Needs HeadlessAnalyser installed and renamed. #5
Comments
|
I was getting a slightly different error, but still regarding DumpClassData, with the following stack:
This is my current system configuration: OS: OpenJDK version: 21.0.6+7-LTS Temurin Assuming the components are located in the following directories:
I didn't need to download any additional files and managed to solve the issue using the following steps:
After performing these steps, I get the following output:
|
|
@leonewton253 this is actually the DumpClassData script that the decompiler is looking for: https://github.com/LaurieWired/Malimite/blob/main/DecompilerBridge/ghidra/DumpClassData.java That file is located inside the release zip. I think this issue is related to a relative path I forgot to remove in the release. Try pasting in that script file to the Ghidra scripts folder, or running Malimite via command line from inside its installation directory as a temporary solution. I'll be fixing this path issue very shortly since it's also causing another issue. @T1T4N for your issue, I think this might be a problem with the decompilation itself. Are you able to provide me the file you are looking at? I likely just need to have a slightly more graceful way of recovering from decompilation errors. |
I think this fixes it! My first instinct was to look in your repo for the Class file but for some reason I used the one I found on Google. I was just running the jar from outside the folder, I should of stuck with the shell script. Is it possible you could bundle Ghidra with it? |
Initially I got this when running decompile:
Ghidra: /Users/leo/ghidra/Ghidra/Features/PDB/ghidra_scripts (HeadlessAnalyzer) Ghidra: ERROR REPORT SCRIPT ERROR: DumpClassData.java : Script not found: DumpClassData.java (HeadlessAnalyzer) Ghidra: ERROR Abort due to Headless analyzer error: Invalid script: DumpClassData.java (HeadlessAnalyzer) java.lang.IllegalArgumentException: Invalid script: DumpClassData.javaI copied this file, https://github.com/NationalSecurityAgency/ghidra/blob/master/Ghidra/Features/Base/src/main/java/ghidra/app/util/headless/HeadlessAnalyzer.java
And renamed it to DumpClassData.java and now it decompiles but then stalls after its done and the analyze window wont close.
Starting analysis of: Payload/Cowabunga.app/Cowabunga
Opening project...
Creating Macho object...
Starting Ghidra analysis...
Ghidra: java version "23.0.2" 2025-01-21
Ghidra: Java(TM) SE Runtime Environment Oracle GraalVM 23.0.2+7.1 (build 23.0.2+7-jvmci-b01)
Ghidra: Java HotSpot(TM) 64-Bit Server VM Oracle GraalVM 23.0.2+7.1 (build 23.0.2+7-jvmci-b01, mixed mode)
Ghidra: 2025-01-28 17:38:13.222 java[11355:3440159] +[IMKClient subclass]: chose IMKClient_Modern
Ghidra: 2025-01-28 17:38:13.222 java[11355:3440159] +[IMKInputSession subclass]: chose IMKInputSession_Modern
Ghidra: INFO Using log config file: jar:file:/Users/leo/ghidra/Ghidra/Framework/Generic/lib/Generic.jar!/generic.log4j.xml (LoggingInitialization)
Ghidra: INFO Using log file: /Users/leo/Library/ghidra/ghidra_11.2.1_PUBLIC/application.log (LoggingInitialization)
Ghidra: INFO Loading user preferences: /Users/leo/Library/ghidra/ghidra_11.2.1_PUBLIC/preferences (Preferences)
Ghidra: INFO Searching for classes... (ClassSearcher)
Ghidra: INFO Class search complete (329 ms) (ClassSearcher)
Ghidra: INFO Initializing SSL Context (SSLContextInitializer)
Ghidra: INFO Initializing Random Number Generator... (SecureRandomFactory)
Ghidra: INFO Random Number Generator initialization complete: NativePRNGNonBlocking (SecureRandomFactory)
Ghidra: INFO Trust manager disabled, cacerts have not been set (ApplicationTrustManagerFactory)
Ghidra: INFO Headless startup complete (935 ms) (AnalyzeHeadless)
Ghidra: INFO Class searcher loaded 57 extension points (18 false positives) (ClassSearcher)
Ghidra: WARN REPORT: Could not find -scriptPath entry, skipping: /Users/leo/DecompilerBridge/ghidra (HeadlessAnalyzer)
Ghidra: INFO HEADLESS Script Paths:
Ghidra: /Users/leo/Library/ghidra/ghidra_11.2.1_PUBLIC/Extensions/MachineLearning/ghidra_scripts
Ghidra: /Users/leo/ghidra/Ghidra/Processors/Atmel/ghidra_scripts
Ghidra: /Users/leo/ghidra/Ghidra/Debug/Debugger-agent-dbgmodel-traceloader/ghidra_scripts
Ghidra: /Users/leo/ghidra/Ghidra/Features/BytePatterns/ghidra_scripts
Ghidra: /Users/leo/ghidra/Ghidra/Features/Decompiler/ghidra_scripts
Ghidra: /Users/leo/ghidra/Ghidra/Features/Jython/ghidra_scripts
Ghidra: /Users/leo/ghidra/Ghidra/Features/GnuDemangler/ghidra_scripts
Ghidra: /Users/leo/ghidra/Ghidra/Processors/8051/ghidra_scripts
Ghidra: /Users/leo/ghidra/Ghidra/Features/FileFormats/ghidra_scripts
Ghidra: /Users/leo/ghidra/Ghidra/Features/MicrosoftCodeAnalyzer/ghidra_scripts
Ghidra: /Users/leo/ghidra/Ghidra/Features/SystemEmulation/ghidra_scripts
Ghidra: /Users/leo/ghidra/Ghidra/Processors/DATA/ghidra_scripts
Ghidra: /Users/leo/ghidra/Ghidra/Features/BSim/ghidra_scripts
Ghidra: /Users/leo/ghidra/Ghidra/Debug/Debugger-agent-frida/ghidra_scripts
Ghidra: /Users/leo/ghidra/Ghidra/Features/WildcardAssembler/ghidra_scripts
Ghidra: /Users/leo/ghidra/Ghidra/Debug/Debugger-rmi-trace/ghidra_scripts
Ghidra: /Users/leo/ghidra/Ghidra/Features/Base/ghidra_scripts
Ghidra: /Users/leo/ghidra/Ghidra/Features/SwiftDemangler/ghidra_scripts
Ghidra: /Users/leo/ghidra/Ghidra/Processors/JVM/ghidra_scripts
Ghidra: /Users/leo/ghidra/Ghidra/Features/FunctionID/ghidra_scripts
Ghidra: /Users/leo/ghidra/Ghidra/Features/VersionTracking/ghidra_scripts
Ghidra: /Users/leo/ghidra/Ghidra/Debug/Debugger/ghidra_scripts
Ghidra: /Users/leo/ghidra/Ghidra/Processors/PIC/ghidra_scripts
Ghidra: /Users/leo/ghidra/Ghidra/Features/PDB/ghidra_scripts (HeadlessAnalyzer)
Ghidra: INFO HEADLESS: execution starts (HeadlessAnalyzer)
Ghidra: INFO Creating temporary project: /Users/leo/Downloads/Cowabunga_malimite/Cowabunga_malimite (HeadlessAnalyzer)
Ghidra: INFO Creating project: /Users/leo/Downloads/Cowabunga_malimite/Cowabunga_malimite (DefaultProject)
Ghidra: INFO REPORT: Processing input files: (HeadlessAnalyzer)
Ghidra: INFO project: /Users/leo/Downloads/Cowabunga_malimite/Cowabunga_malimite (HeadlessAnalyzer)
Ghidra: INFO IMPORTING: file:///Users/leo/Downloads/Cowabunga_malimite/Cowabunga (HeadlessAnalyzer)
Ghidra: INFO Using Loader: Mac OS X Mach-O (AutoImporter)
Ghidra: INFO Using Language/Compiler: AARCH64:LE:64:AppleSilicon:swift (AutoImporter)
Ghidra: INFO Using Library Search Path: [., /System/Library/dyld/dyld_shared_cache_arm64e, /System/Library/dyld/dyld_shared_cache_x86_64, /System/Library/dyld/dyld_shared_cache_x86_64h, /System/Cryptexes/OS/System/Library/dyld/dyld_shared_cache_arm64e, /System/Cryptexes/OS/System/Library/dyld/dyld_shared_cache_x86_64, /System/Cryptexes/OS/System/Library/dyld/dyld_shared_cache_x86_64h, /Users/leo/Library/Java/Extensions, /Library/Java/Extensions, /Network/Library/Java/Extensions, /System/Library/Java/Extensions, /usr/lib/java] (AutoImporter)
Ghidra: INFO Additional info:
Ghidra: Loading file:///Users/leo/Downloads/Cowabunga_malimite/Cowabunga?MD5=025e075eaa5f02b6c3c0b4b383d82a5a...
Ghidra: Discovered 9030 DYLD_CHAINED_PTR_64 chained pointers.
Ghidra: Fixed up 9030 chained pointers.
Ghidra: ------------------------------------------------
Ghidra:
Ghidra: Linking the External Programs of 'Cowabunga' to imported libraries...
Ghidra: [/System/Library/PrivateFrameworks/CoreUI.framework/CoreUI] -> not found in project
Ghidra: [/System/Library/PrivateFrameworks/CoreSVG.framework/CoreSVG] -> not found in project
Ghidra: [/usr/lib/libz.1.dylib] -> not found in project
Ghidra: [/System/Library/Frameworks/CoreServices.framework/CoreServices] -> not found in project
Ghidra: [/System/Library/Frameworks/MobileCoreServices.framework/MobileCoreServices] -> not found in project
Ghidra: [/System/Library/Frameworks/SystemConfiguration.framework/SystemConfiguration] -> not found in project
Ghidra: [/System/Library/Frameworks/Foundation.framework/Foundation] -> not found in project
Ghidra: [/usr/lib/libobjc.A.dylib] -> not found in project
Ghidra: [/usr/lib/libSystem.B.dylib] -> not found in project
Ghidra: [/System/Library/Frameworks/AVFoundation.framework/AVFoundation] -> not found in project
Ghidra: [/System/Library/Frameworks/Combine.framework/Combine] -> not found in project
Ghidra: [/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation] -> not found in project
Ghidra: [/System/Library/Frameworks/CoreGraphics.framework/CoreGraphics] -> not found in project
Ghidra: [/System/Library/Frameworks/CoreImage.framework/CoreImage] -> not found in project
Ghidra: [/System/Library/Frameworks/CoreLocation.framework/CoreLocation] -> not found in project
Ghidra: [/System/Library/Frameworks/PDFKit.framework/PDFKit] -> not found in project
Ghidra: [/System/Library/Frameworks/Photos.framework/Photos] -> not found in project
Ghidra: [/System/Library/Frameworks/PhotosUI.framework/PhotosUI] -> not found in project
Ghidra: [/System/Library/Frameworks/QuartzCore.framework/QuartzCore] -> not found in project
Ghidra: [/System/Library/Frameworks/SwiftUI.framework/SwiftUI] -> not found in project
Ghidra: [/System/Library/Frameworks/UIKit.framework/UIKit] -> not found in project
Ghidra: [/System/Library/Frameworks/UserNotifications.framework/UserNotifications] -> not found in project
Ghidra: [/usr/lib/libcompression.dylib] -> not found in project
Ghidra: [/usr/lib/swift/libswiftAVFoundation.dylib] -> not found in project
Ghidra: [/usr/lib/swift/libswiftCompression.dylib] -> not found in project
Ghidra: [/usr/lib/swift/libswiftCore.dylib] -> not found in project
Ghidra: [/usr/lib/swift/libswiftCoreAudio.dylib] -> not found in project
Ghidra: [/usr/lib/swift/libswiftCoreFoundation.dylib] -> not found in project
Ghidra: [/usr/lib/swift/libswiftCoreGraphics.dylib] -> not found in project
Ghidra: [/usr/lib/swift/libswiftCoreImage.dylib] -> not found in project
Ghidra: [/usr/lib/swift/libswiftCoreLocation.dylib] -> not found in project
Ghidra: [/usr/lib/swift/libswiftCoreMIDI.dylib] -> not found in project
Ghidra: [/usr/lib/swift/libswiftCoreMedia.dylib] -> not found in project
Ghidra: [/usr/lib/swift/libswiftDarwin.dylib] -> not found in project
Ghidra: [/usr/lib/swift/libswiftDataDetection.dylib] -> not found in project
Ghidra: [/usr/lib/swift/libswiftDispatch.dylib] -> not found in project
Ghidra: [/usr/lib/swift/libswiftFileProvider.dylib] -> not found in project
Ghidra: [/usr/lib/swift/libswiftMetal.dylib] -> not found in project
Ghidra: [/usr/lib/swift/libswiftOSLog.dylib] -> not found in project
Ghidra: [/usr/lib/swift/libswiftObjectiveC.dylib] -> not found in project
Ghidra: [/usr/lib/swift/libswiftPhotos.dylib] -> not found in project
Ghidra: [/usr/lib/swift/libswiftPhotosUI.dylib] -> not found in project
Ghidra: [/usr/lib/swift/libswiftQuartzCore.dylib] -> not found in project
Ghidra: [/usr/lib/swift/libswiftUIKit.dylib] -> not found in project
Ghidra: [/usr/lib/swift/libswiftUniformTypeIdentifiers.dylib] -> not found in project
Ghidra: [/usr/lib/swift/libswiftos.dylib] -> not found in project
Ghidra: [/usr/lib/swift/libswiftsimd.dylib] -> not found in project
Ghidra: [@rpath/libswift_Concurrency.dylib] -> not found in project
Ghidra: [/usr/lib/swift/libswiftFoundation.dylib] -> not found in project
Ghidra: ------------------------------------------------
Ghidra:
Ghidra: (AutoImporter)
Ghidra: INFO IMPORTING: Loaded 0 additional files (HeadlessAnalyzer)
Ghidra: INFO ANALYZING all memory and code: file:///Users/leo/Downloads/Cowabunga_malimite/Cowabunga (HeadlessAnalyzer)
Ghidra: INFO hit non-returning function, restarting decompiler switch analyzer later (DecompilerSwitchAnalyzer)
Ghidra: WARN Decompiling 1000bf3d0: Unable to read bytes at ram:1394bf410 (DecompileCallback)
Ghidra: WARN Decompiling 1000bf094: Unable to read bytes at ram:aa0bf4b0 (DecompileCallback)
Ghidra: WARN Decompiling 10014c750: Unable to read bytes at ram:a9d2209c (DecompileCallback)
Ghidra: WARN Decompiling 10014a550: Unable to read bytes at ram:a9cf161c (DecompileCallback)
Ghidra: WARN Decompiling 1000bef18: Unable to read bytes at ram:aa0bf4b0 (DecompileCallback)
Ghidra: WARN Decompiling 10014c750: Unable to read bytes at ram:a9d2209c (DecompileCallback)
Ghidra: WARN Decompiling 10014a550: Unable to read bytes at ram:a9cf161c (DecompileCallback)
Ghidra: WARN Decompiling 10014a550: Unable to read bytes at ram:a9cf161c (DecompileCallback)
Ghidra: WARN Decompiling 10014c750: Unable to read bytes at ram:a9d2209c (DecompileCallback)
Ghidra: INFO Packed database cache: /var/tmp/leo-ghidra/packed-db-cache (PackedDatabaseCache)
Ghidra: INFO Applied data type archive: mac_osx (ApplyDataArchiveAnalyzer)
Ghidra: WARN Decompiling 1000bf094: Unable to read bytes at ram:aa0bf4b0 (DecompileCallback)
Ghidra: WARN Decompiling 1000bf3d0: Unable to read bytes at ram:1394bf410 (DecompileCallback)
Ghidra: WARN Decompiling 1000bef18: Unable to read bytes at ram:aa0bf4b0 (DecompileCallback)
Ghidra: WARN Decompiling 10011c660, pcode error at 10011c660: Unable to resolve constructor at 10011c660 (DecompileCallback)
Ghidra: WARN Decompiling 10014a550: Unable to read bytes at ram:a9cf161c (DecompileCallback)
Ghidra: WARN Decompiling 10014c750: Unable to read bytes at ram:a9d2209c (DecompileCallback)
Ghidra: INFO -----------------------------------------------------
Ghidra: AARCH64 ELF PLT Thunks 0.000 secs
Ghidra: ASCII Strings 0.409 secs
Ghidra: Apply Data Archives 0.219 secs
Ghidra: Basic Constant Reference Analyzer 9.568 secs
Ghidra: CFStrings 0.003 secs
Ghidra: Call Convention ID 2.472 secs
Ghidra: Call-Fixup Installer 0.060 secs
Ghidra: Create Address Tables 0.212 secs
Ghidra: Create Address Tables - One Time 0.268 secs
Ghidra: Create Function 0.319 secs
Ghidra: Data Reference 0.873 secs
Ghidra: Decompiler Switch Analysis 14.563 secs
Ghidra: Decompiler Switch Analysis - One Time 4.582 secs
Ghidra: Demangler GNU 2.091 secs
Ghidra: Demangler Swift 27.518 secs
Ghidra: Disassemble 2.706 secs
Ghidra: Disassemble Entry Points 0.991 secs
Ghidra: Disassemble Entry Points - One Time 0.018 secs
Ghidra: Embedded Media 0.038 secs
Ghidra: External Entry References 0.001 secs
Ghidra: Function Start Search 0.214 secs
Ghidra: Function Start Search After Code 0.151 secs
Ghidra: Function Start Search After Data 0.144 secs
Ghidra: Function Start Search delayed - One Time 0.225 secs
Ghidra: Mach-O Function Starts 0.415 secs
Ghidra: Non-Returning Functions - Discovered 0.301 secs
Ghidra: Non-Returning Functions - Known 0.006 secs
Ghidra: Objective-C 2 Class 0.575 secs
Ghidra: Objective-C 2 Decompiler Message 20.138 secs
Ghidra: Reference 0.468 secs
Ghidra: Shared Return Calls 0.499 secs
Ghidra: Stack 12.468 secs
Ghidra: Subroutine References 0.456 secs
Ghidra: Subroutine References - One Time 0.011 secs
Ghidra: Swift Type Metadata Analyzer 0.129 secs
Ghidra: -----------------------------------------------------
Ghidra: Total Time 103 secs
Ghidra: -----------------------------------------------------
Ghidra: (AutoAnalysisManager)
Ghidra: INFO REPORT: Analysis succeeded for file: file:///Users/leo/Downloads/Cowabunga_malimite/Cowabunga (HeadlessAnalyzer)
Ghidra: DumpClassData.java:72: error: class HeadlessAnalyzer is public, should be declared in a file named HeadlessAnalyzer.java
Ghidra: public class HeadlessAnalyzer {
Ghidra: ^
Ghidra: Note: DumpClassData.java uses or overrides a deprecated API.
Ghidra: Note: Recompile with -Xlint:deprecation for details.
Ghidra: skipping /Users/leo/ghidra/Ghidra/Features/PDB/ghidra_scripts/DumpClassData.java
Ghidra: ERROR REPORT SCRIPT ERROR: DumpClassData.java : The class could not be found. It must be the public class of the .java file: DumpClassData not found by e3c5ff78 [1] (HeadlessAnalyzer) ghidra.app.script.GhidraScriptLoadException: The class could not be found. It must be the public class of the .java file: DumpClassData not found by e3c5ff78 [1]
Ghidra: at ghidra.app.script.JavaScriptProvider.getScriptInstance(JavaScriptProvider.java:110)
Ghidra: at ghidra.app.util.headless.HeadlessAnalyzer.runScriptsList(HeadlessAnalyzer.java:912)
Ghidra: at ghidra.app.util.headless.HeadlessAnalyzer.analyzeProgram(HeadlessAnalyzer.java:1074)
Ghidra: at ghidra.app.util.headless.HeadlessAnalyzer.processFileWithImport(HeadlessAnalyzer.java:1563)
Ghidra: at ghidra.app.util.headless.HeadlessAnalyzer.processWithLoader(HeadlessAnalyzer.java:1745)
Ghidra: at ghidra.app.util.headless.HeadlessAnalyzer.processWithImport(HeadlessAnalyzer.java:1686)
Ghidra: at ghidra.app.util.headless.HeadlessAnalyzer.processWithImport(HeadlessAnalyzer.java:1770)
Ghidra: at ghidra.app.util.headless.HeadlessAnalyzer.processLocal(HeadlessAnalyzer.java:457)
Ghidra: at ghidra.app.util.headless.AnalyzeHeadless.launch(AnalyzeHeadless.java:198)
Ghidra: at ghidra.GhidraLauncher.launch(GhidraLauncher.java:81)
Ghidra: at ghidra.Ghidra.main(Ghidra.java:54)
Ghidra: Caused by: java.lang.ClassNotFoundException: DumpClassData not found by e3c5ff78 [1]
Ghidra: at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1591)
Ghidra: at org.apache.felix.framework.BundleWiringImpl.access$300(BundleWiringImpl.java:79)
Ghidra: at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:1976)
Ghidra: at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:528)
Ghidra: at org.apache.felix.framework.Felix.loadBundleClass(Felix.java:2116)
Ghidra: at org.apache.felix.framework.BundleImpl.loadClass(BundleImpl.java:986)
Ghidra: at ghidra.app.script.JavaScriptProvider.loadClass(JavaScriptProvider.java:161)
Ghidra: at ghidra.app.script.JavaScriptProvider.getScriptInstance(JavaScriptProvider.java:96)
Ghidra: ... 10 more
Ghidra:
Ghidra: INFO ANALYZING changes made by post scripts: file:///Users/leo/Downloads/Cowabunga_malimite/Cowabunga (HeadlessAnalyzer)
Ghidra: INFO REPORT: Post-analysis succeeded for file: file:///Users/leo/Downloads/Cowabunga_malimite/Cowabunga (HeadlessAnalyzer)
Ghidra: INFO REPORT: Save succeeded for: /Cowabunga (Cowabunga_malimite:/Cowabunga) (HeadlessAnalyzer)
Ghidra: INFO REPORT: Import succeeded (HeadlessAnalyzer)
The text was updated successfully, but these errors were encountered: