Is there any way to get predicted variables using python script?
Reverse Engineering Asked on August 8, 2020
I have a simple program:
#include <stdio.h>
int main()
{
int a;
a = func(15, 3);
return a;
}
int func(int i, int j)
{
int b1[5], b2[10];
b2[i] = 1;
printf("%dn", b1[j]);
return 0;
}
I am using python script to get local variables from the stripped binary, compiled using above program.
I use: function.getLocalVariables() or something like function.getStackFrame().getStackVariables() to get the local variables. Interestingly I observed that, this script doesn’t give me all the variables which can be seen in the decompiler window. For e.g., in the above case, I get following in the decompiled window (for function func):
Here, the predicted buffers can be seen. But instead I get:
FUN_004004d6
array(ghidra.program.model.listing.Variable, [[undefined4 local_5c@Stack[-0x5c]:4], [undefined4 local_60@Stack[-0x60]:4]])
which are clearly not the predicted buffers. Is there any way to get those buffers?
Note: I also posted the same on ghidra github’s forum.
One Answer
In case anyone wondering, I posted this question on ghidra github as well and @cetfor posted a very good way to do this. You can find that question here.
I tried to reproduce it and I was able to do this successfully.
from ghidra.app.decompiler import DecompileOptions from ghidra.app.decompiler import DecompInterface ifc = DecompInterface() ifc.setOptions(DecompileOptions()) ifc.openProgram(currentProgram) for function in functions: res = ifc.decompileFunction(function, 60, monitor) high_func = res.getHighFunction() lsm = high_func.getLocalSymbolMap() symbols = lsm.getSymbols() for i, symbol in enumerate(symbols): print("Symbol {}: {} (size: {})".format(i+1, symbol.getName(), symbol.size))
Check out this endpoint for more information on highfunction. Note that I found differences in variables given by this decompiler interface and listing. Also, I couldn't find any api endpoint which gives address references by these variables (something like getReferencesTo).
Correct answer by R4444 on August 8, 2020
Add your own answers!
Ask a Question
Get help from others!
Recent Questions
- How can I transform graph image into a tikzpicture LaTeX code?
- How Do I Get The Ifruit App Off Of Gta 5 / Grand Theft Auto 5
- Iv’e designed a space elevator using a series of lasers. do you know anybody i could submit the designs too that could manufacture the concept and put it to use
- Need help finding a book. Female OP protagonist, magic
- Why is the WWF pending games (“Your turn”) area replaced w/ a column of “Bonus & Reward”gift boxes?
Recent Answers
- haakon.io on Why fry rice before boiling?
- Jon Church on Why fry rice before boiling?
- Joshua Engel on Why fry rice before boiling?
- Peter Machado on Why fry rice before boiling?
- Lex on Does Google Analytics track 404 page responses as valid page views?