{"id":28401806,"url":"https://github.com/decurity/solana-ebpf-ida-processor","last_synced_at":"2025-07-15T04:37:04.710Z","repository":{"id":215424921,"uuid":"737523324","full_name":"Decurity/solana-ebpf-ida-processor","owner":"Decurity","description":"Solana Virtual Machine bytecode processor for IDA Pro","archived":false,"fork":false,"pushed_at":"2025-02-19T13:26:48.000Z","size":1427,"stargazers_count":48,"open_issues_count":0,"forks_count":2,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-06-01T21:38:06.500Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Decurity.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-12-31T11:21:43.000Z","updated_at":"2025-05-27T15:17:48.000Z","dependencies_parsed_at":"2024-01-25T18:40:27.370Z","dependency_job_id":"9e51fcc9-6959-4758-86d3-58065dcd0f91","html_url":"https://github.com/Decurity/solana-ebpf-ida-processor","commit_stats":null,"previous_names":["passkeyra/solana-ebpf-ida-processor","decurity/solana-ebpf-ida-processor"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Decurity/solana-ebpf-ida-processor","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Decurity%2Fsolana-ebpf-ida-processor","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Decurity%2Fsolana-ebpf-ida-processor/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Decurity%2Fsolana-ebpf-ida-processor/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Decurity%2Fsolana-ebpf-ida-processor/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Decurity","download_url":"https://codeload.github.com/Decurity/solana-ebpf-ida-processor/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Decurity%2Fsolana-ebpf-ida-processor/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265402833,"owners_count":23759237,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-06-01T13:38:43.922Z","updated_at":"2025-07-15T04:37:04.697Z","avatar_url":"https://github.com/Decurity.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# IDA Pro Solana bytecode processor\n\nThis is the processor plugin for IDA Pro that adds the ability to analyze Solana Virtual Machine bytecode. Since SVM is based on the enhanced Berkeley Packet Filter (eBPF) and mostly uses the same instruction set, [this](https://github.com/zandi/eBPF_processor) eBPF processor plugin was used as a basis.\n\n## How to use\n\nInstall `requirements.txt`. Copy `solana-init.py` script and the `solana` folder to the directory `\u003cida pro installation\u003e/procs` and select the processor on a Solana program file loading to IDA.\n\nTo dump a program from Solana mainnet use the following command:\n\n```\nsolana program dump \u003caddress of an account\u003e \u003coutput file\u003e\n```\n\nDuring the file import into IDA you may encounter the following error:\n\n![](./img/1.png)\n\nThis is because the Solana EBPF processor should be selected explicitly. Double-click on the processor name in the processor list and select it:\n\n![](./img/2.png)\n\nThen select Yes:\n\n![](./img/3.png)\n\n\n## FLIRT signatures\n\nProceed to the [solana-ida-signatures-factory](https://github.com/PassKeyRa/solana-ida-signatures-factory) repository to generate function signatures.\n\n## What works now\n\n* Solana eBPF instructions disassembling, including function calls and jumps\n* Strings detection\n* Relocations detection\n* FLAIR preprocessor to generate PAT files with libs functions signatures\n\n## TODO\n\n* Parse and name Anchor functions and structures\n\n## Thanks\n\nThanks to Clément Berthaux (clement (dot) berthaux (at) synacktiv (dot) com) and Michael Zandi (the (dot) zandi (at) gmail (dot) com) for developing the EBPF processor plugin, which is the base for this plugin.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdecurity%2Fsolana-ebpf-ida-processor","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdecurity%2Fsolana-ebpf-ida-processor","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdecurity%2Fsolana-ebpf-ida-processor/lists"}