{"id":23868211,"url":"https://github.com/msm-code/ghidralib","last_synced_at":"2025-04-05T08:03:51.018Z","repository":{"id":269111814,"uuid":"906015833","full_name":"msm-code/ghidralib","owner":"msm-code","description":"A Pythonic Ghidra standard library","archived":false,"fork":false,"pushed_at":"2025-03-20T13:58:47.000Z","size":3970,"stargazers_count":165,"open_issues_count":1,"forks_count":6,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-03-29T07:02:51.039Z","etag":null,"topics":["ghidra","ghidra-scripts","ghidra-snippets","library","reverse-engineering"],"latest_commit_sha":null,"homepage":"https://msm-code.github.io/ghidralib/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/msm-code.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-12-20T01:38:35.000Z","updated_at":"2025-03-20T21:28:03.000Z","dependencies_parsed_at":"2024-12-21T02:24:16.311Z","dependency_job_id":"b7230cdb-6696-4490-9952-7c11d6b55747","html_url":"https://github.com/msm-code/ghidralib","commit_stats":null,"previous_names":["msm-code/ghidralib"],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/msm-code%2Fghidralib","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/msm-code%2Fghidralib/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/msm-code%2Fghidralib/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/msm-code%2Fghidralib/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/msm-code","download_url":"https://codeload.github.com/msm-code/ghidralib/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247305932,"owners_count":20917208,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ghidra","ghidra-scripts","ghidra-snippets","library","reverse-engineering"],"created_at":"2025-01-03T11:18:05.964Z","updated_at":"2025-04-05T08:03:50.991Z","avatar_url":"https://github.com/msm-code.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ghidralib\n\n![](./docs/dragon1.png)\n\nThis library is an attempt to provide a Pythonic standard library for Ghidra.\n\nThe main goal is to make writing quick\u0026dirty scripts actually quick, and not that dirty.\n\n## Installation\n\nJust copy the [ghidralib.py](https://github.com/msm-code/ghidralib/blob/master/ghidralib.py) file to your ghidra_scripts directory.\nLater just `from ghidralib import *`.\n\n## Usage\n\nCheck out the [documentation](https://msm-code.github.io/ghidralib/) or official [examples](./examples/).\nA short demonstration of a basic ghidralib usage first:\n\n1. Get all function instructions (similarly for basic blocks, low and high pcode, calls and xrefs):\n\n```python\nprint(Function(\"main\").instructions)\n```\n\n\u003cdetails\u003e\n  \u003csummary\u003eFor comparison, plain Ghidra equivalent:\u003c/summary\u003e\n\n  ```python\n  function_manager = currentProgram.getFunctionManager()\n  symbol_table = currentProgram.getSymbolTable()\n  main = list(symbol_table.getSymbols('main'))[0].getAddress()\n  function = function_manager.getFunctionAt(main)\n  instructions = currentProgram.getListing().getInstructions(function.getBody(), True)\n  print(list(instructions))\n  ```\n\u003c/details\u003e\n\n2. You have a structure `uint8_t *data; uint32_t len;` at 0x1000 and you want to read it:\n\n```python\npos, len_bytes = get_u32(0x10000), get_u32(0x10000 + 4)\nprint(get_bytes(pos, len_bytes))\n```\n\n\u003cdetails\u003e\n  \u003csummary\u003eFor comparison, plain Ghidra equivalent:\u003c/summary\u003e\n\n  ```python\n  start_address = toAddr(0x10000)\n  pos = currentProgram.getMemory().getInt(start_address)\n  len_bytes = currentProgram.getMemory().getInt(start_address.add(4))\n  data = getBytes(toAddr(pos), len_bytes)\n  print(\" \".join(chr(c % 256) for byte in data))  # signed bytes \u003c3\n  ```\n\u003c/details\u003e\n\n3. Find all calls to a string deobfuscation function and get call parameters:\n\n```python\nfor call in Function(\"MyCustomCrypto\").calls:\n    ctx = call.infer_context()\n    key, data = ctx[\"eax\"], ctx[\"edx\"]\n    datalen = get_u32(data - 4)\n    print(call.address, decode(get_bytes(data, datalen)))\n```\n\n\u003cdetails\u003e\n  \u003csummary\u003eFor comparison, plain Ghidra equivalent:\u003c/summary\u003e\n\n  Just joking! Too long to fit in this README.\n\u003c/details\u003e\n\nYou can also emulate a function call and read the result:\n\n```python\nctx = Function(\"GetFuncNameByHash\").emulate(0x698766968)\nprint(ctx.read_cstring(ctx[\"eax\"]))\n```\n\n4. Tons more QoL features:\n\n```python\nDataType(\"_NT_TIB\")  # Get a datatype by name\nDataType.from_c(\"typedef void* HINTERNET;\")  # Quickly parse structs and typedefs\n\nfunc = Function(\"main\")  # Work at various abstract levels\nprint(function.instructions)  # Get instructions...\nprint(function.basicblocks)  # ..basic blocks...\nprint(function.pcode)  # ...low pcode...\nprint(function.high_pcode)  # ...high pcode...\nprint(function.decompile())  # ...or decompile a whole function\n\nfor xref in Symbol(\"PTR_GetProcAddress\").xrefs_to:\n  Instruction(xref.from_address).highlight()  # highlight symbol xrefs\n```\n\n5. There are also some flashy (but not necessarily useful) features that might\ngrab your attention.\n\nGet the control flow graph of the main function, and display it:\n\n```python\nFunction(\"main\").control_flow.show()\n```\n\n![](./docs/graph.png)\n\nFind the shortest path from source to target in the program control flow graph.\nIf it exists, highlight all basic blocks along the way.\n\n```python\nsource, target = BasicBlock(\"entry\"), BasicBlock(0x00405073)\npath = Program.control_flow().bfs(source)\nwhile path.get(target):\n    target.highlight()\n    target = path[target]\n```\n\n![](./docs/bfs_highlight.png)\n\n6. Thanks to type hints, scripting gets *much* easier if your IDE supports that.\n\nFinally, ghidralib doesn't lock you in - you can always retreat to familiar Ghidra types -\njust get them from the `.raw` property. For example `instruction.raw`\nis a Ghidra Instruction object, similarly `function.raw` is a Ghidra Function.\nSo you can do the routine stuff in ghidralib, and fall back to Java if something\nis not implemented.\n\n## Learn more\n\n**Check out the [documentation](https://msm-code.github.io/ghidralib/)**, especially the\n[getting started](https://msm-code.github.io/ghidralib/getting_started/) page.\n\nMore detailed tutorial about specific features is in development. Completed chapters:\n\n* [Emulator](https://msm-code.github.io/ghidralib/emulator/)\n\nIf you prefer to learn by example, you can also browse the [examples](./examples/) directory.\n\nA fair warning: ghidralib is still actively developed and the API may change\nslightly in the future. But this doesn't matter for your one-off scripts, does it?\n\n## Contributing\n\nPRs are welcome. Feel free to open PRs to add things you need.\n\nYou can also just report issues and send feature requests. I started this library to\ncover my own needs, but I'm interested in learning what other people use it for.\n\n*Dragon icon at the top created by cube29, flaticon*\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmsm-code%2Fghidralib","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmsm-code%2Fghidralib","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmsm-code%2Fghidralib/lists"}