TAME THE PYHIDRA
I converted the REPLICA script (https://github.com/reb311ion/replica) to work in the "Pyhdira" (Python3) environment. Thanks reb311ion!
- β‘ Disassemble missed instructions - Define code that Ghidra's auto analysis missed
- β‘ Detect and fix missed functions - Define functions that Ghidra's auto analysis missed
- β‘ Fix 'undefinedN' datatypes - Enhance Disassembly and Decompilation by fixing 'undefinedN' DataTypes
- β‘ Set MSDN API info as comments - Integrate information about functions, arguments and return values into Ghidra's disassembly listing in the form of comments
- β‘ Tag Functions based on API calls - rename functions that calls one or more APIs with the API name and API type family if available
- β‘ Detect and mark wrapper functions - Rename wrapper functions with the wrapping level and wrapped function name
- β‘ Fix undefined data and strings - Defines ASCII strings that Ghidra's auto analysis missed and Converts undefined bytes in the data segment into DWORDs/QWORDs
- β‘ Detect and label crypto constants - Searche and label constants known to be associated with cryptographic algorithm in the code
- β‘ Detect and comment stack strings - Find and post-comment stack strings
- β‘ Rename Functions Based on string references - rename functions that references one or more strings with the function name followed by the string name.
- β‘ Bookmark String Hints - Bookmark intersting strings (file extensions, browser agents, registry keys, etc..)
-
Download and install Ghidra to a desired location.
-
Set the
GHIDRA_INSTALL_DIRenvironment variable to point to the directory where Ghidra is installed. -
Install pyhidra.
> pip install pyhidra- Run
pyhidrawfrom a terminal of your choice. - Open the Code Browser Tool.
- From the
Filetoolbar menu, selectConfigure.... - From the menu in the image below select
configureunderExperimental. - Copy the repository files into any of
ghidra_scriptsdirectories and extractdb.7z, directories can be found fromWindow->Script Manager->Script Directories