https://github.com/reb311ion/replica

Ghidra Analysis Enhancer 🐉
https://github.com/reb311ion/replica

analysis automation binary binary-analysis decompilation decompiler disassembler disassembly enhancment ghidra ghidra-auto-analysis label-references malware-analysis rename-functions replica reverse-engineering security-audit security-tools

Last synced: about 2 months ago
JSON representation

Ghidra Analysis Enhancer 🐉

• Host: GitHub
• URL: https://github.com/reb311ion/replica
• Owner: reb311ion
• License: gpl-3.0
• Created: 2020-01-23T23:18:55.000Z (over 5 years ago)
• Default Branch: master
• Last Pushed: 2020-05-30T06:34:42.000Z (almost 5 years ago)
• Last Synced: 2024-10-28T00:02:04.351Z (6 months ago)
• Topics: analysis, automation, binary, binary-analysis, decompilation, decompiler, disassembler, disassembly, enhancment, ghidra, ghidra-auto-analysis, label-references, malware-analysis, rename-functions, replica, reverse-engineering, security-audit, security-tools
• Language: Python
• Homepage:
• Size: 2.66 MB
• Stars: 284
• Watchers: 18
• Forks: 29
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
 REPLICA



  

  


  

  TAME THE DRAGON

  

 





  

  

    

  

    

  

    

  



## ✨Features

- ⚡ Disassemble missed instructions - Define code that Ghidra's auto analysis missed

- ⚡ Detect and fix missed functions - Define functions that Ghidra's auto analysis missed

- ⚡ Fix 'undefinedN' datatypes - Enhance Disassembly and Decompilation by fixing 

        'undefinedN' DataTypes 

- ⚡ Set MSDN API info as comments - Integrate information about functions, arguments

        and return values into Ghidra's disassembly listing in the form of comments

- ⚡ Tag Functions based on API calls - rename functions that calls one or more APIs with

        the API name and API type family if available

- ⚡ Detect and mark wrapper functions - Rename wrapper functions with the wrapping

        level and wrapped function name 

- ⚡ Fix undefined data and strings - Defines ASCII strings that Ghidra's auto analysis 

        missed and Converts undefined bytes in the data segment into DWORDs/QWORDs 

- ⚡ Detect and label crypto constants - Searche and label constants known to be associated

        with cryptographic algorithm in the code

- ⚡ Detect and comment stack strings - Find and post-comment stack strings 

- ⚡ Rename Functions Based on string references - rename functions that references one

        or more strings with the function name followed by the string name.

- ⚡ Bookmark String Hints - Bookmark intersting strings (file extensions, browser agents, registry keys, etc..)

## 🚀 Installation:

Copy the repository files into any of `ghidra_scripts` directories and extract `db.7z`, directories can be found from `Window->Script Manager->Script Directories`

![image](https://user-images.githubusercontent.com/22657154/72688222-becde680-3b0d-11ea-8fb2-b9baa0239042.png)

Search for replica and enable `in tool` option

![image](https://user-images.githubusercontent.com/22657154/72688275-153b2500-3b0e-11ea-8fc2-77d6bfe9dc78.png)

Done!

![image](https://user-images.githubusercontent.com/22657154/72688313-6d722700-3b0e-11ea-95f6-2d27519ca9fd.png)

![image](https://user-images.githubusercontent.com/22657154/73777200-bcb48a80-4791-11ea-8f8c-7dec1aadc5d7.png)

## 🔒 License

Licensed under [GNU General Public License v3.0](https://github.com/reb311ion/replica/blob/master/LICENSE)

## ⛏️ BUG? OPEN NEW ISSUE   

OPEN [NEW ISSUE](https://github.com/reb311ion/replica/issues)