Introduction #
This is a collection of python3 snippets for scripting on Ghidra. New snippets will be added over time.
Using python3 with Ghidra currently requires the installation of the Ghidrathon extension.
Every snippet assumes that the currentProgram
variable was already defined.
currentProgram = currentProgram()
Addresses #
Most functions that take addresses as arguments don’t accept integers. Instead, they require objects of type ghidra.program.model.address.
Creating an addresse from a string #
address = currentProgram.getAddressFactory().getAddress(string_addr)
Creating an addresse from an integer #
address = currentProgram.getAddressFactory().getDefaultAddressSpace().getAddress(int_addr)
Symbols #
Symbols are accessed through the SymbolTable class.
Creating labels #
from ghidra.program.model.symbol import SourceType
currentProgram.getSymbolTable().createLabel(addr, name, SourceType.USER_DEFINED)
Find the address of a function #
from ghidra.program.model.symbol import SymbolType
# Find the target function in the symbol table
for symbol in symbolTable.getSymbols(FUNCTION_NAME):
if symbol.getSymbolType() == SymbolType.FUNCTION:
func_addr = symbol.getAddress()
# Do something with the function address
Functions #
Functions are queried and created through the FunctionManager.
Getting the function at a specified address #
func = currentProgram.getFunctionManager().getFunctionAt(func_addr)
Renaming functions #
from ghidra.program.model.symbol import SourceType
functionManager = currentProgram.getFunctionManager()
func = functionManager.getFunctionAt(func_addr)
if func is None:
# No function defined, we create one
func_body = CreateFunctionCmd(func_addr)
functionManager.createFunction(name,
func_addr,
func_body.getFunctionBody(currentProgram, func_addr),
SourceType.USER_DEFINED)
else:
# Function already exists, just change the name
func.setName(name, SourceType.USER_DEFINED)
References #
The XReferenceUtils class can be used to query all references to a code unit.
Iterating over string references #
from ghidra.program.util import DefinedDataIterator
from ghidra.app.util import XReferenceUtils
# Iterate over strings
for string in DefinedDataIterator.definedStrings(currentProgram):
# Iterate over their references
for str_ref in XReferenceUtils.getXReferences(string, 1000):
# Take the FROM part of the reference
str_ref_addr = str_ref.getFromAddress()
# Do something with the reference