how to import with NTRGhidra #2
Description
WARNING: This analysis environment may contain viruses. Please take all possible measures, such as using a virtual environment.
what you need
- desmume latest
- ghidra 11.3.1
- symbol_jp.zip (Unzip it to any location)
- import_symbols_json.py https://github.com/UsernameFodder/pmdsky-debug/blob/master/tools/ghidra_scripts/import_symbols_json.py
- ghidra_11.3.1_PUBLIC_20250421_NTRGhidra.zip
- jdk-23_windows-x64_bin.exe https://www.oracle.com/java/technologies/downloads/#jdk21-windows
https://download.oracle.com/java/23/latest/jdk-23_windows-x64_bin.exe - Microsoft Visual C++ Redistributable Package vc_redist.x64.exe https://learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170 (
https://aka.ms/vs/17/release/vc_redist.x64.exe)
Installing dependencies
vc_redist.x64.exe
Skipping is fine, but install vc_redist.x64.exe (Microsoft Visual C++ Redistributable Package) if necessary
jdk-23_windows-x64_bin.exe
jdk should also be installed at the default location if possible
ghidra 11.0.3
Please use 7zip or similar to unzip ghidra
In Explorer, right-click on the file (advanced in win11) > 7-zip > ghidra_11.0.3_PUBLIC_* to extract
In the extracted folder, double-click ghidraRun.bat to start ghidra
See this site for assembly analysis tutorial
https://www.starcubelabs.com/reverse-engineering-ds/
ghidra
Caution
Do not allow Ghidra in Windows Defender, as it may take over your computer
Next, unzip Ghidra.
Second, place ghidra_11.0.3_PUBLIC_20240411_NTRGhidra.zip as is in the GHIDRA_INSTALL_DIR/Extensions/Ghidra folder.
Third, click ghidraRun.bat to start ghidra
Then, in the Ghidra window (not in the code browser), open the File menu, select Install Extensions, check on NTRGhidra, and click OK
Then quit Ghidra and start it again by running ghidraRun.bat
After startup is complete, open the File > New Project window, select Non-Shared Project, and click next.
Create a project with a project name of your choice.
Next, insert the NDS file directly
In this window, click arm9
In this window, click Yes
In this window, click OK
Once you have selected your language, click ok. ghidra will then start the import and display the technical details. Click ok on that too
Then double click on the file to open the disassembler
In this window, click Yes
To be sure, uncheck Non-Returning Functions - Discovered. This will disable the analysis that automatically discovers functions that do not return to the parent
"Non-Returning Functions - Discovered", in my experience, is a hindrance when analyzing code that directly manipulates the PC (PC is the current execution position of the CPU)
Press Analysis and wait about 20 minutes
Edit Tool options.
Select Edit > tool Option. Then select Listing Fields > Operands Field and uncheck Markup Register Variable References.
This prevents the register from being marked up as an argument, making it easier to see
Once the analysis is finished, press the play mark to open the script manager
Then click on the paper mark, select Python and press ok
Copy and paste import_symbols_json.py with GPL-3.0 license into the editor that appears
https://github.com/UsernameFodder/pmdsky-debug/blob/master/tools/ghidra_scripts/import_symbols_json.py
Press play button to run
Select symbol_jpn/output/ram/arm9_ram_jpn.json from the unzipped symbol_jpn.zip
Similarly, import output/battle/arm9_battle_jp.json and output/field/arm9_field_jp.json as needed.
Once done, close the script manager
You have now imported the function names and descriptions posted in this repository.
example
Press the G key, type jp: 0209cd4c eu:0x209AFE4 in the window that appears, and press Enter.
This is a function that uses BT to generate the number of bodies in the first group and the types of the second and third groups.
Have fun exploring the assembly!
Q&A
Q: My Ghidra is broken, how do I fix it?
A: Please delete the %USERPROFILE%\.ghidra\ and start all over from scratch
Q: Can I allow Windows Defender?
A: NOOOOO, uncheck everything and never allow Windows Defender. Your computer may be hijacked
All reverse engineering can be done offline!