goatshriek / ruby-dragon Goto Github PK

View Code? Open in Web Editor NEW

45.0 3.0 13.0 60.49 MB

Ruby, Kotlin, Groovy, Clojure, and JShell support for Ghidra scripting and interactive sessions.

Home Page: https://goatshriek.github.io/ruby-dragon/

License: Apache License 2.0

Ruby 4.17% CSS 1.95% HTML 12.28% Java 73.85% Clojure 2.97% Kotlin 2.91% Groovy 1.87%

ghidra ruby jruby plugin clojure reverse-engineering kotlin jshell contributions-welcome good-first-issue

ruby-dragon's Introduction

Ruby Dragon

Ruby, Kotlin, Groovy, Clojure, and JShell support for Ghidra.

Installation

Check out the releases page for the latest release build of the plugin. After downloading, you can install this in Ghidra by going to File->Install Extensions..., choosing the Add Extension option, and then navigating to the downloaded zip file. You'll be prompted to restart Ghidra for the new extension to be active.

You will then need to activate the plugin before using it. You might get prompted to do this next time you open the CodeBrowser tool, in which case you can simply select OK. Otherwise, you can manually activate it by opening the CodeBrowser tool, going to File->Configure..., and selecting the RubyDragon plugin for Ruby, the KotlinDragon plugin for Kotlin, the JShellDragon plugin for the Java interpreter, and the ClojureDragon plugin for Clojure. They should appear in the Ghidra Core listing, but you can check the Configure All Plugins option if you aren't able to find them.

If you need to remove a language plugin, you can do so by unchecking the box in the configuration dialog in the CodeBrowser tool. If you want to remove the extension as a whole, you'll also need to uncheck it in the Install Extensions menu from the project browser, and finally restart Ghidra. You may also need to manually delete the folder from your .ghidra/<ghidrainstall>/Extensions folder to completely remove it, particularly if you want to load the plugin via the Eclipse plugin for development.

Ruby Usage

Once the RubyDragon plugin is enabled, you will be able to open an interactive Ruby session from the CodeBrowser tool by going to Window->Ruby, or by clicking on the Ruby icon in the toolbar. This is a IRB session provided by JRuby.

The same environmental variables provided in Java and Python scripts are also available in this session along with a few extras, as the following global variables:

$current_address
$current_api
$current_data
$current_function
$current_highlight
$current_instruction
$current_location
$current_program
$current_selection

The $current_api variable is an instance of FlatProgramAPI created with $current_program. This has many (but not all) of the convenience functions that would be available within a GhidraScript instance.

Many classes provided by Ghidra can be automatically imported into the interactive terminal so you don't need to use java_import statements to use them. If you want to customize this you can modifiy the auto-import.xml data file in the installation. To enable this feature (it does impact startup time) then you can enable the relevant option in the Ruby Dragon Interpreters category. This is done for all other languages as well, using the same data file.

You can also write scripts in Ruby, much the same way as you would with Java or Python. Ruby will be available as a new script type, and you can see several example scripts in the Examples.Ruby directory of the Script Manager that show basic usage of both JRuby and Ghidra basics. Scripts also have an additional global variable $script that provides access to the RubyScript instance for them.

The same global variables available in the interactive sessions are also provided for scripts to use in the same manner.

You can also find help directly in the Ghidra help menu (press F1) on the Ghidra Functionality->Scripting->Ruby Interpreter page.

Installing Gems

If you want to install gems to be available in your interactive interpreter or scripts, then you'll need to take a few extra steps, depending on how isolated you want the gem environment to be.

If you're using something like rvm to manage your Ruby environment, then you can simply rely on this to have already set the GEM_PATH environment variable to point to your gem installation. For maximum success however, you should switch to a JRuby installation, ideally of the same version as packaged in RubyDragon, and let rvm point to a gemset within that.

If you want the Ghidra gem set to be specific to Ghidra, or if you don't have a Ruby environment outside of Ghidra to point to, you can choose a location on your own and set the GEM_PATH environment variable to point to that. To install new gems to the path, invoke the version of gem from the bundled JRuby jar like so, changing version and paths as needed. Here the gem path will be set to ~/ghidra_gems

# from a shell environment
java -jar ~/.ghidra/.ghidra_10.2_PUBLIC/Extensions/RubyDragon/lib/jruby-complete-9.3.9.0.jar -S gem install -i ~/ghidra_gems wrapture

REM from a windows command line
java -jar %USERPROFILE%\.ghidra\.ghidra_10.2_PUBLIC\Extensions\RubyDragon\lib\jruby-complete-9.3.9.0.jar -S gem install -i %USERPROFILE%\ghidra_gems wrapture

Once this is done, you can require the wrapture gem (or whatever you chose to install) from scripts and the interactive terminal.

If you don't want to create an environment variable in your global configuration, you'll need to mess with the script used to launch Ghidra in order to set GEM_PATH appropriately. You can do this by adding a set command in launch.bat or launch.sh (depending on your OS). For Windows systems, you'll also need to remove the /I parameter from the start command used to launch Ghidra so that the environment variable is passed on.

Kotlin Usage

Kotlin is used in much the same way as the Ruby toolset with some obvious differences, such as being provided by the KotlinDragon plugin and being reached from the Window->Kotlin menu option. The built in variables for scripts and the interpreter window in Kotlin are the same as Java:

currentAddress
currentAPI
currentData
currentFunction
currentHighlight
currentInstruction
currentLocation
currentProgram
currentSelection

Kotlin scripts use a kts extension as they are interpreted as scripts rather than being compiled to java first.

Groovy Usage

Groovy follows the same patterns as the other languages, being provided in the GroovyDragon plugin and reachable from the Window->Groovy menu option. It has the same built-in variables that the others provide:

currentAddress
currentAPI
currentData
currentFunction
currentHighlight
currentInstruction
currentLocation
currentProgram
currentSelection

Clojure Usage

Clojure follows the same patterns as the other languages, being provided in the ClojureDragon plugin and the menu item Window->Clojure.

The Clojure interpreter and scripts also have bindings that make the state information available to them, within the ghidra namespace. They are:

ghidra/current-address
ghidra/current-api
ghidra/current-data
ghidra/current-function
ghidra/current-highlight
ghidra/current-instruction
ghidra/current-location
ghidra/current-program
ghidra/current-selection

ghidra/current-api is provided as the instance of FlatProgramAPI created with currentProgram, as with the other interpreters. The automatic import of Ghidra classes is also done in the ghidra namespace.

And, as with Ruby, a ghidra/script binding is available within scripts that provides access to the underlying ClojureScript instance. Unlike Ruby however, this variable does not allow access to protected fields or private methods. These are instead injected into the ghidra namespace as well. For example, to access the TaskMonitor for a script, you can simply reference ghidra/monitor to do things like update the progress. The Clojure Ghidra Basics script has an example of this type of access. Those familiar with the Python scripting interface may recognize this paradigm, as it is the same there.

JShell Usage

The JShell plugin provides an interactive Java interpreter by JShell, a Java REPL included in Java. It provides the same built in variables that are available in Java scripts:

currentAddress
currentAPI
currentData
currentFunction
currentHighlight
currentInstruction
currentLocation
currentProgram
currentSelection

This interpreter is especially handy when writing Java scripts, as it allows you to iteratively test snippets of code from the script without needing to do any sort of conversion to other languages like Python or Kotlin.

Contributing

Right now, the easiest way to contribute is to post any suggestions or try it out and open an issue if you have any problems. Head over to the issue list to join the discussion!

If you're feeling adventurous, you can add an example script in your language of choice. This could be an equivalent to one of the scripts that come packaged with Ghidra, or it could be all new! Just be sure you add a test for it in the Github Action workflow so that it isn't broken later on. Check out the ghidra_scripts folder to see what's there now, and perhaps draw some inspiration on what you could add.

Or, if all of that is a bit much, just give us a shoutout at #GhidraRubyDragon on Twitter with your thoughts!

ruby-dragon's People

Contributors

Stargazers

Watchers

Forkers

byteit101 feeflyonscards ugoaquino84 rolandowoodi792 esmilar melijaskila citawamurni darthtimothy14 cesarpena1012

ruby-dragon's Issues

Excessive jshell imports

Importing all the class names when you are creating the jshell instance (~2600 classes) causes some severe lag when executing even simple REPL statements (eg. "int i = 0;")

The REPL isn't even responsive for almost a minute after starting up because its processing the evals for currentAddress, etc, which each take several seconds. The async nature of the console make it confusing because your input is accepted, but nothing happens.

Maybe just import a few hand-picked packages?

groovy version of SetEquate script

Ghidra comes with a number of scripts included which serve as both examples of the sorts of things that can be done with scripts as well as perform some useful tasks. Ruby Dragon includes examples itself to show how things written in Java/Python can be done in the languages that it adds to Ghidra. More of these example scripts will provide a greater base of examples for users to refer to when writing a script in their language of choice.

Implement a Groovy version of the SetEquateScript included with Ghidra. This should go in the ghidra_scripts folder, along with the other examples, and be put in the category Examples.Groovy. The existing Groovy scripts will give you some examples of the basics of using Groovy within Ghidra.

Of course, please ask any questions you have here if you get stuck!

kotlin version of SetEquate script

Implement a Kotlin version of the SetEquateScript included with Ghidra. This should go in the ghidra_scripts folder, along with the other examples, and be put in the category Examples.Kotlin. The existing Kotlin scripts will give you some examples of the basics of using Kotlin within Ghidra.

Of course, please ask any questions you have here if you get stuck!

add a terminal emulator for interactive interpreters

An effort to integrate Jediterm into Ruby Dragon as a full terminal interpreter for interactive sessions has been started, but has been put into the backlog due to some issues arising that don't seem to have clear solutions.

Ghidra 11.1 added a terminal emulator of its own, and the ghidra-terminal branch has the attempt to get this working with JRuby's IRB, which has run into the same problems as the Jediterm effort. This seems to come down to a translation of control characters not happening, so that things like backspaces and carriage returns are not respected, at least on Windows.

Anyone wishing to pick up this work is more than welcome to - it currently lives in the term branch of the project.

The Jediterm implementation allows users to switch to the terminal emulator by allowing users to enable a plugin that implements the existing InterpreterPanelService interface used by Ghidra's built in interpreter window. The Ghidra terminal implementation simply replaces the interpreters with the terminal window. Both currently have a number off problems that prevent them from being ready for release (particularly on Windows), including:

Backspaces and other control characters work inconsistently
Some characters are not passed to the session. For example, letters bound to a Ghidra action are not passed to Groovy if they are the first in the line, but are otherwise.
Some newline vs. crlf issues (see above screenshot)

Any help making progress towards these problems is welcome, even if it is only advice on how to overcome them. My focus is currently on other features of this project as well as other projects I maintain, but that doesn't mean I've abandoned this particular feature.

clojure version of SetEquate script

Implement a Clojure version of the SetEquateScript included with Ghidra. This should go in the ghidra_scripts folder, along with the other examples, and be put in the category Examples.Clojure. The existing Clojure scripts will give you some examples of how to use Clojure within Ghidra.

Of course, please ask any questions you have here if you get stuck!

interactive Ruby interpreter broken in Ghidra 10.0.3

The v1.0.0 build of the plugin in Ghidra 10.0.3 may not be able to open an interactive Ruby interpreter, instead throwing a class not found exception.

NameError: cannot load Java class org.jruby.ext.readline.Readline
      load_ext at org/jruby/ext/jruby/JRubyUtilLibrary.java:201
        <main> at uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/readline.rb:9
       require at org/jruby/RubyKernel.java:974
       require at uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/rubygems/core_ext/kernel_require.rb:83
  <module:IRB> at uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/irb/input-method.rb:130
        <main> at uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/irb/input-method.rb:15
       require at org/jruby/RubyKernel.java:974
       require at uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/rubygems/core_ext/kernel_require.rb:83
        <main> at uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/irb.rb:19
       require at org/jruby/RubyKernel.java:974
       require at uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/rubygems/core_ext/kernel_require.rb:83
        <main> at <script>:1

There are two possible workarounds for this. First, the issue does not seem to occur in JDK 11 (it has been confirmed in JDK 16). Alternatively, if changing Java versions is not an option, replacing the support/launch.properties file in the Ghidra 10.0.3 installation folder with the version from 10.0.2 also seems to resolve the issue.

An issue will be created with the Ghidra project along with a proposed patch within the next 72 hours.

access javadoc from jshell

JShell is capable of handling documentation for items in its SourceCodeAnalysis class, and the Python interpreter provides access to Javadocs using the script using the ghidradoc.py script. By combining these techniques, it should be possible to make documentation for classes and methods more easily accessible directly from the interpreter.

ruby version of SetEquate script

Implement a Ruby version of the SetEquateScript included with Ghidra. This should go in the ghidra_scripts folder, along with the other examples, and be put in the category Examples.Ruby. The existing Ruby scripts will give you some examples of the basics of JRuby and using it within Ghidra.

Of course, please ask any questions you have here if you get stuck!

jruby 9.4 broken due to IRB failure

JRuby can't be updated to 9.4.0.0 until the issues with reline are resolved. See ruby/reline#476 and ruby/reline#477 for more context on the exact issue.

synchronize class and struct names

Investigate the possibility of creating a plugin within Ruby Dragon that monitors for class and/or struct name changes, and if one is detected that corresponds to the other, offers to immediately change the second as well.

See NationalSecurityAgency/ghidra#3571 for context behind this enhancement.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.