diff --git a/Ghidra/Configurations/Public_Release/certification.manifest b/Ghidra/Configurations/Public_Release/certification.manifest index 939bdc9ce1..2dca2b3c20 100644 --- a/Ghidra/Configurations/Public_Release/certification.manifest +++ b/Ghidra/Configurations/Public_Release/certification.manifest @@ -3,7 +3,6 @@ Module.manifest||GHIDRA||||END| README.md||GHIDRA||||END| data/PDB_SYMBOL_SERVER_URLS.pdburl||GHIDRA||||END| src/global/docs/ChangeHistory.md||GHIDRA||||END| -src/global/docs/UserAgreement.html||GHIDRA||||END| src/global/docs/WhatsNew.md||GHIDRA||||END| src/main/resources/UserAgreement.html||GHIDRA||||END| src/main/resources/defaultTools/CodeBrowser.tool||GHIDRA||||END| diff --git a/Ghidra/Configurations/Public_Release/src/global/docs/WhatsNew.md b/Ghidra/Configurations/Public_Release/src/global/docs/WhatsNew.md index 3f79a8c0c1..6e88e54a92 100644 --- a/Ghidra/Configurations/Public_Release/src/global/docs/WhatsNew.md +++ b/Ghidra/Configurations/Public_Release/src/global/docs/WhatsNew.md @@ -1,17 +1,17 @@ -# What's New in Ghidra 11.2 +# What's New in Ghidra 11.3 This release includes new features, enhancements, performance improvements, quite a few bug fixes, and many pull-request contributions. Thanks to all those who have contributed their time, thoughts, and code. The Ghidra user community thanks you too! ### The not-so-fine print: Please Read! -Ghidra 11.2 is fully backward compatible with project data from previous releases. However, programs -and data type archives which are created or modified in 11.2 will not be usable by an earlier Ghidra +Ghidra 11.3 is fully backward compatible with project data from previous releases. However, programs +and data type archives which are created or modified in 11.3 will not be usable by an earlier Ghidra version. -__IMPORTANT:__ Ghidra 11.2 requires at minimum JDK 21 to run. +__IMPORTANT:__ Ghidra 11.3 requires at minimum JDK 21 to run. __IMPORTANT:__ To use the Debugger or do a full source distribution build, you will need Python3 -(3.9 to 3.12 supported) installed on your system. +(3.9 to 3.13 supported) installed on your system. __NOTE:__ There have been reports of certain features causing the XWindows server to crash. A fix for `CVE-2024-31083` in X.org software in April 2024 introduced a regression, which has been fixed @@ -21,7 +21,7 @@ causing a full logout, check if your xorg-server has been updated to at least th __NOTE:__ Each build distribution will include native components (e.g., decompiler) for at least one platform (e.g., Windows x86-64). If you have another platform that is not included in the build distribution, you can build native components for your platform directly from the distribution. -See the `Installation Guide` for additional information. Users running with older shared libraries +See the _Installation Guide_ for additional information. Users running with older shared libraries and operating systems (e.g., CentOS 7.x) may also run into compatibility errors when launching native executables such as the Decompiler and GNU Demangler which may necessitate a rebuild of native components. @@ -42,76 +42,61 @@ process that will provide better results than prior Ghidra versions. You might fresh import of any program you will continue to reverse engineer to see if the latest Ghidra provides better results. -## Memory Search -The __Search Memory__ feature in Ghidra has been updated substantially to provide two new features: -* The ability to perform set operations on successive searches -* The ability to (re)scan memory for changes in value +## PyGhidra +The PyGhidra Python library, originally developed by the Department of Defense Cyber Crime Center +(DC3) under the name "Pyhidra", is a Python library that provides direct access to the Ghidra API +within a native CPython 3 interpreter using JPype. PyGhidra contains some conveniences for setting +up analysis on a given sample and running a Ghidra script locally. It also contains a Ghidra plugin +to allow the use of CPython 3 from the Ghidra GUI. + +To launch Ghidra in PyGhidra mode, run `./support/pyghidra` (or `support\pyghidra.bat`). See the +_"PyGhidra Mode"_ section of the _Installation Guide_ and `Ghidra/Features/PyGhidra/README.html` +for more information. + +## Visual Studio Code +Ghidra 11.2 introduced a `VSCodeProjectScript.java` GhidraScript to assist in setting up Visual +Studio Code project folders for Ghidra module development and debugging. This GhidraScript has been +replaced in Ghidra 11.3 by 2 new actions, accessible from a _CodeBrowser_ tool: +* _Tools -> Create VSCode Module Project..._ +* "_Edit Script with Visual Studio Code_" button in the Script Manager + +The "_Create VSCode Module Project..._" action provides the same capability as the old +`VSCodeProjectScript.java` GhidraScript, creating a Visual Studio Code project folder that contains +a skeleton module which can be used to build a variety of different Ghidra extension points +(Plugins, Analyzers, Loaders, etc). Launchers are also provided to run and debug the module in +Ghidra, as well as a Gradle task to export the module as a distributable Ghidra extension zip file. + +The "_Edit Script with Visual Studio Code_" button in the Script Manager enables quick editing and +debugging of the selected script in a Visual Studio Code workspace that is automatically created +behind the scenes in Ghidra's user settings directory. This provides a much snappier and modern +alternative to Eclipse, while maintaining all of the core fuctionality you would expect from an IDE (auto complete, hover, navigation, etc). + +Ghidra will do its best to automatically locate your Visual Studio Code installation, but if cannot +find it, it can be set via the Front-End GUI at _Edit -> Tool Options -> Visual Studio Code +Integration_. -Set operations, accessible from the pull-down menu under `Search`, allow you to augment results by -performing boolean operations on an existing search. For example, you might search for the hex -pattern `DE AD` using `Search`, add `BE EF` to the pattern field, and then select `A-B` to retrieve -a list of byte sequences that begin with `DE AD` but do not include `DE AD BE EF`. Scanning for -changes is most useful in a dynamic environment, such as the Debugger. Given an existing search, -you can look for values that have changed, increased, decreased, or remained the same. Simple -examples might include looking for counters while a process is running, checking for areas of -decompressed memory, or identifying active areas of the heap. - -## PDB -The `PDB Symbol Server Search Config` dialog has been changed, allowing the user to mark symbol -servers as trusted or untrusted. This is an improvement over the previous mechanism that based trust -on the symbol server's connection type. - ## Debugger -__ATTENTION:__ Please either delete and re-import the default `Emulator` tool, or manually remove -the `TraceRmiPlugin` from your EmulatorTool! +The old "IN-VM" and "GADP" launchers and connectors have been removed, as their replacement +TraceRmi-based implementations have been satisfactorily completed. On that same note, the entire API +and supporting code base for IN-VM and GADP connectors have been removed. -There are new launchers/features for the traceRMI version of dbgeng, including extended launch -options, kernel debugging, and remote process server connections. - -## Decompiler -* The Decompiler can now automatically recover strings built on the stack and initial support for - optimized heap strings has been added. Stack strings are typically found in optimized code and - obfuscated malware. +We've begun to explore more kernel-level debugging. Our lldb connector can now debug the macOS +kernel, and our dbgeng connector can now debug a Windows kernel running in a VM via eXDI. -* A new Search All action has been added which displays a table containing the results found within - the current function. +## Emulator +We have introduced a new accelerated p-code emulator that uses Jit-in-Time translation (JIT). +This is *not* currently integrated in the UI but is available for scripting and plugin developers. +Its implementation is named `JitPcodeEmulator`, and it's a near drop-in replacement for +`PcodeEmulator`. See its javadoc for usage and implementation details. This is very new, so there +may still be many bugs. -## Programming Languages -Golang support for versions `1.15` and `1.16` have been added. This brings the supported Golang -versions to `1.15` through `1.22`. - -## Processors -* There have been quite a few improvements to the `Sparc` processor specification, including - additional instructions, 64-bit relocation support, and better handling of call/return detection - through tracking of the `o7` link register. In addition, the calling convention for both - sparc 32 and 64 bit binaries have had an overhaul to support hidden structure return and much - improved parameter allocation of floating point and general data types. - -* The `Intel M16C/60/80` sleigh processor specifications have been added. In addition, there have - been numerous fixes to the `ARM`, `RX`, `M68000`, `PIC16`, `PPC`, and `x86` processor - specifications. - -## Other Improvements -* Actions have been added to compare functions directly from the Listing, Decompiler, or Functions - Table via popup menu items. If there is already a Function Comparison window showing, there are - two actions: one to add the selected function(s) to the existing comparison, and one to create a - new Function Comparison Window. This allows a workflow where users can build up a set of functions - to compare as they browse around instead of having to select them all at once. - -* For Ghidra script and plugin developers who would prefer to use Visual Studio Code, a new script - `VSCodeProjectScript.java` will create a new Visual Studio Code project that is setup to do Ghidra - scripting and module development. The capabilities are similar to the Eclipse GhidraDev plugin. - -* There have been major speed improvements when creating or modifying large structures within the - structure editor. In general large structure manipulation should perform fluidly no matter the - size of the structure. If the structure contains a large number of defined data, there could - still be some degradation in speed. Some fixed performance issues include: resizing a structure - smaller or larger, clicking on an item to select a row, and defining a data type either with - keyboard actions or dragging and dropping from the data type manager. In addition, the behavior - of automatically growing the size of a structure has been made consistent. Defining data on the - last element of a structure is allowed to automatically grow the structure to fit the data type. - Defining data anywhere other than the last element isn't allowed if the data type does not fit - because of defined data that would need to be cleared, or there are not enough undefined bytes. +## Other Improvements +* Much of Ghidra's standalone documentation has been modernized to the Markdown format. Generated + HTML versions are provided alongside the Markdown files for convenience. Converting all relevant + documents to Markdown remains an ongoing process. __NOTE:__ There are no plans to convert the + internal Ghidra help system to Mardown, as the Java Help library does not support it. +* Libraries can now be loaded into an already-imported program with the _File -> Load Libraries..._ + action. ## Additional Bug Fixes and Enhancements Numerous other new features, improvements, and bug fixes are fully listed in the diff --git a/Ghidra/Features/PyGhidra/build.gradle b/Ghidra/Features/PyGhidra/build.gradle index 216131e5d5..b1c94ead4f 100644 --- a/Ghidra/Features/PyGhidra/build.gradle +++ b/Ghidra/Features/PyGhidra/build.gradle @@ -99,4 +99,13 @@ task prepPyGhidra(type: Exec) { doFirst { commandLine "$PYTHON3_VENV", "-m", "pip", "install", "-e", "src/main/py", "--no-index", "-f", "$dir" } -} \ No newline at end of file +} + +rootProject.assembleMarkdownToHtml { + def p = this.project + def zipPath = getZipPath(p) + + from ("${p.projectDir}/src/main/py/README.md") { + into { "${zipPath}/pypkg" } + } +} diff --git a/GhidraBuild/MarkdownSupport/src/main/java/ghidra/markdown/MarkdownToHtml.java b/GhidraBuild/MarkdownSupport/src/main/java/ghidra/markdown/MarkdownToHtml.java index e9dbb4a185..0d87cbddc2 100644 --- a/GhidraBuild/MarkdownSupport/src/main/java/ghidra/markdown/MarkdownToHtml.java +++ b/GhidraBuild/MarkdownSupport/src/main/java/ghidra/markdown/MarkdownToHtml.java @@ -87,10 +87,41 @@ public class MarkdownToHtml { @Override public void setAttributes(Node node, String tagName, Map attributes) { if (node instanceof Link) { - String href = attributes.get("href"); - if (href != null && !href.startsWith("#") && href.toLowerCase().endsWith(".md")) { - attributes.put("href", href.substring(0, href.length() - 2) + "html"); - } + fixupLinks(attributes); + } + } + + private void fixupLinks(Map attributes) { + String href = attributes.get("href"); + + // Ignore local anchor links + if (href == null || href.startsWith("#")) { + return; + } + + // Ignore fully qualified URL's + if (href.toLowerCase().startsWith("http://") || + href.toLowerCase().startsWith("https://")) { + return; + } + + // Convert .md links to .html links + if (href.toLowerCase().endsWith(".md")) { + href = href.substring(0, href.length() - 2) + "html"; + } + + // Fixup known differences between repository link and release links + href = switch (href) { + case String s when s.contains("src/main/py") -> s.replace("src/main/py", "pypkg"); + case String s when s.contains("src/main/java") -> null; + default -> href; + }; + + if (href != null) { + attributes.put("href", href); + } + else { + attributes.remove("href"); } } } diff --git a/gradle/distributableGhidraModule.gradle b/gradle/distributableGhidraModule.gradle index 96353c9e0e..5a7ab5ffef 100644 --- a/gradle/distributableGhidraModule.gradle +++ b/gradle/distributableGhidraModule.gradle @@ -33,11 +33,7 @@ rootProject.assembleDistribution { from ("${p.projectDir}/Module.manifest") { into { zipPath } } - - from ("${p.projectDir}/README.md") { - into { zipPath } - } - + from ("${p.projectDir}/support") { into { "${zipPath}/support" } }