Getting value value from unique address space

[elbiazo]

I have unique address space unique:10000024 which copies some constant string.
u_10000024 = COPY.d SOME_VAL_AT_RAM_POTING_TO_STRING

I am trying to get the value of the string using GetDataAt() and it seems to return null. Is there a different way to get value from unique address space?

def getUniqueAddress(offset):
    return currentProgram.getAddressFactory().getUniqueSpace().getAddress(offset)

def visit_call(func,fm,op):
    opinputs = op.getInputs()
    call_target_addr = opinputs[0].getAddress()
    call_target_func = fm.getFunctionAt(call_target_addr)

    if call_target_func.name in sinks:
        print("\t\tFound sink: " + call_target_func.name)
        offset = opinputs[1].getOffset()
        print(getDataContaining(getUniqueAddress(offset)))
        exit(0)

[yaspoon]

I've been having the same problem and can't seem to find how to get the value of a unique address either.
Weirdly enough the disassembly/decompilation windows display the address of the string just fine if you browse to the address of the function caller so it must be findable some how.

I did try "iterating" the namespace containing the address but it ran for a while and I killed it in the end. I don't think the namespace I'm getting back is correct.

Varnode[] inputs = pcode.getInputs();
Namespace ns = currentProgram.getSymbolTable().getNamespace(inputs[2].getAddress());
for(Data d: currentProgram.getListing().getData(ns.getBody(), true) {
    if(d.getAddress() == inputs[2].getAddress()) {
         //do something
    }
}

[yaspoon]

Also another oddity is that in my case inputs[1] (Another address that is calculated the exact same way as inputs[2]) Does result in a "RAM" address instead of "unique" and it just works...

[yaspoon]

Okay I figured it out in the end by reading followToParam in https://github.com/NationalSecurityAgency/ghidra/blob/master/Ghidra/Features/Decompiler/ghidra_scripts/ShowConstantUse.java

So when you have a unique you want to 'walk' the varnode def tree to find the actual value it was made from. In my case it's made from a single pointer which ends up up being a ram address I can then read in the listing. So I only need to go up 1 in the tree

Some example code of what I'm doing:

Varnode[] inputs = pcode.getInputs();
Varnode node = inputs[2]; //Node that should be a string
if(node.isUnique()) { //Must `walk` the def tree
    PcodeOp def = node.getDef();
    Varnode[] uniq_inputs = def.getInputs();
    if(uniq_inputs.length == 1) {
        Address a = uniq_inputs[0].getAddress(); //For me this is the input of the string I care about and can load it from the listing. But for other usecases that will very likely not be true and you will need to do more processing like in the ShowConstantsUse.java
        Data d = currentProgram.getListing.getDataAt(a);
    }
} else { //At this point should just be able to read the data in the listing 
    Data d = currentProgram.getListing.getDataAt(node.getAddress());
}

[elbiazo]

You are a legend. Thanks for your work!

[sakiodre]

My god thank you so much! Couldn't believe this is actually google-able