lyc
/
pwndbg
mirror of https://github.com/pwndbg/pwndbg.git
1
0
Fork 0
Code Releases Activity

improve ghidra integratino docs (#3171)

Browse Source
pull/3172/head^2
k4lizen 5 months ago committed by GitHub
parent 33002925f8
commit 46047f6530
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 55 additions and 16 deletions
Show Stats Download Patch File Download Diff File

BIN
docs/assets/caps/tutorials/ghidra_decomp.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 140 KiB

71
docs/tutorials/decompiler-integration/ghidra-integration.md
Unescape View File

@ -1,27 +1,66 @@
# Ghidra
With the help of [radare2](https://github.com/radareorg/radare2) or [rizin](https://github.com/rizinorg/rizin) it is possible to show the decompiled source code of the ghidra decompiler.
Unlike with IDA and Binary Ninja, Ghidra is not considered an "integration provider". You cannot synchronise your Ghidra reverse engineering progress to Pwndbg.
You can however integrate Ghidra's decompiler into Pwndbg such that the decompiled version of any function you're in is shown in the Pwndbg context.
However, this comes with some prerequisites.
??? example "Example Screenshot"
![](../../assets/caps/tutorials/ghidra_decomp.png)
* First: you have to have installed radare2 or rizin and it must be found by GDB (within path)
* Second: you have to install the ghidra plugin for radare2
[r2ghidra](https://github.com/radareorg/r2ghidra) or install the ghidra plugin for rizin [rz-ghidra](https://github.com/rizinorg/rz-ghidra)
* Third: r2pipe has to be installed in the python-context GDB is using (or if you are using rizin, install rzpipe instead)
To do this, we will need the help of [radare2](https://github.com/radareorg/radare2) or [rizin](https://github.com/rizinorg/rizin).
The decompiled source be shown as part of the context by adding `ghidra` to `set context-sections`
or by calling `ctx-ghidra [function]` manually.
## Setup
Be warned, the first call to both radare2/r2ghidra and rizin/rz-ghidra are rather slow! Subsequent requests for decompiled
source will be faster. And it does take up some resources as the radare2/rizin instance is kept by r2pipe/rzpipe
to enable faster subsequent analysis.
=== "rizin"
1. Install [rizin](https://github.com/rizinorg/rizin). It must be found by the debugger (within path).
2. Install the Ghidra plugin for rizin: [rz-ghidra](https://github.com/rizinorg/rz-ghidra).
3. Install [rzpipe](https://pypi.org/project/rzpipe/) and make sure the python used by the debugger can access it.
4. Add `set r2decompiler rizin` to your `~/.gdbinit` after Pwndbg is sourced.
With those performance penalties it is reasonable to not have it launch always. Therefore it includes
an option to only start it when required with `set context-ghidra`:
Regarding the third step, if you don't install to your user or system-wide python (but rather a virtual environment), you may add something like this to the beginning of your `~/.gdbinit`:
```
python
import sys
import os
from glob import glob
* `set context-ghidra always`: always trigger the ghidra context
* `set context-ghidra never`: never trigger the ghidra context except when called manually
* `set context-ghidra if-no-source`: invoke ghidra if no source code is available
venv = os.path.expanduser('~/tools/rizin/venv')
site_dir_pattern = os.path.join(venv, 'lib', 'python*/site-packages')
site_dirs = glob(site_dir_pattern)
sys.path.insert(0, site_dirs[0])
import rzpipe
end
```
=== "radare2"
1. Install [radare2](https://github.com/radareorg/radare2). It must be found by the debugger (within path).
2. Install the Ghidra plugin for radare2: [r2ghidra](https://github.com/radareorg/r2ghidra).
3. Install [r2pipe](https://pypi.org/project/r2pipe/) and make sure the python used by the debugger can access it.
4. Add `set r2decompiler radare2` to your `~/.gdbinit` after Pwndbg is sourced.
Regarding the third step, if you don't install to your user or system-wide python (but rather a virtual environment), you may add something like this to the beginning of your `~/.gdbinit`:
```
python
import sys
import os
from glob import glob
venv = os.path.expanduser('~/tools/radare2/venv')
site_dir_pattern = os.path.join(venv, 'lib', 'python*/site-packages')
site_dirs = glob(site_dir_pattern)
sys.path.insert(0, site_dirs[0])
import r2pipe
end
```
## Usage
Append `set context-ghidra if-no-source` to your `~/.gdbinit`. You should be able to see the
`[ GHIDRA DECOMPILE ]` context now right below your disassembly. If you want to temporarily enable/disable
it or move around the context sections, see [context-ghidra](../../configuration/config.md#context-ghidra)
and [contextoutput](../../commands/context/contextoutput.md).
Be warned, the first call to both radare2/r2ghidra and rizin/rz-ghidra are rather slow!
Subsequent requests for decompiled source will be faster. And it does take up some resources
as the radare2/rizin instance is kept by r2pipe/rzpipe to enable faster subsequent analysis.
Remark: the plugin tries to guess the correct current line and mark it with "-->", but it might
get it wrong.

Write Preview
Loading…
Cancel
Save