yetangitu/ghidra
1
0
Fork 0
mirror of https://github.com/NationalSecurityAgency/ghidra.git synced 2025-10-02 17:29:37 +02:00
Code Issues Releases Wiki Activity

Merge remote-tracking branch 'origin/Ghidra_12.0'

Browse source
This commit is contained in:
Ryan Kurtz 2025-09-29 12:01:19 -04:00
commit ccefcc1f70
1 changed files with 4 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

47
Ghidra/Configurations/Public_Release/src/global/docs/WhatsNew.md
View file

@ -102,50 +102,11 @@ PyGhidra 3.0.0 (compatible with Ghidra 12.0 and later) introduces many new Pytho
methods with the goal of making the most common Ghidra tasks quick and easy, such as opening a
project, getting a program, and running a GhidraScript. Legacy API functions such as
`pyghidra.open_program()` and `pyghidra_run_script()` have been deprecated in favor of the new
methods. Below is an example program that showcases some of the new API functionality. See the
PyGhidra library README for more information.
```python
import os, jpype, pyghidra
pyghidra.start()
methods, which are outlined at https://pypi.org/project/pyghidra.
# Open/create a project
with pyghidra.open_project(os.environ["GHIDRA_PROJECT_DIR"], "ExampleProject", create=True) as project:
# Walk a Ghidra release zip file, load every decompiler binary, and save them to the project
with pyghidra.open_filesystem(f"{os.environ['DOWNLOADS_DIR']}/ghidra_11.4_PUBLIC_20250620.zip") as fs:
loader = pyghidra.program_loader().project(project)
for f in fs.files(lambda f: "os/" in f.path and f.name.startswith("decompile")):
loader = loader.source(f.getFSRL()).projectFolderPath("/" + f.parentFile.name)
with loader.load() as load_results:
load_results.save(pyghidra.monitor())
# Analyze the windows decompiler program for a maximum of 10 seconds
with pyghidra.program_context(project, "/win_x86_64/decompile.exe") as program:
analysis_props = pyghidra.analysis_properties(program)
with pyghidra.transaction(program):
analysis_props.setBoolean("Non-Returning Functions - Discovered", False)
analysis_log = pyghidra.analyze(program, pyghidra.monitor(10))
program.save("Analyzed", pyghidra.monitor())
# Walk the project and set a property in each decompiler program
def set_property(domain_file, program):
with pyghidra.transaction(program):
program_info = pyghidra.program_info(program)
program_info.setString("PyGhidra Property", "Set by PyGhidra!")
program.save("Setting property", pyghidra.monitor())
pyghidra.walk_programs(project, set_property, program_filter=lambda f, p: p.name.startswith("decompile"))
# Load some bytes as a new program
ByteArrayCls = jpype.JArray(jpype.JByte)
my_bytes = ByteArrayCls(b"\xaa\xbb\xcc\xdd\xee\xff")
loader = pyghidra.program_loader().project(project).source(my_bytes).name("my_bytes")
loader = loader.loaders("BinaryLoader").language("DATA:LE:64:default")
with loader.load() as load_results:
load_results.save(pyghidra.monitor())
# Run a GhidraScript
pyghidra.ghidra_script(f"{os.environ['GHIDRA_SCRIPTS_DIR']}/HelloWorldScript.java", project)
```
The default Python scripting engine has been changed in Ghidra 12.0 from Jython to PyGhidra.
Existing Jython scripts will need to include the `# @runtime Jython` script header in order to
continue running within the Jython environment.
## Z3 Concolic Emulation and Symbolic Summary
We've added an experimental Z3-based symbolic emulator, which runs as an "auxiliary" domain to the