这是我多年来第一次编写 Java 代码,我正在编写一个 Ghidra 脚本,该脚本将系统调用符号映射到它们的调用函数。
private HashMap<Symbol, Reference[]> symbolRefs = new HashMap<Symbol, Reference[]>();
private HashMap<Symbol, List<Function>> callerFuncs = new HashMap<Symbol, List<Function>>();
.
.
.
private void mapSysCallToCallerFunctions(FunctionManager funcMan) throws Exception {
List<Function> funcs = new ArrayList<Function>();
for(HashMap.Entry<Symbol, Reference[]> entry: this.symbolRefs.entrySet()) {
for(Reference ref : entry.getValue()) {
Function caller = funcMan.getFunctionContaining(ref.getFromAddress());
if(caller != null) {
funcs.add(caller);
}
}
this.callerFuncs.put(entry.getKey(), funcs);
funcs.clear();
}
}
我的问题是我想清除“funcs”列表,以便我可以再次使用空列表进行下一次迭代。由于某种未知原因,这也会导致我的 HashMap 中的函数列表为空。如果我在这里打印我的 HashMap:
private void printCallerSymbolMap() throws Exception {
for(HashMap.Entry<Symbol, List<Function>> entry: this.callerFuncs.entrySet()) {
printf("Symbol %s:\n", entry.getKey().toString());
for(Function func : entry.getValue()) {
printf("Called by function %s\n", func.getName());
}
}
}
我只是得到输出:
INFO Symbol system: (GhidraScript)
INFO Symbol system: (GhidraScript)
但是,当我删除 funcs.clear() 时,我得到:
INFO Symbol system: (GhidraScript)
INFO Called by function system (GhidraScript)
INFO Called by function system (GhidraScript)
INFO Called by function main (GhidraScript)
INFO Symbol system: (GhidraScript)
INFO Called by function system (GhidraScript)
INFO Called by function system (GhidraScript)
INFO Called by function main (GhidraScript)
不过应该是这样的:
INFO Symbol system: (GhidraScript)
INFO Called by function system (GhidraScript)
INFO Called by function system (GhidraScript)
INFO Symbol system: (GhidraScript)
INFO Called by function main (GhidraScript)
我有两个系统符号,因为它是 thunked。