Is your feature request related to a problem? Please describe.
Up to now the generation of initial facts in Pharos is done exclusively with the help of the Rose Framework. This works so far also quite well, with a few cutbacks.
Since a short time very strong scripts and classes are available in Ghidra to get further information about inheritance (here in special respect VBTables) with the help of RTTI data. There is also some additional information about the RTTI structures in relation to different inheritance types. Up to now I was not aware of all values myself. The info seems to come from elaborate researches how the data correlate. On the basis of this the VBTables are determined among other things. This is done with the help of the decompiler API which is of course on a much higher level than the pure assembler code.
Describe the solution you'd like
Following suggestion: Provide us a possibility that we can create the initial facts with the help of Ghidra. This could simplify the quality significantly. Ghidra has likewise a few functions to discover constructures and deconstructures. Furthermore, functions are available to build an inheritance tree based on the RTTI data.
I could imagine that with this information one could create much more initial facts for Pharos. You might only have to solve minor problems with it which could speed up the overall process significantly.
Here you can find the big class in the source code of Ghidra, which solves the main work using the versatile decompiler API.
Describe alternatives you've considered
In my opinion you should put much more effort into using the Ghidra Decompiler API. It could be very helpful for analysis even for normal classes without RTTI data. Perhaps one should invest here some research work.
Additional context
See descriptions above, there is nothing important about it.
Is your feature request related to a problem? Please describe.
Up to now the generation of initial facts in Pharos is done exclusively with the help of the Rose Framework. This works so far also quite well, with a few cutbacks.
Since a short time very strong scripts and classes are available in Ghidra to get further information about inheritance (here in special respect VBTables) with the help of RTTI data. There is also some additional information about the RTTI structures in relation to different inheritance types. Up to now I was not aware of all values myself. The info seems to come from elaborate researches how the data correlate. On the basis of this the VBTables are determined among other things. This is done with the help of the decompiler API which is of course on a much higher level than the pure assembler code.
Describe the solution you'd like
Following suggestion: Provide us a possibility that we can create the initial facts with the help of Ghidra. This could simplify the quality significantly. Ghidra has likewise a few functions to discover constructures and deconstructures. Furthermore, functions are available to build an inheritance tree based on the RTTI data.
I could imagine that with this information one could create much more initial facts for Pharos. You might only have to solve minor problems with it which could speed up the overall process significantly.
Here you can find the big class in the source code of Ghidra, which solves the main work using the versatile decompiler API.
Describe alternatives you've considered
In my opinion you should put much more effort into using the Ghidra Decompiler API. It could be very helpful for analysis even for normal classes without RTTI data. Perhaps one should invest here some research work.
Additional context
See descriptions above, there is nothing important about it.