GP-6072 Fixed thunk detection and thunk address for Position Independent Code thunks that call to load a link register that is turned into a jump.

2026-01-06 05:59:41 -06:00 · 2025-11-06 18:47:35 +00:00
parent f255b37871
commit 2419b08085
4 changed files with 36 additions and 4 deletions
--- a/Ghidra/Features/Base/src/main/java/ghidra/app/cmd/function/CreateThunkFunctionCmd.java
+++ b/Ghidra/Features/Base/src/main/java/ghidra/app/cmd/function/CreateThunkFunctionCmd.java
@@ -635,6 +635,8 @@ public class CreateThunkFunctionCmd extends BackgroundCommand<Program> {

 			// keep going if flow target is right below, allow only a simple branch.
 			if (isLocalBranch(listing, instr, flowType)) {
+				Address[] flows = instr.getFlows();
+				instr = listing.getInstructionAt(flows[0]);
 				continue;
 			}

--- a/Ghidra/Features/Base/src/main/java/ghidra/app/plugin/core/function/EditThunkFunctionAction.java
+++ b/Ghidra/Features/Base/src/main/java/ghidra/app/plugin/core/function/EditThunkFunctionAction.java
@@ -74,15 +74,17 @@ class EditThunkFunctionAction extends ProgramContextAction {
 		}
 		Address funcEntry = func.getEntryPoint();

-		Function refFunc = func.getThunkedFunction(false);		
+		Function refFunc = func.getThunkedFunction(false);
+		Symbol refSymbol = null;
 		if (refFunc == null) {
 			// if not already thunked, fill in a possible value from functions instructions
 			Address thunkAddr = CreateThunkFunctionCmd.getThunkedAddr(program, funcEntry, false);
 			if (thunkAddr != null) {
-				refFunc = functionMgr.getFunctionAt(thunkAddr);
+				refSymbol = program.getSymbolTable().getPrimarySymbol(thunkAddr);
 			}
-		}		
-		Symbol refSymbol = (refFunc == null ? null : refFunc.getSymbol());
+		} else {
+			refSymbol = refFunc.getSymbol();
+		}

 		// Prompt for function referenced by thunk
 		ThunkReferenceAddressDialog dialog = new ThunkReferenceAddressDialog(funcPlugin.getTool());
--- a/Ghidra/Processors/PowerPC/data/patterns/PPC_BE_patterns.xml
+++ b/Ghidra/Processors/PowerPC/data/patterns/PPC_BE_patterns.xml
@@ -73,4 +73,18 @@
      <funcstart after="defined" thunk="true"/> <!-- must be something define before this -->
  </pattern>
  
+  <pattern> <!-- .plt entry thunk -->
+      <data>  
+  		011111.. ...01000 0x02 0xa6          <!-- mfspr rxx, LR -->
+        0x42     1....... 0x00 0x05          <!-- bl +0x4 -->
+        011111.. ...01000 0x02 0xa6          <!-- mfspr rxx,LR -->
+        001111.. ........ 0x.. 0x..          <!-- addis rxx, rxx, 0xxx -->
+        001110.. ........ 0x.. 0x..          <!-- addi rxx, rxx, 0xxx -->
+        011111.. ...01000 0x03 0xa6          <!-- mtspr LR, rxx -->
+        011111.. ...01001 0x03 0xa6          <!-- mtspr CTR, rxx -->
+        0x4e     10000... 0x04 0x20          <!--bctr -->
+      </data>
+      <funcstart thunk="true"/>
+  </pattern>
+  
 </patternlist>
--- a/Ghidra/Processors/PowerPC/data/patterns/PPC_LE_patterns.xml
+++ b/Ghidra/Processors/PowerPC/data/patterns/PPC_LE_patterns.xml
@@ -73,4 +73,18 @@
      <funcstart after="defined" thunk="true"/> <!-- must be something define before this -->
  </pattern>
  
+  <pattern> <!-- .plt entry thunk -->
+      <data>  
+  		0xa6 0x02 ...01000 011111..             <!-- mfspr rxx, LR -->
+        0x05 0x00 1....... 0x42                 <!-- bl +0x4 -->
+        0xa6 0x02 ...01000 011111..             <!-- mfspr rxx,LR -->
+        0x.. 0x.. ........ 001111..             <!-- addis rxx, rxx, 0xxx -->
+        0x.. 0x.. ........ 001110..             <!-- addi rxx, rxx, 0xxx -->
+        0xa6 0x03 ...01000 011111..             <!-- mtspr LR, rxx -->
+        0xa6 0x03 ...01001 011111..             <!-- mtspr CTR, rxx -->
+        0x20 0x04 10000... 0x4e                 <!--bctr -->
+      </data>
+      <funcstart thunk="true"/>
+  </pattern>
+  
 </patternlist>