Analyzing the caller function using PCode
Ghidra can work with both assembly language and PCode. PCode is an abstraction of the assembly level, meaning that if you develop a script using PCode, you are automatically supporting all the assembly languages that offer translation from PCode. (At the time of writing this book, the following processors are supported: 6502, 68000, 6805, 8048, 8051, 8085, AARCH64, ARM, Atmel, CP1600, CR16, DATA, Dalvik, HCS08, HCS12, JVM, MCS96, MIPS, PA-RISC, PIC, PowerPC, RISCV, Sparc, SuperH, SuperH4, TI_MSP430, Toy, V850, Z80, TriCore, and x86.) Really powerful, right?
PCode to assembly-level translation
PCode assembly is generated with a processor specification language named SLEIGH: https://ghidra.re/courses/languages/html/sleigh.html. You can check the current list of supported processors and their SLEIGH specifications here: https://github.com/NationalSecurityAgency/ghidra/tree/master/Ghidra/Processors.
To understand PCode, you must be familiar...
