Skip to content
/ PcodeSym Public

A Ghidra extension that allows you to run Angr symbolic execution using the Pcode from Ghidra.

License

MIT license
17 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jdkleuver/PcodeSym

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits
.settings
.settings
 
 
data
data
 
 
example_binaries
example_binaries
 
 
ghidra_scripts
ghidra_scripts
 
 
lib
lib
 
 
os
os
 
 
src
src
 
 
test_binary
test_binary
 
 
.classpath
.classpath
 
 
.project
.project
 
 
.pydevproject
.pydevproject
 
 
LICENSE
LICENSE
 
 
Module.manifest
Module.manifest
 
 
README.md
README.md
 
 
build.gradle
build.gradle
 
 
extension.properties
extension.properties
 
 

Repository files navigation

This Ghidra extension enables you to run symbolic execution on the binary you are analysing in Ghidra.

Setup guide (Linux):

  1. Install Python 3 on your computer (you can use PyPy which may have better performance)
  2. Create a python 3 virtualenv, e.g: python3 -m venv ~/pcode_venv
  3. Activate the virtualenv, e.g: source ~/pcode_venv/bin/activate
  4. Use pip to install python dependencies: pip install angr pypcode ghidra_bridge
  5. Install the ghidra bridge: python -m ghidra_bridge.install_server ~/ghidra_scripts

Build steps

For already built releases, please see the Releases page

The recommended way to build the extension is using the GhidraDev eclipse plugin, but you can also build from the command line:

Install gradle using your package manager. I've successfully built with gradle version 6.8.3 and 7.2, other versions aren't tested.

  1. GHIDRA_INSTALL_DIR=/path/to/ghidra gradle Replace /path/to/ghidra with the directory containing your ghidra installation
  2. The extension will be placed in the dist/ directory as a zip file

Usage guide

  1. Start ghidra using the ghidraRun script
  2. Click on File->Install Extensions...
  3. Install the extension zip file, if you built it then it will be in the dist/ directory
  4. Restart Ghidra
  5. Open the CodeBrowser tool by selecting a file, you will be prompted: "New extension plugins detected. Would you like to configure them?"
  6. Select "Yes", then tick the box next to "PcodeSym" plugin, then click ok
  7. In the CodeBrowser window, navigate to Tools->PcodeSym->Set python3 interpreter and select the location of your python 3 interpreter (e.g ~/pcode_venv/bin/python)
  8. Select the location to start the symbolic exectution in the code listing, right click select PcodeSym->Set->Source Address
  9. Select the location to stop the symbolic execution in the code listing, right click select PcodeSym->Set->Sink Address
  10. For any addresses that you wish to avoid during symbolic executions, right click them and select PcodeSym->Add->Avoid Address
  11. Run the symbolic execution by starting the "RunSolve.py" script in the Ghidra script manager

How it works

This symbolic execution works by sending the P-code from Ghidra to the python3 interpreter using the ghidra bridge.

Your python3 interpreter will then use the P-code engine in Angr to perform the symbolic execution.

About

A Ghidra extension that allows you to run Angr symbolic execution using the Pcode from Ghidra.

Resources

Readme

License

MIT license
Activity

Stars

17 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

1 tags

Packages

 
 
 

Languages