mirror of https://github.com/NationalSecurityAgency/ghidra.git synced 2024-10-23 05:31:02 +00:00

Ghidra is a software reverse engineering (SRE) framework

disassembler reverse-engineering software-analysis

Go to file

Thisita ea990915b4 remove old error bookmark refactor to more correct API call fix address range bug refactor find already set length to default search and short-circuit Correct error message to be more appropriate for all cases Only suggest properly aligned offsets Don't consider the first address bugfix, iterator can be null. Check all references. Implement fixed suggestions to avoid getNextInstruction and ClearCmd usage. switch to isFlow test make easier to read implement flow check implement script message strict variable rename suggestion fix location of check and address mark typo/grammar catch Simplify as requested add length check and fix a few iteration bugs suggest offcut length if override doesn't already exist comment is overcomplicated for a previous explanation this comment was no longer true explain this as what is actually happening now other summary fixups add suggestion Length override action should disassemble the resulting instructions remove info alert that isn't needed since there is a bookmark remove unused check Only init once per run refactor to flow the code Don't let a failed fix block the rest of the script iteration Replace print with Msg statements Provide more thorough error reporting imply to user that work is still being done apply language suggestion check alignment and fix max address bug restrict this again remove unused memory handle Refactor to use declared types Simplify disassembly and computations pass offcutAddress instead of recomputing some other one. decrease level of specificity and disqualify. apply suggestion apply indentation suggestion correct ref type filter to correct Apply simplification fix max address issue. implemented suggestion with flow follow update description to include location fallback info Simplify bookmark Add missing final		2024-02-07 13:27:23 -05:00
.github/ISSUE_TEMPLATE	Update version example to latest	2022-05-31 19:58:56 +08:00
eclipse	GP-0: Updating Eclipse formatter to support 1-line records	2022-07-23 02:17:46 -04:00
Ghidra	remove old error bookmark	2024-02-07 13:27:23 -05:00
GhidraBuild	GP-0: LaunchSupport can now find Eclipse JustJ JDK on Linux	2023-10-17 08:25:09 -04:00
GhidraDocs	Fixes from review	2023-11-01 17:22:57 +00:00
GPL	Merge remote-tracking branch 'origin/GP-3833_ghidorahrex_updated_binutils_version--SQUASHED'	2023-11-15 06:32:12 -05:00
gradle	GP-3977: Fix dependency resolution for nodepJar in Gradle 8.	2023-10-31 14:14:50 -04:00
licenses	GP-3544 various changes	2023-10-03 10:44:44 -04:00
.gitattributes	GP-0: Updating gitattributes	2021-03-30 10:21:45 -04:00
.gitignore	GP-2677: Introduce TraceRmi (API only, experimental)	2023-08-02 10:25:36 -04:00
build.gradle	GP-3111: Enforcing maximum supported Gradle version	2023-04-20 06:19:14 -04:00
certification.local.manifest	GP-3706: updated review changes	2023-09-28 19:46:52 +00:00
CONTRIBUTING.md	GP-0: Updating CONTRIBUTING.md	2022-06-28 01:51:22 -04:00
DevGuide.md	GP-0: Adding assembleAll to DevGuide	2023-10-16 08:33:28 -04:00
DISCLAIMER.md	fix spelling of commercial (#14 )	2019-03-05 22:44:38 -05:00
gradle.properties	Fix failing build in tr_TR locale	2023-10-12 17:58:39 +02:00
LICENSE	Initial commit	2019-02-28 22:27:49 -05:00
NOTICE	Candidate release of source code.	2019-03-26 13:46:51 -04:00
README.md	GP-0: Updating README	2023-08-04 19:00:32 -04:00
settings.gradle	GP-1209: Support for building natives from a release.	2021-09-27 08:16:14 -04:00

README.md

Ghidra Software Reverse Engineering Framework

Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra extension components and/or scripts using Java or Python.

In support of NSA's Cybersecurity mission, Ghidra was built to solve scaling and teaming problems on complex SRE efforts, and to provide a customizable and extensible SRE research platform. NSA has applied Ghidra SRE capabilities to a variety of problems that involve analyzing malicious code and generating deep insights for SRE analysts who seek a better understanding of potential vulnerabilities in networks and systems.

If you are a U.S. citizen interested in projects like this, to develop Ghidra and other cybersecurity tools for NSA to help protect our nation and its allies, consider applying for a career with us.

Security Warning

WARNING: There are known security vulnerabilities within certain versions of Ghidra. Before proceeding, please read through Ghidra's Security Advisories for a better understanding of how you might be impacted.

Install

To install an official pre-built multi-platform Ghidra release:

Install JDK 17 64-bit
Download a Ghidra release file
Extract the Ghidra release file
Launch Ghidra: ./ghidraRun (or ghidraRun.bat for Windows)

For additional information and troubleshooting tips about installing and running a Ghidra release, please refer to docs/InstallationGuide.html which can be found in your extracted Ghidra release directory.

Build

To create the latest development build for your platform from this source repository:

Install build tools:

JDK 17 64-bit
Gradle 7.3+
make, gcc, and g++ (Linux/macOS-only)
Microsoft Visual Studio 2017+ or Microsoft C++ Build Tools with the following components installed (Windows-only):
- MSVC
- Windows SDK
- C++ ATL

Download and extract the source:

Download from GitHub

unzip ghidra-master
cd ghidra-master

NOTE: Instead of downloading the compressed source, you may instead want to clone the GitHub repository: git clone https://github.com/NationalSecurityAgency/ghidra.git

Download additional build dependencies into source repository:

gradle -I gradle/support/fetchDependencies.gradle init

Create development build:

gradle buildGhidra

The compressed development build will be located at build/dist/.

For more detailed information on building Ghidra, please read the Developer Guide.

For issues building, please check the Known Issues section for possible solutions.

Develop

User Scripts and Extensions

Ghidra installations support users writing custom scripts and extensions via the GhidraDev plugin for Eclipse. The plugin and its corresponding instructions can be found within a Ghidra release at Extensions/Eclipse/GhidraDev/ or at this link.

NOTE: The GhidraDev plugin for Eclipse only supports developing against fully built Ghidra installations which can be downloaded from the Releases page.

Advanced Development

To develop the Ghidra tool itself, it is highly recommended to use Eclipse, which the Ghidra development process has been highly customized for.

Install build and development tools:

Follow the above build instructions so the build completes without errors
Install Eclipse IDE for Java Developers

Prepare the development environment:

gradle prepdev eclipse buildNatives

Import Ghidra projects into Eclipse:

File -> Import...
General | Existing Projects into Workspace
Select root directory to be your downloaded or cloned ghidra source repository
Check Search for nested projects
Click Finish

When Eclipse finishes building the projects, Ghidra can be launched and debugged with the provided Ghidra Eclipse run configuration.

For more detailed information on developing Ghidra, please read the Developer Guide.

Contribute

If you would like to contribute bug fixes, improvements, and new features back to Ghidra, please take a look at our Contributor Guide to see how you can participate in this open source project.