Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

isinstance() not working for Ghidra types

See original GitHub issue

Seems like isinstance() is broken for Ghidra types:


   _____ _     _     _           _   _                 
  / ____| |   (_)   | |         | | | |                
 | |  __| |__  _  __| |_ __ __ _| |_| |__   ___  _ __  
 | | |_ | '_ \| |/ _` | '__/ _` | __| '_ \ / _ \| '_ \ 
 | |__| | | | | | (_| | | | (_| | |_| | | | (_) | | | |
  \_____|_| |_|_|\__,_|_|  \__,_|\__|_| |_|\___/|_| |_|
                                                       
Python 3.10.6 Interpreter for Ghidra. Developed by FLARE.

>>> from ghidra.program.database.data import *
>>> dm = currentProgram.getDataTypeManager()
>>> dt = next(x for x in dm.getAllDataTypes() if x.getName() == 'CreateProcessW')
>>> print(type(dt))
<class 'ghidra.program.database.data.FunctionDefinitionDB'>
>>> print(FunctionDefinitionDB)
class ghidra.program.database.data.FunctionDefinitionDB
>>> isinstance(dt, FunctionDefinitionDB)
Traceback (most recent call last):
  File "/Users/pieceofsummer/.ghidra/.ghidra_10.1.5_PUBLIC/Extensions/Ghidrathon-1.0.0/data/python/jepeval.py", line 66, in jepeval
    more_input_needed = _jepeval(line)
  File "/Users/pieceofsummer/.ghidra/.ghidra_10.1.5_PUBLIC/Extensions/Ghidrathon-1.0.0/data/python/jepeval.py", line 49, in _jepeval
    exec(compile(line, "<string>", "single"), globals(), globals())
  File "<string>", line 1, in <module>
TypeError: isinstance() arg 2 must be a type, a tuple of types, or a union

Issue Analytics

  • State:closed
  • Created a year ago
  • Comments:5

github_iconTop GitHub Comments

2reactions
mike-hunhoffcommented, Nov 1, 2022

Nice catch - apologies for that. I did some more digging and Jep exposes the underlying Python type through __pytype__ e.g.:

isinstance(dt, FunctionDefinitionDB.__pytype__)

that in my testing worked with isinstance:


   _____ _     _     _           _   _                 
  / ____| |   (_)   | |         | | | |                
 | |  __| |__  _  __| |_ __ __ _| |_| |__   ___  _ __  
 | | |_ | '_ \| |/ _` | '__/ _` | __| '_ \ / _ \| '_ \ 
 | |__| | | | | | (_| | | | (_| | |_| | | | (_) | | | |
  \_____|_| |_|_|\__,_|_|  \__,_|\__|_| |_|\___/|_| |_|
                                                       
Python 3.11.0 Interpreter for Ghidra. Developed by FLARE.

>>> from ghidra.program.model.data import *
>>> dt = next(x for x in currentProgram.getDataTypeManager().getAllDataTypes() if x.getName() == "uint")
>>> dt
<ghidra.program.model.data.UnsignedIntegerDataType object at 0x000001BFD2CAB500>
>>> type(UnsignedIntegerDataType)
<class 'jep.PyJClass'>
>>> isinstance(dt, UnsignedIntegerDataType.__pytype__)
True
>>> isinstance(int, UnsignedIntegerDataType.__pytype__)
False

We want to see isinstance used without a workaround and we’ll work to improve this.

0reactions
mike-hunhoffcommented, Nov 7, 2022

@pieceofsummer I sent this issue upstream and the Jep developers came up with a fix (see https://github.com/ninia/jep/pull/440). Unfortunately it may be some time before the fix makes it in a Jep release. For now, we’ve added a workaround (see https://github.com/mandiant/Ghidrathon/commit/fdf6c4590ba346f884e0c61087205ea532cce013) that will be included in the Ghidrathon 2.0.0 release, likely dropping later today. I’ll open a separate issue to remind us to remove the workaround when the Jep fix is released.


   _____ _     _     _           _   _                 
  / ____| |   (_)   | |         | | | |                
 | |  __| |__  _  __| |_ __ __ _| |_| |__   ___  _ __  
 | | |_ | '_ \| |/ _` | '__/ _` | __| '_ \ / _ \| '_ \ 
 | |__| | | | | | (_| | | | (_| | |_| | | | (_) | | | |
  \_____|_| |_|_|\__,_|_|  \__,_|\__|_| |_|\___/|_| |_|
                                                       
Python 3.11.0 Interpreter for Ghidra 10.2. Developed by FLARE.

>>> from ghidra.program.database import ProgramDB
>>> type(currentProgram)
<class 'ghidra.program.database.ProgramDB'>
>>> type(ProgramDB)
<class 'jep.PyJClass'>
>>> isinstance(currentProgram, ProgramDB)
True
>>> isinstance(currentProgram, str)
False
Read more comments on GitHub >

github_iconTop Results From Across the Web

isinstance comparison always BridgedObject · Issue #7 · justfoxing ...
Hi Again :-), currently trying to run the following Code to get the length of a ClangVariableDecleration: The Type is a ghidra.app.decompiler.
Read more >
Why is the isinstance() function not working? - python
The type() function got it right but why does the isinstance() function says that arg is an int ? Is this a bug?...
Read more >
ghidra-python: create struct with big endian field
The following script shows hows to create a structure and set its field to Big Endian byte order using the Ghidra Python API....
Read more >
Ghidra: .../bin/format/pdb2/pdbreader/AbstractPdb.java | Fossies
1 /* ### 2 * IP: GHIDRA 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you...
Read more >
BountyCon CTF 2020 Write-up - Kishan Bagaria
Running it directly will just show "Press any key to quit…". ... Now open it in Ghidra like the challenge name suggests. undefined...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

[BUG] Crash with KeyError: 'data_token'

Next page

Error running capa on `IDA`