Florian Magin
Florian Magin
I vaguely remember the joke (when Ghidra was announced but not yet released) that it stands for "Go Home, Initial Disassembly Rans all Afternoon", and I was not dissuaded from...
> Both seem fairly obviously intra-procedural well, seems like the stack analysis actually isn't: https://github.com/NationalSecurityAgency/ghidra/blob/24ca217a5aecb172b937807f42e91abe2c6aa615/Ghidra/Features/Base/src/main/java/ghidra/app/cmd/function/NewFunctionStackAnalysisCmd.java#L149-L158 But it would be interesting to know how relevant this is in practice, and it...
@tmr232 sounds like it's the same issue that @astrelsky brought up recently which is discussed here https://github.com/NationalSecurityAgency/ghidra/discussions/7523 Which sucks, because this means that even running a trivial analysis in parallel...
> You don't typically do this kind of work on a potato. I would be very unhappy having to do manual analysis in a VM. First off, I'm glad for...
I wrote a [small script](https://github.com/fmagin/ghidra_scripts/blob/master/ParseDataType.java) that somewhat achieves this. The basic idea is that you can just instantiate a CParser with your current datatype manager and let it parse arbitrary...
Extended this to be a proper GUI and renamed it because it actually handles all data types. 
Some things to note: This _might_ have changed with the introduction of the "chained fixups" in iOS15 in 2021, so potentially this is outdated. But I'm not fully sure, maybe...
The arguments aren't in `x8` and `x9`. These registers are just used to store the values to the _stack_. `x9` is set to the stack pointer via `mov x9, sp`,...
An important caveat here is that Objective-C functions like `objc_msgSend` are effectively variadic and they work via registers and never the stack. So there are effectively two calling conventions for...
A general scaffold for problems like this could be some indirection similar to symbols that allows defining a certain rendering for a given address or value? I could abuse equates...