, p1, p2, Object()) -# my_cor = MyManualMatchProgramCorrelator(p1, p2) -# transact = session.startTransaction('test') -# match_set = session.createMatchSet(my_cor) -# for match, m_types in matches.items(): -# if "SymbolsHash" in m_types: -# vt_match = _create_match_info(match[0], match[1], 10, 23, MyManualMatchProgramCorrelator.MANUAL_SCORE) -# match_set.addMatch(vt_match) -# for match in match_set.getMatches(): -# print(match) -# match.association.setAccepted() -# session.endTransaction(int(transact), True) - -# from ghidra.feature.vt.api.correlator.program import ImpliedMatchProgramCorrelator - -# transact = session.startTransaction('implied') -# implied_match_set = session.createMatchSet(ImpliedMatchProgramCorrelator(p1, p2)) - -# for match in implied_match_set.getMatches(): -# print(match) -# match.association.setAccepted() -# session.endTransaction(int(transact), True) - -# # Print all match sets from session -# match_sets = session.getMatchSets() -# for match_set in match_sets: -# print(match_set) - -# find implied matches -# implied_matches = {} -# for match, m_types in matches.items(): -# func = p1.functionManager.getFunctionAt(match[0]) -# func2 = p2.functionManager.getFunctionAt(match[1]) -# implied_match = find_implied_matches(func, func2) -# if implied_match is not None: -# print(implied_match) -# vt_match = _create_match_info(match[0], match[1], 10, 23, MyManualMatchProgramCorrelator.MANUAL_SCORE) - -# src_matched_addrs = [] -# for func in potential_calling_funcs: