GitHub - 0xb0bb/pwndra: A collection of pwn/CTF related utilities for Ghidra
source link: https://github.com/0xb0bb/pwndra
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
README.md
pwndra
A collection of pwn/CTF related utilities for Ghidra
Utilities
Replace Constants
This utility will attempt to replace known constants in functions with their human readable counterpart.
Usage
There are several frontends available:
- aarch64
- amd64
- arm
- hppa
- i386
- m68k
- mips (n32/o32/n64)
- powerpc
- powerpc64
- sh
- sh4
- sparc
- sparc64
- thumb
You can either run one of those frontend scripts directly (through the
Script Manager
or if you clicked In Tool
you can access a menu;
Analysis
-> Pwn
-> Constants
).
There is an Auto
frontend that will automatically detect the current loaded
program for you. This can also be accessed with the keyboard shortcut: ctrl
+6
.
The scripts have two modes of operation, the default is a global replacement
of known constants, the second is to only operate on a given selection. This is
useful for those times where you have two binary modes interlaced in the same
code such as i386
/amd64
or thumb
/arm
.
Installation
Add the files to an existing Ghidra script directory or add it as a new
script directory by clicking the Script Directories
button within the
Script Manager
window (Window
-> Script Manager
).
Some of the scripts have keyboard shortcuts or add menu items to Ghidra (visible
under Analysis
-> Pwn
) in order to integrate the scripts into Ghidra you must
click the In Tool
checkbox next to each script on the Script Manager
window.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK