development/ghidra
development/ghidra
1
0
Fork 0
mirror of https://github.com/NationalSecurityAgency/ghidra synced 2024-09-13 21:56:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

GP-0 Updated docs for 10.3 release

Browse source
This commit is contained in:
ghidra1 2023-05-09 18:14:46 -04:00
parent e112815007
commit 2d63324b3b
2 changed files with 256 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

255
Ghidra/Configurations/Public_Release/src/global/docs/ChangeHistory.html
View file

@ -28,6 +28,261 @@
<BODY>
<H1 align="center">Ghidra 10.3 Change History (May 2023)</H1>
<blockquote><p><u><B>New Features</B></u></p>
<ul>
<li><I>Analysis</I>. Initial Golang binary analysis for Go 1.18. (GP-2114, Issue #2327)</li>
<li><I>Debugger</I>. Added breakpoint indicators to the Decompiler's margin, when used in the Debugger. (GP-1280)</li>
<li><I>Debugger</I>. Added Debugger control actions to global toolbar. (GP-1595, Issue #3742)</li>
<li><I>Debugger</I>. Created new independent launchers for Debugger agents. (GP-1999)</li>
<li><I>Debugger</I>. Added ability to set node timeout. (GP-2502)</li>
<li><I>Debugger</I>. Added class materials for the Debugger. (GP-2641)</li>
<li><I>Debugger</I>. Added hover tooltips for variable values in the Static Listing, Decompiler, and Dynamic Listing. Added <gtitle>Unwind Stack</gtitle> action. (GP-2834, Issue #4732)</li>
<li><I>Debugger</I>. Added ability to set initial directory and other parameters. (GP-2839, Issue #4732)</li>
<li><I>Debugger</I>. Added a dedicated <gtitle>Emulator</gtitle> tool. (GP-3074, Issue #4931)</li>
<li><I>Debugger</I>. Added ability to export/serve symbols and types as Volatility ISF JSON. (GP-3222)</li>
<li><I>Debugger:Emulator</I>. Added <gtitle>Invalidate Emulator Cache</gtitle> action. (GP-2970)</li>
<li><I>Debugger:Emulator</I>. Added <gtitle>Add Region</gtitle> and <gtitle>Delete Regions</gtitle> actions to the <gtitle>Regions</gtitle> window. (GP-3357)</li>
<li><I>Debugger:Objects</I>. Added commands <gtitle>Advance</gtitle> to GDB, <gtitle>Step/Trace to Address</gtitle> to dbgeng/model, and <gtitle>Run to Address</gtitle> to LLDB in address context menus. (GP-1808, Issue #4056)</li>
<li><I>DWARF</I>. Added support for some Apple-specific DWARF tags. (GP-3175)</li>
<li><I>GUI</I>. Added theming support to Ghidra, including a dark theme. (GP-1981, Issue #4145)</li>
<li><I>GUI</I>. By default, programs will now open to their location when last closed. (GP-2939, Issue #1196)</li>
<li><I>Pcode</I>. Support for a new p-code operator <gcode>lzcount</gcode> has been introduced into SLEIGH, the Decompiler, emulation, etc. It returns the count of <em>leading</em> zero bits in its operand. (GP-3155, Issue #2810)</li>
<li><I>Processors</I>. Added eBPF and BPF processors. (GP-2257, Issue #4258, #4378)</li>
<li><I>Project</I>. Added <gtitle>Restore Previous Project</gtitle> option to the Front End Tool that controls whether or not the previously opened project is automatically restored on startup. (GP-2695, Issue #4650)</li>
<li><I>Scripting</I>. Created <gcode>AssociateExternalPELibrariesScript</gcode> that associates imported library files for PE programs in order to fix up external references from the program to the libraries. This is useful for users who forgot to load the libraries on program import and want to fix up the references after the fact. (GP-3098)</li>
<li><I>Version Tracking</I>. Updated the Version Tracking API to make extension of correlators easier. (GP-3199, Issue #4950)</li>
</ul>
</blockquote>
<blockquote><p><u><B>Improvements</B></u></p>
<ul>
<li><I>Analysis</I>. Added support for pointer Typedef values passed as parameters to functions. (GP-2160)</li>
<li><I>Analysis</I>. Added identification and side-effect fixes for windows AARCH64 <gcode>__security_push_cookie</gcode> to fix poor Decompiler and stack reference results. (GP-3124, Issue #5018)</li>
<li><I>Analysis</I>. Added support for processing PE MinGW pseudo-relocations during auto-analysis immediately after import. (GP-3236, Issue #5155)</li>
<li><I>API</I>. Added ability to associate a specific program architecture with a datatype archive. This allows associated types to preserve proper type sizing and alignment characteristics based upon a designated architecture. Delivered archives will reflect the architecture they were created with instead of utilizing the default data organization. (GP-1633, Issue #4898)</li>
<li><I>API</I>. Changed <gcode>FunctionDefinition</gcode> and <gcode>FunctionSignature</gcode> to use calling convention names as strings instead of being limited to <gcode>GenericCallingConvention</gcode>. Also added <gcode>noreturn</gcode> support to these interfaces. (GP-2308, Issue #3267, #4537)</li>
<li><I>API</I>. Added methods to <gcode>TaskMonitor</gcode> to address spelling inconsistencies. (GP-2982, Issue #4870)</li>
<li><I>API</I>. Revised program Relocation table to include status and a more accurate length of affected bytes when applied. (GP-3013)</li>
<li><I>API</I>. Added by-name index method <gcode>SymbolTable.scanSymbolsByName(String startName)</gcode>. This has been utilized by the assembler UI to resolve a hang on large programs. (GP-3015, Issue #2630)</li>
<li><I>Basic Infrastructure</I>. Upgraded dependencies to guava 31.1-jre (from 19.0), baksmali 2.5.2 (from 1.4.0), and dex2jar 2.1 (from 2.0). (GP-3154)</li>
<li><I>Basic Infrastructure</I>. Improved error handling of module directories not being readable during launch. (GP-3347, Issue #5244)</li>
<li><I>Build</I>. Added support for building with Gradle 8. (GP-2476, Issue #3527, #5003)</li>
<li><I>Build</I>. The build now enforces a maximum-supported Gradle version. The current supported versions are Gradle 7.3 or later. (GP-3111)</li>
<li><I>Build</I>. Ghidra can now run from development/repository mode using Gradle's compiled jars, instead of just relying on Eclipse's compilation output. (GP-3140)</li>
<li><I>C Parsing</I>. Provided GDT archives have been updated to include new ProgramArchitecture settings for processor, data organization, and endianess. (GP-1377)</li>
<li><I>CParser</I>. Removed unnecessary <gcode>-D</gcode> defines related to wchar_t from CParser <gcode>prf</gcode> files and GDT parsing scripts. (GP-3294, Issue #5196)</li>
<li><I>Data Types</I>. Function definitions can now be applied from selected Category instead of only from an entire Archive. (GP-199)</li>
<li><I>Data Types</I>. Changed Structure/Union editor to show numbers in hex format by default. Also added <gcode>Shift-H</gcode> keybinding action for toggling hex/decimal view. (GP-2943)</li>
<li><I>Data Types</I>. Improved <gcode>DataTypeParser</gcode> to handle type names which include the <gcode>::</gcode> namespace delimiter. (GP-3003, Issue #4841)</li>
<li><I>Data Types</I>. Changed <gtitle>Apply Data Archives</gtitle> analyzer to allow user to choose a data type archive to apply to their binary during analysis. (GP-3344, Issue #5184)</li>
<li><I>Debugger</I>. Added option to <em>memorize</em> a program-module association when confirming mapped modules. (GP-1527, Issue #3641, #3675)</li>
<li><I>Debugger</I>. Improved the <gtitle>Go To...</gtitle> dialog. It now accepts simple addresses or Sleigh expressions. (GP-1539)</li>
<li><I>Debugger</I>. Removed Guava from Debugger's dependencies. (GP-1542)</li>
<li><I>Debugger</I>. Replaced Guava's Cache. (GP-1545)</li>
<li><I>Debugger</I>. Improvements to allow dbgmodel kernel debugging. (GP-1768)</li>
<li><I>Debugger</I>. Upgraded protobuf to 3.21.8. (GP-2302, Issue #4415, #4540)</li>
<li><I>Debugger</I>. Improved default connector selection, based on current program and last successful connection. (GP-2623)</li>
<li><I>Debugger</I>. Added remote connectivity for LLDB. (GP-2709)</li>
<li><I>Debugger</I>. Made modifications in support of iPhone work. (GP-2870)</li>
<li><I>Debugger</I>. Better instructions for LLDB/Swig. (GP-3055, Issue #4774)</li>
<li><I>Debugger</I>. Made LLDB-related improvements in support of iPhone work. (GP-3063)</li>
<li><I>Debugger</I>. Changed <gcode>refresh</gcode> option from boolean to <gcode>RefreshBehavior</gcode> enum to allow opportunistic use of caches. (GP-3142)</li>
<li><I>Debugger</I>. Providing convenience script for LLDB builds. (GP-3247, Issue #5061)</li>
<li><I>Debugger</I>. Changed <gtitle>Go To Time</gtitle> action to use the Time selection dialog. (GP-3317)</li>
<li><I>Debugger:Agents</I>. Limited debug agents to accept a single GADP connection and to terminate automatically when disconnected. (GP-1976)</li>
<li><I>Debugger:Agents</I>. API: Removed <gcode>TargetObject.add/removeListener()</gcode> in favor of <gcode>DebuggerObjectModel.add/removeModelListener()</gcode>. (GP-2752)</li>
<li><I>Debugger:Agents</I>. Enable opportunistic uses of caching. (GP-3162)</li>
<li><I>Debugger:Breakpoints</I>. Breakpoints window can now interact with the integrated emulator. It also supports custom Sleigh injections or conditions. (GP-2676)</li>
<li><I>Debugger:Emulator</I>. Dynamic views can now show (lazily) loaded bytes for pure emulation. (GP-2989)</li>
<li><I>Debugger:Emulator</I>. Moved new Emulator into its own module. (GP-3071)</li>
<li><I>Debugger:Listing</I>. Added visual indicator when <gcode>PC</gcode> (or other tracked location) is not located in the listing. (GP-2750)</li>
<li><I>Debugger:Registers</I>. Changed Registers and Watches to use pointer typedefs. This allows a user to specify the target space of a pointer, especially in Harvard architectures. (GP-2653)</li>
<li><I>Debugger:Registers</I>. Added consideration for aliases when matching target registers to Ghidra registers. (GP-2966)</li>
<li><I>Debugger:Threads</I>. Changed Threads, Stack, and Time panes to require double-click to activate the selection in the rest of the UI. (GP-3018)</li>
<li><I>Debugger:Trace</I>. Replaced <gcode>Range&lt;T&gt;</gcode> with <gcode>Lifespan</gcode>, <gcode>ULongSpan</gcode>, <gcode>KeySpan</gcode>, <gcode>FieldSpan</gcode>, etc. (GP-1543)</li>
<li><I>Decompiler</I>. Compiler specification (cspec) files allow more flexibility when describing overlapping parameter-passing storage locations. (GP-2544, Issue #4568)</li>
<li><I>Decompiler</I>. Decompiler analysis of functions with multiple switch statements is substantially faster in many cases. (GP-2560, Issue #4558)</li>
<li><I>Decompiler</I>. The Decompiler can now split a copy operation that simultaneously moves multiple fields in a structure or multiple elements of an array. (GP-2563, Issue #3884)</li>
<li><I>Decompiler</I>. The Decompiler propagates constants, in more situations, into blocks that are executed conditionally. (GP-2603, Issue #4527)</li>
<li><I>Decompiler</I>. Added <gcode>DecompilerStackProblemsFinderScript</gcode>, which searches the decompiled code for certain local variables that can be indicators of stack analysis issues. (GP-2697)</li>
<li><I>Decompiler</I>. Added Decompiler actions to convert constants to Double and Float. (GP-3001, Issue #3689)</li>
<li><I>Decompiler</I>. The Decompiler's Rename actions now allow the user to reclaim an automatically generated name on another symbol. (GP-3224, Issue #4863)</li>
<li><I>Diff</I>. Added ability to initiate a Program Diff with another program selected from a list of compatible open programs already open in the tool. (GP-2897)</li>
<li><I>DWARF</I>. Added support for ELF-compressed sections. (GP-2363, Issue #3659, #4460)</li>
<li><I>Eclipse Integration</I>. Eclipse now recognizes test source folders. (GP-3130)</li>
<li><I>ELF</I>. Added support for tagging ELF informational sections.
Added support for Golang metadata in ELF binaries. (GP-2111)</li>
<li><I>Exporter</I>. The PE and ELF exporters have been replaced by a new Original File Exporter that will work on all programs that store original file bytes. The Original File Exporter has an option to export both user-modified bytes as well as original bytes. (GP-2770)</li>
<li><I>Graphing</I>. Upgraded jungrapht-visualization and jungrapht-layout to version 1.4. (GP-3249, Issue #5156)</li>
<li><I>GUI</I>. Improved support for Ghidra URLs and their use in comment annotations. (GP-2509)</li>
<li><I>GUI</I>. Updated the Navigation History Plugin's maximum history limit. (GP-2843)</li>
<li><I>GUI</I>. Improved table-sorting performance. (GP-2908, Issue #4782)</li>
<li><I>GUI</I>. Updated the Structure Editor to maintain the table selection during external updates. (GP-2945, Issue #4820)</li>
<li><I>GUI</I>. Added new feature where programs can automatically go to a newly discovered start symbol (e.g., "main") after analysis completes. If the user has navigated to another program location before analysis completes, a popup dialog will appear asking if the user would like to go to the new symbol. Both of these behaviors can be turned off via the <gtitle>Navigation</gtitle> tool options. (GP-3064)</li>
<li><I>GUI</I>. Added ability for default tool launch (e.g., project file double-click) to reuse existing tool instead of always launching a new tool. This behavior controlled via Project Window <gtitle>Default Tool Launch Mode</gtitle> option. (GP-3080)</li>
<li><I>GUI</I>. Updated the Memory Map table to use a fixed-width font for the Start, End, and Length columns. (GP-3103)</li>
<li><I>GUI</I>. Updated <gtitle>Create Enums From Selection</gtitle> action to handle duplicate-named enum entries when merging selected enums together into a new enum. (GP-3204, Issue #5036)</li>
<li><I>GUI</I>. Added a Front End tool option to disable application-wide tooltip popups. (GP-3254, Issue #5095)</li>
<li><I>GUI</I>. Fixed several issues with enums and the GUI for editing them. The API supported both unsigned and signed enums, but the GUI only supported unsigned enums. Also added extra checking so that enums can't support negative values and large unsigned values at the same time. (GP-3255, Issue #3806)</li>
<li><I>GUI</I>. Clicking a sound icon in the Listing will now stop any currently playing sound. (GP-3393, Issue #5278)</li>
<li><I>Importer</I>. Headless Ghidra and the AutoImporter API now support loading more than one program, such as when importing a program results in additional libraries getting loaded. (GP-2877, Issue #4929)</li>
<li><I>Importer</I>. The OMF Loader now handles LPUBDEF symbols. (GP-2976, Issue #4854)</li>
<li><I>Importer</I>. The OMF Loader now handles unsupported/unknown record types more gracefully. (GP-2997, Issue #4856, #4857)</li>
<li><I>Importer</I>. Improved GZF/GDT import and export to allow unforced upgrade of older files. This is particularly important when a user has a version-sensitive issue and needs to have the project file triaged. (GP-3034)</li>
<li><I>Importer</I>. The OMF Loader now handles CEXTDEF symbols. Known functions are now also created by the OMF loader to improve analysis. (GP-3117, Issue #4912)</li>
<li><I>Importer</I>. Made improvements to the OMF Loader's relocation handler. (GP-3141, Issue #4909)</li>
<li><I>Importer</I>. Improved support for loading old-style DOS MZ binaries. (GP-3353, Issue #5229)</li>
<li><I>Importer:ELF</I>. Eliminated the public mutability and writing of ELF Headers whose implementation is not well suited for this in the absence of any ELF Linker support or related processor extension API. (GP-3152)</li>
<li><I>Importer:Mach-O</I>. Mach-O external libraries are now linked during analysis. (GP-2602)</li>
<li><I>Importer:PE</I>. The PE Loader has been updated to correctly recognize and mark the program compiler ID for MinGW programs. GNU Demangler has been updated to recognize and run on programs with GCC compiler option. (GP-1851, Issue #2208, #4513, #4514, #4520, #4906, #5155)</li>
<li><I>Importer:PE</I>. The PE Loader can now load sections that extend beyond the end of the imported file without error. (GP-2826, Issue #4705)</li>
<li><I>Importer:PE</I>. The PE Loader no longer rebases images to 0x10000 when the preferred image base is very large. (GP-2827, Issue #2361, #4710)</li>
<li><I>Importer:PE</I>. Improved PE header parsing so binaries with corrupt symbol/string tables do not prevent Ghidra from recognizing them as PE. (GP-2973)</li>
<li><I>Jython</I>. Improved Python interpreter code-completion behavior. (GP-2759, Issue #4678, #4699)</li>
<li><I>Languages</I>. Reverted disassembly of x86 two-byte <gcode>xchg ax,ax</gcode> back to <gcode>nop</gcode>. (GP-3372)</li>
<li><I>Listing</I>. Added <gtitle>Simplify Template Names</gtitle> option (on by default) to simplify symbol and datatype names with complex template info as part of their name. This only affects the Listing display and doesn't affect the actual symbol or datatype name. (GP-388)</li>
<li><I>Listing</I>. Added options for the starting location of a program when it is opened, which will move the location to a specific function or label. See <gtitle>Preferred Symbol Name</gtitle> under the <gtitle>Navigation</gtitle> tool options. (GP-2141, Issue #4267)</li>
<li><I>Listing</I>. Changed overlapping markers to blend rather than occlude. (GP-2723)</li>
<li><I>Multi-User</I>. The Ghidra Server's temp directory can now be controlled by setting the <gcode>WRAPPER_TMPDIR</gcode> variable in <gcode>ghidraSvr(.bat)</gcode>. (GP-3053, Issue #4925)</li>
<li><I>Multi-User</I>. Upgraded YAJSW to 13.09. (GP-3119)</li>
<li><I>Processors</I>. Corrected treatment of x86 LOCK prefix. (GP-2487, Issue #4336)</li>
<li><I>Processors</I>. Added support for ARM v4T and v5T <gcode>bl lr</gcode> and <gcode>blx lr</gcode> pseudo-instructions. (GP-2872, Issue #4320)</li>
<li><I>Project</I>. Added support for Ghidra-URL-linked project files and folders. <gtitle>Copy/Paste-Link</gtitle> actions are added to project file tree when copying from viewed repository or another project. (GP-2644)</li>
<li><I>Prototypes</I>. <gcode>PrototypeModel.getReturnAddress()</gcode> now returns the default return address of the compiler spec when a prototype does not define its own. (GP-2612, Issue #4611)</li>
<li><I>Scripting</I>. The <gcode>RecoverClassesFromRTTIScript</gcode> has been updated to recognize and process Windows PE programs compiled with GCC (i.e., MinGW, Cygwin programs). (GP-1856)</li>
<li><I>Scripting</I>. The <gcode>RecoverClassesFromRTTIScript</gcode> has a few improvements for GCC-compiled programs. (GP-2679, Issue #4414)</li>
<li><I>Scripting</I>. Added the <gcode>RTTI Found</gcode> RTTI Analyzer option to the program information, which is used to determine whether to rerun the analyzer and also to decide whether to run the RTTI script. (GP-3293)</li>
<li><I>Sleigh</I>. Improved Sleigh compiler warning and error messages. (GP-2913, Issue #4595)</li>
</ul>
</blockquote>
<blockquote><p><u><B>Bugs</B></u></p>
<ul>
<li><I>Analysis</I>. Removed check for instruction falling into a location being considered for a shared return function. (GP-3044)</li>
<li><I>Analysis</I>. Added support for stack parameter tracking, PointerTypedef parameters, restrictions of parameter values to known pointer parameters, and a prototype-setting for propagation of pointer parameter types to memory. (GP-3077)</li>
<li><I>Analysis</I>. Fixed deadlock in Arm Analyzer waffling between overriding the return instruction as a return and branch. (GP-3150)</li>
<li><I>Analysis</I>. Removed duplicate references placed on different operands of instructions. (GP-3214)</li>
<li><I>Analysis</I>. Fixed issues related to analysis flag and how it affects asking the user to analyze a new program. (GP-3282)</li>
<li><I>Analysis</I>. By default, pointer-to-pointer analysis is turned off for ARM binaries in the Operand and Data Reference analyzers. This can result in fewer references created, and can be turned back on if your binaries use pointer data in memory instead of offset values from the current PC. (GP-3335)</li>
<li><I>API</I>. Fixed bug on pinned symbols when changing image base. (GP-3178, Issue #4290)</li>
<li><I>API</I>. Revised <gcode>ApplyFunctionSignatureCmd</gcode> to allow use where function should not get renamed when signature applied. (GP-3350)</li>
<li><I>Byte Viewer</I>. Fixed bug in Byte Viewer where the last byte in a block could not be selected if the field group size was larger than 1. (GP-1593)</li>
<li><I>CParser</I>. Fixed parsing of Windows <gcode>wdm.h</gcode> header file with multi-line strings passed as arguments to a macro. (GP-2809, Issue #4690)</li>
<li><I>CParser</I>. <gcode>CParser.parse(String)</gcode> method no longer throws an exception, and, when parsing a structure as a string, the return type will be the structure&mdash;not the last member of the structure. (GP-3183, Issue #4903)</li>
<li><I>CParser</I>. Removed <gcode>wchar_t</B></gcode> as a keyword when parsing header files. <gcode>wchar_t</gcode> will always use the built-in <gcode>wchar_t</gcode> datatype even if defined with a <gcode>typedef</gcode> within a header file. (GP-3215, Issue #5108)</li>
<li><I>CParser</I>. Fixed issue with CParser creating <gcode>#define</gcode> enum values if unsigned long is specified with parentheses around the value; for example, <gcode>#define X (4ul)</gcode>. (GP-3216, Issue #5069)</li>
<li><I>CParser</I>. Pressing <gtitle>Cancel</gtitle> during parsing of header files is now more responsive. (GP-3284, Issue #5181)</li>
<li><I>CParser</I>. Enum constants are now created by the CParser when <gcode>#define</gcode> expressions ending in <gcode>ULL</gcode>, <gcode>LLU</gcode>, <gcode>LL</gcode>, and <gcode>LU</gcode> are found in parentheses. (GP-3285, Issue #5161)</li>
<li><I>CParser</I>. Fixed expansion of <gcode>#define</gcode> statements embedded in <gcode>#include</gcode> files and parsing of constants with <gcode>UL</gcode>/<gcode>LL</gcode> size specifications. (GP-3310, Issue #5207)</li>
<li><I>CParser</I>. Fixed CParser issues with forward-declared Enums and typedefs used within the body of functions. (GP-3371, Issue #3526, #5271)</li>
<li><I>CParser</I>. <gcode>Enum</gcode> sizes are now set to the size of an <gcode>int</gcode> for the processor (formerly 4), and <gcode>enum</gcode>s from <gcode>#define</gcode>s are set to the the smallest <gcode>enum</gcode> size that will fit the number (formerly 8). Future change will add packed <gcode>enum</gcode> sizes. (GP-3385)</li>
<li><I>Data</I>. Corrected handling of zero-length components in the form of Listing DataComponent CodeUnits. These were incorrectly reporting a length of 0 instead 1; all Listing Data, including DataComponents, must report a positive non-zero length. (GP-3314)</li>
<li><I>Data Types</I>. Automatically created class structures now respect the <gtitle>Preferred Root Namespace Category</gtitle> property. (GP-1123, Issue #3196)</li>
<li><I>Data Types</I>. Added support for floating-point data types to parse decimal string representation. A significant refactor of FloatFormat and BigFloat was completed. BigFloat is now used as the value class for all float data types. Introduced <gcode>DataType.getAlignedLength()</gcode> method which was needed to differentiate between the <em>raw</em> encoding size and the <em>aligned</em> (i.e., padded) size used by a compiler when allocating storage (i.e., <gcode>sizeof</gcode>). Example: for x86-32 gcc, 80-bit float has an aligned-length of 12-bytes which reflects compiler's <gcode>sizeof(long double)</gcode>. (GP-1379)</li>
<li><I>Data Types</I>. Corrected 80-bit floating point support to include decode, encode, and computation via the FloatFormat and BigFloat support classes. (GP-3022, Issue #4853)</li>
<li><I>Debugger</I>. Fixed issue with default renaming of traces when auto-saving with conflicting names. (GP-1484)</li>
<li><I>Debugger</I>. Fixed bug in refresh logic. (GP-1884)</li>
<li><I>Debugger</I>. Fixed various errors in breakpoint logic for dbgeng/model. (GP-2177)</li>
<li><I>Debugger</I>. Fixed occasional stack trace in auto-saving traces when closing Debugger. (GP-2732)</li>
<li><I>Debugger</I>. Miscellaneous fixes for LLDB agent. (GP-2781)</li>
<li><I>Debugger</I>. Provided greater flexibility with library load error messages. (GP-3012)</li>
<li><I>Debugger</I>. <gtitle>Emulate Program</gtitle> and <gtitle>Map Identically</gtitle> actions now exclude EXTERNAL block. (GP-3087)</li>
<li><I>Debugger</I>. Removed <gtitle>Tool Options: Colors</gtitle> sections from Debugger help. (GP-3218)</li>
<li><I>Debugger:Agents</I>. Fixed some issues with GADP agent <gcode>no-dep</gcode> jars. (GP-1007, Issue #3076)</li>
<li><I>Debugger:Agents</I>. Fixed a <gcode>NullPointerException</gcode> in <gcode>GadpValueUtils</gcode>. (GP-2915, Issue #4791)</li>
<li><I>Debugger:Agents</I>. Fixed GADP connectors to use the same JRE/JDK as Ghidra. (GP-2979)</li>
<li><I>Debugger:dbgeng.dll</I>. A register modification now updates the Stack and other windows. (GP-2636)</li>
<li><I>Debugger:Emulator</I>. The emulator will now halt when trying to decode an instruction from uninitialized memory. (GP-1529)</li>
<li><I>Debugger:Emulator</I>. Fixed Emulator for processors that use crossbuild. (GP-1904)</li>
<li><I>Debugger:Emulator</I>. Removed 4 unnecessary classes in emulator: <gcode>RequireHasKnownTraceCachedWriteBytesPcodeExecutorState</gcode>, <gcode>RequireHasKnownTraceCachedWriteBytesPcodeExecutorStatePiece</gcode>, <gcode>RequireIsKnownTraceCachedWriteBytesPcodeExecutorState</gcode>, and <gcode>RequireIsKnownTraceCachedWriteBytesPcodeExecutorStatePiece</gcode>. (GP-3280)</li>
<li><I>Debugger:GDB</I>. Fixed missing stack frames when single-stepping. (GP-1470)</li>
<li><I>Debugger:GDB</I>. Fixed unnecessary error popup when user rejects HostKey while connecting to GDB via SSH. (GP-1710)</li>
<li><I>Debugger:GDB</I>. Fixed <em>Erase In Line</em> ANSI escape decoding issue for GDB on Windows. (GP-3135, Issue #3562, #5026)</li>
<li><I>Debugger:GDB</I>. Fixed issue launching binaries in GDB with spaces in the path. (GP-3311, Issue #5203)</li>
<li><I>Debugger:Listing</I>. Fixed a bug where closing a cloned Dynamic Listing resulted in an extraneous stale <gcode>PC</gcode> marker in the Static Listing. (GP-2991)</li>
<li><I>Debugger:Mappings</I>. <gtitle>Map Identically</gtitle> and <gtitle>Map Manually</gtitle> actions will now refuse to overwrite existing mappings. (GP-3086)</li>
<li><I>Debugger:Trace</I>. Fixed a bug that allowed the user to undo a trace's initial transaction. This would lead to a subsequent <gcode>NullPointerException</gcode>. (GP-3213)</li>
<li><I>Debugger:Trace</I>. Fixed issue with <gtitle>Undo</gtitle> not being effective immediately. (GP-3358)</li>
<li><I>Decompiler</I>. Fixed a Decompiler decoding error that occurred when a pre-comment contained a null character. (GP-3002, Issue #4836)</li>
<li><I>Decompiler</I>. Line breaks in Decompiler output can no longer disable a comment annotation. (GP-3029)</li>
<li><I>Demangler</I>. Fixed missing use of <gcode>wchar_t</gcode>, <gcode>wchar16</gcode>, and <gcode>wchar32</gcode> primitives in Demanglers. (GP-3184, Issue #5080)</li>
<li><I>Documentation</I>. Made minor fixes and improvements to the Advanced Ghidra training class documentation. (GP-2944)</li>
<li><I>ELF</I>. Corrected ELF MIPS Relocation processing for R_MIPS_32. Added support for R_MIPS_PC21_S2 and R_MIPS_PC26_S2. (GP-3260, Issue #5160)</li>
<li><I>Exporter</I>. Corrected operand formatting issues with <gcode>ProgramTextWriter</gcode>, which affected HTML/ASCII exports. (GP-1868, Issue #793)</li>
<li><I>Framework</I>. Fixed an <gcode>IllegalStateException</gcode> that occurred while refreshing the Bundle Manager after the Code Browser tool had been closed. (GP-2711, Issue #4656)</li>
<li><I>Graphing</I>. Changed default Call Graph action to always use the isolated entry block model, which will give the best results most of the time. (GP-3250, Issue #5157)</li>
<li><I>Graphing</I>. Fixed stack trace when reusing graphs. (GP-3399)</li>
<li><I>GUI</I>. Updated tables to correctly take focus when pressing <gcode>F2</gcode> to start an edit. (GP-366)</li>
<li><I>GUI</I>. Fixed issue where add/edit label dialog would grow ridiculously large. (GP-543)</li>
<li><I>GUI</I>. Improved function-signature-parsing within Function Editor dialog to handled sized pointers. (GP-1100, Issue #3178)</li>
<li><I>GUI</I>. Fixed bug where symbol tree category nodes could not be closed when there was a filter in place. (GP-2187)</li>
<li><I>GUI</I>. Updated the Data Type Manager tree to maintain the tree selection when opening an archive for editing. (GP-2423)</li>
<li><I>GUI</I>. Fixed the Enum Editor to allow sorting on the Comments column. (GP-2776, Issue #4693)</li>
<li><I>GUI</I>. Updated the Equates Table to allow multiple selection. (GP-2887, Issue #4771)</li>
<li><I>GUI</I>. Added rapid Ghidra Server timeout during initial connection to avoid lengthy connection delay when the server system is offline. (GP-2935)</li>
<li><I>GUI</I>. Added support for HTML rendering in <gcode>TableChooserDialog</gcode>. (GP-2996, Issue #4880)</li>
<li><I>GUI</I>. Fixed bug that prevented editing of function variable data types in the <gtitle>Edit Function</gtitle> dialog. (GP-3115, Issue #4970)</li>
<li><I>GUI</I>. Updated the <gtitle>Function Signature</gtitle> dialog to allow editing the parameter table using only the keyboard. (GP-3173, Issue #3561)</li>
<li><I>GUI</I>. Fixed bug where scroll bar didn't appear when the view size was just slightly smaller than the actual text to be displayed. This affected the Listing, Bytes, and Decompiler views. (GP-3202, Issue #3938)</li>
<li><I>GUI</I>. Added the ability to copy details from the <gtitle>Missing Processor Manual</gtitle> dialog. (GP-3205, Issue #4218)</li>
<li><I>GUI</I>. Fixed issue where opening multiple file datatype archives with the same name would not appear in the Datatypes tree. (GP-3281)</li>
<li><I>GUI</I>. Changed function custom storage editor to permit larger storage to be specified. Undefined datatype size will expand to match storage size up to 8 bytes. (GP-3286, Issue #4983)</li>
<li><I>GUI</I>. Fixed bug in Plate Comment that caused truncation during word wrapping. (GP-3403, Issue #5297, #5298)</li>
<li><I>Headless</I>. Fixed a bug that caused a program to have an invalid <gcode>Executable Location</gcode> property when the program was imported headlessly from a relative path. (GP-3054)</li>
<li><I>Importer</I>. The OMF Loader now parses COMMENT_CLASS_LIB correctly. (GP-3118, Issue #5016)</li>
<li><I>Importer</I>. Fixed an issue that could cause the Importer to not respect the <gtitle>Load System Libraries From Disk</gtitle> and <gtitle>Load Local Libraries From Disk</gtitle> options if the <gtitle>Perform Library Ordinal Lookup</gtitle> option was used. (GP-3272, Issue #4849)</li>
<li><I>Importer:ELF</I>. Corrected ELF Loader issue which could improperly set memory blocks as read-only. (GP-2730)</li>
<li><I>Importer:ELF</I>. Added support for ELF X86-64 GOTPCREL relocation processing. Revised ELF relocation processing context API to utilize a single instance per import instead of one per relocation table. (GP-2984, Issue #4859)</li>
<li><I>Importer:ELF</I>. Corrected ELF Loader issue with INIT/FINI array processing when entries have relocations applied. (GP-3176, Issue #5039)</li>
<li><I>Importer:ELF</I>. Changed ELF relocation processing to avoid creating offset-pointers in memory blocks whch have execute permission or for section based relocations. (GP-3339, Issue #5238)</li>
<li><I>Importer:Mach-O</I>. Fixed Mach-O external symbol namespace issues that prevented demangling. (GP-2511)</li>
<li><I>Importer:Mach-O</I>. Fixed an exception that could occur while parsing DYLD chained fixups in some Mach-O binaries. (GP-3151)</li>
<li><I>Importer:Mach-O</I>. Fixed a bug that prevented the Mach-O loader from finding and loading libraries that reside in a Universal Binary file. (GP-3167)</li>
<li><I>Importer:Mach-O</I>. The Mach-O Loader now correctly handles DYLD_CHAINED_PTR_64_OFFSET fixups. (GP-3194, Issue #4986)</li>
<li><I>Importer:Mach-O</I>. Fixed an exception that occurred when importing Mach-O PowerPC binaries with relocations. (GP-3259)</li>
<li><I>Importer:PE</I>. Added a PE Loader <gtitle>Show Debug Line Number Comments</gtitle> option to show/hide debug line number comments. (GP-714, Issue #1184)</li>
<li><I>Importer:PE</I>. Fixed some issues with parsing Windows Dialog resources. (GP-2821, Issue #3807, #3808)</li>
<li><I>Languages</I>. Added the <code><b>HALT</b></code> instruction to the Coldfire processor. (GP-3326, Issue #5194)</li>
<li><I>Multi-User</I>. Corrected issue where shared project creation would retain canonical server name instead of the original, specified hostname. (GP-3050, Issue #4924, #4928)</li>
<li><I>Multi-User</I>. Corrected issue which disallowed Ghidra Server user IDs starting with a 0&ndash;9 digit. (GP-3121)</li>
<li><I>PDB</I>. Overriding overzealous thunk detection on function creation when PDB knows better. (GP-3127)</li>
<li><I>PDB</I>. Stubbed in some structures to represent class Member Pointers. Details need to be determined with future research. (GP-3171, Issue #5055)</li>
<li><I>PDB</I>. A function is now created for a global label only if there are function indicators; otherwise, only a label is applied. Reverts the forced-function creation part of GP-2505. (GP-3200)</li>
<li><I>PDB</I>. Fixed PDB handling of same-named <gcode>__unnamed</gcode> anonymous data types with different definitions used within a common structure. These could be emitted by VS 2005. (GP-3279)</li>
<li><I>Processors</I>. Fixed issues with M68000 shift and rotate instruction behavior. (GP-2013, Issue #4217)</li>
<li><I>Processors</I>. Added missing x87 <gcode>FDESI</gcode>, <gcode>FENI</gcode>, <gcode>FNDESI</gcode>, and <gcode>FNENI</gcode> instructions. (GP-2093, Issue #4262)</li>
<li><I>Processors</I>. Added support for SuperH <gcode>fsrra</gcode>, <gcode>fsca</gcode>, and <gcode>movua.l</gcode> instructions. (GP-2374, Issue #4210)</li>
<li><I>Processors</I>. Added extended floating point instructions to V850 processor. (GP-2565, Issue #4453, #4481)</li>
<li><I>Processors</I>. Corrected 6809 and H6309 processors Jump address calculations and fixed issue with Extended Address bit-pattern disassembly. (GP-2650, Issue #4630)</li>
<li><I>Processors</I>. Corrected addresses for ARM Cortex interrupt vectors. (GP-2706, Issue #4638)</li>
<li><I>Processors</I>. Added support for MIPS <gcode>DSP</gcode> instructions. (GP-2775, Issue #4526)</li>
<li><I>Processors</I>. Fixed operand ordering for M68000 <gcode>abcd</gcode> and <gcode>sbcd</gcode> instructions. (GP-2880, Issue #4183, #4189)</li>
<li><I>Processors</I>. Fixed regression in x86 with disassembling the <gcode>pause</gcode> instruction. (GP-2892)</li>
<li><I>Processors</I>. Corrected semantics for TriCore <gcode>nor.t</gcode> instruction. (GP-2895, Issue #4775)</li>
<li><I>Processors</I>. Corrected issues in the SPARC language involving delay slots and ordering. (GP-2932, Issue #4805)</li>
<li><I>Processors</I>. Corrected implementation of PowerPC <gcode>fsel</gcode> instruction. (GP-2937, Issue #4664)</li>
<li><I>Processors</I>. Fixed semantics of 65C02 <gcode>TRB</gcode> and <gcode>TSB</gcode> instructions. (GP-3039, Issue #4921)</li>
<li><I>Processors</I>. Fixed operand parsing of ARM Neon <gcode>vld</gcode> and <gcode>vst</gcode> instructions. (GP-3043, Issue #4814)</li>
<li><I>Processors</I>. Corrected x86 <gcode>MOV REX, MOFFS64</gcode> disassembly with address size prefix. (GP-3078, Issue #4942)</li>
<li><I>Processors</I>. Corrected x86 <gcode>FBLD</gcode> instruction semantics. (GP-3079, Issue #2427)</li>
<li><I>Processors</I>. Fixed ARM neon <gcode>VMOV.U16</gcode> instruction decode. (GP-3096)</li>
<li><I>Processors</I>. Fixed issue with ARM Thumb <gcode>push &lbrace;register_list&rbrace;</gcode> not disassembling when the last two registers in the list are <gcode>r2</gcode> and <gcode>r3</gcode>. (GP-3132, Issue #5024)</li>
<li><I>Processors</I>. Supplied additional register field support to AARCH64 <gcode>MSR</gcode> instruction. (GP-3156)</li>
<li><I>Processors</I>. Fixed issue with ARM Thumb Neon <gcode>vqdmull</gcode> instruction not disassembling. (GP-3157, Issue #5053)</li>
<li><I>Processors</I>. Fixed issue with HCS12 <gcode>TSTA</gcode> instruction not clearing carry flag. (GP-3169, Issue #5067)</li>
<li><I>Processors</I>. Fixed issue with M68000 processor having a varnode of zero size. (GP-3187, Issue #5093, #5094)</li>
<li><I>Processors</I>. Corrected RISC-V <gcode>jal</gcode>/<gcode>jalr</gcode> instructions to be a call instead of <gcode>goto</gcode>, when link register is <gcode>T0</gcode>. (GP-3217, Issue #5092)</li>
<li><I>Processors</I>. Fixed PowerPC branch-conditional-and-link semantics for assigning <gcode>LR</gcode> register. (GP-3341, Issue #5218)</li>
<li><I>Processors</I>. Fixed stack alignment in x86 far call instructions (GP-3398, Issue #1715, #1723)</li>
<li><I>Scripting</I>. Fixed an issue that prevented the default script log file from getting used in the user's <gcode>.ghidra</gcode> directory. (GP-2936)</li>
<li><I>Scripting</I>. Fixed a bug in <gcode>FlatProgramAPI.getLastInstruction()</gcode>. (GP-3198, Issue #5090)</li>
<li><I>Scripting</I>. Improved how the interactive Python interpreter handles transactions. This fixed an uncaught exception that occurred when <gcode>GhidraScript.openProgram()</gcode> was called. (GP-3321, Issue #5215)</li>
<li><I>Search</I>. Increased performance related to Search Results table markers. (GP-2828)</li>
<li><I>Search</I>. Fixed exceptions in <gcode>ReferenceUtils</gcode> when searching for structure members with no size. (GP-3283)</li>
<li><I>Search</I>. Fixed bug that caused search highlights to sometimes disappear from the Listing when the user moves the cursor. (GP-3329)</li>
<li><I>Sleigh</I>. Addressed a bug in the SLEIGH compiler that allowed inconsistent exporting of sizeless varnodes. (GP-3186)</li>
</ul>
</blockquote>
<H1 align="center">Ghidra 10.2.3 Change History (February 2023)</H1>
<blockquote><p><u><B>Improvements</B></u></p>
<ul>

2
Ghidra/Configurations/Public_Release/src/global/docs/WhatsNew.html
View file

@ -80,7 +80,7 @@
Look and Feels. The most notable is the Flat Dark theme, which is built using the FlatLaf, a modern open-source flat Look and Feel
library. Additionally, Ghidra includes various tools for editing and creating custom themes.</P>
<P>Also, all the main display windows (Listing, Decompiler, and Bytes Viewer) support quickly changing the font size via <B>&LT Ctrl &GT +</B> or <B>&LT Ctrl &GT -</B>.</P>
<P>Also, all the main display windows (Listing, Decompiler, and Bytes Viewer) support quickly changing the font size via <B>&lt;Ctrl&gt;+</B> or <B>&lt;Ctrl&gt;-</B>.</P>
<P>See the Ghidra Help pages for full details on the theming feature.</P>