I just used 'r2pm -i r2ghidra-dec' to install. Unfortunately, it failed with saying some functions were not decalred. Of course the pdg command don't work in radare2.

The list of functions that were not decalred

• r_anal_get_function_at
• r_anal_get_functions_in
• r_anal_function_contains

Environment

• OS: Arch Linux
• GCC Version: 9.2.0
• BISON: /usr/bin/bison (found version "3.5.1")
• FLEX: /usr/bin/flex (found version "2.6.4")
• PkgConfig: /usr/bin/pkg-config (found version "1.6.3")

Error Message

make[1]: Entering directory '/home/allen/.local/share/radare2/r2pm/git/r2ghidra-dec.git/build'
make[2]: Entering directory '/home/allen/.local/share/radare2/r2pm/git/r2ghidra-dec.git/build'
make[2]: Entering directory '/home/allen/.local/share/radare2/r2pm/git/r2ghidra-dec.git/build'
make[2]: Entering directory '/home/allen/.local/share/radare2/r2pm/git/r2ghidra-dec.git/build'
make[2]: Entering directory '/home/allen/.local/share/radare2/r2pm/git/r2ghidra-dec.git/build'
...
...
make[2]: Leaving directory '/home/allen/.local/share/radare2/r2pm/git/r2ghidra-dec.git/build'
make[2]: Entering directory '/home/allen/.local/share/radare2/r2pm/git/r2ghidra-dec.git/build'
[ 42%] Building CXX object ghidra/CMakeFiles/sleighc.dir/ghidra/Ghidra/Features/Decompiler/src/decompile/cpp/slgh_compile.cc.o
/home/allen/.local/share/radare2/r2pm/git/r2ghidra-dec.git/src/core_ghidra.cpp:530:18: warning: ‘radare_plugin’ initialized and declared ‘extern’
  530 | R_API RLibStruct radare_plugin = {
      |                  ^~~~~~~~~~~~~
[ 43%] Building CXX object CMakeFiles/core_ghidra.dir/src/R2Scope.cpp.o
[ 43%] Building CXX object CMakeFiles/core_ghidra.dir/src/R2TypeFactory.cpp.o
[ 44%] Building CXX object CMakeFiles/core_ghidra.dir/src/R2CommentDatabase.cpp.o
/home/allen/.local/share/radare2/r2pm/git/r2ghidra-dec.git/src/R2Scope.cpp: In member function ‘Symbol* R2Scope::queryR2Absolute(long long unsigned int, bool) const’:
/home/allen/.local/share/radare2/r2pm/git/r2ghidra-dec.git/src/R2Scope.cpp:436:23: error: ‘r_anal_get_function_at’ was not declared in this scope; did you mean ‘r_anal_get_fcn_at’?
  436 |  RAnalFunction *fcn = r_anal_get_function_at(core->anal, addr);
      |                       r_anal_get_fcn_at
[ 44%] Building CXX object ghidra/CMakeFiles/sleighc.dir/bison/slghparse.cpp.o
/home/allen/.local/share/radare2/r2pm/git/r2ghidra-dec.git/src/R2CommentDatabase.cpp: In member function ‘void R2CommentDatabase::fillCache(const Address&) const’:
/home/allen/.local/share/radare2/r2pm/git/r2ghidra-dec.git/src/R2CommentDatabase.cpp:20:23: error: ‘r_anal_get_function_at’ was not declared in this scope; did you mean ‘r_anal_get_fcn_at’?
   20 |  RAnalFunction *fcn = r_anal_get_function_at(core->anal, fad.getOffset());
      |                       ^~~~~~~~~~~~~~~~~~~~~~
      |                       r_anal_get_fcn_at
/home/allen/.local/share/radare2/r2pm/git/r2ghidra-dec.git/src/R2CommentDatabase.cpp:23:17: error: ‘r_anal_get_functions_in’ was not declared in this scope; did you mean ‘r_anal_get_fcn_in’?
   23 |   RList *fcns = r_anal_get_functions_in(core->anal, fad.getOffset());
      |                 ^~~~~~~~~~~~~~~~~~~~~~~
      |                 r_anal_get_fcn_in
/home/allen/.local/share/radare2/r2pm/git/r2ghidra-dec.git/src/R2CommentDatabase.cpp: In lambda function:
/home/allen/.local/share/radare2/r2pm/git/r2ghidra-dec.git/src/R2CommentDatabase.cpp:36:7: error: ‘r_anal_function_contains’ was not declared in this scope; did you mean ‘r_anal_fcn_contains’?
   36 |   if(!r_anal_function_contains(fcn, item->from))
      |       ^~~~~~~~~~~~~~~~~~~~~~~~
      |       r_anal_fcn_contains
make[2]: *** [CMakeFiles/core_ghidra.dir/build.make:102: CMakeFiles/core_ghidra.dir/src/R2Scope.cpp.o] Error 1
make[2]: *** Waiting for unfinished jobs....
[ 45%] Building CXX object ghidra/CMakeFiles/sleighc.dir/flex/slghscan.cpp.o
make[2]: *** [CMakeFiles/core_ghidra.dir/build.make:128: CMakeFiles/core_ghidra.dir/src/R2CommentDatabase.cpp.o] Error 1
make[2]: Leaving directory '/home/allen/.local/share/radare2/r2pm/git/r2ghidra-dec.git/build'
make[1]: *** [CMakeFiles/Makefile2:128: CMakeFiles/core_ghidra.dir/all] Error 2
make[1]: *** Waiting for unfinished jobs....
[ 46%] Linking CXX executable sleighc
make[2]: Leaving directory '/home/allen/.local/share/radare2/r2pm/git/r2ghidra-dec.git/build'
[ 46%] Built target sleighc
make[1]: Leaving directory '/home/allen/.local/share/radare2/r2pm/git/r2ghidra-dec.git/build'
make: *** [Makefile:130: all] Error 2

Currently, when the plugin tries to decompile an address which isn't a part of a function, the decompiler widget shows "Failed to parse JSON from r2ghidra". I suggest having a check if the address is part of a function, and if not, display "The current seek address is not part of a function.".

so much newlines and missing braces, and define+assign in the same line instead of having all the vars on top

Environment information

• Operating System: 10.14.6

• Cutter version: Version 1.9.0
  Using r2-3.8.0
  Based on Qt 5.12.1 (Clang 10.0 (Apple), 64 bit)

• File format: ELF, but doesn't look like an elf specific bug.

Describe the bug

Adding comments in disassembly (and maybe even to source I've just tested that less) frequently breaks decompilation, though exactly how it breaks appears inconsistent (maybe dependent on the comment content or length?)

To Reproduce

Steps to reproduce the behavior:

1. Open any file (In the screenshot I'm using "bomb" from: http://csapp.cs.cmu.edu/3e/bomb.tar but I've tested other files with similar results) with default Cutter 1.9 settings
2. Enable disassembly graph
3. Click on main
4. Start adding comments
5. Decompilation becomes corrupted

Expected behavior

Decompilation is not corrupted but rather shows comments in the appropriate location, or not at all.

Screenshots

In this screenshot, the first comment actually adds a "bad opcode" to the decompilation but the second comment /really/ breaks the output.

$ r2 -A rr
[x] Analyze all flags starting with sym. and entry0 (aa)
[x] Analyze function calls (aac)
[x] Analyze len bytes of instructions for references (aar)
[x] Check for objc references
[x] Check for vtables
[x] Type matching analysis for all functions (aaft)
[x] Propagate noreturn information
[x] Use -AA or aaaa to perform additional experimental analysis.
[0x100000a80]> pdg
Segmentation fault: 11
$

rr.zip

Currently, r2ghidra will show flag names even when asm.flags.realname is enabled.

When this variable is enabled, Ghidra should show the flags' realname.
Thus, showing VirtualAllocEx(0x1000); instead of sym.imp.kernel33.dll_VirtualAllocEx(0x1000);.

It is expected that r2ghidra will honor the eval variable when enabled.

Environment information

• Operating System: Fedora 31 (x86_64)
• Cutter version: Appimage 1.10
• Obtained from:
  • Built from source
  • Downloaded from release
  • Distribution repository
• File format: EXE

Describe the bug
It appears that some strings are truncated in the decompiled output

The asm:

The decompiled output (which is showing only the first letter of the lpName)

To Reproduce
Open the following file and open in Cutter. (password: infected)
mal.zip

Call to CreateMutex is at 0x1400018b8

Expected behavior
Cutter to behave same as Ghidra

I searched through back issues and didn't see this one listed, apologies if this is already known.

Hello guys!
I got truble when try to decompile my example programm/
When i use ghidra i got result:

void FUN_00401d90(void)

{
  HMODULE hModule;
  FARPROC pFVar1;
  undefined local_9;
  uint local_8;
  
  local_8 = DAT_00407008 ^ (uint)&stack0xfffffffc;
  hModule = LoadLibraryA("ntdll.dll");
  if (hModule != (HMODULE)0x0) {
    pFVar1 = GetProcAddress(hModule,"RtlAdjustPrivilege");
    (*pFVar1)(0x13,1,0,&local_9);
  }
  FUN_0040229b();
  return;
}

But when i use rz-ghidra that looks like:

void main(void)
{
    int32_t iVar1;
    code *pcVar2;
    char *arg_8h;
    int32_t var_18h;
    undefined4 var_14h;
    undefined4 var_10h;
    undefined4 lpProcName;
    undefined var_5h;
    int32_t var_4h;
    
    var_4h = uRam00407008 ^ (uint32_t)&stack0xfffffffc;
    arg_8h = "ntdll.dll";
    iVar1 = (*_sym.imp.KERNEL32.dll_LoadLibraryA)();
    if (iVar1 != 0) {
        pcVar2 = (code *)(*_sym.imp.KERNEL32.dll_GetProcAddress)(iVar1, "RtlAdjustPrivilege");
        (*pcVar2)(0x13, 1, 0, &var_5h);
    }
    fcn.0040229b((int32_t)arg_8h);
    return;
}

Source:

int main(){
    BOOLEAN bEnabled;
    HMODULE RtlAdjustPrivilegeHModule = LoadLibraryA("ntdll.dll");
    if (!RtlAdjustPrivilegeHModule)
    {
         return 0;
    }
    LPVOID lpFuncAddress = GetProcAddress(RtlAdjustPrivilegeHModule, "RtlAdjustPrivilege");
    pdef_RtlAdjustPrivilege NtCall = (pdef_RtlAdjustPrivilege)lpFuncAddress;
    NTSTATUS NtRet = NTCall(19, TRUE, FALSE, &bEnabled);
    return 0;
}

So main problem here is argument for "KERNEL32.dll_LoadLibraryA". I try use files from ghidra for sleighhome but no matter. Some one hit that problem?

When renaming a local variable using "afvn", variables will correctly display their updated name when calling "pdg" and variants later.

However, when using the decompiler panel in visual mode (asterisk key) the decompiled code shows the original generated names. No changes to caching or any other options seem to fix this.

Hello.
I had a bit rare use case for r2ghidra decompiler. I was making multi-stage Docker image (alpine base) with radare2 and this plugin installed. The purpose of multi-staging was to minimize the size of the image -> drop all build dependencies and layers.

However, after copying build binaries from build image into runtime image, plugin just did not decompile binaries correctly into C - code; it just showed same assembly code than pdf command.

After many hours, I figured out that shared lib g++/libstdc++.so.6 is required, which was not in
runtime image. This is bit obvious afterwards...

Maybe this would be good to mention somewhere.

r2ghidra-dec commands did not rise any errors. Debug mode in in radare2 revealed the reason:

/ $ export R_DEBUG=true
/ $ r2 /bin/ls
Cannot open directory '/usr/local/lib/radare2/4.2.0-git'
Cannot open /home/appuser/.local/share/radare2/plugins/r2ghidra_sleigh
Loading /home/appuser/.local/share/radare2/plugins/core_ghidra.so
r_lib_dl_open: error: /home/appuser/.local/share/radare2/plugins/core_ghidra.so (Error loading shared library libstdc++.so.6: No such file or directory (needed by /home/appuser/.local/share/radare2/plugins/core_ghidra.so))
Cannot open library: '/home/appuser/.local/share/radare2/plugins/core_ghidra.so'
Cannot open directory '/usr/local/lib/radare2/4.2.0-git'
Cannot open directory '/usr/local/lib/radare2-extras/4.2.0-git'
Cannot open directory '/usr/local/lib/radare2-bindings/4.2.0-git'

Hopefully this helps someone else!

In addition to the implementation of r2ghidra.verbose. First, I think it should be disabled by default. It's too verbose and the user can't do anything about most of these warnings.

And in a more general saying -
If the warnings are for the devs (e.g "should be fixed") then ONLY devs should see them by enabling DEV configurations from their .rc file

Users are scared the hell from warnings. Especially when there are constant warnings all over the place

If the warnings are really actionable for the regular users, then fine. Maybe should show it as [INFO:], but if there are "Something went wrong and a dev is better to look at..." then better not to show it to users

Environment information

• Operating System: windows 7sp1
• Cutter version: 1.10.0
• File format: pe
• Arch: x86
• Type: EXEC (Executable file)

Describe the bug
A clear and concise description of what the bug is.

To Reproduce
Steps to reproduce the behavior:

1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Additional context
Add any other context about the problem here.

Currently the decompiled code is highlighted only in Cutter and not in the r2 shell. This is exhausting for the eyes when reversing for a couple of hours.

A good solution is to reuse the colours from the user's r2 colour scheme. Respectively, when a user changes their r2 shell colour scheme, the decompiler should apply the new colours to its output. There should be no style difference between the decompiler's and disassembler's outputs.

I am working on an implementation for this. Suggestions for different ideas are welcome.

Environment information

• Operating System: OSX
• Cutter version:
• Obtained from:
  • [] Built from source
  • Downloaded from release
  • Distribution repository
• File format: ELF

Describe the bug

I'm trying to analyze ARMv9 binary, compilled with arm-linux-gnueabihf-gcc and getting the following warnings in decompiler:

Unknown calling convention yet parameter storage is locked
[r2ghidra] Matching calling convention arm32 of function sym.imp.abort failed, args may be inaccurate.

I've tried different types of analysis and different types of architecture settings. The best result is achieved with automatic aaa preset

how can I provide Cutter with calling convention type or add support for ARM v9?

Screenshots

hello-arm.zip

$ rizin -c 's main;af;pdg' a.out

// WARNING: [r2ghidra] Matching calling convention arm32 of function main failed, args may be inaccurate.
// WARNING: [r2ghidra] Matching calling convention arm32 of function sym.imp.printf failed, args may be inaccurate.

undefined4 main(void)
{
    sym.imp.printf(*(int32_t *)0x490 + 0x47c);
    return 0;
}
[0x00000464]> pdc
function main () {
    //  1 basic blocks

    loc_0x464:

       push (fp, lr)
       fp = sp
       sp = sp - 8
       r0 = [pc + 0x18]         //[0x490:4]=32 ; 1168
       r0 = pc + r0             //"Hello world\n" section..rodata

       int printf("Hello world\n")
       lr = 0
       [sp + 4] = r0
       r0 = lr
       sp = fp                  //(pstr 0x0000049c) "Hello world\n"
       pop (fp, pc)             //section..rodata ; r13
(break)

}
[0x00000464]> pdsf
;-- pc, r15:
0x00000474 "Hello world\n"
0x00000478 bl sym.imp.printf
[0x00000464]>

Expecting:

{
    sym.imp.printf("Hello world\n");
    return 0;
}

Ghidra and IDA produce a clear and beautiful decompiled native code using the JNI types. Further info at https://www.ayrx.me/ghidra-jnianalyzer

Radare2 has built-in the jni.h headers:

[0x003622bc]> pfo
elf64
jni.h
elf32
dex.h
pe32
elf_enums
meson.build
fat
zip
bios
dll
mz
dex
macho
cdex.h
ntfs
trx
[0x003622bc]> pfo jni.h

Thus, we can set the JNIEnv* for the first argument of the function Java_xxxx:

[0x003622bc]> pd 9
┌ 352: sym.Java_com_zimperium_zdetection_service_ZVpnService_sendFDbyJNI (int32_t arg5, int32_t arg4, int32_t arg3, int32_t arg2, int32_t arg1);
│ bp: 1 (vars 1, args 0)
│ sp: 0 (vars 0, args 0)
│ rg: 5 (vars 0, args 5)
│           0x003622bc      fc0f1af8       str x28, [sp, -0x60]!
│           0x003622c0      fa6701a9       stp x26, x25, [sp, 0x10]
│           0x003622c4      f85f02a9       stp x24, x23, [sp, 0x20]
│           0x003622c8      f65703a9       stp x22, x21, [sp, 0x30]
│           0x003622cc      f44f04a9       stp x20, x19, [sp, 0x40]
│           0x003622d0      fd7b05a9       stp x29, x30, [sp, 0x50]
│           0x003622d4      fd430191       add x29, sp, 0x50
│           0x003622d8      ff8313d1       sub sp, sp, 0x4e0
│           0x003622dc      f40300aa       mov x20, x0                 ; arg1
[0x003622bc]> afvt arg5 JNIEnv*
[0x003622bc]> pd 9
┌ 352: sym.Java_com_zimperium_zdetection_service_ZVpnService_sendFDbyJNI (JNIEnv*arg5, int32_t arg4, int32_t arg3, int32_t arg2, int32_t arg1);
│ bp: 1 (vars 1, args 0)
│ sp: 0 (vars 0, args 0)
│ rg: 5 (vars 0, args 5)
│           0x003622bc      fc0f1af8       str x28, [sp, -0x60]!
│           0x003622c0      fa6701a9       stp x26, x25, [sp, 0x10]
│           0x003622c4      f85f02a9       stp x24, x23, [sp, 0x20]
│           0x003622c8      f65703a9       stp x22, x21, [sp, 0x30]
│           0x003622cc      f44f04a9       stp x20, x19, [sp, 0x40]
│           0x003622d0      fd7b05a9       stp x29, x30, [sp, 0x50]
│           0x003622d4      fd430191       add x29, sp, 0x50
│           0x003622d8      ff8313d1       sub sp, sp, 0x4e0
│           0x003622dc      f40300aa       mov x20, x0                 ; arg1

However, r2ghidra gives us some warnings about the JNIEnv types:

[0x003622bc]> pdg

// WARNING: Unknown calling convention yet parameter storage is locked
// WARNING: [r2ghidra] Failed to match radare2 calling convention arm64 to Decompiler ProtoModel
// WARNING: [r2ghidra] Failed to match type JNIEnv* for variable arg5 to Decompiler type: Unknown type identifier JNIEnv
// WARNING: [r2ghidra] Failed to find return address in ProtoModel

void sym.Java_com_zimperium_zdetection_service_ZVpnService_sendFDbyJNI
               (int32_t arg1, int32_t arg4, int32_t arg3, int32_t arg2, undefined8 arg5)
{
...    
    piVar3 = (int64_t *)(uint64_t)(uint32_t)arg1;
    uVar4 = (**(code **)(*piVar3 + 0x548))(piVar3, (uint64_t)(uint32_t)arg4, 0);
    uVar5 = (**(code **)(*piVar3 + 0x548))(piVar3, arg5, 0);

IDA and Ghidra perform it properly:

Sample:
libzcloud.zip

Related issue radareorg/radare2#15337 by @radare

    uRam0000000100005658 = 1;

into

    [0x100005658] = 1;

Find a better way to ship Sleigh specs without requiring the user to download Ghidra itself and obviously no pointing env var to it. Ideally, using the decompiler should be a click-to-play thingy.
Shipping everything the plugin need would be the best

reproducer:

$ r2 -c'wff /bin/ls;af;pdg' malloc://1M
Segmentation fault: 11

-- Checking for one of the modules 'r_core'
CMake Error at /usr/share/cmake-3.13/Modules/FindPkgConfig.cmake:679 (message):
None of the required 'r_core' found
Call Stack (most recent call first):
cmake/FindRadare2.cmake:80 (pkg_search_module)
CMakeLists.txt:43 (find_package)

CMake Error at /usr/share/cmake-3.13/Modules/FindPackageHandleStandardArgs.cmake:137 (message):
Could NOT find Radare2 (missing: Radare2_TARGET Radare2_LIBRARIES
Radare2_INCLUDE_DIRS)
Call Stack (most recent call first):
/usr/share/cmake-3.13/Modules/FindPackageHandleStandardArgs.cmake:378 (_FPHSA_FAILURE_MESSAGE)
cmake/FindRadare2.cmake:97 (find_package_handle_standard_args)
CMakeLists.txt:43 (find_package)

-- Configuring incomplete, errors occurred!

Am I doing something wrong?

This problem happens on decompiling any Sega Mega Drive rom (there is a loader for it).
Version info is:
Version 1.10.0
Using r2-4.1.1
Based on Qt 5.12.5 (MSVC 2017, 64 bit)

To decompile 68k functions 68000:BE:32:default must be used.

Binary: tf3.zip

Hi,

Trying to decompile a PowerPC 64 LE binary from r2. The same binary opens and decompiles in Ghidra. I get the following:

Ghidra Decompiler Error: Protomodel : __stdcall: Unable to compile pcode: syntax error

I thought the autodetection could be failing - when I open Ghidra, it shows the lang sleigh as PowerPC:LE:64:A2ALT:default, so I tried setting r2ghidra.lang to that, but the same result occurs.

The binary is just a simple GCC 9 compiled C program (specifically this), but I doubt that matters. I can upload the binary somewhere if it's easier to debug.

Not quite sure what's going on (and why this is only happening in r2 and not Ghidra) so any assistance would be appreciated.

Is there a possibility to provide type information, such a C structs to ghidra, such that the decompiler output becomes more readable?
Essentially passing the information from "t" in r2, to ghidra-dec ?

Hey.

Tried to install on Linux using the command r2pm -i r2ghidra-dec, being this the output:

Cannot find r2ghidra-dec

This is my version of Radare2 on Linux:

radare2 3.8.0 0 @ linux-x86-64 git.3.8.0
commit: unknown build: 2019-09-03__21:20:08

R2pm outputs the same version number: r2pm 3.8.0.

Thanks.

Currently r2ghidra-dec shows calls to imported function like this:

(*_VirtualProtect)(ppcVar4, 4, 0x40, &lpflOldProtect);

But the expected output should look like this:

VirtualProtect(ppcVar4, 4, 0x40, &lpflOldProtect);

Both Ghidra and IDA treat it like this. Here is an example from GHIDRA:

This is a tricky one since there is no Debugger in Cutter yet. But maybe it will work with emulation as well.

while emulating, if a user will hover a variable or referenced address, Cutter will show its current value in memory in a tooltip.

Basically, what i'm looking for is a way to remove those noisy WARNING messages at the begining of the decompmilation output

$ cat cc.c
int calling(int a, int b, int c, int d, int e, int f) {
	return a +  b + c +  d +e +f;
}
main() {
	return calling(1,2,3,4,5,6);
}

src+bin:
Archive.zip

Otherwise its useless to select, click ..

Sometimes a function that accepts a string as an argument is decompiled with the string's address in place of the literal. This can be annoying when working on large projects.

I attached a simple vuln that demonstrates the problem (the binary is non-malicious and is attached below).

Steps to reproduce:

• r2 -A vuln
• s sym.remove_fighter; pdg
• the first call to sym.print_opt is decompiled as sym.print_opt(0x401d30, 0x50); but should be preferably sym.print_opt("Who do you want to remove from the competition?", 0x50);. The disassembly view correctly detects that 0x401d30 is an address of a string literal.

My guess is that all function calls with more than 1 argument are not correctly decompiled. So far I have observed that all 1-argument function calls such as puts(str) and printf(str) have their string literals correctly shown in the decompiled code.

vuln.tar.gz

Thanks for the good work here!

SuperH4 It was introduced recently (11th Sept)... is it too tricky to refresh the build to include it?

[0x08000040]> pdgs
DATA:LE:64:default
DATA:BE:64:default
x86:LE:32:default
x86:LE:32:System Management Mode
x86:LE:16:Real Mode
x86:LE:64:default
PIC-16:LE:16:PIC-16
PIC-16:LE:16:PIC-16F
AARCH64:LE:64:v8A
AARCH64:BE:64:v8A
PIC-17:LE:16:PIC-17C7xx
8085:LE:16:default
Dalvik:LE:32:default
6502:LE:16:default
6502:BE:16:default
MIPS:BE:32:default
MIPS:LE:32:default
MIPS:BE:32:R6
MIPS:LE:32:R6
MIPS:BE:64:default
MIPS:LE:64:default
MIPS:BE:64:micro
MIPS:LE:64:micro
MIPS:BE:64:R6
MIPS:LE:64:R6
MIPS:BE:64:64-32addr
MIPS:LE:64:64-32addr
MIPS:LE:64:micro64-32addr
MIPS:BE:64:micro64-32addr
MIPS:BE:64:64-32R6addr
MIPS:LE:64:64-32R6addr
MIPS:BE:32:micro
MIPS:LE:32:micro
z80:LE:16:default
z8401x:LE:16:default
z180:LE:16:default
z182:LE:16:default
68000:BE:32:default
68000:BE:32:MC68030
68000:BE:32:MC68020
68000:BE:32:Coldfire
PIC-24E:LE:24:default
PIC-24F:LE:24:default
PIC-24H:LE:24:default
dsPIC30F:LE:24:default
dsPIC33F:LE:24:default
dsPIC33E:LE:24:default
CR16C:LE:16:default
Toy:BE:32:default
Toy:BE:32:posStack
Toy:LE:32:default
Toy:BE:32:wordSize2
Toy:LE:32:wordSize2
Toy:BE:64:default
Toy:LE:64:default
Toy:BE:32:builder
Toy:LE:32:builder
Toy:BE:32:builder.align2
Toy:LE:32:builder.align2
TI_MSP430:LE:16:default
TI_MSP430X:LE:32:default
pa-risc:BE:32:default
sparc:BE:32:default
sparc:BE:64:default
PIC-12:LE:16:PIC-12C5xx
tricore:LE:32:default
tricore:LE:32:tc29x
tricore:LE:32:tc172x
tricore:LE:32:tc176x
6805:BE:16:default
PIC-18:LE:24:PIC-18
avr8:LE:16:default
avr8:LE:16:extended
avr8:LE:16:atmega256
avr32:BE:32:default
PIC-16:LE:16:PIC-16C5x
8051:BE:16:default
80251:BE:24:default
80390:BE:24:default
8051:BE:24:mx51
8048:LE:16:default
ARM:LE:32:v8
ARM:LEBE:32:v8LEInstruction
ARM:BE:32:v8
ARM:LE:32:v7
ARM:LEBE:32:v7LEInstruction
ARM:BE:32:v7
ARM:LE:32:Cortex
ARM:BE:32:Cortex
ARM:LE:32:v6
ARM:BE:32:v6
ARM:LE:32:v5t
ARM:BE:32:v5t
ARM:LE:32:v5
ARM:BE:32:v5
ARM:LE:32:v4t
ARM:BE:32:v4t
ARM:LE:32:v4
ARM:BE:32:v4
JVM:BE:32:default
PowerPC:BE:32:default
PowerPC:LE:32:default
PowerPC:BE:64:default
PowerPC:BE:64:64-32addr
PowerPC:LE:64:64-32addr
PowerPC:LE:64:default
PowerPC:BE:32:4xx
PowerPC:LE:32:4xx
PowerPC:BE:32:MPC8270
PowerPC:BE:32:QUICC
PowerPC:LE:32:QUICC
PowerPC:BE:64:A2-32addr
PowerPC:LE:64:A2-32addr
PowerPC:BE:64:A2ALT-32addr
PowerPC:LE:64:A2ALT-32addr
PowerPC:BE:64:A2ALT
PowerPC:LE:64:A2ALT
PowerPC:BE:64:VLE-32addr
PowerPC:BE:64:VLEALT-32addr

/cc @radare

In some cases, rz-ghidra does not show the arguments passed to a called function. In addition, it doesn't show that the function returns a value and set it to a variable.

A call to a function with arguments that returns an address could look like this

functionCall()

instead of the way it should look like

var1 = functionCall(arg1, arg2, arg3, ...)

The following screenshots try to show it.

rz-ghidra:

IDA Decompiler (Ghidra shows similar results):

notice all the API calls (GetProcAddress, LoadLibary, lstrcat)

In this Binary file we get bad results:
injector.zip

In other Windows binary file we get fine results:

This is the binary in which the results are good:
IAT_hooking_FinFisher.exe.vir.zip

System

Arch Linux x64
r2 installed from pacman
r2ghidra-dec installed with r2pm
Cutter running from the 1.9.0 AppImage

Problem

Cutter displays "Failed to parse JSON from r2ghidra" in the GUI and this in the terminal

[x] Analyze all flags starting with sym. and entry0 (aa)
[x] Analyze function calls (aac)
[x] Analyze len bytes of instructions for references (aar)
[x] Check for objc references
[x] Check for vtables
[x] Type matching analysis for all functions (aaft)
[x] Propagate noreturn information
[x] Use -AA or aaaa to perform additional experimental analysis.
Cannot find 'x' format.
Cannot find 'x' format.
Cannot find 'x' format.
Cannot find 'x' format.
Cannot find 'x' format.
Cannot find 'x' format.
Cannot find 'x' format.
Ghidra Decompiler Error: No print languages registered

when I try to decompile a simple crackme bin. The pdg command works fine in r2.

Any help on solving this issue would be appreciated

otherwise multiline entries are empty

Enums in 64 bit are considered to be 8 bytes by default by the decompiler, while they will more commonly be 4 in reality.

Hey,

I get this error when I run the command r2pm -i r2ghidra-dec: https://pastebin.com/iPFyVq5p

My radare2 version:

radare2 3.6.0 0 @ darwin-x86-64 git.3.6.0
commit: HEAD build: 2019-07-12__04:07:34

Clang version:

Apple clang version 11.0.0 (clang-1100.0.32.5)
Target: x86_64-apple-darwin18.7.0
Thread model: posix
InstalledDir: /Library/Developer/CommandLineTools/usr/bin

Any idea?

VirusShare_09f4e27b2896aaa5e15ec1f46ad6bc25.zip

!!!!!!!!!!WARNING!!!!!!!!!
This is malicious code!
password: infected

Performing aa results in pdg@main giving usable output. However, using aaa followed by pdg@main gives a segfault.

gdb r2 core (with peda script enabled) gives this output:
#0 0x00007f6335994523 in ht_pp_find_kv (ht=0x0, key=0x7ffcf068ee40, found=0x7ffcf068ec3f) at ht_inc.c:305
305 HT_(Bucket) *bt = &ht->table[bucketfn (ht, key)];

With some direction I could try to assist with this issue. If this issue needs to be created inside radare2 directly let me know and I will open it there.

r2 -version: radare2 4.0.0-git 22888 @ linux-x86-64 git.3.9.0-73-g5193b7284
commit: 5193b7284ec83fcb66ed8df44c808243f1ab0eab build: 2019-09-28__22:31:05

R2Architecture.cpp:191:13: error: ‘RAnalFunction {aka struct r_anal_function_t}’ has no member named ‘is_noreturn’
if (func->is_noreturn)
CMakeFiles/core_ghidra.dir/build.make:75: recipe for target 'CMakeFiles/core_ghidra.dir/src/R2Architecture.cpp.o' failed
make[2]: *** [CMakeFiles/core_ghidra.dir/src/R2Architecture.cpp.o] Error 1
CMakeFiles/Makefile2:83: recipe for target 'CMakeFiles/core_ghidra.dir/all' failed
make[1]: *** [CMakeFiles/core_ghidra.dir/all] Error 2
Makefile:129: recipe for target 'all' failed
make: *** [all] Error 2

hello-arm.zip

$ lldb -- r2 -c 'af;pdg' a.out
(lldb) target create "r2"
Current executable set to 'r2' (x86_64).
(lldb) settings set -- target.run-args  "-c" "af;pdg" "a.out"
(lldb) process launch
Process 80070 launched: '/usr/local/bin/r2' (x86_64)
libc++abi.dylib: terminating with uncaught exception of type RecovError
Process 80070 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = signal SIGABRT
    frame #0: 0x00007fff6afab7fa libsystem_kernel.dylib`__pthread_kill + 10
libsystem_kernel.dylib`__pthread_kill:
->  0x7fff6afab7fa <+10>: jae    0x7fff6afab804            ; <+20>
    0x7fff6afab7fc <+12>: movq   %rax, %rdi
    0x7fff6afab7ff <+15>: jmp    0x7fff6afa5a89            ; cerror_nocancel
    0x7fff6afab804 <+20>: retq
Target 0: (r2) stopped.
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = signal SIGABRT
  * frame #0: 0x00007fff6afab7fa libsystem_kernel.dylib`__pthread_kill + 10
    frame #1: 0x00007fff6b068bc1 libsystem_pthread.dylib`pthread_kill + 432
    frame #2: 0x00007fff6af32a1c libsystem_c.dylib`abort + 120
    frame #3: 0x00007fff67fd0be8 libc++abi.dylib`abort_message + 231
    frame #4: 0x00007fff67fd0d9c libc++abi.dylib`demangling_terminate_handler() + 262
    frame #5: 0x00007fff69af8792 libobjc.A.dylib`_objc_terminate() + 104
    frame #6: 0x00007fff67fdddc7 libc++abi.dylib`std::__terminate(void (*)()) + 8
    frame #7: 0x00007fff67fddb6c libc++abi.dylib`__cxxabiv1::failed_throw(__cxxabiv1::__cxa_exception*) + 27
    frame #8: 0x00007fff67fcf45d libc++abi.dylib`__cxa_throw + 113
    frame #9: 0x00000001088f634f core_ghidra.dylib`Scope::addMapSym(Element const*) + 1343
    frame #10: 0x00000001088200b7 core_ghidra.dylib`R2Scope::registerFunction(r_anal_function_t*) const + 9991
    frame #11: 0x0000000108822952 core_ghidra.dylib`R2Scope::queryR2Absolute(unsigned long long, bool) const + 354
    frame #12: 0x0000000108822b54 core_ghidra.dylib`R2Scope::queryR2(Address const&, bool) const + 100
    frame #13: 0x0000000108823017 core_ghidra.dylib`R2Scope::findContainer(Address const&, int, Address const&) const + 103
    frame #14: 0x00000001088f3bba core_ghidra.dylib`Scope::stackContainer(Scope const*, Scope const*, Address const&, int, Address const&, SymbolEntry**) + 154
    frame #15: 0x00000001088f4c53 core_ghidra.dylib`Scope::queryProperties(Address const&, int, Address const&, unsigned int&) const + 115
    frame #16: 0x0000000108a386bc core_ghidra.dylib`Funcdata::newVarnode(int, Address const&, Datatype*) + 204
    frame #17: 0x0000000108a38a62 core_ghidra.dylib`Funcdata::newVarnode(int, AddrSpace*, unsigned long) + 82
    frame #18: 0x0000000108aa7b83 core_ghidra.dylib`RuleLoadVarnode::applyOp(PcodeOp*, Funcdata&) + 147
    frame #19: 0x000000010896a162 core_ghidra.dylib`ActionPool::processOp(PcodeOp*, Funcdata&) + 338
    frame #20: 0x000000010896a535 core_ghidra.dylib`ActionPool::apply(Funcdata&) + 165
    frame #21: 0x0000000108967a36 core_ghidra.dylib`Action::perform(Funcdata&) + 166
    frame #22: 0x0000000108968b0d core_ghidra.dylib`ActionGroup::apply(Funcdata&) + 157
    frame #23: 0x0000000108967a36 core_ghidra.dylib`Action::perform(Funcdata&) + 166
    frame #24: 0x0000000108968b0d core_ghidra.dylib`ActionGroup::apply(Funcdata&) + 157
    frame #25: 0x0000000108967a36 core_ghidra.dylib`Action::perform(Funcdata&) + 166
    frame #26: 0x0000000108968b0d core_ghidra.dylib`ActionGroup::apply(Funcdata&) + 157
    frame #27: 0x0000000108968d96 core_ghidra.dylib`ActionRestartGroup::apply(Funcdata&) + 70
    frame #28: 0x0000000108967a36 core_ghidra.dylib`Action::perform(Funcdata&) + 166
    frame #29: 0x000000010880a540 core_ghidra.dylib`Decompile(r_core_t*, DecompileMode) + 1312
    frame #30: 0x0000000108809f8d core_ghidra.dylib`_cmd(r_core_t*, char const*) + 189
    frame #31: 0x000000010880797a core_ghidra.dylib`r2ghidra_cmd(void*, char const*) + 74
    frame #32: 0x0000000100e4592d libr_core.dylib`r_cmd_call(cmd=0x0000000102059a00, input="pdg") at cmd_api.c:232:8
    frame #33: 0x0000000100d7c81a libr_core.dylib`r_core_cmd_subst_i(core=0x0000000101c81e98, cmd="pdg", colon=0x0000000000000000, tmpseek=0x00007ffeefbfef2f) at cmd.c:3597:12
    frame #34: 0x0000000100d3b95c libr_core.dylib`r_core_cmd_subst(core=0x0000000101c81e98, cmd="pdg") at cmd.c:2539:9
    frame #35: 0x0000000100d3bac2 libr_core.dylib`r_core_cmd_subst(core=0x0000000101c81e98, cmd="af") at cmd.c:2571:3
    frame #36: 0x0000000100d342d5 libr_core.dylib`r_core_cmd(core=0x0000000101c81e98, cstr="af;pdg", log=0) at cmd.c:4570:9
    frame #37: 0x0000000101c74c7a libr_main.dylib`run_commands(cmds=0x0000000101e03000, files=0x0000000101e03040, quiet=false) at radare2.c:269:3
    frame #38: 0x0000000101c739b0 libr_main.dylib`r_main_radare2(argc=4, argv=0x00007ffeefbff910) at radare2.c:1301:8
    frame #39: 0x0000000100001a0d r2`main(argc=4, argv=0x00007ffeefbff910) at radare2.c:96:9
    frame #40: 0x00007fff6ae647fd libdyld.dylib`start + 1
(lldb)
``

Is your feature request related to a problem? Please describe
Working to more easily visualize code paths. Right now I'm trying to color groups of code paths in radare2. This is helpful, however in some cases the program control flow is quite complicated, and it is more helpful to have an even higher level colorized output, such as the decompile view.

Describe the solution you'd like
It appears r2ghidra-dec can already map source code lines to decompiled output. It would be awesome if, when printing the decompiled view, it honored the highlighting that was applied at the assembly view (such as with ecHi).

Possible Implementation
Not sure, but hopefully would be easy enough to look at existing highlight (or lack of) and use it.

Describe alternatives you've considered

Additional context

Build crashes during 'make' and during 'r2pm -i r2ghidra-dec' on fresh radare2 installation.
Last build-able commit is 01fc83a

OS: Ubuntu 18.04.3 LTS (GNU/Linux 4.4.0-18362-Microsoft x86_64) - WSL
gcc (Ubuntu 7.4.0-1ubuntu1~18.04.1) 7.4.0

radare2 4.2.0-git 23697 @ linux-x86-64 git.4.1.1-29-gbac525d8e
commit: bac525d8e9bc8765b74e134c135a7c9e73e00c07 build: 2020-01-24__09:13:33

r2pm 4.2.0-git

/home/alex/.local/share/radare2/r2pm/git/r2ghidra-dec.git/src/R2Scope.cpp:436:23: error: ‘r_anal_get_function_at’ was not declared in this scope
RAnalFunction *fcn = r_anal_get_function_at(core->anal, addr);
^~~~~~~~~~~~~~~~~~~~~~
/home/alex/.local/share/radare2/r2pm/git/r2ghidra-dec.git/src/R2Scope.cpp:436:23: note: suggested alternative: ‘r_anal_get_fcn_at’
RAnalFunction *fcn = r_anal_get_function_at(core->anal, addr);
^~~~~~~~~~~~~~~~~~~~~~
r_anal_get_fcn_at

....

r2ghidra-build-failure.txt

The line of EIP should be highlighted on the Decompiler Window when using Emulation or Debugging (in the future).

Environment information

Linux rebellion-pc 4.19.66-1-MANJARO radareorg/cutter#1 SMP PREEMPT Fri Aug 9 18:01:53 UTC 2019 x86_64 GNU/Linux

• Operating System: Manjaro Linux
• Cutter version:

Version 1.9.0
Using r2-3.8.0
Based on Qt 5.12.1 (GCC 7.4.0, 64 bit)

• File Information:

kcal_updated: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=05dcc1f5622c2b7e49d5bc690556e557280e0e47, stripped

Describe the bug
r2ghidra Failed to match type for variables returning Unknown type identifier and Detected overlap, It failed also to find return address and set return type.

// WARNING: [r2ghidra] Failed to match type signed int for variable argc to Decompiler type: Unknown type identifier
// signed
// WARNING: [r2ghidra] Failed to match type signed int for variable var_14h to Decompiler type: Unknown type identifier
// signed
// WARNING: [r2ghidra] Failed to find return address in ProtoModel
// WARNING: [r2ghidra] Detected overlap for variable var_10h
// WARNING: [r2ghidra] Detected overlap for variable var_11h

• radare2

(fcn) main 157
  int main (int argc, char **argv, char **envp);
; var char **str @ rbp-0x20
; var signed int var_14h @ rbp-0x14
; arg signed int argc @ rdi
; arg char **argv @ rsi

• ghidra

int main(int argc,char **argv)

{
  uint argv3;
  uint argv2;
  ulong uVar1;
  
  if (argc < 4) {
    sym.imp.printf("%s 1 2 3\n",*argv);
  }
  else {
    argv3 = sym.imp.atoi(argv[3]);
    argv2 = sym.imp.atoi(argv[2]);
    uVar1 = sub.strlen_400646(argv[1],argv2,argv3);
    if (uVar1 == 0) {
      sym.imp.puts("failure!");
    }
    else {
      sym.imp.puts("correct!\nflag -> FLAG{argv[1]hex(argv[2]argv[3])}");
    }
  }
  return 0;
}

• r2ghidra

// WARNING: [r2ghidra] Failed to match type signed int for variable argc to Decompiler type: Unknown type identifier
// signed
// WARNING: [r2ghidra] Failed to match type signed int for variable var_14h to Decompiler type: Unknown type identifier
// signed
// WARNING: [r2ghidra] Failed to find return address in ProtoModel
// WARNING: [r2ghidra] Detected overlap for variable var_10h
// WARNING: [r2ghidra] Detected overlap for variable var_11h

undefined8 main(undefined8 argc, char **argv)
{
    int32_t arg3;
    uint32_t arg2;
    char **str;
    undefined8 var_14h;
    
    if ((int32_t)argc < 4) {
        sym.imp.printf("%s 1 2 3\n", *argv);
    } else {
        arg3 = sym.imp.atoi(argv[3]);
        arg2 = sym.imp.atoi(argv[2]);
        arg3 = test(argv[1], arg2, arg3);
        if (arg3 == 0) {
            sym.imp.puts("failure!");
        } else {
            sym.imp.puts("correct!\nflag -> FLAG{argv[1]hex(argv[2]argv[3])}");
        }
    }
    return 0;
}

To Reproduce
Binary file : Binary.zip

1. Open the binary in Cutter
2. Navigate to main
3. See error

Screenshots

I've been using a custom ldef and cspec to work with Watcom binaries in Ghidra for a while now, i have no clue how proper these settings are hence it hasn't been mentioned on Ghidra's issues.
This seems out of my scope to figure out fully let alone make a PR for Ghidra.

Since Rizin supports watcall (shown as watcom) calling convention seems like this is the best place to bring this up and hopefully maybe get it merged into Ghidra itself too.

These are my spec files as a Ghidra plugin, they work fairly well, except Ghidra assumes everything is a watcall including cdecl when installed. There are some issues where something appears to be detached (spoiled register as i understand?), but these issues appear in IDA as well so it just seems like a watcall quark. (uploaded with txt cause github doesn't allow zip for some reason....)

watcall.zip.txt

sys/user.sh
r2pm init
r2pm update
brew install pkg-config cmake
r2pm -i r2ghidra-dec

pdg

radare2/env.sh: line 65: 61486 Segmentation fault: 11 R2_ENV_IS_SET=1 R2_LIBR_PLUGINS=${pfx}/lib/radare2 PATH=$pfx/bin:${PATH} LD_LIBRARY_PATH=$pfx/lib:$LD_LIBRARY_PATH DYLD_LIBRARY_PATH=$pfx/lib:$DYLD_LIBRARY_PATH PKG_CONFIG_PATH=$pfx/lib/pkgconfig:$PKG_CONFIG_PATH "${1}" "${2}" "${3}" "${4}"
$

Module version mismatch /Users/jacobrosenthal/.local/share/radare2/plugins/core_pdd.dylib (3.0.0-git) vs (4.0.0-git)

r2pm -i r2pm -l

Module version mismatch /Users/jacobrosenthal/.local/share/radare2/plugins/core_pdd.dylib (3.0.0-git) vs (4.0.0-git)

$ r2 -V
3.9.0-73-g5193b7284 r2
3.9.0-73-g5193b7284 r_anal
3.9.0-73-g5193b7284 r_lib
3.9.0-73-g5193b7284 r_egg
3.9.0-73-g5193b7284 r_asm
3.9.0-73-g5193b7284 r_bin
3.9.0-73-g5193b7284 r_cons
3.9.0-73-g5193b7284 r_flag
3.9.0-73-g5193b7284 r_core
3.9.0-73-g5193b7284 r_crypto
3.9.0-73-g5193b7284 r_bp
3.9.0-73-g5193b7284 r_debug
3.9.0-73-g5193b7284 r_main
3.9.0-73-g5193b7284 r_hash
3.9.0-73-g5193b7284 r_fs
3.9.0-73-g5193b7284 r_io
3.9.0-73-g5193b7284 r_magic
3.9.0-73-g5193b7284 r_parse
3.9.0-73-g5193b7284 r_reg
3.9.0-73-g5193b7284 r_sign
3.9.0-73-g5193b7284 r_search
3.9.0-73-g5193b7284 r_syscall
3.9.0-73-g5193b7284 r_util

make uninstall
make purge
make system-purge

sys/user.sh
r2pm init
r2pm update
r2pm -i r2ghidra-dec

$ r2 -vv
radare2 4.0.0-git 23068 @ darwin-x86-64 git.3.9.0-81-g2bd96a56d
commit: 2bd96a56d14c3fa7d8e24123c8f95aa5d35da9be build: 2019-09-30__09:34:48
$ r2 -V
3.9.0-81-g2bd96a56d r2
3.9.0-81-g2bd96a56d r_anal
3.9.0-81-g2bd96a56d r_lib
3.9.0-81-g2bd96a56d r_egg
3.9.0-81-g2bd96a56d r_asm
3.9.0-81-g2bd96a56d r_bin
3.9.0-81-g2bd96a56d r_cons
3.9.0-81-g2bd96a56d r_flag
3.9.0-81-g2bd96a56d r_core
3.9.0-81-g2bd96a56d r_crypto
3.9.0-81-g2bd96a56d r_bp
3.9.0-81-g2bd96a56d r_debug
3.9.0-81-g2bd96a56d r_main
3.9.0-81-g2bd96a56d r_hash
3.9.0-81-g2bd96a56d r_fs
3.9.0-81-g2bd96a56d r_io
3.9.0-81-g2bd96a56d r_magic
3.9.0-81-g2bd96a56d r_parse
3.9.0-81-g2bd96a56d r_reg
3.9.0-81-g2bd96a56d r_sign
3.9.0-81-g2bd96a56d r_search
3.9.0-81-g2bd96a56d r_syscall
3.9.0-81-g2bd96a56d r_util

pdg

radare2/env.sh: line 65: 61486 Segmentation fault: 11 R2_ENV_IS_SET=1 R2_LIBR_PLUGINS=${pfx}/lib/radare2 PATH=$pfx/bin:${PATH} LD_LIBRARY_PATH=$pfx/lib:$LD_LIBRARY_PATH DYLD_LIBRARY_PATH=$pfx/lib:$DYLD_LIBRARY_PATH PKG_CONFIG_PATH=$pfx/lib/pkgconfig:$PKG_CONFIG_PATH "${1}" "${2}" "${3}" "${4}"
$

By now ghidra-dec is using it default var name

Cutter is using default name of Rizin

I think ghidra dec should use variable names from Rizin and Cutter so it would be easier for users. (it happens on Rizin as well)

KMA.zip (Password: 123456)
P/s: I checked with IOLI crackme and they use var names from Rizin so the problem is from these files only :D

I moved data of r2ghidra-dec plugin from .local/share/radare2/plugins/ to the global path (LIBR_PLUGINS) and i have this error:

Ghidra Decompiler Error: No sleigh specification for x86:LE:32:default

My global path of radare2: R2_LIBR_PLUGINS=/usr/lib/x86_64-linux-gnu/radare2/4.1.0-git

Data in the path:

$ls
total 12M
-rwxr-xr-x 1 root root  12M Dec 13 01:41 core_ghidra.so
drwxr-xr-x 1 root root 6.6K Dec 13 01:42 r2ghidra_sleigh

Full r2 -H

R2_PREFIX=/usr
R2_MAGICPATH=/usr/share/radare2/4.1.0-git/magic
R2_PREFIX=/usr
R2_INCDIR=/usr/include/libr
R2_LIBDIR=/usr/lib/x86_64-linux-gnu
R2_LIBEXT=so
R2_RCONFIGHOME=/home/dmknght/.config/radare2
R2_RDATAHOME=/home/dmknght/.local/share/radare2
R2_RCACHEHOME=/home/dmknght/.cache/radare2
R2_LIBR_PLUGINS=/usr/lib/x86_64-linux-gnu/radare2/4.1.0-git
R2_USER_PLUGINS=/home/dmknght/.local/share/radare2/plugins
R2_USER_ZIGNS=/home/dmknght/.local/share/radare2/zigns

Currently, the plugin does not honor analysis hints. So for example, if we have this instruction

cmp dl, 0x55;

and we want to treat 0x55 as "U". We would use ahi s. Then the instruction would look like this cmp dl, 'U';. This change does not affect the plugin and it will show if (?? == 0x55) instead of if (?? == 'U').

This is possible from Ghidra, and when an immediate base is changed, it reflects the decompiler