gekkio / ghidraboy Goto Github PK

View Code? Open in Web Editor NEW

226.0 18.0 17.0 710 KB

Sharp SM83 / Game Boy extension for Ghidra

License: Apache License 2.0

Java 36.05% Kotlin 63.95%

gameboy game-boy ghidra-extension reverse-engineering

ghidraboy's Introduction

GhidraBoy: Sharp SM83 / Game Boy extension for Ghidra

Very experimental! No compatibility guarantees!

Supported Ghidra versions:

11.1.2
11.1.1
11.1

Features

Sharp SM83 (CPU core used in Game Boy) support for Sleigh
Game Boy ROM loader:
- Can load unbanked ROMs (<= 32kB, e.g. Tetris)
- Can load banked ROMs (> 32kB, e.g. Pokemon)
- Can load greyscale boot ROMs (DMG/DMG0/MGB/SGB/SGB2)
- Can load color boot ROMs (CGB/CGB0)
Memory blocks based on the hardware memory map
- Banked regions use overlays (TODO: figure out if there's a better way to support them)
- GB vs GBC differences are handled (e.g. banked WRAM)

Symbols for hardware registers (0xFFxx range)
- GB vs GBC differences are handled (e.g. existence of KEY1 register)

Game Boy cartridge header data types
- Enumerated types for some things

How to install

Download a prebuilt GhidraBoy release, or build it yourself.
Start Ghidra
File -> Install Extensions
Press the plus icon ("Add extension")
Choose the built or downloaded GhidraBoy zip file
Restart Ghidra when prompted to load the extension properly

How to build

As a prerequisite, you need to have a Ghidra installation somewhere (an actual installation, not a copy of Ghidra source code!).

export GHIDRA_INSTALL_DIR=/path/to/ghidra
./gradlew

./gradlew -Pghidra.dir=/path/to/ghidra

You can then find a built extension .zip in the build/distributions directory.

Open questions / problems

Decompiler output is difficult to read if certain instructions are used (e.g. rotates, JP HL for jumptables)
Default "ASM calling convention" assumes all registers can be inputs and/or outputs. Inputs/outputs are often guessed incorrectly, so manual tuning is required for almost every function
Are overlays the only / the best solution for handling banked memory areas? Right now in banked ROMs every function call to 0x4000-0x7fff needs to be manually resolved to the correct bank(s)

License

Licensed under the Apache License, Version 2.0.

ghidraboy's People

Contributors

Stargazers

Watchers

Forkers

heruix resonancellc romanrocks3srepo ariscop mdc634 mdevillers tellowkrinkle xenoloaf mrkosmos marcellodash sariohara weimingtom 1ndevelopment adituv antoniovazquezblanco astrolemonade

ghidraboy's Issues

GBDK calling convention

I've run into a few homebrew ROMs that were obviously written in C. GBDK seems to be the only game in town when it comes to C compilers that target the GB, so I'm guessing that's what was used. Here's what I was able to find about the C calling convention in GBDK: http://gbdk.sourceforge.net/doc/html/c0402.html

From the looks of things, this would be implemented in the .cspec file. I've found the documentation for the cspec format, but it's a lot to work through. I tried copying/pasting the _stdcall convention from Ghidra's included z80 cspec, and then modifying it to remove the register inputs, change the alignment to 1, change the output register to DE, and remove some of the unaffected register nodes (not really sure about that last part). Seems to be a decent starting point.

Ghidra 9.1.1

Ghidra has been updated to 9.1.1 (20191218) which won't allow the latest version of this extension to be installed. I'm not sure if it's just a matter of updating the metadata, or if there are actually any breaking changes, but it would be nice to have an up-to-date package.

wram is banked, bank 0 is missing.

A memory map may be found here:
https://gbdev.gg8.se/wiki/articles/Memory_Map

Can we get support for loading gameboy SYM symbol files via a script or feature of the plugin?

Being able to load symbol files would be very helpful.

Class file has wrong version 55.0

Hello !
I got some trouble to build the extension.

I'am on an arch linux x86_64
I git clone the master branch
I have the 9.1.2 public build 2020-feb-12 ghidra version (it works well)

export GHIDRA_INSTALL_DIR=/path/to/ghidra
./gradlew

Throw an exception :

gameboy/GhidraBoy/src/main/java/fi/gekkio/ghidraboy/RomUtils.java:16: error: cannot access ByteProvider
import ghidra.app.util.bin.ByteProvider;
^
bad class file: > /opt/ghidra_9.1.2_PUBLIC/Ghidra/Features/Base/lib/Base.jar(ghidra/app/util/bin/ByteProvider.class)
class file has wrong version 55.0, should be 52.0

Is someone else have the same issue or an idea to solve this problem ?
I'am not good with java and i don't have any idea on how to solve this.

Thanks and have a nice day !

NPE when adding hardware blocks on GHidra 9.0.4

When importing a ROM on GHidra 9.0.4, with add hardware blocks enabled, the following NPE occurs. Disabling adding hardware blocks prior to importing allows it to succeed.

Traceback for cgb_bios.bin:

Error importing file: cgb_bios.bin
java.lang.NullPointerException
	at ghidra.app.util.MemoryBlockUtil.renameFragment(MemoryBlockUtil.java:613)
	at ghidra.app.util.MemoryBlockUtil.createUninitializedBlock(MemoryBlockUtil.java:149)
	at fi.gekkio.ghidraboy.Ghidra90Compat.createUninitializedBlock(Ghidra90Compat.java:33)
	at fi.gekkio.ghidraboy.GameBoyUtils.addHardwareBlocks(GameBoyUtils.java:38)
	at fi.gekkio.ghidraboy.GameBoyLoader.loadProgram(GameBoyLoader.java:133)
	at ghidra.app.util.opinion.AbstractProgramLoader.load(AbstractProgramLoader.java:114)
	at ghidra.plugin.importer.ImporterUtilities.doSingleImport(ImporterUtilities.java:360)
	at ghidra.plugin.importer.ImporterDialog.lambda$okCallback$6(ImporterDialog.java:363)
	at ghidra.util.task.TaskLauncher$1.run(TaskLauncher.java:93)
	at ghidra.util.task.Task.monitoredRun(Task.java:128)
	at ghidra.util.task.TaskLauncher.lambda$startBackgroundThread$2(TaskLauncher.java:315)
	at java.base/java.lang.Thread.run(Thread.java:835)

---------------------------------------------------
Build Date: 2019-May-16 1545 EDT
Ghidra Version: 9.0.4
Java Home: C:\Program Files\Java\jdk-12.0.1
JVM Version: Oracle Corporation 12.0.1
OS: Windows 10 10.0 amd64
Workstation: [omitted]

Traceback for Gameboy Color Promotional Demo (J) [C].gbc:

Error importing file: Gameboy Color Promotional Demo (J) [C].gbc
java.lang.NullPointerException
	at ghidra.app.util.MemoryBlockUtil.renameFragment(MemoryBlockUtil.java:613)
	at ghidra.app.util.MemoryBlockUtil.createUninitializedBlock(MemoryBlockUtil.java:149)
	at fi.gekkio.ghidraboy.Ghidra90Compat.createUninitializedBlock(Ghidra90Compat.java:33)
	at fi.gekkio.ghidraboy.GameBoyUtils.addHardwareBlocks(GameBoyUtils.java:38)
	at fi.gekkio.ghidraboy.GameBoyLoader.loadProgram(GameBoyLoader.java:133)
	at ghidra.app.util.opinion.AbstractProgramLoader.load(AbstractProgramLoader.java:114)
	at ghidra.plugin.importer.ImporterUtilities.doSingleImport(ImporterUtilities.java:360)
	at ghidra.plugin.importer.ImporterDialog.lambda$okCallback$6(ImporterDialog.java:363)
	at ghidra.util.task.TaskLauncher$1.run(TaskLauncher.java:93)
	at ghidra.util.task.Task.monitoredRun(Task.java:128)
	at ghidra.util.task.TaskLauncher.lambda$startBackgroundThread$2(TaskLauncher.java:315)
	at java.base/java.lang.Thread.run(Thread.java:835)

---------------------------------------------------
Build Date: 2019-May-16 1545 EDT
Ghidra Version: 9.0.4
Java Home: C:\Program Files\Java\jdk-12.0.1
JVM Version: Oracle Corporation 12.0.1
OS: Windows 10 10.0 amd64
Workstation: [omitted]

Add MBC register overlay

You should probably add another write-only memory overlay for the MBC registers, either one overlay for the entire $0000-7FFF block, or separate ones for each function. Otherwise, currently, writes to the MBC registers for bank switching purposes end up referencing the Bank 0 ROM memory segment.

Processor manual

I put together an idx file for the Game Boy Programming Manual Version 1.1 that allows the use of the Tools>Processor Manual command. All that is needed is to place this file in the extension's /data/manuals folder and then modify /data/languages/sm83.ldefs to add the manualindexfile parameter:

<language_definitions>
  <language processor="SM83"
            endian="little"
            size="16"
            variant="default"
            version="1.0"
            slafile="sm83.sla"
            processorspec="sm83.pspec"
            manualindexfile="../manuals/SM83.idx"
            id="SM83:LE:16:default">
    <description>Sharp SM83</description>
    <compiler name="default" spec="sm83.cspec" id="default"/>
  </language>
</language_definitions>

I assume you can't include the .pdf itself for the same reason the processors built-in to Ghidra don't come with them (probably due to copyright), so it would be up to the end user to download that into the manuals folder themselves. It's available on archive,org: https://archive.org/details/GameBoyProgManVer1.1

SM83.idx.txt