MUI support for Ghidra. This is primarily a prototype repository. See the main MUI repo for a more complete implementation.
This repository is also the temporary home for MUI-Core.
At its present form, MUI-Ghidra manifests as three Ghidra components named MUI Setup (used to specify args and run Manticore), MUI Log, and MUI State List (which together display Manticore output).
- To run Manticore on the current binary, open the
MUI Setupcomponent viaMUI -> Run Manticorein the menu. - Fill in Manticore and program arguments in the
MUI Setupcomponent, and click theRunButton. Notably, users can specify:
- the Manticore binary used (by default, a bundled binary which requires
python3.9on PATH is used) - the port used by Manticore's state server (by default, an open port starting from
3215will be allocated).
- View log message output and a list of states and their statuses via the
MUI Log/MUI State Listcomponents which will be visible onRun. Alternatively, you can open the components manually viaMUI -> Show Log / Show State Listin the menu.
- The
MUI Setupcomponent allows you to specify keymanticorearguments - You may add additional arguments in the
Extra Manticore Argumentsfield at the bottom of the panel - Click
Runto being an instance of Manticore with your desired arguments - You may run multiple Manticore instances at once
- At present,
stdoutfrommanticoreis output to the log - You may stop the execution of manticore and clear the log with the Stop and Clear buttons on the toolbar
- You can switch between Manticore instances by clicking on their respective log tabs
- Closing a log tab will stop the execution of the Manticore instance associated with it
- The State List displays the states and their statuses of the Manticore instance whose log tab is currently being viewed
- Switching log tabs will cause the State List to show the state list of the newly-focused Manticore instance
- You may click on the State statuses to expand a list of States with that status alongside their respective IDs
- At present, possible State statuses include
ACTIVE,WAITING,FORKED,COMPLETE, andERRORED
- Right-clicking on an address/instruction in the Listing component (which displays the analyzed program's disassembly) will reveal two new Menu options:
MUI -> Toggle Find InstructionandMUI -> Toggle Avoid Instruction - Setting an address/instruction to
Findwill highlight it Green, and setting it toAvoidwill highlight it Red - However, this feature is currently still IN DEVELOPMENT and setting addresses to
Find/Avoidwill have no effect - A warning in the MUI Setup component should remind users that the feature is still unimplemented if any addresses are set to
Find/Avoid
Build the plugin with Gradle. Built plugin will be a zip file in dist directory.
cd MUI/
GHIDRA_INSTALL_DIR=<path_to_ghidra_directory> gradle- Ensure that Python 3.9 is installed (and that you have a
python3.9binary). Manticore is bundled with the plugin and does not need to be separately installed, but currently requires python3.9.
- Note: You can build this for yourself by using the
shivtool and running the following:
shiv --reproducible -c manticore -o ./os/linux_x86_64/manticore <path_to_local>/manticore[native]- Copy the zip file to the
Extensionsfolder in your Ghidra directory - Run Ghidra and select the extension in
File -> Install Extensions - Restart Ghidra
- Fork and clone the repo
- Install the GhidraDev plugin in Eclipse
- Import the project via
File -> Import -> General -> Projects from Folder or Archive - Link your installation of Ghidra via
GhidraDev -> Link Ghidra. The necessary.projectand.pydevprojectfiles will be generated for Eclipse. - Format your code with the included
MUI/GhidraEclipseFormatter.xml(taken from upstream Ghidra) by runningjust formatwith the tool just. - When you first build the plugin, a protobuf compiler binary will generate the
StateOuterClass.javafile used for Manticore message & state list deserialization.