GP-955 Add comments, fix arch check

Ghidra/Features/Base/src/main/java/ghidra/app/util/bin/format/pe/FileHeader.java

@@ -141,6 +141,7 @@ public class FileHeader implements StructConverter {
 	/**
 	 * Values for the Machine field indicating the intended processor architecture
 	 */
+	public final static int IMAGE_FILE_MACHINE_MASK = 0xFFFF;
 	public final static int IMAGE_FILE_MACHINE_UNKNOWN = 0x0; 		//	The content of this field is assumed to be applicable to any machine type
 	public final static int IMAGE_FILE_MACHINE_AM33 = 0x1d3; 		//	Matsushita AM33
 	public final static int IMAGE_FILE_MACHINE_AMD64 = 0x8664; 		//	x64
@@ -177,6 +178,8 @@ public class FileHeader implements StructConverter {
 
 	private SectionHeader[] sectionHeaders;
 	private List<DebugCOFFSymbol> symbols = new ArrayList<>();
+
+	// TODO: This is x86-64 architecture-specific and needs to be generalized.
 	private List<_IMAGE_RUNTIME_FUNCTION_ENTRY> irfes = new ArrayList<>();
 
 	private FactoryBundledWithBinaryReader reader;
@@ -252,6 +255,7 @@ public class FileHeader implements StructConverter {
 	/**
 	 * Returns the array of RUNTIME_INFO entries, if any are present.
 	 * @return An array of _IMAGE_RUNTIME_FUNCTION_ENTRY. The array can be empty.
+	 * TODO: This is x86-64 architecture-specific and needs to be generalized.
 	 */
 	public List<_IMAGE_RUNTIME_FUNCTION_ENTRY> getImageRuntimeFunctionEntries() {
 		return irfes;

Ghidra/Features/Base/src/main/java/ghidra/app/util/bin/format/pe/ImageRuntimeFunctionEntries.java

@@ -4,9 +4,9 @@
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
- *
+ * 
  *      http://www.apache.org/licenses/LICENSE-2.0
- *
+ * 
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -21,8 +21,7 @@ import java.util.List;
 
 import ghidra.app.util.bin.format.FactoryBundledWithBinaryReader;
 import ghidra.program.model.address.Address;
-import ghidra.program.model.data.DataType;
-import ghidra.program.model.data.DataUtilities;
+import ghidra.program.model.data.*;
 import ghidra.program.model.listing.Program;
 import ghidra.program.model.util.CodeUnitInsertionException;
 import ghidra.util.exception.DuplicateNameException;
@@ -142,6 +141,30 @@ public class ImageRuntimeFunctionEntries {
 		return functionEntries;
 	}
 
+	public static void createData(Program program, Address headerStart,
+			List<_IMAGE_RUNTIME_FUNCTION_ENTRY> irfes) {
+		// TODO: This is x86-64 architecture-specific and needs to be generalized.
+		StructureDataType dt = new StructureDataType(".PDATA", 0);
+		dt.setCategoryPath(new CategoryPath("/PE"));
+
+		// Lay an array of RUNTIME_INFO structure out over the data
+		StructureDataType irfeStruct = new StructureDataType("_IMAGE_RUNTIME_FUNCTION_ENTRY", 0);
+		irfeStruct.add(ghidra.app.util.bin.StructConverter.IBO32, "BeginAddress", null);
+		irfeStruct.add(ghidra.app.util.bin.StructConverter.IBO32, "EndAddress", null);
+		irfeStruct.add(ghidra.app.util.bin.StructConverter.IBO32, "UnwindInfoAddressOrData", null);
+
+		ArrayDataType irfeArray =
+			new ArrayDataType(irfeStruct, irfes.size(), irfeStruct.getLength());
+
+		try {
+			DataUtilities.createData(program, headerStart, irfeArray, irfeArray.getLength(), true,
+				DataUtilities.ClearDataMode.CHECK_FOR_SPACE);
+		}
+		catch (CodeUnitInsertionException e) {
+			return;
+		}
+	}
+
 	// FIXME: change name to conform to Java naming standards
 	// FIXME: If public visibility is required improved member protection is needed
 	public static class _IMAGE_RUNTIME_FUNCTION_ENTRY {

Ghidra/Features/Base/src/main/java/ghidra/app/util/bin/format/pe/NTHeader.java

@@ -270,7 +270,8 @@ public class NTHeader implements StructConverter, OffsetValidator {
 
 		fileHeader.processSections(optionalHeader);
 		fileHeader.processSymbols();
-		if (fileHeader.getMachine() == FileHeader.IMAGE_FILE_MACHINE_AMD64) {
+		if ((fileHeader.getMachine() &
+			FileHeader.IMAGE_FILE_MACHINE_MASK) == FileHeader.IMAGE_FILE_MACHINE_AMD64) {
 			fileHeader.processImageRuntimeFunctionEntries();
 		}
 

Ghidra/Features/Base/src/main/java/ghidra/app/util/opinion/PeLoader.java

@@ -280,25 +280,8 @@ public class PeLoader extends AbstractPeDebugLoader {
 			return;
 		}
 
-		StructureDataType dt = new StructureDataType(".PDATA", 0);
-		dt.setCategoryPath(new CategoryPath("/PE"));
-
-		// Lay an array of RUNTIME_INFO structure out over the data
-		StructureDataType irfeStruct = new StructureDataType("_IMAGE_RUNTIME_FUNCTION_ENTRY", 0);
-		irfeStruct.add(ghidra.app.util.bin.StructConverter.IBO32, "BeginAddress", null);
-		irfeStruct.add(ghidra.app.util.bin.StructConverter.IBO32, "EndAddress", null);
-		irfeStruct.add(ghidra.app.util.bin.StructConverter.IBO32, "UnwindInfoAddressOrData", null);
-
-		ArrayDataType irfeArray =
-			new ArrayDataType(irfeStruct, irfes.size(), irfeStruct.getLength());
-
-		try {
-			DataUtilities.createData(program, start, irfeArray, irfeArray.getLength(), true,
-				DataUtilities.ClearDataMode.CHECK_FOR_SPACE);
-		}
-		catch (CodeUnitInsertionException e) {
-			return;
-		}
+		// TODO: This is x86-64 architecture-specific and needs to be generalized.
+		ImageRuntimeFunctionEntries.createData(program, start, irfes);
 
 		// Each RUNTIME_INFO contains an address to an UNWIND_INFO structure
 		// which also needs to be laid out. When they contain chaining data