Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

https://github.com/reb311ion/replica

Ghidra Analysis Enhancer 🐉
https://github.com/reb311ion/replica

analysis automation binary binary-analysis decompilation decompiler disassembler disassembly enhancment ghidra ghidra-auto-analysis label-references malware-analysis rename-functions replica reverse-engineering security-audit security-tools

Last synced: 3 months ago
JSON representation

Ghidra Analysis Enhancer 🐉

Host: GitHub
URL: https://github.com/reb311ion/replica
Owner: reb311ion
License: gpl-3.0
Created: 2020-01-23T23:18:55.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2020-05-30T06:34:42.000Z (about 4 years ago)
Last Synced: 2024-01-22T15:57:53.767Z (5 months ago)
Topics: analysis, automation, binary, binary-analysis, decompilation, decompiler, disassembler, disassembly, enhancment, ghidra, ghidra-auto-analysis, label-references, malware-analysis, rename-functions, replica, reverse-engineering, security-audit, security-tools
Language: Python
Homepage:
Size: 2.66 MB
Stars: 271
Watchers: 18
Forks: 34
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Lists

awesome-ida-x64-olly-plugin - Replica - Automatically enhance Ghidra's auto analysis with additional scripts and features. (Ghidra Plugins)
awesome-ida-x64-olly-plugin - Replica - Automatically enhance Ghidra's auto analysis with additional scripts and features. (Ghidra Plugins)

README

        
 REPLICA



  

  

  

  TAME THE DRAGON

  

 





  

  

    

  

    

  

    

  



## ✨Features

- ⚡ Disassemble missed instructions - Define code that Ghidra's auto analysis missed

- ⚡ Detect and fix missed functions - Define functions that Ghidra's auto analysis missed

- ⚡ Fix 'undefinedN' datatypes - Enhance Disassembly and Decompilation by fixing 

        'undefinedN' DataTypes 

- ⚡ Set MSDN API info as comments - Integrate information about functions, arguments

        and return values into Ghidra's disassembly listing in the form of comments

- ⚡ Tag Functions based on API calls - rename functions that calls one or more APIs with

        the API name and API type family if available

- ⚡ Detect and mark wrapper functions - Rename wrapper functions with the wrapping

        level and wrapped function name 

- ⚡ Fix undefined data and strings - Defines ASCII strings that Ghidra's auto analysis 

        missed and Converts undefined bytes in the data segment into DWORDs/QWORDs 

- ⚡ Detect and label crypto constants - Searche and label constants known to be associated

        with cryptographic algorithm in the code

- ⚡ Detect and comment stack strings - Find and post-comment stack strings 

- ⚡ Rename Functions Based on string references - rename functions that references one

        or more strings with the function name followed by the string name.

- ⚡ Bookmark String Hints - Bookmark intersting strings (file extensions, browser agents, registry keys, etc..)

## 🚀 Installation:

Copy the repository files into any of `ghidra_scripts` directories and extract `db.7z`, directories can be found from `Window->Script Manager->Script Directories`

![image](https://user-images.githubusercontent.com/22657154/72688222-becde680-3b0d-11ea-8fb2-b9baa0239042.png)

Search for replica and enable `in tool` option

![image](https://user-images.githubusercontent.com/22657154/72688275-153b2500-3b0e-11ea-8fc2-77d6bfe9dc78.png)

Done!

![image](https://user-images.githubusercontent.com/22657154/72688313-6d722700-3b0e-11ea-95f6-2d27519ca9fd.png)

![image](https://user-images.githubusercontent.com/22657154/73777200-bcb48a80-4791-11ea-8f8c-7dec1aadc5d7.png)

## 🔒 License

Licensed under [GNU General Public License v3.0](https://github.com/reb311ion/replica/blob/master/LICENSE)

## ⛏️ BUG? OPEN NEW ISSUE   

OPEN [NEW ISSUE](https://github.com/reb311ion/replica/issues)