Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adjust Pointer Offset / Create Relative Pointer: What does it do? #4200

Closed
sad-dev opened this issue Apr 28, 2022 · 12 comments
Closed

Adjust Pointer Offset / Create Relative Pointer: What does it do? #4200

sad-dev opened this issue Apr 28, 2022 · 12 comments
Assignees
@ghidra1
Labels
Type: Question Further information is requested

Comments

@sad-dev
Copy link
Contributor

sad-dev commented Apr 28, 2022
edited
Loading

Commit ec5b6aa introduced a "relative pointer action" to the decompiler.

Can I clarify whether supplying arguments DataType = MyType, offset=0x10, name="MyTypeDef", results in a typedef that represents a pointer to offset 0x10 in the MyType structure?

Also, is there an equivalent global action to create a similar offset typedef?
@astrelsky
Copy link
Contributor

Also is it possible to create a pointer relative to an address instead of a datatype? This would enable virtual inheritance modeling.

@dev747368
Copy link
Collaborator

In DTM, the painful / manual way is to create a pointer to a type (right click on type, New | Pointer to typename), find the new pointer type, right click on it, and create a typedef to that, find the new typedef and right click on it and choose "Settings", and tweak.

@sad-dev
Copy link
Contributor Author

sad-dev commented Apr 29, 2022
edited
Loading

In DTM, the painful / manual way is to create a pointer to a type (right click on type, New | Pointer to typename), find the new pointer type, right click on it, and create a typedef to that, find the new typedef and right click on it and choose "Settings", and tweak.

Wow, that's a whole host of options in that dialog. Are there plans for a tutorial of how we can use this to improve the quality of decompilation e.g. to deal with the shifted pointers / negative offsets mentioned in #2189 and #573 ? It sounds like it would be a good addition to the GhidraDocs/GhidraClass

@ghidra1
Copy link
Collaborator

ghidra1 commented May 20, 2022
edited
Loading

Also is it possible to create a pointer relative to an address instead of a datatype? This would enable virtual inheritance modeling.

It does support this use. You can simply use a default pointer typedef with the Component Offset setting when defining the relevant pointer component. See convenience factory class PointerTypedef for construction via API. Via GUI, from the datatype manager tree you can create a typedef from a default pointer (without a name) and set offset setting on the typedef.

This technique is currently being used by the RecoverClassesFromRTTIScript.

PointerTypedef dt = new PointerTypedef(null, null, -1, program.getDataTypeManager(), componentOffset);

Alternatively, PointerTypedefBuilder may be used.

@ghidra1
Copy link
Collaborator

ghidra1 commented May 20, 2022

In DTM, the painful / manual way is to create a pointer to a type (right click on type, New | Pointer to typename), find the new pointer type, right click on it, and create a typedef to that, find the new typedef and right click on it and choose "Settings", and tweak.

Wow, that's a whole host of options in that dialog. Are there plans for a tutorial of how we can use this to improve the quality of decompilation e.g. to deal with the shifted pointers / negative offsets mentioned in #2189 and #573 ? It sounds like it would be a good addition to the GhidraDocs/GhidraClass

Within the master branch (i.e., 10.2) Most of the pointer-typedef settings are not currently supported by the decompiler (work-in-progress). Partial support for the Component Offset setting does exist.

@astrelsky
Copy link
Contributor

astrelsky commented May 20, 2022
edited
Loading

Also is it possible to create a pointer relative to an address instead of a datatype? This would enable virtual inheritance modeling.

It does support this use. You can simply use a default pointer typedef with the offset setting when defining the relevant pointer component. See convenience factory class PointerTypedef for construction via API. Via GUI, it is create a typedef from a default pointer (without a name) and set offset setting on the typedef.

This technique is currently being used by the RecoverClassesFromRTTIScript.

I don't think I actually asked what I meant. I want to be able to have a pointer that would be assumed to have a constant value, void const * for example, so that when the _vptr is dereferenced with a negative offset the decompiler will request the data at the calculated address, see it is defined as a constant ptrdiff_t and use that value and eliminate the pointer dereferencing. Then with the further application of decompiler simplification rules the loaded value which gets added to the this pointer would then translate into a member access of the correct virtual base.

I have yet to play around with the new pointer settings. There may be a few ways to go about it with the offset pointers. I don't know if the decompiler eliminates things such as the addition of the image base to an imagebaseoffset 32 to just show a pointer dereference for example. (I'm not actually sure if it should do that, just an example)

@ghidra1
Copy link
Collaborator

ghidra1 commented May 20, 2022

I assume this would require a new const pointer-typedef setting. The original post related to the "relative" pointer action within the decompiler which makes use of the Component Offset setting for a pointer-typedef.

@astrelsky
Copy link
Contributor

I assume this would require a new const pointer-typedef setting. The original post related to the "relative" pointer action within the decompiler which makes use of the Component Offset setting for a pointer-typedef.

Maybe. There would still need to be a way to set the value for the pointer though unless the offset would have a different meaning when const. Will let things settle and see what direction things go in first before requesting any additional settings or something.

@ryanmkurtz ryanmkurtz added the Type: Question Further information is requested label May 20, 2022
@s5bug
Copy link

s5bug commented Jun 25, 2022

I don't see how I'm supposed to use this at all. I have an artifact of LTO where a pointer is passed in at an offset of 16;

struct Foo {
  Bar base_Bar; // size 16
  Qux base_Qux; // size 16
  int field1;
  int field2;
}

A method takes in a offset(Foo*, 16), such that the pointer points to base_Qux.

image

I don't see any fancy dialog like the one in the commit would imply.

Trying to edit a Typedef to a Pointer to a Struct just brings up the Struct editor.

@astrelsky
Copy link
Contributor

I don't see how I'm supposed to use this at all. I have an artifact of LTO where a pointer is passed in at an offset of 16;

struct Foo {
  Bar base_Bar; // size 16
  Qux base_Qux; // size 16
  int field1;
  int field2;
}

A method takes in a offset(Foo*, 16), such that the pointer points to base_Qux.

image

I don't see any fancy dialog like the one in the commit would imply.

Trying to edit a Typedef to a Pointer to a Struct just brings up the Struct editor.

You want to right click on the typedef and choose settings.

@s5bug
Copy link

s5bug commented Jun 25, 2022

image

Where's Settings? Edit just brings up the menu to edit the R_Player struct. Perhaps this isn't shipped 10.1.4?

@ryanmkurtz
Copy link
Collaborator

Perhaps this isn't shipped 10.1.4?

Correct, this is in master/10.2-DEV

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ghidra1 ghidra1

Labels
Type: Question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@ryanmkurtz @s5bug @astrelsky @dev747368 @ghidra1 @sad-dev