Mark PLT Functions as Thunks about ghidra-switch-loader HOT 4 OPEN

Actually, it seems that there is already an existing analyzer that is supposed to do this automatically, but if the .plt section isn't already disassembled it will fail because the SymbolicPropogator won't be able to fetch instructions.

from ghidra-switch-loader.

Hello,

I'm reviving this issue as it is causing a few issues for me at present.

Normally, an AARCH64 ELF would have its .plt and .got sections disassembled at import time, which is a prerequisite for Ghidra's built-in AARCH64 ELF PLT Thunks analyzer to work. The Switch loader does not seem to apply this behavior to NROs, which means no function in the .plt section is marked as a thunk. For large binaries, fixing this by hand is slightly prohibitive.

It also somewhat breaks the BSim workflow introduced in Ghidra 11, making function comparisons between Switch and PC versions of games more difficult.

Could this be looked into? I don't mind giving it a go myself if you can point me in the right direction.

from ghidra-switch-loader.

Normally, an AARCH64 ELF would have its .plt and .got sections disassembled at import time, which is a prerequisite for Ghidra's built-in AARCH64 ELF PLT Thunks analyzer to work.

Oh I see, I didn't know about this.

I don't mind giving it a go myself if you can point me in the right direction.

I'm currently short on time, so I won't be looking into this for a bit.
plt sections are dealt with here:

If you need to get a pointer for something specific, let me know.

from ghidra-switch-loader.

I've found a way around this. Clearing the entire .plt section, including functions, then disassembling, then re-running AARCH64 ELF PLT Thunks properly marks them as thunks.

It's a good enough workaround for my needs.

from ghidra-switch-loader.