https://github.com/brocbyte/brocstruct

Ghidra plugin for automatic struct definition extraction from executables.
https://github.com/brocbyte/brocstruct

ghidra ghidra-scripts p-code reverse-engineering symbolic-execution

Last synced: 8 months ago
JSON representation

Ghidra plugin for automatic struct definition extraction from executables.

• Host: GitHub
• URL: https://github.com/brocbyte/brocstruct
• Owner: brocbyte
• Created: 2024-12-20T06:27:58.000Z (over 1 year ago)
• Default Branch: master
• Last Pushed: 2024-12-20T06:38:54.000Z (over 1 year ago)
• Last Synced: 2025-07-26T23:29:46.986Z (8 months ago)
• Topics: ghidra, ghidra-scripts, p-code, reverse-engineering, symbolic-execution
• Language: Java
• Homepage:
• Size: 49.8 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# brocstruct

Brocstruct is a work-in-progress Ghidra script for automatic struct definition extraction from executables.

It is based on Ghidra's P-Code analysis and "theoretically" can work for all architectures supported by Ghidra itself.

The main idea is to track all LOAD/STORE accesses of the form *(arg + offset).

For now it works inside functions only (no interprocedural analysis).

There are already more mature plugins/scripts to do the same:

- https://github.com/grimm-co/gearshift

- https://github.com/NationalSecurityAgency/ghidra/blob/8dd0ea698ac8b9bc6a8d973d882c71037714e81e/Ghidra/Features/Decompiler/ghidra_scripts/CreateStructure.java