Ghidra-SNES: A Ghidra extension for reverse engineering SNES ROMs (first public release, feedback welcome!)
github.comu/JoshLeaves — 5 days ago
r/ghidra
u/JoshLeaves — 9 days ago
https://github.com/0xeb/libghidra
I've played around with this for a few days now and have found it to be pretty solid so far. Anyone else tried it out yet?
u/e80000000058 — 11 days ago
▲ 5 r/ghidra
Hey,
I was wondering what's the recommended for PyGhidra
I've been doing
class MyScript(GhidraScript):
def __init__(self):
super().__init__()
self._state_var = 1 # Example
def _do_thing(self):
...
def _do_other_thing(self):
...
def run(self):
self._do_thing()
self._do_other_thing()
m = MyScript()
m.run()
There's little examples and simply defining run doesn't seem to work (I actually need to invoke it)
Is there any reason to inherit from GhidraScript?
u/Due_Battle_9890 — 10 days ago
▲ 4 r/ghidra
Ghidra Scripting: Search -> Decompiled Text
Version: GHIDRA 12.0.4 linux latest
I've played around with ghidra-mcp, pyghidra and now libghidra was released.
I want to know if there's a programmatic way to access [search bar]->[decompiled text] to search the decompilation of the ENTIRE active program for a specific hex pattern. Not search by a single function's decompilation.
I don't see this in any of the mcp tools and a topical search of pyghidra. Can someone point me in the right direction?
If it isn't supported, can you give me an overview on how to implement it?
u/scarfersBluff — 4 days ago
▲ 1 r/ghidra
Hello !
I'm dealing with a long variable, represented by "x22" in assembly, and I'd like to substract 47 000 from it. So I patch an instruction into sub x22, x22, #47000
But it doesn't work, I can't use anything bigger than 12 bits. But I see other instructions in the file using longer constants, is there a way to do it I don't understand ? I'm very new to assembly and Ghidra.
The .so I'm patching is in AArch64.
Thanks in advance for reading me and any help you could bring.
u/Pordrack — 13 days ago
▲ 3 r/ghidra
Hey,
I am still learning Ghidra Scripting and have a question about about DBs. I am still getting used to navigating the docs and noticed that many of the classes are suffixed with DB (e.g., InstructionDB). I understand that these are just objects that inherit from DatabaseObject, but I want to make sure my understanding is correct. The docs describes it as:
> Base class for an cached object in the database. Database objects have keys. They are marked as invalid when a database cache is cleared and can be revived on a refresh as long as they haven't been deleted. Instantiating an object will cause it to be added immediately to the associated cache.
I'd like to take it step by step
> Base class for an cached object in the database.
Ghidra maintains a database and it's how, instead of re-analyzing or recomputing anything, Ghidra will cache it in the database
> Database objects have keys.
This is how you identify the object
> They are marked as invalid when a database cache is cleared and can be revived on a refresh as long as they haven't been deleted.
So, does this mean this isn't added to DB (only on save).
My second question:
It's a little more broard, but I get a bit overwhelmed searching the ghidra docs. Let's say that I want to iterate through the all the instructions, here's what I would do:
1.) Get the starting address
a.) It's an ELF so I can get the start address
i.) Could just grab the e_entry
b.) But I have to construct `ghidra.app.util.bin.format.elf.ElfHeader`.
i.) Have to construct it with a `ByteProvider`
ii.) What's a byte provider???
iii.) Do I just give the image base
The point is, it seems that navigating the ghidra API is horrid. It seems that it's obtuse and uses heavy inheritance (very java-y). I searched online and then I find something like. this, which is nicer. But this iterates when it encounters a null or is cancelled. I'd like to iterate over the entire text section which I think still requires me to get ELF details.
My general question: how does one actually navigate the docs? What are your strategies?
Thanks in advance!
u/Due_Battle_9890 — 13 days ago