ghidra 9.1.2 PUBLIC

liuxianfu · 发表于 2020-2-23 17:26

ghidra_9.1.2_PUBLIC_20200212.zip

sha256: ebe3fa4e1afd7d97650990b27777bb78bd0427e8e70c1d0ee042aeb52decac61

Change LogGhidra v9.1.2 (February 2020)Bugs

Data Types. Improved PDB composite reconstruction to attempt pack(1) alignment if default alignment fails. (GT-3401)
Data Types. Added missing support for multi-user merge of unions and structures containing bitfields or a trailing flexible array member. (GT-3479)
Data Types. Corrected structure editor save button enablement issue when editing bitfields within an unaligned structure. (GT-3519, Issue #1297)
Disassembly. Corrected potential infinite loop with disassembler caused by branch to self with invalid delay slot instruction. (GT-3511, Issue #1486)
GUI. Corrected processor manual display for Microsoft Windows users, which was not displaying processor manual and was, instead, rendering a blank page in web browser. (GT-3444)
GUI:Bitfield Editor. Added field comment support to composite bitfield editor. (GT-3410)
Importer:MachO. A MachO loader regression, in Ghidra 9.1.1, when laying down symbols at the correct location, has been fixed. (GT-3487, Issue #1446)
Languages. Corrected mnemonic for ARM thumb RSB.w instruction. (GT-3420, Issue #1365)
Languages. Corrected issue in M68000 with some move instructions not creating correct array assignments. (GT-3429, Issue #1394)
Languages. Updated x86 processor manual index file with latest Intel and AMD manuals. (GT-3489, Issue #1078)
Multi-User:Ghidra Server. Corrected Ghidra Server remote interface errors that occur when running with Java 11.0.6 (and later) release, which would throw RemoteException "Method is not Remote" errors. (GT-3521, Issue #1440)
PDB. Corrected PDB XML generation for zero-length classes and structures and resolved various datatype dependency issues encountered during PDB Analysis. Changed line numbers from hex to decimal. (GT-3462, Issue #1410)

Ghidra v9.1.1 (December 2019)Improvements

Importer:MachO. Improved import/load time of DYLD shared cache files. (GT-3261)
Program API. Cached the addresses that correspond to executable memory to improve analysis performance. (GT-3260)

Bugs

Analysis. Fixed a symbol name error that occurred in the Objective-C analyzer. (GT-3321, Issue #1200)
Analysis. Constant references are now computed correctly within functions in overlay spaces. (GT-3373)
Build. Corrected build of DMG.jar which was improperly built within Ghidra 9.1 release. (GT-3364)
Decompiler. Fixed bug causing Pcode: XML comms: Badly formed address errors when decompiling HCS12 XGATE code. (GT-3297)
Decompiler. Fixed Array DataType must be Fixed length exceptions related to function pointer data types. (GT-3309)
Decompiler. Fixed bug causing decompiler to drop statements, assigning string constants to global variables. (GT-3315)
Decompiler. Fixed issue with enum name strings causing Low-level Error: XML error: syntax error in the decompiler. (GT-3387, Issue #1329)
GUI. Fixed a potential ConcurrentModificationException in the interactive python interpreter. (GT-3280)
Importer:PE. Fixed an exception in the PeLoader that occurred when the size of the memory block for the headers is larger than the file size. (GT-3344, Issue #1266)
Languages. Corrected Sparc floating point instruction pcode implementation. (GT-3202)
Languages. Corrected the semantics of the PowerPC e_cmpi instruction. (GT-3228, Issue #1127)
Languages. Corrected bit generation for PowerPC instructions se_bclri, se_bgeni, se_bseti, and se_btsti. (GT-3232, Issue #967)
Languages. Corrected register definitions for x86 RDRAND instruction. (GT-3253, Issue #1169)
Languages. Corrected signed immediate calculation for some powerPC VLE offsets being incorrect. (GT-3254, Issue #1160)
Languages. Resolved issue with x86 escape opcodes preventing certain instruction patterns from decoding. (GT-3256)
Languages. Corrected bug in XGATE LDH instruction shifting out high bits. (GT-3268)
Languages. Corrected processing of R_MIPS_REL32, R_X86_64_RELATIVE, and R_X86_64_RELATIVE64 ELF relocations affecting relocatable binaries which have non-zero section/segment load addresses. (GT-3349)
Listing. Fixed missing scroll bar in listing. (GT-3290)
Listing. Fixed issue that was causing a stack trace to be generated when contiguous addresses were cleared for a range greater than Integer.MAX. (GT-3357)
Listing:References. Corrected Create Default Reference action bug which did not handle composite/array data components properly. (GT-3371)

Ghidra v9.1 (October 2019)NewFeatures

Data Types. Added bit-field support to Structure and Union editor. An additional Bit-field Editor was also added for explicit bit-field placement within unaligned structures. (GT-559)
Eclipse Integration. Added new GhidraSleighEditor Eclipse plugin in the installation directory under Extensions/Eclipse. (GT-113)
GUI. Added method for turning off table sorting by control-clicking the only sorted table column. (GT-2763, Issue #87)
GUI. Hovering on an address will now show where the byte at that address came from in the imported file. (GT-3016, Issue #154)
Importer:MachO. Added new importer/loader for DYLD-shared cache files. (GT-2343)
Languages. Implemented Intel MCS-96 processor module. (GT-2350)
Languages. Added SH1/2/2a sleigh processor specification. (GT-3029, Issue #715)
Languages. Added Tricore processor specification. (GT-3041, Issue #567)
Languages. Added HCS12X processor specification. (GT-3049)
Languages. Added HCS05 and HCS08 sleigh processor specifications. (GT-3050)
Languages. Added SH4 sleigh processor specification. (GT-3051, Issue #37)
Languages. Added MCS-48 processor specification. (GT-3058, Issue #638)
Memory. Added new API to preserve imported program's original bytes and how they map to memory blocks. (GT-2845)
Program API. Added Bit-field support for structures and unions. Warning: Version upgrade will be forced on all modified programs and data type archives that are open for update. (GT-557)
Sleigh. Added two new extension modules (SleighDevTools and GnuDisassembler) in support of processor module development. Added support for pcode junit tests which utilize emulation of cross-compiled C test code to verify sleigh pcode (i.e., instruction semantics). The SleighDevTools extension provides the pcode test C source and associated build scripts, as well as external disassembler support for aiding in the valIDAtion of disassembled instruction syntax. (GT-3067)

Improvements

Analysis. Added example script, ResolveX86orX64LinuxSyscallsScript.java, for decompiling Linux system calls in x86 and x64. Added syscall-related exercises to Advanced class. (GT-3113)
Basic Infrastructure. Made bash scripts more portable, allowing Ghidra to be launched on additional platforms. (GT-2742, Issue #347)
Build. Created a new Gradle task that automates some installation procedures defined in DevGuide.md. (GT-2897)
Build. The build now allows newer versions of Gradle to be used. (GT-3017, Issue #737)
Data Types. All DataType archives have been regenerated to support the new bit-field functionality. (GT-2878)
Data Types. CategoryPath now accepts forward slashes in its components. (GT-2961)
Data Types. Fixed Structure Editor bug that caused the Data Type field of a row to be edited after a successful name field edit. (GT-3109, Issue #703)
Decompiler. Most forms of unnecessary or redundant copy statements are now removed from the decompiler output. (GT-2839)
Decompiler. Added ability to double-click a Decompiler brace syntax token to navigate to the matching brace. (GT-2846)
Decompiler. Updated the Decompiler to navigate to the label of a goto statement when that label is double-clicked. (GT-2847)
Decompiler. Updated the Decompiler's Copy action to copy the symbol under the cursor when there is no selection. (GT-2914, Issue #411)
Decompiler. Fixed broken External Navigation: Navigate to External Program option found in Edit -> Tool Options.... (GT-2932)
Decompiler. The decompiler's logic for handling optimized division has been updated to recognize forms typically found in executables generated with more recent 64-bit compilers. (GT-2968, Issue #668)
Decompiler. Implemented call-fixup for x64 __chkstk function. (GT-3006, Issue #670, #671)
Decompiler. The decompiler simplifies many new sign-bit extraction forms used in optimized division and comparison expressions. (GT-3036)
Decompiler. Ghidra now supports protected mode addressing when analyzing 16-bit x86 programs. This is the default variant when analyzing NE format executables, but it can also be used for MZ (and other) formats. (GT-3090, Issue #98)
Decompiler. Added the Show References to Address and Find References to Symbol actions to the Decompiler. Added Find Uses of Field action to the Structure Editor. (GT-3115, Issue #474, #542, #543)
Decompiler. Updated the Decompiler's Edit Data Type action to work on more fields. (GT-3116, Issue #275, #511)
Decompiler. Renaming a single parameter within the decompiler window no longer prevents the data types of parameters from floating. Retyping a single parameter locks the data type for that parameter but no longer prevents the data types of other parameters from floating. (GT-3162)
Documentation. Fixed typos and other errors in GitHub-related documentation. (GT-2748, Issue #345, #361, #370, #375, #398)
Documentation. Added documentation to the DevGuide.md on how to run unit/integration tests. (GT-3046, Issue #815, #832)
DWARF. Corrected DWARF analysis to handle binaries that are imported at non-default locations. (GT-2963, Issue #637)
Emulator. Added improved emulation support at the API level including a simplified API exposed via the EmulatorHelper class. Sample GhidraScripts, which utilize this API, have been provided. (GT-3066)
Function Graph. Updated the Function Graph to show the current program selection when zoomed out. (GT-2735)
Function Graph. Added an option to the Function Graph to allow more complex edge routing that will go around non-incident vertices. See the Tool Options for more information and to enable this feature. (GT-3019, Issue #811)
Function Graph. Fixed Function Graph edge layout bugs that caused some edges to get clipped by vertices. (GT-3161)
GUI. Added listener to Script Table Chooser Dialog that will get notified when the dialog closes. (GT-2216)
GUI. Fixed global Tool auto-save option so that it persists between Ghidra sessions. (GT-2818, Issue #231)
GUI. Added the apple.laf.useScreenmenuBar option to hoist the menu bar out of the window on macOS. The option is off by default but can be activated in support/launch.properties. (GT-2859, Issue #562)
GUI. Updated the Repeat Text Search/Repeat Memory Search menu items to show the search dialog for long searches. (GT-2872, Issue #585)
GUI. Updated Structure Editor to allow user key bindings to work. (GT-2894, Issue #504)
GUI. Python interpreter key bindings for sending reset and interrupt commands are now configurable. (GT-2901, Issue #588)
GUI. Tweaked default graphic settings in support/launch.properties to support a wider range of displays out-of-the-box. (GT-2913, Issue #341)
GUI. Added the ability to assign key bindings to activate individual component providers. (GT-2925, Issue #539)
GUI. Fixed rendering issue in the Search Results table's Preview column. (GT-2942, Issue #550)
GUI. Updated the Function Signature Editor's Data Type Chooser dialog to allow for keyboard navigation. (GT-3110, Issue #636)
GUI. Fixed NullPointerException in the DB Viewer component. (GT-3163, Issue #1023)
Importer. Updated x86 16-bit processor binding for IDA. (GT-3004, Issue #771)
Importer:ELF. Improved ELF loader ability to cope with malformed headers including negative file offsets and missing section names. (GT-2933, Issue #35)
Importer:PE. PeLoader better accounts for section alignment when laying out memory blocks, allowing additional bytes from the file to be loaded into memory. (GT-2827, Issue #327, #418)
Importer:PE. Removed out-of-place call to demangler and laying down of types from PeLoader. This fix enables demangling and other analyzers to be applied correctly and in the proper order. (GT-2849)
Importer:PE. PeLoader now adds TLS callback functions as entry points. (GT-2898, Issue #102)
Languages. Added new Task Monitor service to better handle user experience when there are delays in building languages. (GT-2376)
Languages. Corrected ARM/Thumb instruction parsing for Thumb bl and add instructions. (GT-2744, Issue #362)
Languages. Added AVR8 manual index file. (GT-2828, Issue #346)
Languages. Improved support for ARM on Windows. (GT-2880)
Languages. M68000 LSL.W, ASL.B, LSL.B, and ASL.W instructions now correctly set the CF flag. (GT-2907, Issue #619)
Languages. Updated x86 manual index files. (GT-2943, Issue #366)
Languages. Improved macro label-related error reporting in slaspec files. (GT-2995, Issue #522)
Languages. Added MIPS special 0x1f patterns. (GT-3005, Issue #709)
Languages. Added proper updating of the X condition flag register for the M68000 processor lsl and lsr instructions. (GT-3137, Issue #983)
Languages. Implemented PowerPc VLE Interrupt Handler Efficiency Instructions. (GT-3143, Issue #935)
Languages. Ghidra now correctly models SPARC 64-bit stack bias. (GT-3201)
Languages. Updated AVR32 instruction manual index to latest version. (GT-712)
Listing. Updated Listing to support horizontal scrolling by holding the Shift key when using the mouse wheel. (GT-3105, Issue #451)
Listing:References. Created new overriding reference types, which improve and extend the ability to override calls, jumps, and callothers. (GT-2885)
Multi-User. Added a script to allow repository admins the ability to terminate multiple file checkouts belonging to an individual user on a shared project. (GT-2893)
Multi-User:Ghidra Server. Added additional Ghidra Server authentication modes including: Active Directory via Kerberos and JAAS. The JAAS framework can facilitate use of LDAP, PAM, and other JAAS-supported extensions which utilize a login name and password. (GT-2658)
Multi-User:Ghidra Server. Changed Ghidra Server repositories storage to ignore file/folder names which start with a period. This will impose a restriction on naming of Ghidra projects where they can no longer start with a period. (GT-3218)
PDB. Now using HTTPS for Microsoft symbol server URL. (GT-2819, Issue #369)
PDB. PDB processing can now store data types that contain forward slashes under a CategoryPath. (GT-2974, Issue #94, #182)
PDB. PDB Analyzer no longer automatically includes the PDB path specified in the program's PE header when searching for the PDB. However, the filename in this path is considered during the search. The analyzer's Unsafe: Include PE PDB Path in PDB Search option allows the user to revert to the original PDB search algorithm. (GT-3076, Issue #277)
Program API. Added SHA256 hash to Program metadata and API. (GT-2753, Issue #331)
Scripting. Updated Script Table Chooser Dialog: to fix bug with tracking work items, to add new API methods for item removal and dialog closed notification, and to prevent the same item from being worked on more than once. (GT-2724, Issue #307)
Scripting. Fixed MultiInstructionMemReference Ghidra script to place the reference correctly on instructions with a delay slot. (GT-2906)
Sleigh. The sleigh compiler now reports line numbers for the -n NOP command line option. (GT-2905, Issue #561)
Sleigh. SLEIGH compiler now warns when building an operand in a constructor may unintentionally overwrite another operand. (GT-3085)
Testing:Junits. test.gradle getLogFileUrl() no longer searches user .dir for log4j properties file. (GT-2834, Issue #499)
Testing:Junits. Added new Gradle task to run integration tests and generate an HTML report. (GT-3060, Issue #870)
Tool. Fixed bug that caused an exported tool to exclude plugin configuration settings. (GT-3193, Issue #1065)

Bugs

Analysis. Fixed an exception in the EmbeddedMediaAnalyzer that occurred when media was discovered at the very end of the address space. (GT-2890)
Analysis. Recognition and disassembly of the FMA, F16C, and several missing AVX instructions have been added to the base x86 processor specification. The pcode for these instructions is pseudo-op and not a full pcode implementation. (GT-3168)
Basic Infrastructure. Updated the apache-commons-lang3 library to version 3.9 which supports Java 11. (GT-2879)
Basic Infrastructure. Prevented Ghidra from launching with 32-bit Java installations. (GT-3146, Issue #882)
Data Types. Corrected string data default label generation when defined within uninitialized memory, which will now render as STRING_address. (GT-2715, Issue #272)
Data Types. Improved ASCII string data handling for processors with a char size greater than one (1). (GT-2842)
Data Types. Changed BooleanDataType to extend AbstractIntegerDataType including support as a bit-field. (GT-3170)
DbViewer. Corrected concurrent modification issue within DbViewer resulting in NullPointerException. (GT-3192, Issue #1076)
Decompiler. Fixed aliasing issue where the decompiler would sometimes drop initialization or other code writing to the stack. (GT-2369)
Decompiler. Fixed bug causing the decompiler to incorrectly omit the display of infinite loops when they contained switch statements. (GT-2852, Issue #443)
Decompiler. Integer extension casts are no longer printed in the decompiler if the extension is implied. (GT-2857)
Decompiler. Improved handling of overlay spaces. In particular, the decompiler is now able to handle references into overlays defined on the OTHER space. Added SLEIGH version numbers. (GT-2873)
Decompiler. Updated the Decompiler to place the cursor on the function signature when a function is decompiled. (GT-2882)
Decompiler. Fixed a common source of Data type does not fit errors when using the Retype actions in the decompiler. (GT-2956)
Decompiler. Fixed equals() method in Varnode AST. (GT-2959, Issue #677)
Decompiler. Users can no longer rename undefined functions from the decompiler. (GT-3043, Issue #753)
Decompiler. Fixed a bug that did not allow the prototype for a specific CALL to an external function to be overridden in the decompiler. (GT-3145)
Decompiler. Restricted Auto Fill in Structure command to operate only on pointer variables. (GT-3182)
Decompiler. Fixed bug in the analysis of stack variables for SPARC, which caused extraneous local variables and missed stack parameters in the decompiler. (GT-3200)
Decompiler. Fixed one source of Type propagation algorithm not settling warnings in the decompiler. (GT-3213, Issue #839)
Decompiler:Java. Updated Decompiler's hovers to show preview for data types on variables and return types. (GT-2629)
Decompiler:Java. Fixed error involving decompilation of certain invokedynamic instructions in JVM class files. Made numerous minor improvements to decompilation of JVM bytecode. (GT-2757, Issue #287)
Demangler. Fixed a NullPointerException in DemangledFunctionPointer. (GT-2948, Issue #609)
DWARF. Empty DWARF compilation unit sections will now be ignored. (GT-2939, Issue #690)
Exporter. Negative memory references in idaxml.py no longer cause errors. (GT-2696, Issue #213, #885)
Exporter. Fixed Intel Hex Exporter to not ignore the Address Space option value. (GT-2749)
Exporter. Fixed cancellation behavior of the C/C++ exporter. (GT-2881, Issue #591)
File Formats. Fixed an out-of-memory error in the CPIO file system. (GT-2912)
File Formats. DmgClientFileSystem no longer falsely matches zlib compressed files. (GT-2926, Issue #583)
File System Browser. Fixed NullPointerException when clicking Get Info on a directory in a zip file in the file system browser when the element was a directory that did not have a corresponding entry in the zip file. Changed the Get Info action to show information about both the highlighted file and any file system mounted from that file. (GT-2758)
File System Browser. Fixed dialog stacking problem in File System Browser when double-clicking a container file to open the filesystem inside it. (GT-2764)
File System Browser. Reduced the disk usage of the DYLD-shared cache file system. (GT-2887)
Function Graph. Fixed exception encountered when a Function Graph's entry node was put into a group node. (GT-3074)
Function Graph. Fixed Function Graph edge routing bug that sometimes caused edge flowing upward to route unexpectedly. (GT-3153, Issue #994)
GUI. Fixed stack trace when deleting large memory block that is in its own address space. (GT-2699)
GUI. Changed Data Type Preview to allow adding string data types. (GT-2832)
GUI. Fixed display of operand scalar values in tooltip popup of Decompiler and Listing windows. (GT-2836, Issue #120)
GUI. Fixed bug in Data Type Preview that caused a rendering error in Structures as primitive types were deleted. (GT-2844)
GUI. Fixed Symbol Tree ClassCastException that happened when clicking a node while the tree was still loading. (GT-2870, Issue #96)
GUI. Fixed bug that prevented the XRef's Ref Type column from sorting correctly. (GT-2892)
GUI. Fixed Listing bug so that the cursor gets restored to the previous location on Ghidra startup. (GT-2927, Issue #505)
GUI. Updated Edit Function Signature dialog to have focus in the signature field when first opened. Also added undo/redo support. (GT-2947, Issue #635)
GUI. Fixed exception in the References Editor encountered when closing the editor with an active edit in the table. (GT-2951)
GUI. Fixed bug where the Ghidra menu mnemonic was not being set by the ampersand ('&') character in the last field of the menu path. (GT-2954)
GUI. Updated the Component Provider's Close button to allow for key bindings. (GT-2971, Issue #533)
GUI. Fixed tool navigation button enablement when using snapshot windows. (GT-2973)
GUI. Corrected Function Editor issue where parsed signature text resulted in incorrect type sizes which impacted custom storage selection. Also added support for parsing signatures which reference types from an open datatype archive. (GT-3059)
GUI. Updated resizing in Select Bytes dialog. (GT-3072)
GUI. Fixed bug where listing would jump to random location when opening or closing a large structure or array. (GT-3088)
GUI. Fixed bug that caused some tables (e.g., the Symbol Table) to sort twice during their initial loading of data. (GT-3142)
GUI. Drag-and-Drop bug causing incorrect drop highlighting has been fixed. (GT-3219, Issue #1093)
Help. Fixed NullPointerException when navigating the Help UI. (GT-2830, Issue #493)
Importer. Fixed issues in the MapLoader that prevented .map files from being added to an existing program. (GT-2972, Issue #762)
Importer. For batch import, fixed issue where last character of directory name was truncated on Windows workstations. (GT-3012, Issue #797)
Importer. Fixed a bug in how the NE importer creates External Function symbols for the procedures it imports, allowing the decompiler to properly access any available information. (GT-3140, Issue #770)
Importer. Fixed a bug that prevented some old-style Windows executables from getting loaded by the MzLoader. (GT-3180, Issue #1054)
Importer:ELF. Added ELF relocation handler for R_AARCH64_JUMP26. (GT-2999, Issue #775)
Importer:ELF. Improved ELF MIPS support for GP-relative relocations encountered in PIC compiled binaries. Also added support for R_MIPS_RPREL32 relocation. (GT-3026, Issue #764)
Importer:ELF. ELF x86-64 relocations R_X86_64_GOT32, R_X86_64_PLT32, R_X86_64_SIZE32, R_X86_64_SIZE64, and R_X86_64_GOTPC32 have been fixed to relocate correctly. Additional ELF x86-64 relocations, found mostly in unlinked .o files, have been added. (GT-3089, Issue #910)
Importer:PE. Fixed a problem in the PeLoader that would result in section names being incorrectly used as primary symbols. This could result in function names being wrong. (GT-3195, Issue #761, #1051)
Languages. Utilized FLOAT_NEG pcodeop to simplify PowerPC fneg instructions. (GT-2781, Issue #387)
Languages. Added 6502 I status bit save and restore. (GT-2826, Issue #469)
Languages. Corrected alternate register definitions in z80 processor. (GT-2876, Issue #520)
Languages. Reviewed all processor modules for GhidraSleighEditor syntax errors. (GT-2902)
Languages. Added support for RD, WR, FS, and GSBASE instructions in x86. (GT-2940, Issue #554, #555)
Languages. Added fixes for sign extension of ADD, AND, CMP, and SUB instructions on x86-64bit. (GT-2955, Issue #881)
Languages. Updated PIC-30 division pcode to correct decompilation issue. (GT-3008)
Languages. Fixed x86 AAM instruction. (GT-3015)
Languages. Corrected x86 decode of MOVBE instruction. (GT-3039, Issue #822)
Languages. Corrected M68000 mov3q instruction decode and semantics. (GT-3080, Issue #905)
Languages. The JVM instruction I2D now correctly pushes an 8-byte double on the stack. (GT-3081)
Languages. Fixed problem displaying processor manuals in Windows Firefox. (GT-3084)
Languages. Encoding of MOV into debug registers has been relaxed. (GT-3117)
Languages. Corrected behavior of PowerPC vectorPermute pcodeop for emulation. (GT-3148)
Languages. Corrected MIPS relocation computation for R_MIPS_26, R_MIPS16_26, and R_MICROMIPS_26_S1. (GT-3154, Issue #1001)
Languages. Corrected the bit patterns for PowerPC VLE rlwimi and rlwinm instructions. (GT-3159, Issue #752)
Languages. Corrected instruction semantics for AARCH64 BLR instruction. (GT-3191)
Languages. Corrected fall-through override semantics for cases where pcode simply drops into the next address. (GT-3196, Issue #1083)
Languages. Corrected the semantics of the PowerPC se_bmaski instruction. (GT-3230, Issue #1123)
Listing. Fixed potential infinite loop when editing long comments. (GT-2824, Issue #437)
Listing. Fixed potential ClassCastException in Listing comments. (GT-3023)
Listing. Cursor in the listing now stays in the proper column after editing a field. (GT-3045, Issue #702)
Listing. Fixed a problem with register highlighting that could occur on certain register/sub-register combinations. (GT-3071, Issue #810)
Multi-User. Corrected terminate checkout from viewed checkout list which was always terminating first row range based upon number of selected rows and not the actual selected rows. (GT-2903)
Multi-user. Corrected ability for user to cancel checkin/checkout to Ghidra Server. (GT-3208)
Multi-User:Ghidra Server. Added proper Ghidra Server interface binding with new -i option. Corrected -ip option to strictly convey remote access hostname to clients. The updated server will only accept connections from Ghidra 9.1 and later clients due to the registry port now employing TLS. (GT-2685, Issue #101, #645)
Multi-User:Ghidra Server. Fixed argument-passing bug in svrAdmin script. (GT-3082, Issue #907)
Multi-User:Merge. Corrected merge problem affecting modified Function Definition datatypes which could result in a NullPointerException. (GT-2922)
PDB. Added char16_t and char32_t to PDB BASIC_TYPE_STRINGS. (GT-2952, Issue #685)
PDB. Addressed memory leaks and string handling issues in pdb.exe. (GT-2975, Issue #674, #597, #598, #599, #600)
PDB. Can now recover stack variables from more recent Visual Studio version PDBs. (GT-3014)
PDB. Fixed PDB validation logic, which caused a more severe error message to be created, masking the real issue. (GT-3209, Issue #198, #1024)
Program API. Corrected parameter storage which failed to properly refresh after undo/redo. (GT-3130, Issue #960)
Program API. Corrected function parameter ordinal numbering when more than one auto-parameter is present. (GT-3214)
Project Manager. Fixed a problem with creating Ghidra projects in Windows root directories (e.g., Z:\). (GT-2585)
Project Manager. Fixed a path traversal vulnerability that could occur when restoring a malicious project archive. (GT-3001, Issue #789)
Scripting. GhidraScript.askDomainFile() now correctly throws a CancelledException when the cancel button is clicked. (GT-2841)
Scripting. Removed deprecated scripting methods older than 5 releases. (GT-2949)
Security. Removed use of insecure XMLEncoder/XMLDecoder from Ghidra code base. (GT-3198, Issue #1090)
Sleigh. Corrected Sleigh compiler bug which performed improper bounds checking for named register offset specification when space wordsize is not one (1). (GT-3034, Issue #831)
Testing:CUnits. Fixed error logging in pcodetest for reporting an error when running a compile command. (GT-3199, Issue #1089)
Version Tracking. Fixed NullPointerException in Version Tracking hashing algorithm. (GT-2976)

Ghidra v9.0.4 (May 2019)NewFeature

GUI. Function tags are now viewable by function.

Improvements

Decompiler. Improved modeling of CFG on Windows 10. (Issue #340)
Patcher. Renamed patch directory to /Ghidra/patch and added README.txt that explains how the patch directory is used.
Search. Updated the Decompiler Data Type Finder to find references to inside of nested array access in a line of Decompiler C output. (Issue #416)
Sleigh. Improved error reporting for SLEIGH compiler. (Issue #364)

Bugs

Analysis. Code that checks for thunks no longer throws an exception if the PC is not set for the processor.
Analysis. Made a fix to enable Apply button when changing tool options. (Issue #40)
Data Types. Fixed concurrent modification exception when replacing one datatype for another that results in some other datatype being renamed.
Decompiler. Fixed dynamic variables and equates in 16-bit x86 programs. (Issue #336)
Decompiler:Java. Fixed DEX decompilation regression issue. (Issue #350)
Eclipse Integration. Fixed exception in Eclipse GhidraDev plugin that occurred when performing certain actions on a Ghidra project that was imported from a previously exported Archive File. (Issues #283, #383)
GUI. Improved documentation on how to deal with HiDPI monitor issues in Linux. In the <ghidra_installation>/support/launch.properties file, change VMARGS=-Dsun.java2d.xrender from false to true.
GUI. Restored the default 'p' key binding for creating pointers within the listing display.
Importer. Fixed an exception that occurred when batch importing APK files. (Issue #426)
Languages. The 6502 Zero page indexed addressing has been corrected to only access the Zero page. (Issue #201)
Languages. The 68000 BCD arithmetic instructions now have pcode semantics that allow disassembly to continue. (Issue #227)
Multi-User:Ghidra Server. Restored ability to execute svrAdmin script in development mode.
Multi-User:Ghidra Server. Corrected severe script error in svrAdmin.bat introduced with 9.0.3 build.
GUI. Restored the default 'p' key binding for creating pointers within the listing display.
Search. Fixed NullPointerException in Decompiler Data Type Reference Finder. (Issue #407)

Ghidra v9.0.2 (April 2019)Bugs

Analysis. Constant reference analysis boundary controls for speculative references has been fixed. Speculative references are references created from computed constants passed as parameters, stored to a location, or from indexed offsets from a register. (Issue #228)
Decompiler. Fixed rendering bug in the Decompiler when the "Find" dialog is closed. (Issue #282)
Decompiler. Fixed decompiler handling of Function Definition data types. (Issue #247)
Decompiler. Fixed "Free Varnode" exception in RuleConditionalMove. (Issue #294)
Diff. Fixed exceptions that can occur in the Diff View for programs with overlays.
Documentation. Corrected the spelling of "listener" throughout the source code. (Issue #235)
Exporter. Exporting a selection as Intel Hex will now allow a selection of any length. Previously this was restricted to multiples of 16 bytes. (Issue #260)
GUI. Fixed exception that occurs after disabling MyProgramChangesDisplayPlugin.
GUI. Updated the "Open Program" dialog to disallow file drop operations. (Issue #252)
Languages. The ARM Thumb CMP.W and LSL isntructions have been changed to correctly decode. There are still issues to work out with Unpredictable execution when Rd is the PC. (Issue #280)
Multi-User:Ghidra Server. Corrected bug introduced into ghidraSvr.bat which could prevent Ghidra Server startup (Issue #279)
Scripting. MultiInstructionMemReference script has been corrected to consider input and output registers when placing a reference on an instruction.

Security

Basic Infrastructure. Added a property to support/launch.properties to prevent log4j from using jansi.dll on Windows. (Issue #286)

Ghidra v9.0.1 (March 2019)NewFeatures

Scripting. Created a script to show all equates within the current selection. (Issue #111)

Improvements

Basic Infrastructure. Updated commons-compress library to version 1.18. (Issue #171)
Eclipse Integration. Ghidra now connects to the Eclipse GhidraDev plugin on 127.0.0.1 rather than localhost.
GUI. Turned on font anti-aliasing by default for Linux. (Issue #212)
GUI. Fixed Options Dialog slow scrolling speed. (Issue #27)
Importer:ELF. Corrected bug in ELF loader which can improperly process the GOT, PLT and relocations when multiple symbol tables exist within the ELF binary. (Issue #52)
Languages. Added ARM/Thumb SRS instruction decodes for undefined modes. (Issue #216)
Multi-User:Ghidra Server. Corrected the Ghidra Server service wrapper (YAJSW) configuration for Mac OS X to prevent a startup timeout condition which could occur.

Bugs

API. Fixed equals method on Varnode class. (Issue #97)
API. Fixed a bug in MaskImpl.complementMask(). (Issue #187)
Basic Infrastructure. Fixed special character handling in idaxml.py. (Issue #75)
Basic Infrastructure. Ghidra now forces the locale to en_US by default. Only the en_US is currently supported. This fixes certain unexpected exceptions. (Issue #209)
Diff. Fixed exceptions occasionally encountered when starting a Diff session. (Issue #211)
Documentation. Fixed javadoc search box redirecting to broken links. (Issue #129)
Function Graph. Fixed Function Graph exception when generating tooltip. (Issue #65)
GUI. Updated window placement to keep windows on screen. (Issue #41)
GUI. Add/Edit References dialog now restricts users to creating refs in valid memory address spaces.
GUI. Fixed exception when exiting Ghidra while a table is being edited. (Issue #51)
GUI. Fixed some touchpad scrolling issues. (Issue #2)
GUI. Fixed stack trace in the Data Type Manager's tooltip generation. (Issue #133)
GUI. User key binding settings for the Recently Used and Define Pointer actions no longer lost after re-launching tool. (Issue #152)
GUI. Toolbar buttons now respond to fast clicking.
Importer:MachO. The MachOLoader can now find import libraries found in Universal Binary files. (Issue #136)
Importer:PE. The PeLoader now correctly parses the GuardCFFunctionTable when entries are more than 4 bytes each. (Issue #220)
Languages. Added missing PowerPC VLE conditional branch instructions: e_bdnz and e_bdz. (Issue #103)
Languages. Fixed instruction semantics for several instructions and added Control Flow Enforcement, NOP variants, CMP variants, UD1, and prefixed call instructions to X86 processor specification. (Issues #22, #53, #158, #157)
Languages. The 68000 MOVE instruction now correctly sets the CF and VF flags. (Issue #163)
Languages. Added four missing MOVEM instruction variants to the 68000 processor. (Issue #219)
Languages. An incorrect usage of X instead of Y in indexed mode for the 6502 has been corrected.(Issue #201)
Languages. Added support for ARM Thumb half BL instruction on processor variants prior to v6. (Issue #39)
Multi-User:Ghidra Server. Removed support for native OS authentication from Ghidra Server (removed modes -a2 and -a3) due to incompatibility with newer OS releases including Windows 10 and Windows Server 2016. Re-introduction of this will be considered for a future release.
PDB. Corrected NPE error when processing PDB files. (Issues #138, #188)
Scripting. Fixed a bug in ImportSymbolsScript.py that prevented it from running. (Issue #170)

Security

Basic Infrastructure. Running Ghidra in debug mode no longer opens remotely accessible ports by default. (Issue #6)
GUI. The Defined Strings plugin no longer renders HTML in its table. (Issue #45)
Project Manager. Fixed an XXE vulnerability affecting projects and many other saved components. (Issue #71)

Ghidra v9.0Initial Release

下载链接: https://pan.baidu.com/s/120qoiB3Tqgt09y_r1ulDWA 提取码: u69i

5omggx · 发表于 2020-2-27 00:45

tricky6 发表于 2020-2-23 23:46
跟ida对比的话，只能说还是个弟弟，不过优势是开源，毕竟ida都开发20年了，打不过一个开源软件就搞笑了，也 ...

公开版应该就是阉割版，估计nsa自己用的能跟ida不相上下

tricky6 · 发表于 2020-2-23 23:46

跟ida对比的话，只能说还是个弟弟，不过优势是开源，毕竟ida都开发20年了，打不过一个开源软件就搞笑了，也不会有人买了。
支持的文件类型比ida少了很多，而且没找到调试器支持。
使用习惯还是要熟悉，有些地方的交互比ida舒服一点。
sig lib和type lib这类技术似乎也没有。不过支持pdb。
只找到了一个创建结构一类的东西。
jeb3 x86版确实被ghidra打爆了，也不支持谁给jeb的勇气卖那么贵

fan15082968952 · 发表于 2020-2-23 19:12

下载试试，感谢分享

调味包 · 发表于 2020-2-23 19:49

完全看不懂

wenwlg · 发表于 2020-2-23 21:59

赞啊！终于更新

sunv52pojie · 发表于 2020-2-23 22:07

高端必须高端可是问题在于看不懂

drys1003 · 发表于 2020-2-23 22:52

Ghidra是美国政府内部开发的一个逆向工程框架。2017年，维基解密的 Vault 7 调查中曝光了Ghidra的存在；2019年，NSA出于公关的需要在NSA大会上发布了其源代码。

lynxtang · 发表于 2020-2-23 23:27

都不晓得已经更新了。。。可以试试新版本看。

h1jacker · 发表于 2020-2-24 00:47

不错，支持楼主

lxhwan100 · 发表于 2020-2-25 09:11

全程高能，亮瞎钛合金双眼

帐号		自动登录	找回密码
密码			注册[Register]

[Disassemblers] ghidra 9.1.2 PUBLIC

免费评分

个人中心