This Ghidra plugin allows you to easily deal with native pcode emulation. No scripts anymore, just use it from Ghidra. It can be useful for working with a variety of exotic processors, support for which is not implemented in common emulators.
If the processor/vm supported by Ghidra for reverse engineering — it can be emulated!
What can it do
In fact, the plugin is an extended wrapper around the classes inside the package ghidra.app.emulator. Here is what has been implemented:
- Works with all architectures that Ghidra supports, so you can add exotic processors and emulate the such programs
- CPU context, stack, and heap emulation
- Applying patched bytes through Ghidra GUI to influence the course of emulation
- Breakpoints to control emulation process
- Displaying of changed bytes during emulation in Ghidra's ByteViewer
- Hook some libc functions (but it is still poor)
Installation
- Download Release version of extension and install it in Ghidra File → Install Extensions...
- Use gradle to build extension: GHIDRA_INSTALL_DIR=${GHIDRA_HOME} gradle and use Ghidra to install it: File → Install Extensions...
- In CodeBrowser go to File → Configure → Experimental and select checkbox.
https://github.com/Nalen98/GhidraEmu
12-14-2022, 01:40
Similar Threads
Hybrid Mode
