Merge branch 'NationalSecurityAgency:master' into doubleclick-processor

GPL/DMG/README.md

@@ -0,0 +1 @@
+# DMG

GPL/DMG/certification.manifest

@@ -3,6 +3,7 @@
 ##MODULE IP: LGPL 2.1
 ##MODULE IP: Public Domain
 Module.manifest||Public Domain||||END|
+README.md||GHIDRA||||END|
 data/lib/csframework.jar||LGPL 2.1||||END|
 data/lib/hfsexplorer-0_21-src.zip||GPL 3||||END|
 data/lib/hfsx.jar||GPL 3||||END|

GPL/DemanglerGnu/README.md

@@ -0,0 +1 @@
+# DemanglerGnu

GPL/DemanglerGnu/certification.manifest

@@ -5,5 +5,5 @@
 ##MODULE IP: LGPL 3.0
 ##MODULE IP: Public Domain
 Module.manifest||Public Domain||||END|
+README.md||GHIDRA||||END|
 src/demangler_gnu_v2_24/README.txt||Public Domain||||END|
-src/demangler_gnu_v2_33_1/README.txt||Public Domain||||END|

GPL/GnuDisassembler/README.md

@@ -0,0 +1,27 @@
+# GnuDisassembler
+
+The GnuDisassembler extension module must be built using gradle prior to its use within Ghidra.
+
+This module provides the ability to leverage the binutils disassembler capabilities
+for various processors as a means of verifying Sleigh disassembler output syntax.
+
+To build this extension for Linux or macOS:
+
+1. If building for an installation of Ghidra, copy the appropriate source distribution of binutils 
+   into this module's root directory. If building within a git clone of the full Ghidra source, copy
+   binutils source distribution file into the `ghidra.bin/GPL/GnuDisassembler` directory.
+
+   The supported version and archive format is identified within the build.gradle file. If a 
+   different binutils distribution is used the build.gradle and/or buildGdis.gradle	may require 
+   modification.
+
+   The build requires the following packages to be installed:
+   * flex
+   * bison
+   * texinfo
+   * zlib1g-dev
+
+2. Run gradle from the module's root directory (see top of `build.gradle` file for specific 
+instructions). 
+
+This resulting gdis executable will be located in `build/os/<platform>`.

GPL/GnuDisassembler/certification.manifest

@@ -3,7 +3,7 @@
 ##MODULE IP: Public Domain
 .gitignore||Public Domain||||END|
 Module.manifest||Public Domain||||END|
-README.txt||Public Domain||||END|
+README.md||GHIDRA||||END|
 data/arm_test1.s||Public Domain||||END|
 data/big.elf||Public Domain||||END|
 data/little.elf||Public Domain||||END|

Ghidra/Configurations/Public_Release/README.md

@@ -0,0 +1 @@
+# Public_Release

Ghidra/Configurations/Public_Release/certification.manifest

@@ -1,5 +1,6 @@
 ##VERSION: 2.0
 Module.manifest||GHIDRA||||END|
+README.md||GHIDRA||||END|
 data/PDB_SYMBOL_SERVER_URLS.pdburl||GHIDRA||||END|
 src/global/docs/ChangeHistory.html||GHIDRA||||END|
 src/global/docs/UserAgreement.html||GHIDRA||||END|

Ghidra/Configurations/Public_Release/src/global/docs/UserAgreement.html

@@ -1,4 +1,7 @@
 <HTML>
+<HEAD>
+  <TITLE>Ghidra User Agreement</TITLE>
+</HEAD>
 
 <FONT SIZE="5">
 

Ghidra/Debug/AnnotationValidator/README.md

@@ -0,0 +1 @@
+# AnnotationValidator

Ghidra/Debug/AnnotationValidator/certification.manifest

@@ -1,3 +1,4 @@
 ##VERSION: 2.0
 Module.manifest||GHIDRA||||END|
+README.md||GHIDRA||||END|
 src/main/resources/META-INF/services/javax.annotation.processing.Processor||GHIDRA||||END|

Ghidra/Debug/Debugger-agent-dbgeng/README.md

@@ -0,0 +1 @@
+# Debugger-agent-dbgeng

Ghidra/Debug/Debugger-agent-dbgeng/certification.manifest

@@ -2,6 +2,7 @@
 ##MODULE IP: Apache License 2.0
 ##MODULE IP: MIT
 Module.manifest||GHIDRA||||END|
+README.md||GHIDRA||||END|
 data/debugger-launchers/kernel-dbgeng.bat||GHIDRA||||END|
 data/debugger-launchers/local-dbgeng-attach.bat||GHIDRA||||END|
 data/debugger-launchers/local-dbgeng-ext.bat||GHIDRA||||END|

Ghidra/Debug/Debugger-agent-dbgeng/data/debugger-launchers/kernel-dbgeng.bat

@@ -9,7 +9,7 @@
 ::@menu-group local
 ::@icon icon.debugger
 ::@help TraceRmiLauncherServicePlugin#dbgeng_kernel
-::@env OPT_PYTHON_EXE:file="python" "Python command" "The path to the Python 3 interpreter. Omit the full path to resolve using the system PATH."
+::@env OPT_PYTHON_EXE:file!="python" "Python command" "The path to the Python 3 interpreter. Omit the full path to resolve using the system PATH."
 :: Use env instead of args, because "all args except first" is terrible to implement in batch
 ::@env OPT_TARGET_ARGS:str="" "Arguments" "Connection-string arguments (a la .server)"
 ::@env OPT_USE_DBGMODEL:bool=true "Use dbgmodel" "Load and use dbgmodel.dll if it is available."

Ghidra/Debug/Debugger-agent-dbgeng/data/debugger-launchers/local-dbgeng-attach.bat

@@ -9,9 +9,9 @@
 ::@menu-group local
 ::@icon icon.debugger
 ::@help TraceRmiLauncherServicePlugin#dbgeng_attach
-::@env OPT_PYTHON_EXE:file="python" "Python command" "The path to the Python 3 interpreter. Omit the full path to resolve using the system PATH."
-::@env OPT_TARGET_PID:str="" "Process id" "The target process id"
-::@env OPT_ATTACH_FLAGS:str="0" "Attach flags" "Attach flags"
+::@env OPT_PYTHON_EXE:file!="python" "Python command" "The path to the Python 3 interpreter. Omit the full path to resolve using the system PATH."
+::@env OPT_TARGET_PID:int="" "Process id" "The target process id"
+::@env OPT_ATTACH_FLAGS:int="0" "Attach flags" "Attach flags"
 ::@env OPT_USE_DBGMODEL:bool=true "Use dbgmodel" "Load and use dbgmodel.dll if it is available."
 ::@env WINDBG_DIR:dir="" "Path to dbgeng.dll directory" "Path containing dbgeng and associated DLLS (if not Windows Kits)."
 

Ghidra/Debug/Debugger-agent-dbgeng/data/debugger-launchers/local-dbgeng-ext.bat

@@ -1,4 +1,5 @@
 ::@title dbgeng-ext
+::@image-opt env:OPT_TARGET_IMG
 ::@desc <html><body width="300px">
 ::@desc   <h3>Launch with <tt>dbgeng</tt> (in a Python interpreter)</h3>
 ::@desc   <p>
@@ -9,17 +10,17 @@
 ::@menu-group local
 ::@icon icon.debugger
 ::@help TraceRmiLauncherServicePlugin#dbgeng_ext
-::@env OPT_PYTHON_EXE:file="python" "Python command" "The path to the Python 3 interpreter. Omit the full path to resolve using the system PATH."
+::@env OPT_PYTHON_EXE:file!="python" "Python command" "The path to the Python 3 interpreter. Omit the full path to resolve using the system PATH."
 :: Use env instead of args, because "all args except first" is terrible to implement in batch
-::@env OPT_TARGET_IMG:file="" "Image" "The target binary executable image"
+::@env OPT_TARGET_IMG:file!="" "Image" "The target binary executable image"
 ::@env OPT_TARGET_ARGS:str="" "Arguments" "Command-line arguments to pass to the target"
 ::@env OPT_USE_DBGMODEL:bool=true "Use dbgmodel" "Load and use dbgmodel.dll if it is available."
 ::@env WINDBG_DIR:dir="" "Path to dbgeng.dll directory" "Path containing dbgeng and associated DLLS (if not Windows Kits)."
 ::@env OPT_TARGET_DIR:str="" "Dir" "Initial directory"
 ::@env OPT_TARGET_ENV:str="" "Env" "Environment variables (sep=/0)"
-::@env OPT_CREATE_FLAGS:str="1" "Create flags" "Creation flags"
-::@env OPT_CREATE_ENGFLAGS:str="0" "Create flags (Engine)" "Engine-specific creation flags"
-::@env OPT_VERIFIER_FLAGS:str="0" "Verifier flags" "Verifier flags"
+::@env OPT_CREATE_FLAGS:int="1" "Create flags" "Creation flags"
+::@env OPT_CREATE_ENGFLAGS:int="0" "Create flags (Engine)" "Engine-specific creation flags"
+::@env OPT_VERIFIER_FLAGS:int="0" "Verifier flags" "Verifier flags"
 
 @echo off
 

Ghidra/Debug/Debugger-agent-dbgeng/data/debugger-launchers/local-dbgeng.bat

@@ -1,4 +1,5 @@
 ::@title dbgeng
+::@image-opt env:OPT_TARGET_IMG
 ::@desc <html><body width="300px">
 ::@desc   <h3>Launch with <tt>dbgeng</tt> (in a Python interpreter)</h3>
 ::@desc   <p>
@@ -9,9 +10,9 @@
 ::@menu-group local
 ::@icon icon.debugger
 ::@help TraceRmiLauncherServicePlugin#dbgeng
-::@env OPT_PYTHON_EXE:file="python" "Python command" "The path to the Python 3 interpreter. Omit the full path to resolve using the system PATH."
+::@env OPT_PYTHON_EXE:file!="python" "Python command" "The path to the Python 3 interpreter. Omit the full path to resolve using the system PATH."
 :: Use env instead of args, because "all args except first" is terrible to implement in batch
-::@env OPT_TARGET_IMG:file="" "Image" "The target binary executable image"
+::@env OPT_TARGET_IMG:file!="" "Image" "The target binary executable image"
 ::@env OPT_TARGET_ARGS:str="" "Arguments" "Command-line arguments to pass to the target"
 ::@env OPT_USE_DBGMODEL:bool=true "Use dbgmodel" "Load and use dbgmodel.dll if it is available."
 ::@env WINDBG_DIR:dir="" "Path to dbgeng.dll directory" "Path containing dbgeng and associated DLLS (if not Windows Kits)."

Ghidra/Debug/Debugger-agent-dbgeng/data/debugger-launchers/local-ttd.bat

@@ -9,9 +9,9 @@
 ::@menu-group local
 ::@icon icon.debugger
 ::@help TraceRmiLauncherServicePlugin#dbgeng_ttd
-::@env OPT_PYTHON_EXE:file="python" "Python command" "The path to the Python 3 interpreter. Omit the full path to resolve using the system PATH."
+::@env OPT_PYTHON_EXE:file!="python" "Python command" "The path to the Python 3 interpreter. Omit the full path to resolve using the system PATH."
 :: Use env instead of args, because "all args except first" is terrible to implement in batch
-::@env OPT_TARGET_IMG:file="" "Trace (.run)" "A trace associated with the target binary executable"
+::@env OPT_TARGET_IMG:file!="" "Trace (.run)" "A trace associated with the target binary executable"
 ::@env OPT_TARGET_ARGS:str="" "Arguments" "Command-line arguments to pass to the target"
 ::@env OPT_USE_DBGMODEL:bool=true "Use dbgmodel" "Load and use dbgmodel.dll if it is available."
 ::@env OPT_DBGMODEL_PATH:dir="" "Path to dbgeng.dll & \\ttd" "Path containing dbgeng and associated DLLS (if not Windows Kits)."

Ghidra/Debug/Debugger-agent-dbgeng/data/debugger-launchers/remote-dbgeng.bat

@@ -1,4 +1,5 @@
 ::@title dbgeng-remote
+::@image-opt env:OPT_TARGET_IMG
 ::@desc <html><body width="300px">
 ::@desc   <h3>Launch with <tt>dbgeng</tt> remotely (in a Python interpreter)</h3>
 ::@desc   <p>
@@ -9,9 +10,9 @@
 ::@menu-group local
 ::@icon icon.debugger
 ::@help TraceRmiLauncherServicePlugin#dbgeng_remote
-::@env OPT_PYTHON_EXE:file="python" "Python command" "The path to the Python 3 interpreter. Omit the full path to resolve using the system PATH."
+::@env OPT_PYTHON_EXE:file!="python" "Python command" "The path to the Python 3 interpreter. Omit the full path to resolve using the system PATH."
 :: Use env instead of args, because "all args except first" is terrible to implement in batch
-::@env OPT_TARGET_IMG:file="" "Image" "The target binary executable image"
+::@env OPT_TARGET_IMG:str!="" "Image" "The target binary executable image"
 ::@env OPT_TARGET_ARGS:str="" "Arguments" "Command-line arguments to pass to the target"
 ::@env OPT_CONNECT_STRING:str="" "Connection" "Connection-string arguments (a la dbgsrv args)"
 ::@env OPT_USE_DBGMODEL:bool=true "Use dbgmodel" "Load and use dbgmodel.dll if it is available."

Ghidra/Debug/Debugger-agent-dbgmodel-traceloader/README.md

@@ -0,0 +1 @@
+# Debugger-agent-dbgmodel-traceloader

Ghidra/Debug/Debugger-agent-dbgmodel-traceloader/certification.manifest

@@ -1,3 +1,4 @@
 ##VERSION: 2.0
 ##MODULE IP: Apache License 2.0
 Module.manifest||GHIDRA||||END|
+README.md||GHIDRA||||END|

Ghidra/Debug/Debugger-agent-dbgmodel/README.md

@@ -0,0 +1 @@
+# Debugger-agent-dbgmodel

Ghidra/Debug/Debugger-agent-dbgmodel/certification.manifest

@@ -1,5 +1,6 @@
 ##VERSION: 2.0
 Module.manifest||GHIDRA||||END|
+README.md||GHIDRA||||END|
 src/javaprovider/def/javaprovider.def||GHIDRA||||END|
 src/javaprovider/rc/javaprovider.rc||GHIDRA||||END|
 src/main/resources/agent/dbgmodel/model/impl/dbgmodel_schema.xml||GHIDRA||||END|

Ghidra/Debug/Debugger-agent-frida/README.md

@@ -0,0 +1,58 @@
+# Debugger-agent-frida
+
+## Random Notes on the Implementation of Debugger-agent-frida
+
+Building libfrida-core.so:
+* You can download libfrida-core.a for Frida by grabbing the latest frida-core-devkit for your OS 
+  from https://github.com/frida/frida/releases or by downloading the Frida source and running:
+  `python3 devkit.py frida-core linux-x86_64 DEVKIT` from the `releng` directory. 
+
+Ghidra needs a dynamically-loadable version of libfrida-core.a which you can generate by something like:
+```bash
+cp ghidra_wrapper.c into the directory with libfrida-core.a and frida-core.h (distro or DEVKIT)
+g++ -shared ghidra_wrapper.c ./libfrida-core.a -o libfrida-core.so
+```
+
+Libfrida-core.so should then be added to the `j`na.library.path`or put someplace like
+`/usr/lib/x86_64-linux-gnu`, where it will get picked up by `Native.load()`.
+
+### Frida Functionality
+The most interesting bits of Frida are available as "methods" from the Objects Tree.  For instance, 
+if you select a function and hit `M`, you will get a dialog with available methods.  Selecting, 
+for example, `intercept` will bring up a second dialog with the relevant parameters.  For many of 
+these, you will want to provide your own Javascript `on` functions, e.g. `onEnter` for the 
+Interceptor. Stalking is available on Threads and the individual thread entries. Scan, protect, and 
+watch functions are available on Memory. You can also redirect the output to GhidraScript, although
+this relies on a bit of a hack.  If your Javascript `Name` parameter is something like 
+`interpreter`, prepend `interpreter<=` to the output from your Javascript, and the results will be 
+passed to both the console and the script.
+
+### State in Frida
+Commands in Frida are, generally speaking, not state-dependent, i.e. they do not depend on whether 
+the target is running or not, only on whether the frida-agent thread is running. Many of the 
+gum-based commands do, however, depend on ptrace.  If you have a ptrace-based debugger attached to 
+the target, they will time out.  You can attach a debugger after Frida, but you will have to detach 
+it to regain the gum-based functionality.  "Detach" in most debuggers includes "resume", so it is 
+difficult to get state other than the "initial" state from the frida-agent injection point.  It 
+would be nice if "disconnect" worked, but "disconnect" (i.e. detach without resuming) also leaves 
+Frida in a partially disabled state.
+
+### Errors in Frida
+The cloaking logic in Frida, e.g. in `gum_cloak_add_thread` and `gum_cloak_index_of_thread`, is 
+broken as of the writing of this note.  `gum_cloak_add_thread` is called for every thread, and 
+`gum_cloak_index_of_thread` returns a non-negative result for every call but the first.  As a 
+result, every thread but one is cloaked, and `enumerateThreads`returns only a single thread. This is
+documented in `Issue #625` for the frida-gum project.  A quick fix is to comment out the cloaking 
+call in `frida-gum/gum/gumprocess.c::gum_emit_thread_if_not_cloaked`.  Obviously, this may have 
+other undesirable effects, but...
+
+The logic in the ordering of exception handlers also appears to be broken (`Issue #627`). New 
+handlers are appended to the queue, in most cases after `gum_exceptor_handle_scope_exception` and 
+`gum_quick_core_handle_crashed_js`. `gum_exceptor_handle_scope_exception` almost always returns 
+`TRUE`, breaking out of the queue and causing any remaining handlers to be ignored. This means any 
+handler added with `Process.setExceptionHandler` is likely to be ignored.  A quick fix is to modify
+`gum_exceptor_add` to use `g_slist_prepend instead` of `g_slist_append`.
+
+Not really an error, but worth noting: building `libfrida-core.so` from the source may result in a 
+library with glib2.0 dependencies that are incompatible with the current version of Eclipse. The 
+not-so-simple solution is to build Eclipse on the machine that you used to build `libfrida-core`.

Ghidra/Debug/Debugger-agent-frida/certification.manifest

@@ -1,8 +1,8 @@
 ##VERSION: 2.0
 ##MODULE IP: Apache License 2.0
 ##MODULE IP: Apache License 2.0 with LLVM Exceptions
-FridaNotes.txt||GHIDRA||||END|
 Module.manifest||GHIDRA||||END|
+README.md||GHIDRA||||END|
 build.gradle||GHIDRA||||END|
 data/scripts/onAccess.js||GHIDRA||||END|
 data/scripts/onAccessExt.js||GHIDRA||||END|

Ghidra/Debug/Debugger-agent-gdb/README.md

@@ -0,0 +1 @@
+# Debugger-agent-gdb

Ghidra/Debug/Debugger-agent-gdb/certification.manifest

@@ -1,7 +1,12 @@
 ##VERSION: 2.0
 ##MODULE IP: JSch License
 Module.manifest||GHIDRA||||END|
+README.md||GHIDRA||||END|
 data/debugger-launchers/local-gdb.bat||GHIDRA||||END|
+data/debugger-launchers/qemu-gdb.bat||GHIDRA||||END|
+data/debugger-launchers/remote-gdb.bat||GHIDRA||||END|
+data/debugger-launchers/ssh-gdb.bat||GHIDRA||||END|
+data/debugger-launchers/ssh-gdbserver.bat||GHIDRA||||END|
 data/scripts/fallback_info_proc_mappings.gdb||GHIDRA||||END|
 data/scripts/fallback_maintenance_info_sections.gdb||GHIDRA||||END|
 data/scripts/getpid-linux-i386.gdb||GHIDRA||||END|