Ghidra-Switch-Loader icon indicating copy to clipboard operation
Ghidra-Switch-Loader copied to clipboard
verified publisher icon Adubbz

Disassemble .plt section and mark functions as thunks

Open TSRBerry opened this issue 1 year ago • 2 comments

This PR closes #19 by disassembling the entire .plt section and creating thunked functions for every PltEntry referencing external functions.

For entries referencing functions in the same binary the AARCH64PltThunkAnalyzer will now be able to take care of them.

I mainly used ghidra's ElfProgramBuilder as a template and added the necessary steps from it.

That said, I don't know a lot about ELF or file formats in general, so I'm not sure if there are any missing cases or if this solution is incorrect. I tested it with a few binaries myself and the results look right, but I lack the experience to actually judge that.

TSRBerry avatar Oct 17 '24 01:10 TSRBerry

I just found out how to do this properly, so I updated the PR and changed the description a little bit.

TSRBerry avatar Nov 01 '24 22:11 TSRBerry

Bump? cc @Adubbz

VelocityRa avatar Feb 10 '25 11:02 VelocityRa

Is there anything blocking this @Adubbz ?

TSRBerry avatar Jun 20 '25 14:06 TSRBerry

Sorry for the delay here - It was initially marked as a draft so I didn’t merge, and clearly missed being bumped about it. Merged

Adubbz avatar Jun 20 '25 23:06 Adubbz

No worries, thanks for merging! :D

TSRBerry avatar Jun 21 '25 15:06 TSRBerry