GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → achan1989 → ghidra-65816

achan1989 / ghidra-65816

Licence: MIT license
WDC 65816 processor module for Ghidra

Labels

65816ghidra

Projects that are alternatives of or similar to ghidra-65816

joern
Open-source code analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property graphs
Stars: ✭ 968 (+4994.74%)
Mutual labels:  ghidra
ghidra scripts
Ghidra scripts for malware analysis
Stars: ✭ 53 (+178.95%)
Mutual labels:  ghidra
kernal64
A Scala Commodore 64, 128, VIC20, CBM2 and SuperCPU emulator
Stars: ✭ 87 (+357.89%)
Mutual labels:  65816
ghidra scripts
No description or website provided.
Stars: ✭ 24 (+26.32%)
Mutual labels:  ghidra
pypcode
Python bindings to Ghidra's SLEIGH library for disassembly and lifting to p-code IR
Stars: ✭ 111 (+484.21%)
Mutual labels:  ghidra
ghidra-emu-fun
Ghidra Emulates Functions
Stars: ✭ 36 (+89.47%)
Mutual labels:  ghidra
ghidra-gb
[WIP] A simple Ghidra loader for GameBoy ROMs
Stars: ✭ 11 (-42.11%)
Mutual labels:  ghidra
superfeather
SNES game engine in 65816 assembly, focusing on performance, flexibility, convenience
Stars: ✭ 31 (+63.16%)
Mutual labels:  65816
ida2ghidra-kb
IDA Pro to Ghidra Key Bindings to feel like if you were in IDA Pro when navigating
Stars: ✭ 74 (+289.47%)
Mutual labels:  ghidra
Awesome Reverse Engineering
Reverse Engineering Resources About All Platforms(Windows/Linux/macOS/Android/iOS/IoT) And Every Aspect! (More than 3500 open source tools and 2300 posts&videos)
Stars: ✭ 2,954 (+15447.37%)
Mutual labels:  ghidra
Ghidra
As it is obvious from the name this is version of NSA Ghidra which actually could be built from sources
Stars: ✭ 24 (+26.32%)
Mutual labels:  ghidra
kaiju
CERT Kaiju is a binary analysis framework extension for the Ghidra software reverse engineering suite. This repository is the primary, canonical repository for this project -- file bug reports and wishes here!
Stars: ✭ 150 (+689.47%)
Mutual labels:  ghidra
sleighcraft
sleigh craft!
Stars: ✭ 221 (+1063.16%)
Mutual labels:  ghidra
ghidra-scripts
A collection of my Ghidra scripts to facilitate reverse engineering and vulnerability research.
Stars: ✭ 92 (+384.21%)
Mutual labels:  ghidra
neko
A simple library for SNES programming and development in 65816 assembly
Stars: ✭ 24 (+26.32%)
Mutual labels:  65816
GhidraEmu
Native Pcode emulator
Stars: ✭ 25 (+31.58%)
Mutual labels:  ghidra
ghidra-builder
Docker image for building ghidra RE framework from source
Stars: ✭ 55 (+189.47%)
Mutual labels:  ghidra
ghidraal
A Ghidra extension for scripting with GraalVM languages, including Javascript, Python3, R, and Ruby.
Stars: ✭ 48 (+152.63%)
Mutual labels:  ghidra
language-65asm
Adds syntax highlighting to 65816/65C816/65802/6502/65C02 files in Atom, with extra support for various compilers.
Stars: ✭ 32 (+68.42%)
Mutual labels:  65816
Writeups
This repository contains writeups for various CTFs I've participated in (Including Hack The Box).
Stars: ✭ 61 (+221.05%)
Mutual labels:  ghidra
View All Similar Projects ➔

ghidra-65816

This is a WDC 65816 processor module for Ghidra.

This is an early release. I've not used it much yet, so expect bugs. Feedback and pull requests are welcome!

Disassembly is probably correct. Data flow analysis is probably mostly correct. Decompilation is probably unusable.

Install and Usage

Rename the root folder to 65816 and copy it to Ghidra/Processors.

I've only tried to use this processor module with a raw binary so far.

  1. Import a file using the "Raw Binary" format, "65816" language.
  2. Open it in the code browser. When asked if you want to analyse it now choose "no".
  3. Set up your memory map.
  4. For each entry point:
    1. Identify the mode that the processor will be running in.
    2. Right-click the first instruction byte and choose "Processor Options..." to set the MF, XF, and EF flags.
    3. Right-click the first instruction byte and choose "Set Register Values..." to set the DBR (data bank), DF (decimal flag), DP (direct page), PBR (program bank), and SP (stack pointer) registers. Perhaps others, if you're feeling keen.
    4. Cross fingers and disassemble. Watch out for limitations and unknowns.

Limitations

  • The 65802 variant is not supported.
  • Disassembly and data flow analysis will be incorrect when an instruction and its operand(s) wrap at the end of a program bank.
  • When pulling the MF and XF flags from the stack Ghidra will not automatically set the correct processor mode. This affects the PLP and RTI instructions.
  • Interrupt vectors are not automatically recognised as entry points.

Unknowns

I don't know how well Ghidra will pick up on changes to the processor modes. If it requires a lot of manual intervention then a custom analyser might be necessary to make it usable.

The following implemented behaviours are my interpretation of ambiguous documentation, which is likely to be wrong.

  • When executing a BRK the processor model pushes the status register to the stack with the BF flag set, but leaves the flag unchanged when jumping to the handler.
  • When executing a XCE where the emulation mode is re-switched to the current mode, the model behaves as if the new mode was entered "properly". That is:
    • emulation -> emulation is treated like native -> emulation, i.e. index registers are truncated and the stack is forced to page one.
    • native -> native is treated like emulation -> native, i.e. index registers are truncated.
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].