From a3f1c730f35399b71960aa3ebc02654a3de1a694 Mon Sep 17 00:00:00 2001 From: Daniel Lim Wee Soong Date: Sun, 2 Aug 2020 12:41:18 +0800 Subject: [PATCH 1/3] Add rust demangle script --- rust_demangler.py | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 rust_demangler.py diff --git a/rust_demangler.py b/rust_demangler.py new file mode 100644 index 0000000..d0e4eed --- /dev/null +++ b/rust_demangler.py @@ -0,0 +1,37 @@ +# Demangle swift function names +# A script can be easily created in the Script Manager window +# Make sure https://github.com/luser/rustfilt is installed on your system + +#@author Thomas Roth +#@category Ghidra Ninja.Rust +#@keybinding +#@menupath +#@toolbar + +from subprocess import Popen, PIPE + +from ghidra.program.model.symbol import SourceType +from ghidra.program.model.listing import CodeUnit + +functionManager = currentProgram.getFunctionManager() + +# Get functions in ascending order +fns = functionManager.getFunctions(True) +for f in fns: + f_name = f.getName() + # Is it a mangled name? + if not (f_name.startswith("_ZN") or f_name.startswith("_R")): + continue + + previous_comment = f.getComment() + if not previous_comment: + previous_comment = "" + + rustfilt = Popen(['rustfilt'], stdin=PIPE, stdout=PIPE) + signature = rustfilt.communicate(input=f_name)[0] + + # Replace characters we can't have in our name + signature = signature.split("(")[0] + signature = signature.replace(" ", "_") + + f.setName(signature, SourceType.ANALYSIS) From a37a141ed456677b2f139349efd7ee1dd7ed488f Mon Sep 17 00:00:00 2001 From: Daniel Lim Wee Soong Date: Sun, 2 Aug 2020 13:26:31 +0800 Subject: [PATCH 2/3] Rename functions that only have the hash as its name --- rust_demangler.py | 38 ++++++++++++++++++++++++++++++-------- 1 file changed, 30 insertions(+), 8 deletions(-) diff --git a/rust_demangler.py b/rust_demangler.py index d0e4eed..c594eaf 100644 --- a/rust_demangler.py +++ b/rust_demangler.py @@ -1,4 +1,4 @@ -# Demangle swift function names +# Demangle Rust function names # A script can be easily created in the Script Manager window # Make sure https://github.com/luser/rustfilt is installed on your system @@ -9,24 +9,43 @@ #@toolbar from subprocess import Popen, PIPE +import re -from ghidra.program.model.symbol import SourceType +from ghidra.program.model.symbol import * from ghidra.program.model.listing import CodeUnit functionManager = currentProgram.getFunctionManager() -# Get functions in ascending order fns = functionManager.getFunctions(True) for f in fns: f_name = f.getName() + + # Is it a hash? + if not re.match(r"\bh[0-9a-f]{16}\b", f_name): + continue + + signature = f.getComment() + signature = signature.replace("$LT$", "<") + signature = signature.replace("$GT$", ">") + signature = signature.replace("$u20$", " ") + signature = signature.replace("$C$", ",") + signature = signature.replace(".", ":") + + try: + f.setName(signature, SourceType.ANALYSIS) + except: + pass + +# Get symbols +st = currentProgram.getSymbolTable(); +symbols = st.getDefinedSymbols(); +for f in symbols: + f_name = f.getName() + # Is it a mangled name? if not (f_name.startswith("_ZN") or f_name.startswith("_R")): continue - previous_comment = f.getComment() - if not previous_comment: - previous_comment = "" - rustfilt = Popen(['rustfilt'], stdin=PIPE, stdout=PIPE) signature = rustfilt.communicate(input=f_name)[0] @@ -34,4 +53,7 @@ signature = signature.split("(")[0] signature = signature.replace(" ", "_") - f.setName(signature, SourceType.ANALYSIS) + try: + f.setName(signature, SourceType.ANALYSIS) + except: + pass From 011ed393e96fb807734173e013f82d290f5451ed Mon Sep 17 00:00:00 2001 From: Daniel Lim Wee Soong Date: Sun, 2 Aug 2020 13:56:42 +0800 Subject: [PATCH 3/3] Replace disallowed characters --- rust_demangler.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/rust_demangler.py b/rust_demangler.py index c594eaf..febf6b5 100644 --- a/rust_demangler.py +++ b/rust_demangler.py @@ -30,11 +30,9 @@ signature = signature.replace("$u20$", " ") signature = signature.replace("$C$", ",") signature = signature.replace(".", ":") + signature = signature.replace(" ", "_") - try: - f.setName(signature, SourceType.ANALYSIS) - except: - pass + f.setName(signature, SourceType.ANALYSIS) # Get symbols st = currentProgram.getSymbolTable();