Ghidra 10.3 and MS-DOS 16-bit executables. I'm having trouble figuring out how to script creating memory references. The goal is to locate patterns for MOV DX,VALUE then create a memory reference for VALUE if it's validated as the location of a string. I have everything working except creating the actual reference.
This line for example.
MOV DX,0x12b1
I want the same result as right clicking the value (0x12b1) and selecting Create Memory Reference.
I think my issue is misunderstanding this line...
createMemoryReference(data, addr, ghidra.program.model.symbol.RefType.DATA)
...in my function below.
def tryRefStr(address):
result = False
opcode = getByteAt(address)
if opcode == opcodeMovDX:
valu = getWordAt(address.add(1)) #hex value (0x12b1)
addr = getAddress(valu) #hex value as address object
data = listing.getDefinedDataAt(addr) #data object from 0x12b1 (the string)
if data is not None:
dtyp = data.getDataType() #datatype of the object at 0x12b1
if str(dtyp) == 'string': #see if it's a string (crude, I know)
result = True
createMemoryReference(data, addr, ghidra.program.model.symbol.RefType.DATA)
return result
Instead of replacing VALUE in MOV DX,VALUE with a memory reference to 0x12b1 it creates a reference at the string's location instead, or something of that nature. I don't understand enough to explain exactly what it's doing.
I figured it out through trial and error.
The result I wanted is achieved with...
instr = listing.getInstructionContaining(addr)
instr.addOperandReference(1, addr, RefType.DATA, SourceType.ANALYSIS)
Instead of...
createMemoryReference(data, addr, RefType.DATA)