-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
61 changed files
with
901 additions
and
462 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
# Changelog | ||
|
||
|
||
## [Unreleased] | ||
|
||
- Fixed getting non-user defined exports in Ghidra. | ||
- Fixed issue getting KeyError if Ghidra isn't setup. | ||
- Updated documentation. | ||
- Added `FunctionSignature.calling_convention` get/set property. | ||
- Added `FunctionSignature.return_type` get/set property. | ||
- Fixed issue with `ida_hexrays.DecompilationFailure` getting thrown. Switched to logging warning instead. | ||
- Fixed issue with incorrect immediate operand value being produced with IDA, sometimes causing an OverflowError. | ||
- Added `Instruction.rep` property for x86 instructions. | ||
- Fixed issue with incorrectly getting NotExistError in IDA when base address is zero. | ||
|
||
|
||
## [0.4.0] - 2022-06-28 | ||
|
||
- Added `Symbol.references_to` to get references to imports or exports. | ||
- Added `Disassembler.get_import()` and `Disassembler.get_export()` functions. | ||
- Added `BACKEND_GHIDRA` and `BACKEND_IDA` constants. | ||
- Miscellaneous bugfixes for Ghidra support. | ||
|
||
|
||
## [0.3.0] - 2022-06-01 | ||
|
||
- Fixed connection issues with running IDA disassembler in Linux. | ||
- Add auto detection of 64bit size for IDA. | ||
- Changed `Function.instructions()` implementation to use flowchart. | ||
- Added `Function.lines()` function. | ||
- Added `Disassembler.instructions()` function. | ||
- Added `Disassembler.find_bytes()` function. | ||
- Added ability to use dragodis locally in underlying disassembler. | ||
- Added `Disassembler.teleport()` function to run a function within the underlying disassembler. | ||
|
||
|
||
## [0.2.0] - 2022-02-03 | ||
|
||
- Updated IDA disassembler to use [rpyc](https://rpyc.readthedocs.io/en/latest). | ||
- Updated support to IDA 7.7 | ||
- Updated Ghidra disassembler to use [pyhidra](https://github.com/dod-cyber-crime-center/pyhidra). | ||
- Added proper handling when a disassembler isn't setup/installed. | ||
- Renamed `dragodis.open()` to `dragodis.open_program()` | ||
- Updated README | ||
- Interface has been completely refactored. | ||
- Added support for: | ||
: - Flowcharts | ||
- Function Signatures | ||
- Insturctions | ||
- Memory | ||
- Operands | ||
- Operand value types | ||
- References | ||
- Imports/Export symbols | ||
- Stack/Global variables | ||
- Segments | ||
|
||
|
||
## 0.1.0 - 2020-11-25 | ||
|
||
- Initial release | ||
|
||
|
||
[Unreleased]: https://github.com/dod-cyber-crime-center/dragodis/compare/0.4.0...HEAD | ||
[0.4.0]: https://github.com/dod-cyber-crime-center/dragodis/compare/0.3.0...0.4.0 | ||
[0.3.0]: https://github.com/dod-cyber-crime-center/dragodis/compare/0.2.0...0.3.0 | ||
[0.2.0]: https://github.com/dod-cyber-crime-center/dragodis/compare/0.1.0...0.2.0 |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
```{include} ../CHANGELOG.md | ||
``` |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
# Differences Between Disassemblers | ||
|
||
Given the nature of the project, there is bound to be some variance | ||
in the way that different disassemblers handle certain situations. | ||
Some of these situations may be simple to work around, while others may require | ||
more effort to work around. Understanding these differences will aid in creating | ||
better scripts that won't stop working when switching from one disassembler to another. | ||
|
||
Some of the differences that have been found so far include: | ||
- When it comes to alignment, IDA combines all of the bytes into one line, Ghidra separates each byte into its own line. | ||
- There may be differences between the min and max addresses of binaries between Ghidra and IDA. | ||
- The initial current address may be different in Ghidra and IDA. | ||
- IDA and Ghidra have different naming conventions for various components of the disassembly such as | ||
functions. IDA names functions `sub_XXXXXX` by default, while Ghidra names functions | ||
`FUN_00XXXXXX` by default. | ||
|
||
If you **do** need to write disassembler specific code, you can check the `.name` attribute of the | ||
disassembler. | ||
|
||
```python | ||
if dis.name == "IDA": | ||
# do IDA specific thing | ||
elif dis.name == "Ghidra": | ||
# do Ghidra specific thing | ||
else: | ||
raise ValueError(f"{dis.name} disassembler is not supported.") | ||
``` |
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.