Ghidra: Include jumps to functions in call graph and targets

PiperOrigin-RevId: 639092121 Change-Id: I8b3e2ae3c275ed2d9bb5ca598f73ac592bd10031
google · May 31, 2024 · aa55ff0 · aa55ff0
1 parent 9077afe
commit aa55ff0
Showing 1 changed file with 15 additions and 46 deletions.
diff --git a/java/src/main/java/com/google/security/binexport/BinExport2Builder.java b/java/src/main/java/com/google/security/binexport/BinExport2Builder.java
@@ -438,27 +438,25 @@ private void buildInstructions(
       instrBuilder.addAllOperandIndex(
           buildInstructionOperands(instr, cuf, expressionIndices, operandIndices));
 
-      Function parentFunc = listing.getFunctionContaining(instr.getAddress());
-      Address thunkedAddr =
-          parentFunc != null && parentFunc.isThunk()
-              ? parentFunc.getThunkedFunction(false).getEntryPoint()
-              : null;
-
       // Export call targets.
       for (Reference refFrom : instr.getReferencesFrom()) {
-        Address toAddr = refFrom.getToAddress();
         RefType refType = refFrom.getReferenceType();
+        if (!refType.isCall() && !refType.isJump()) {
+          continue;
+        }
 
-        // Skip non-call targets and non-thunked jumps
-        if (!refType.isCall() && !(refType.isJump() && toAddr.equals(thunkedAddr))) {
+        Address toAddr = refFrom.getToAddress();
+        if (listing.getFunctionAt(toAddr) == null) {
           continue;
         }
+
         if (toAddr.isExternalAddress()) {
           toAddr = getExternalLinkageAddress(toAddr);
           if (toAddr == null) {
             continue;
           }
         }
+
         instrBuilder.addCallTarget(getMappedAddress(toAddr));
       }
 
@@ -660,51 +658,22 @@ private void buildCallGraphAndModuleList() throws CancelledException {
       if (entryPoint.isNonLoadedMemoryAddress()) {
         continue;
       }
-      id = vertexIndices.get(getMappedAddress(func.getEntryPoint()));
+      id = vertexIndices.get(getMappedAddress(entryPoint));
 
-      if (func.isThunk()) {
-        Address thunkedAddr = func.getThunkedFunction(false).getEntryPoint();
-        if (thunkedAddr.isExternalAddress()) {
-          thunkedAddr = getExternalLinkageAddress(thunkedAddr);
-          if (thunkedAddr == null) {
+      for (Function calledFunc : func.getCalledFunctions(monitor)) {
+        Address calledFuncAddr = calledFunc.getEntryPoint();
+
+        if (calledFuncAddr.isExternalAddress()) {
+          calledFuncAddr = getExternalLinkageAddress(calledFuncAddr);
+          if (calledFuncAddr == null) {
             continue;
           }
         }
 
-        var targetId = vertexIndices.get(getMappedAddress(thunkedAddr));
+        var targetId = vertexIndices.get(getMappedAddress(calledFuncAddr));
         if (targetId != null) {
           callGraph.addEdgeBuilder().setSourceVertexIndex(id).setTargetVertexIndex(targetId);
         }
-      } else {
-        var bbIter = bbModel.getCodeBlocksContaining(func.getBody(), monitor);
-        if (!bbIter.hasNext()) {
-          continue; // Skip empty flow graphs, they only exist as call graph nodes
-        }
-
-        while (bbIter.hasNext()) {
-          CodeBlock bb = bbIter.next();
-
-          for (var bbDestIter = bb.getDestinations(monitor); bbDestIter.hasNext(); ) {
-            CodeBlockReference bbRef = bbDestIter.next();
-            FlowType flow = bbRef.getFlowType();
-            if (!flow.isCall()) {
-              continue;
-            }
-
-            Address destAddr = bbRef.getDestinationAddress();
-            if (destAddr.isExternalAddress()) {
-              destAddr = getExternalLinkageAddress(destAddr);
-              if (destAddr == null) {
-                continue;
-              }
-            }
-
-            var targetId = vertexIndices.get(getMappedAddress(destAddr));
-            if (targetId != null) {
-              callGraph.addEdgeBuilder().setSourceVertexIndex(id).setTargetVertexIndex(targetId);
-            }
-          }
-        }
       }
     }
   }