GhidraDev README

GhidraDev provides support for developing and debugging Ghidra scripts and modules in Eclipse.

The information provided in this document is effective as of GhidraDev 2.1.0 and is subject to change with future releases.

• Change History
• Minimum Requirements
• Optional Requirements
• Installing
• Manual Installation in Eclipse
• Automatic Installation through Ghidra
• GhidraDev Features
• New Ghidra Script
• New Ghidra Script Project
• New Ghidra Module Project
• Export Ghidra Module Extension
• Preferences
• Link Ghidra
• Launching and Debugging Ghidra
• PyDev Support
• Installing PyDev
• Configuring PyDev
• Upgrading
• Uninstalling
• Frequently Asked Questions
• Additional Resources

Change History

2.1.0:

• Added support for Ghidra 9.1. GhidraDev 2.1.0 will be unable to create new Eclipse projects for versions of Ghidra earlier than 9.1.
• Prevented Ghidra projects from being created inside of a Ghidra installation directory.
• Added an Environments tab to the Ghidra run configuration for setting environment variables when launching Ghidra.

2.0.1: Fixed exception that occurred when performing certain actions on a Ghidra project that was imported from a previously exported Archive File.

2.0.0:

• Improved Ghidra module project starting templates for Analyzer and Plugin and added new templates for Loader, Exporter, and FileSystem.
• When creating a new Ghidra project, there is now an option to automatically create a Ghidra run configuration for the project with a customizable amount of maximum Java heap space.
• When creating a new Ghidra project, the project root directory now defaults to the workspace directory if a project root directory has never been set.
• When creating a new Ghidra project, the add button in the Python Support wizard page now automatically adds the Jython interpreter found in the Ghidra installation directory to PyDev if PyDev does have any Jython interpreters configured.
• A Ghidra project's dependencies that are also projects are now passed along to a launched Ghidra so Ghidra can discover those projects as potential modules.
• The GhidraDev popup menu is now visible from within the Project Explorer (it was previously only visible in the Package Explorer).
• A new page has been added to the Export Ghidra Module Extension wizard that allows the user to point to a specific Gradle installation.

1.0.2: Fixed exception that occurred when performing a "Link Ghidra" on projects that specify other projects on their build paths.

1.0.1: Initial Release.

Minimum Requirements

• Eclipse 2018-12 4.10 or later
• Ghidra 9.1 or later

(Back to Top)

Optional Requirements

• PyDev 6.3.1 or later (more info)
• CDT 8.6.0 or later

(Back to Top)

Installing GhidraDev

GhidraDev can be installed either manually into Eclipse or automatically by Ghidra, depending on your uses cases. The following two sections outline both procedures.

Manual Installation in Eclipse

GhidraDev can be installed into an existing installation of Eclipse the same way most Eclipse plugins are installed. From Eclipse:

1. Click Help → Install New Software...
2. Click Add...
3. Click Archive...
4. Select GhidraDev zip file from <GhidraInstallDir>/Extensions/Eclipse/GhidraDev/
5. Click OK (name field can be blank)
6. Check Ghidra category (or GhidraDev entry)
7. Click Next
8. Click Next
9. Accept the terms of the license agreement
10. Click Finish
11. Click Install anyway
12. Click Restart Now

Automatic Installation through Ghidra

Ghidra has the ability to launch an externally linked Eclipse when certain actions are performed, such as choosing to edit a Ghidra script by clicking the Eclipse icon in the Ghidra Script Manager. Ghidra requires knowledge of where Eclipse is installed before it can launch it, and will prompt the user to enter this information if it has not been defined. Before Ghidra attempts to launch Eclipse, it will attempt to install GhidraDev into Eclipse's dropins directory if GhidraDev is not already installed.

(Back to Top)

Features

GhidraDev provides a variety of features for creating and interacting with Ghidra-related projects in Eclipse. GhidraDev supports creating both Ghidra script and Ghidra module projects. Ghidra scripts are typically designed as a single Java source file that is compiled by Ghidra at runtime and run through Ghidra's Script Manager or passed to the Headless Analyzer on the command line for execution. Ghidra modules are intended to represent larger, more complex features such as Analyzers or Plugins. When Ghidra modules are ready for production, they can be exported and installed into Ghidra as an "extension".

• New
• Ghidra Script: Opens a wizard that creates a new Ghidra script with the provided metadata in the specified location. Ghidra scripts can be created in both Ghidra script and Ghidra module projects.
• Ghidra Script Project: Opens a wizard that creates a new Ghidra scripting project that is linked against a specified Ghidra installation. The project can be set up to develop scripts in both the user's home ghidra_scripts directory, as well as any scripts found in the Ghidra installation.
• Ghidra Module Project: Opens a wizard that creates a new Ghidra module project that is linked against a specified Ghidra installation. The project can be initialized with optional template source files that provide a good starting point for implementing advanced Ghidra features such as Analyzers, Plugins, Loaders, etc.
• Export
• Ghidra Module Extension: Opens a wizard that exports a Ghidra module project as a Ghidra extension to the project's dist folder. The exported extension archive file can be distributed to other users and imported via Ghidra's front-end GUI. The export process requires Gradle, which is configured in the wizard.
• Preferences
• Ghidra Installations: Add or remove Ghidra installations. Certain features such as creating Ghidra script/module projects require linking against a valid installation of Ghidra.
• Script Editor: The port used by Ghidra to open a script in Eclipse. Must match the corresponding port in Ghidra's Eclipse Integration tool options. Disable this preference to prevent GhidraDev from listening on a port for this feature.
• Symbol Lookup: The project name and port used by Ghidra to perform symbol lookup in Eclipse. Must match the corresponding port in Ghidra's Eclipse Integration tool options. Disable this preference to prevent GhidraDev from listening on a port for this feature. Symbol lookup requires the Eclipse CDT plugin to be installed (see optional requirements for supported versions).
• Link Ghidra: Links a Ghidra installation to an existing Java project, which enables Ghidra script/module development for the project. If a Ghidra installation is already linked to the project when this operation is performed, the project will be relinked to the specified Ghidra installation, which can be used to build the project for a different version of Ghidra, discover new Ghidra extensions that were later added to a Ghidra installation, or repair a corrupted project.

Most GhidraDev features can also be accessed by right-clicking on appropriate project elements in Eclipse's Project/Package Explorer. For example, the Link Ghidra feature can be accessed by right-clicking on an existing Java project, and then clicking Ghidra → Link Ghidra...

(Back to Top)

Launching and Debugging Ghidra

GhidraDev introduces two new run configurations to Eclipse which are capable of launching the installation of Ghidra that an Eclipse Ghidra project is linked to:

• Ghidra: Launches the Ghidra GUI.
• Ghidra Headless: Launches Ghidra in headless mode. By default, this run configuration will not have any program arguments associated with it, which are required to tell headless Ghidra what project to open, what scripts to run, etc. Newly created Ghidra Headless run configurations will have to be modified with the desired headless program arguments. For more information on headless command line arguments, see <GhidraInstallDir>/support/analyzeHeadlessREADME.html.

There are two ways to create Ghidra run configurations:

1. Click Run → Run Configurations...
2. Right-click on Ghidra (or Ghidra Headless), and click New
3. In the Main tab, click Browse... and select the Ghidra project to launch
4. Optionally rename the new run configuration by editing the Name field at the top

Alternatively, you can right-click on any Ghidra project in the Eclipse package explorer, and then click Run As → Ghidra.

To debug Ghidra, click Debug As → Ghidra. GhidraDev will automatically switch Eclipse to the debug perspective.

NOTE: Ghidra can only be launched/debugged from an existing Eclipse Ghidra project. Launching Ghidra from Eclipse independent of a project is not supported.

(Back to Top)

PyDev Support

GhidraDev is able to integrate with PyDev to conveniently configure Python support into Ghidra script and module projects.

Installing PyDev

From Eclipse:

1. Download PyDev (see optional requirements for supported versions)
2. Unzip PyDev
3. Click Help → Install New Software...
4. Click Add...
5. Click Local...
6. Select unzipped PyDev directory
7. Click OK (name field can be blank)
8. Uncheck Group items by category (if applicable)
9. Check PyDev for Eclipse
10. Click Next
11. Click Next
12. Accept the terms of the license agreement
13. Click Finish
14. Click Restart Now

Configuring PyDev

GhidraDev can add Python support to a Ghidra project when:

• Creating a new Ghidra module project
• Creating a new Ghidra script project
• Linking a Ghidra installation to an existing Java project

In order for GhidraDev to add in Python support, PyDev must have a Jython interpreter configured. GhidraDev will present a list of detected Jython interpreters that it found in PyDev's preferences. If no Jython interpreters were found, one can be added from GhidraDev by clicking the + icon. When the + icon is clicked, GhidraDev will attempt to find the Jython interpreter bundled with the selected Ghidra installation and automatically configure PyDev to use it. If for some reason GhidraDev was unable to find a Jython interpreter in the Ghidra installation, one will have to be added manually in the PyDev preferences.

(Back to Top)

Upgrading

GhidraDev is upgraded differently depending on how it was installed. If GhidraDev was manually installed in Eclipse, it can be upgraded the same was it was installed.

If GhidraDev was automatically installed through Ghidra, it can be upgraded by simply removing the GhidraDev file from Eclipse's dropins directory before following one of the two techniques described in the Installing GhidraDev section.

(Back to Top)

Uninstalling

GhidraDev is uninstalled differently depending on how it was installed. If GhidraDev was manually installed in Eclipse, it can be uninstalled as follows from Eclipse:

1. Click Help → About Eclipse
• For macOS: Eclipse → About Eclipse
2. Click Installation Details
3. Select GhidraDev
4. Click Uninstall...
5. Select GhidraDev
6. Click Finish
7. Click Restart Now

If GhidraDev was automatically installed through Ghidra, it can be uninstalled by simply removing the GhidraDev file from Eclipse's dropins directory and restarting Eclipse. The dropins directory can be found at the top level of Eclipse's installation directory.

(Back to Top)

Frequently Asked Questions

• I've created a Ghidra script project. Where should I create my new scripts?

  • The best place to create your scripts in is your home ~/ghidra_scripts directory because Ghidra will automatically find them there without any additional configuration. By default, your Ghidra script project will have a folder named Home scripts which is linked to your home ~/ghidra_scripts directory. Either right-click on this folder in Eclipse and do GhidraDev → New → GhidraScript... or from the menu bar do GhidraDev → New → GhidraScript... and populate the Script folder box with your project's Home scripts folder.

• How do I launch Ghidra in headless mode from Eclipse?

  • GhidraDev provides custom run configurations to launch Ghidra installations both in GUI mode and headlessly. See the Launching section for information on how to launch Ghidra from Eclipse.

• Why doesn't my Ghidra module project know about the Ghidra extension I installed into my Ghidra installation?

  • You most likely installed the Ghidra extension after the Ghidra installation was linked to your Ghida module project, which automatically happens when the project is created. Simply relink your Ghidra installation to the project, and your project will pick up any newly discovered Ghidra extensions.

(Back to Top)

Additional Resources

For more information on the GhidraDev plugin and developing for Ghidra in an Eclipse environment, please see:

• Ghidra Scripting slide deck: <GhidraInstallDir>/docs/GhidraClass/Intermediate/Scripting.html

(Back to Top)