NationalSecurityAgency · plucia-mitre · Jan 13, 2024 · Jan 24, 2024 · Jan 31, 2024 · plucia-mitre
diff --git a/Ghidra/Features/WildcardAssembler/Module.manifest b/Ghidra/Features/WildcardAssembler/Module.manifest
diff --git a/Ghidra/Features/WildcardAssembler/build.gradle b/Ghidra/Features/WildcardAssembler/build.gradle
@@ -0,0 +1,29 @@
+/* ###
+ * IP: GHIDRA
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+apply from: "$rootProject.projectDir/gradle/distributableGhidraModule.gradle"
+apply from: "$rootProject.projectDir/gradle/javaProject.gradle"
+apply from: "$rootProject.projectDir/gradle/helpProject.gradle"
+apply from: "$rootProject.projectDir/gradle/jacocoProject.gradle"
+apply from: "$rootProject.projectDir/gradle/javaTestProject.gradle"
+apply plugin: 'eclipse'
+eclipse.project.name = 'Features WildcardAssembler'
+
+dependencies {
+
+	api project(':Base')
+
+	testImplementation project(path: ':SoftwareModeling', configuration: 'testArtifacts')
+}
diff --git a/Ghidra/Features/WildcardAssembler/certification.manifest b/Ghidra/Features/WildcardAssembler/certification.manifest
@@ -0,0 +1,6 @@
+##VERSION: 2.0
+##MODULE IP: FAMFAMFAM Icons - CC 2.5
+##MODULE IP: Oxygen Icons - LGPL 3.0
+Module.manifest||GHIDRA||||END|
+src/main/help/help/TOC_Source.xml||GHIDRA||reviewed||END|
+src/main/help/help/topics/WildcardAssemblerPlugin/Wildcard_Assembler.html||GHIDRA||||END|
diff --git a/Ghidra/Features/WildcardAssembler/src/main/help/help/TOC_Source.xml b/Ghidra/Features/WildcardAssembler/src/main/help/help/TOC_Source.xml
@@ -0,0 +1,54 @@
+<?xml version='1.0' encoding='ISO-8859-1' ?>
+<!-- 
+
+	This is an XML file intended to be parsed by the Ghidra help system.  It is loosely based 
+	upon the JavaHelp table of contents document format.  The Ghidra help system uses a 
+	TOC_Source.xml file to allow a module with help to define how its contents appear in the 
+	Ghidra help viewer's table of contents.  The main document (in the Base module) 
+	defines a basic structure for the 
+	Ghidra table of contents system.  Other TOC_Source.xml files may use this structure to insert
+	their files directly into this structure (and optionally define a substructure).
+
+
+	In this document, a tag can be either a <tocdef> or a <tocref>.  The former is a definition
+	of an XML item that may have a link and may contain other <tocdef> and <tocref> children.  
+	<tocdef> items may be referred to in other documents by using a <tocref> tag with the 
+	appropriate id attribute value.  Using these two tags allows any module to define a place 
+	in the table of contents system (<tocdef>), which also provides a place for 
+	other TOC_Source.xml files to insert content (<tocref>).  
+
+	During the help build time, all TOC_Source.xml files will be parsed and	validated to ensure
+	that all <tocref> tags point to valid <tocdef> tags.  From these files will be generated
+	<module name>_TOC.xml files, which are table of contents files written in the format 
+	desired by the JavaHelp system.   Additionally, the genated files will be merged together
+	as they are loaded by the JavaHelp system.  In the end, when displaying help in the Ghidra
+	help GUI, there will be on table of contents that has been created from the definitions in 
+	all of the modules' TOC_Source.xml files.
+
+
+	Tags and Attributes
+
+	<tocdef>
+	-id          - the name of the definition (this must be unique across all TOC_Source.xml files)	
+	-text        - the display text of the node, as seen in the help GUI
+	-target**    - the file to display when the node is clicked in the GUI
+	-sortgroup   - this is a string that defines where a given node should appear under a given
+	               parent.  The string values will be sorted by the JavaHelp system using
+	               a javax.text.RulesBasedCollator.  If this attribute is not specified, then
+	               the text of attribute will be used.
+
+	<tocref>
+	-id			 - The id of the <tocdef> that this reference points to 
+
+	**The URL for the target is relative and should start with 'help/topics'.  This text is 
+	used by the Ghidra help system to provide a universal starting point for all links so that
+	they can be resolved at runtime, across modules.
+
+
+-->
+
+
+<tocroot>
+
+
+</tocroot>                  
diff --git a/...ldcardAssembler/src/main/help/help/topics/WildcardAssemblerPlugin/Wildcard_Assembler.html b/...ldcardAssembler/src/main/help/help/topics/WildcardAssemblerPlugin/Wildcard_Assembler.html
@@ -0,0 +1,90 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+
+<HTML>
+  <HEAD>
+    <META http-equiv="Content-Language" content="en-us">
+    <META http-equiv="Content-Type" content="text/html; charset=windows-1252">
+
+    <TITLE>Wildcard Assembler Plugin</TITLE>
+    <LINK rel="stylesheet" type="text/css" href="help/shared/DefaultStyle.css">
+  </HEAD>
+
+  <BODY>
+    <H1><A name="Wildcard_Assembler_Plugin"></A>Wildcard Assembler Plugin</H1>
+
+    <BLOCKQUOTE>
+      <P>The <I>Wildcard Assembler</I> extends Ghidra's assembler to enable
+      assembling instructions with specific tokens replaced with wildcards.</P>
+
+      <p>This assembler will return metadata for each wildcard in an assembled
+      instruction. This metadata includes details of which specific bits of an
+      assembled instruction are used to derive the value of the wildcarded token
+      and the expression used to derive the value.</p>
+
+      <H2>Wildcard Syntax</H2>
+
+      <P>Wildcards in instructions are specified by replacing the
+      to-be-wildcarded token with a wildcard name surrounded by backticks (e.g.
+      <CODE>`Q1`</CODE> where Q1 is an arbitrary wildcard name) and passing the
+      entire instruction to the Wildcard Assembler.</P>
+
+      <P>By default the Wildcard Assembler will return metadata about all
+      possible values that a wildcarded token could take and all the encodings
+      of all these values. This behavior can be limited by filtering the
+      wildcard by appending specific syntax after the wildcard name:</P>
+
+      <UL>
+        <LI><B>Numeric Filter:</B>
+          <UL>
+            <LI>Appending <CODE>[..]</CODE> will constrain the wildcarded token
+            to only numeric values (and not registers or other strings).</LI>
+            <LI>Appending <CODE>[0x0..0x100]</CODE> (where 0x0 and 0x100 are
+            arbitrary hexadecimal values with the smaller number first) will
+            constrain the wildcarded token to only numeric values between the
+            two given values. This can be used to ensure that the returned
+            encodings can hold values of a desired size. Multiple non-contiguous
+            ranges can be specified by separating them with commas (e.g.
+            <CODE>[0x0..0x5,0x1000-0x4000]</CODE>)</LI>
+          </UL>
+          </LI>
+          <LI><B>Regex Filter:</B>
+            <UL>
+              <LI>Appending <CODE>/ABCD</CODE> where ABCD is an arbitrary
+              regular expression will constrain the wildcarded token to only be
+              string tokens matching the given regular expression. This is most
+              likely used for filtering register names; for example appending
+              <CODE>/(sp)|(lr)</CODE> to a wildcard in a register position in
+              ARM assembly will limit the wildcard results to only encodings
+              using the <CODE>sp</CODE> or <CODE>lr</CODE> registers in that
+              position.</LI>
+            </UL>
+          </LI>
+      </UL>
+
+      <P>Normally, a wildcard will only match a single token. To allow a single
+      wildcard to match multiple related tokens: precede the wildcard name with a
+      <CODE>!</CODE> character. For example, in a x86:LE:32:default binary:</P>
+      <BLOCKQUOTE>
+        <DL>
+          <DT>Assembles (no wildcard):</DT>
+          <DD><CODE>MOVSD.REP ES:EDI,ESI</CODE></DD>
+
+          <DT>Assembles (single token):</DT>
+          <DD><CODE>MOVSD.REP `Q1`:EDI,ESI</CODE></DD>
+
+          <DT>Assembles (single token):</DT>
+          <DD><CODE>MOVSD.REP ES:`Q2`,ESI</CODE></DD>
+
+          <DT>Does <I>NOT</I> assemble (single token):</DT>
+          <DD><CODE>MOVSD.REP `Q3`,ESI</CODE></DD>
+
+          <DT>Assembles (multi-token):</DT>
+          <DD><CODE>MOVSD.REP `!Q4`,ESI</CODE></DD>
+        </DL>
+      </BLOCKQUOTE>
+
+      <P class="providedbyplugin">Provided by: <I>Wildcard Assembler Plugin</I></P>
+
+    </BLOCKQUOTE>
+  </BODY>
+</HTML>
diff --git a/Ghidra/Features/WildcardAssembler/src/main/java/ghidra/asm/wild/WildOperandInfo.java b/Ghidra/Features/WildcardAssembler/src/main/java/ghidra/asm/wild/WildOperandInfo.java
@@ -0,0 +1,30 @@
+/* ###
+ * IP: GHIDRA
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package ghidra.asm.wild;
+
+import java.util.List;
+
+import ghidra.app.plugin.assembler.sleigh.sem.AssemblyConstructorSemantic;
+import ghidra.app.plugin.assembler.sleigh.sem.AssemblyPatternBlock;
+import ghidra.app.plugin.processors.sleigh.expression.PatternExpression;
+
+public record WildOperandInfo(String wildcard, List<AssemblyConstructorSemantic> path,
+		AssemblyPatternBlock location, PatternExpression expression, Object choice) {
+
+	public WildOperandInfo shift(int amt) {
+		return new WildOperandInfo(wildcard, path, location.shift(amt), expression, choice);
+	}
+}
diff --git a/Ghidra/Features/WildcardAssembler/src/main/java/ghidra/asm/wild/WildSleighAssembler.java b/Ghidra/Features/WildcardAssembler/src/main/java/ghidra/asm/wild/WildSleighAssembler.java
@@ -0,0 +1,50 @@
+/* ###
+ * IP: GHIDRA
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package ghidra.asm.wild;
+
+import ghidra.app.plugin.assembler.AssemblySelector;
+import ghidra.app.plugin.assembler.sleigh.AbstractSleighAssembler;
+import ghidra.app.plugin.assembler.sleigh.parse.AssemblyParser;
+import ghidra.app.plugin.assembler.sleigh.sem.*;
+import ghidra.app.plugin.assembler.sleigh.tree.AssemblyParseBranch;
+import ghidra.app.plugin.processors.sleigh.SleighLanguage;
+import ghidra.asm.wild.sem.WildAssemblyResolvedPatterns;
+import ghidra.asm.wild.sem.WildAssemblyTreeResolver;
+import ghidra.program.model.address.Address;
+import ghidra.program.model.listing.Program;
+
+public class WildSleighAssembler extends AbstractSleighAssembler<WildAssemblyResolvedPatterns> {
+
+	protected WildSleighAssembler(
+			AbstractAssemblyResolutionFactory<WildAssemblyResolvedPatterns, ?> factory,
+			AssemblySelector selector, SleighLanguage lang, AssemblyParser parser,
+			AssemblyDefaultContext defaultContext, AssemblyContextGraph ctxGraph) {
+		super(factory, selector, lang, parser, defaultContext, ctxGraph);
+	}
+
+	protected WildSleighAssembler(
+			AbstractAssemblyResolutionFactory<WildAssemblyResolvedPatterns, ?> factory,
+			AssemblySelector selector, Program program, AssemblyParser parser,
+			AssemblyDefaultContext defaultContext, AssemblyContextGraph ctxGraph) {
+		super(factory, selector, program, parser, defaultContext, ctxGraph);
+	}
+
+	@Override
+	protected WildAssemblyTreeResolver newResolver(Address at, AssemblyParseBranch tree,
+			AssemblyPatternBlock ctx) {
+		return new WildAssemblyTreeResolver(factory, lang, at, tree, ctx, ctxGraph);
+	}
+}
diff --git a/.../Features/WildcardAssembler/src/main/java/ghidra/asm/wild/WildSleighAssemblerBuilder.java b/.../Features/WildcardAssembler/src/main/java/ghidra/asm/wild/WildSleighAssemblerBuilder.java
@@ -0,0 +1,128 @@
+/* ###
+ * IP: GHIDRA
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package ghidra.asm.wild;
+
+import java.util.*;
+
+import ghidra.app.plugin.assembler.AssemblySelector;
+import ghidra.app.plugin.assembler.sleigh.AbstractSleighAssemblerBuilder;
+import ghidra.app.plugin.assembler.sleigh.grammars.AssemblyGrammar;
+import ghidra.app.plugin.assembler.sleigh.grammars.AssemblySentential;
+import ghidra.app.plugin.assembler.sleigh.sem.AbstractAssemblyResolutionFactory;
+import ghidra.app.plugin.assembler.sleigh.sem.AssemblyResolvedBackfill;
+import ghidra.app.plugin.assembler.sleigh.symbol.*;
+import ghidra.app.plugin.processors.sleigh.Constructor;
+import ghidra.app.plugin.processors.sleigh.SleighLanguage;
+import ghidra.app.plugin.processors.sleigh.pattern.DisjointPattern;
+import ghidra.asm.wild.grammars.WildAssemblyProduction;
+import ghidra.asm.wild.sem.WildAssemblyResolutionFactory;
+import ghidra.asm.wild.sem.WildAssemblyResolvedPatterns;
+import ghidra.asm.wild.symbol.*;
+import ghidra.program.model.listing.Program;
+
+public class WildSleighAssemblerBuilder
+		extends AbstractSleighAssemblerBuilder<WildAssemblyResolvedPatterns, WildSleighAssembler> {
+
+	protected final Map<AssemblySymbol, AssemblyNonTerminal> wildNTs = new HashMap<>();
+
+	public WildSleighAssemblerBuilder(SleighLanguage lang) {
+		super(lang);
+	}
+
+	@Override
+	protected AbstractAssemblyResolutionFactory< //
+			WildAssemblyResolvedPatterns, AssemblyResolvedBackfill> newResolutionFactory() {
+		return new WildAssemblyResolutionFactory();
+	}
+
+	protected WildAssemblyTerminal generateWildTerminal(AssemblySymbol t) {
+		if (t instanceof AssemblyNonTerminal nt) {
+			if ("instruction".equals(nt.getName())) {
+				// Never allow full instruction to be wildcarded
+				return null;
+			}
+			return new WildAssemblySubtableTerminal(nt.getName());
+		}
+		if (t instanceof AssemblyFixedNumericTerminal term) {
+			return new WildAssemblyFixedNumericTerminal(term.getVal());
+		}
+		if (t instanceof AssemblyNumericMapTerminal term) {
+			return new WildAssemblyNumericMapTerminal(term.getName(), term.getMap());
+		}
+		if (t instanceof AssemblyNumericTerminal term) {
+			return new WildAssemblyNumericTerminal(term.getName(), term.getBitSize(),
+				term.getSpace());
+		}
+		if (t instanceof AssemblyStringMapTerminal term) {
+			return new WildAssemblyStringMapTerminal(term.getName(), term.getMap());
+		}
+		if (t instanceof AssemblyStringTerminal term && term.getDefiningSymbol() != null) {
+			return new WildAssemblyStringTerminal(term.getString());
+		}
+		/**
+		 * Exclude string terminals. These should be purely syntactic elements. Use of them as fixed
+		 * literals, e.g., 1 or RAX, is an error on the spec's part.
+		 */
+		return null;
+	}
+
+	protected AssemblyNonTerminal createWildNonTerminal(AssemblySymbol s) {
+		WildAssemblyTerminal wt = generateWildTerminal(s);
+		if (wt == null) {
+			return null;
+		}
+		WildAssemblyNonTerminal nt =
+			new WildAssemblyNonTerminal("w`" + s.getName(), s.takesOperandIndex());
+		grammar.addProduction(new WildAssemblyProduction(nt, new AssemblySentential<>(s)));
+		grammar.addProduction(new WildAssemblyProduction(nt, new AssemblySentential<>(wt)));
+		return nt;
+	}
+
+	protected AssemblyNonTerminal getOrCreateWildNonTerminal(AssemblySymbol s) {
+		return wildNTs.computeIfAbsent(s, this::createWildNonTerminal);
+	}
+
+	protected AssemblySymbol maybeReplaceSymbol(AssemblySymbol s) {
+		AssemblyNonTerminal nt = getOrCreateWildNonTerminal(s);
+		if (nt == null) {
+			return s;
+		}
+		return nt;
+	}
+
+	@Override
+	protected void addProduction(AssemblyGrammar subgrammar, AssemblyNonTerminal lhs,
+			AssemblySentential<AssemblyNonTerminal> rhs, DisjointPattern pattern, Constructor cons,
+			List<Integer> indices) {
+		// Don't call super. We want to replace the original production
+		AssemblySentential<AssemblyNonTerminal> wildRhs = new AssemblySentential<>();
+		for (AssemblySymbol sym : rhs.getSymbols()) {
+			wildRhs.addSymbol(maybeReplaceSymbol(sym));
+		}
+		subgrammar.addProduction(lhs, wildRhs, pattern, cons, indices);
+	}
+
+	@Override
+	protected WildSleighAssembler newAssembler(AssemblySelector selector) {
+		return new WildSleighAssembler(factory, selector, lang, parser, defaultContext, ctxGraph);
+	}
+
+	@Override
+	protected WildSleighAssembler newAssembler(AssemblySelector selector, Program program) {
+		return new WildSleighAssembler(factory, selector, program, parser, defaultContext,
+			ctxGraph);
+	}
+}