Ghidralib

Welcome to ghidralib documentation!

This library is an attempt to provide an unofficial Pythonic standard library for Ghidra.

The Ghidra scripting API, while extremely powerful, is not well suited for writing quick one-off scripts when reverse-engineering something at 3AM. Scripts usually end up verbose, fragile (since there's no type-checking) and with camelCaseEverywhere.

The goal of this library is to make Ghidra scripting faster, easier and... more fun.

from ghidralib import *
for block in Function("main").basicblocks:
    for instr in block.instructions:
        for pcode in instr.pcode:
            args = ", ".join(map(str, pcode.inputs_simple))
            print("{:x} {} {}".format(pcode.address, pcode.mnemonic, args))

Basic Usage

To use ghidralib, just drop this file into your ghidra_scripts directory. Click here for a direct download link.

A tutorial describing specific features is in development. Finished chapters include:

• Getting Started, with a brief description of useful API functions (recommended).
• Emulator

If you prefer to learn by example, you can browse the examples.

You can find the autogenerated API documentation here.

When in doubt, check out the source code at Github

A fair warning: ghidralib is still actively developed and the API may change in the future. But this doesn't matter for your one-off scripts, does it? Current compatibility status is documented here.