Skip to content

danroblewis/GhidraMCP

BranchesTags
 
 

Repository files navigation

License GitHub release (latest by date) GitHub stars GitHub forks GitHub contributors Follow @lauriewired

ghidra_MCP_logo

GhidraMCP

A Ghidra plugin that provides an HTTP server to expose program data, along with an MCP (Model Context Protocol) server for AI assistants to interact with Ghidra.

Features

Existing Functionality

  • List and search functions, classes, segments, imports, exports, namespaces, and data
  • Decompile functions by name or address
  • Rename functions, data labels, and variables
  • Get function references (xrefs)
  • Set comments and function prototypes
  • List strings in the binary

New Struct Functionality

  • List Structs: List all structs in the program with pagination
  • Get Struct Details: Get detailed information about a specific struct including fields, sizes, and offsets
  • Create Struct: Create new structs with custom fields
  • Rename Struct: Rename existing structs
  • Add Struct Field: Add new fields to existing structs
  • Remove Struct Field: Remove fields from existing structs
  • Auto-analyze Structs: Automatically analyze the binary to identify potential struct patterns

Installation

Ghidra Plugin

  1. Build the Java plugin using Maven: mvn clean package
  2. Install the generated .jar file in Ghidra's plugin directory
  3. Enable the plugin in Ghidra
  4. Configure the HTTP server port in Tool Options

Python MCP Server

  1. Install dependencies: pip install -r requirements.txt
  2. Run the MCP server: python bridge_mcp_ghidra.py

Usage Examples

Struct Operations

List all structs

# List first 50 structs
list_structs(offset=0, limit=50)

Get struct details

# Get detailed information about a specific struct
get_struct("MyStruct")

Create a new struct

# Create a struct with fields
create_struct("Person", "int id,char name,float age")

Rename a struct

# Rename an existing struct
rename_struct("OldName", "NewName")

Add a field to a struct

# Add a field at the end
add_struct_field("MyStruct", "newField", "int")

# Add a field at specific offset
add_struct_field("MyStruct", "newField", "int", "16")

Remove a field from a struct

# Remove a field
remove_struct_field("MyStruct", "oldField")

Auto-analyze structs

# Analyze binary for struct patterns
auto_analyze_structs()

API Endpoints

The Ghidra plugin exposes the following HTTP endpoints:

  • GET /list_structs?offset=X&limit=Y - List structs with pagination
  • GET /get_struct?name=NAME - Get struct details
  • POST /create_struct - Create new struct
  • POST /rename_struct - Rename struct
  • POST /add_struct_field - Add field to struct
  • POST /remove_struct_field - Remove field from struct
  • GET /auto_analyze_structs - Auto-analyze structs

Configuration

The plugin can be configured through Ghidra's Tool Options:

  • Server Port: The HTTP server port (default: 8080)

Building

mvn clean package

License

[License details here]

About

MCP Server for Ghidra

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Java 84.1%
  • Python 15.9%