mitsupi 1.0.0

package/skills/ghidra/scripts/ghidra_scripts/ExportAll.java

@@ -0,0 +1,278 @@
+/* ###
+ * Export comprehensive analysis: decompiled code, functions, strings, calls, and symbols
+ * @category Export
+ */
+
+import ghidra.app.decompiler.DecompInterface;
+import ghidra.app.decompiler.DecompileOptions;
+import ghidra.app.decompiler.DecompileResults;
+import ghidra.app.script.GhidraScript;
+import ghidra.program.model.data.DataType;
+import ghidra.program.model.listing.*;
+import ghidra.program.model.symbol.*;
+
+import java.io.File;
+import java.io.FileWriter;
+import java.io.PrintWriter;
+import java.util.*;
+
+public class ExportAll extends GhidraScript {
+
+    private String outputDir;
+    private String programName;
+
+    @Override
+    public void run() throws Exception {
+        outputDir = System.getenv("GHIDRA_OUTPUT_DIR");
+        if (outputDir == null || outputDir.isEmpty()) {
+            outputDir = ".";
+        }
+
+        programName = currentProgram.getName().replaceAll("[^a-zA-Z0-9._-]", "_");
+
+        println("=== Starting comprehensive export ===");
+        println("Output directory: " + outputDir);
+        println("Program: " + currentProgram.getName());
+        println("Architecture: " + currentProgram.getLanguage().getProcessor());
+        println("");
+
+        // Export summary first
+        exportSummary();
+
+        // Export decompiled code
+        exportDecompiled();
+
+        // Export functions
+        exportFunctions();
+
+        // Export strings
+        exportStrings();
+
+        // Export interesting patterns
+        exportInteresting();
+
+        println("");
+        println("=== Export complete ===");
+    }
+
+    private void exportSummary() throws Exception {
+        File outputFile = new File(outputDir, programName + "_summary.txt");
+        println("Exporting summary to: " + outputFile.getName());
+
+        try (PrintWriter writer = new PrintWriter(new FileWriter(outputFile))) {
+            writer.println("Binary Analysis Summary");
+            writer.println("=======================");
+            writer.println("");
+            writer.println("File: " + currentProgram.getName());
+            writer.println("Architecture: " + currentProgram.getLanguage().getProcessor());
+            writer.println("Address Size: " + currentProgram.getLanguage().getLanguageDescription().getSize() + " bit");
+            writer.println("Endianness: " + currentProgram.getLanguage().isBigEndian() + " (big endian)");
+            writer.println("Compiler: " + currentProgram.getCompilerSpec().getCompilerSpecID());
+            writer.println("");
+
+            // Count functions
+            int totalFuncs = 0, externalFuncs = 0, thunkFuncs = 0;
+            FunctionIterator funcs = currentProgram.getFunctionManager().getFunctions(true);
+            while (funcs.hasNext()) {
+                Function f = funcs.next();
+                totalFuncs++;
+                if (f.isExternal()) externalFuncs++;
+                if (f.isThunk()) thunkFuncs++;
+            }
+
+            writer.println("Functions:");
+            writer.println("  Total: " + totalFuncs);
+            writer.println("  External: " + externalFuncs);
+            writer.println("  Thunks: " + thunkFuncs);
+            writer.println("  User-defined: " + (totalFuncs - externalFuncs - thunkFuncs));
+            writer.println("");
+
+            // Memory sections
+            writer.println("Memory Sections:");
+            for (var block : currentProgram.getMemory().getBlocks()) {
+                writer.println("  " + block.getName() + ": " + block.getStart() + " - " + block.getEnd() +
+                    " (" + block.getSize() + " bytes)" +
+                    (block.isExecute() ? " [X]" : "") +
+                    (block.isWrite() ? " [W]" : "") +
+                    (block.isRead() ? " [R]" : ""));
+            }
+        }
+    }
+
+    private void exportDecompiled() throws Exception {
+        File outputFile = new File(outputDir, programName + "_decompiled.c");
+        println("Exporting decompiled code to: " + outputFile.getName());
+
+        DecompInterface decompiler = new DecompInterface();
+        DecompileOptions options = new DecompileOptions();
+        decompiler.setOptions(options);
+
+        if (!decompiler.openProgram(currentProgram)) {
+            printerr("Failed to initialize decompiler");
+            return;
+        }
+
+        try (PrintWriter writer = new PrintWriter(new FileWriter(outputFile))) {
+            writer.println("/* Decompiled from: " + currentProgram.getName() + " */");
+            writer.println("");
+
+            FunctionIterator functions = currentProgram.getFunctionManager().getFunctions(true);
+            int count = 0;
+
+            while (functions.hasNext() && !monitor.isCancelled()) {
+                Function func = functions.next();
+                if (func.isExternal() || func.isThunk()) continue;
+
+                DecompileResults results = decompiler.decompileFunction(func, 30, monitor);
+                if (results.decompileCompleted()) {
+                    writer.println("/* " + func.getName() + " @ " + func.getEntryPoint() + " */");
+                    writer.println(results.getDecompiledFunction().getC());
+                    writer.println("");
+                    count++;
+                }
+            }
+            println("  Decompiled " + count + " functions");
+        } finally {
+            decompiler.dispose();
+        }
+    }
+
+    private void exportFunctions() throws Exception {
+        File outputFile = new File(outputDir, programName + "_functions.json");
+        println("Exporting functions to: " + outputFile.getName());
+
+        try (PrintWriter writer = new PrintWriter(new FileWriter(outputFile))) {
+            writer.println("[");
+
+            FunctionIterator functions = currentProgram.getFunctionManager().getFunctions(true);
+            boolean first = true;
+            int count = 0;
+
+            while (functions.hasNext() && !monitor.isCancelled()) {
+                Function func = functions.next();
+                if (!first) writer.println(",");
+                first = false;
+
+                writer.println("  {");
+                writer.println("    \"name\": \"" + escapeJson(func.getName()) + "\",");
+                writer.println("    \"address\": \"" + func.getEntryPoint() + "\",");
+                writer.println("    \"signature\": \"" + escapeJson(func.getPrototypeString(false, false)) + "\",");
+                writer.println("    \"external\": " + func.isExternal() + ",");
+
+                // Get calls
+                java.util.Set<Function> calls = func.getCalledFunctions(monitor);
+                writer.print("    \"calls\": [");
+                int callIdx = 0;
+                for (Function calledFunc : calls) {
+                    if (callIdx >= 20) break;
+                    if (callIdx > 0) writer.print(", ");
+                    writer.print("\"" + escapeJson(calledFunc.getName()) + "\"");
+                    callIdx++;
+                }
+                writer.println("]");
+                writer.print("  }");
+                count++;
+            }
+
+            writer.println();
+            writer.println("]");
+            println("  Exported " + count + " functions");
+        }
+    }
+
+    private void exportStrings() throws Exception {
+        File outputFile = new File(outputDir, programName + "_strings.txt");
+        println("Exporting strings to: " + outputFile.getName());
+
+        try (PrintWriter writer = new PrintWriter(new FileWriter(outputFile))) {
+            DataIterator dataIterator = currentProgram.getListing().getDefinedData(true);
+            int count = 0;
+
+            while (dataIterator.hasNext() && !monitor.isCancelled()) {
+                Data data = dataIterator.next();
+                DataType dt = data.getBaseDataType();
+                String typeName = dt.getName().toLowerCase();
+
+                if (typeName.contains("string") || typeName.contains("unicode")) {
+                    Object value = data.getValue();
+                    if (value instanceof String) {
+                        String str = (String) value;
+                        if (str.length() >= 4) {
+                            writer.println(data.getAddress() + ": " + str);
+                            count++;
+                        }
+                    }
+                }
+            }
+            println("  Exported " + count + " strings");
+        }
+    }
+
+    private void exportInteresting() throws Exception {
+        File outputFile = new File(outputDir, programName + "_interesting.txt");
+        println("Analyzing interesting patterns...");
+
+        // Interesting function name patterns
+        String[] interestingPatterns = {
+            "crypt", "encrypt", "decrypt", "aes", "des", "rsa", "md5", "sha",
+            "password", "passwd", "secret", "key", "token", "auth",
+            "socket", "connect", "send", "recv", "http", "url", "dns",
+            "file", "open", "read", "write", "exec", "system", "shell", "cmd",
+            "malloc", "free", "alloc", "memcpy", "strcpy", "sprintf",
+            "debug", "log", "print", "error", "fail"
+        };
+
+        try (PrintWriter writer = new PrintWriter(new FileWriter(outputFile))) {
+            writer.println("Interesting Functions and Patterns");
+            writer.println("===================================");
+            writer.println("");
+
+            // Find functions matching patterns
+            Map<String, List<String>> categorized = new LinkedHashMap<>();
+            for (String pattern : interestingPatterns) {
+                categorized.put(pattern, new ArrayList<>());
+            }
+
+            FunctionIterator functions = currentProgram.getFunctionManager().getFunctions(true);
+            while (functions.hasNext()) {
+                Function func = functions.next();
+                String name = func.getName().toLowerCase();
+                for (String pattern : interestingPatterns) {
+                    if (name.contains(pattern)) {
+                        categorized.get(pattern).add(func.getName() + " @ " + func.getEntryPoint());
+                    }
+                }
+            }
+
+            for (Map.Entry<String, List<String>> entry : categorized.entrySet()) {
+                if (!entry.getValue().isEmpty()) {
+                    writer.println("[" + entry.getKey().toUpperCase() + " related]");
+                    for (String func : entry.getValue()) {
+                        writer.println("  " + func);
+                    }
+                    writer.println("");
+                }
+            }
+
+            // Find potential vulnerabilities (dangerous function calls)
+            writer.println("[POTENTIALLY DANGEROUS FUNCTIONS]");
+            String[] dangerous = {"strcpy", "sprintf", "gets", "scanf", "strcat", "system", "exec"};
+            for (String pattern : dangerous) {
+                SymbolIterator symbols = currentProgram.getSymbolTable().getSymbols(pattern);
+                while (symbols.hasNext()) {
+                    Symbol sym = symbols.next();
+                    writer.println("  " + sym.getName() + " @ " + sym.getAddress());
+                }
+            }
+        }
+    }
+
+    private String escapeJson(String s) {
+        if (s == null) return "";
+        return s.replace("\\", "\\\\")
+                .replace("\"", "\\\"")
+                .replace("\n", "\\n")
+                .replace("\r", "\\r")
+                .replace("\t", "\\t");
+    }
+}

package/skills/ghidra/scripts/ghidra_scripts/ExportCalls.java

@@ -0,0 +1,148 @@
+/* ###
+ * Export function call graph
+ * @category Export
+ */
+
+import ghidra.app.script.GhidraScript;
+import ghidra.program.model.listing.Function;
+import ghidra.program.model.listing.FunctionIterator;
+import ghidra.program.model.symbol.Reference;
+import ghidra.program.model.symbol.ReferenceIterator;
+
+import java.io.File;
+import java.io.FileWriter;
+import java.io.PrintWriter;
+import java.util.*;
+
+public class ExportCalls extends GhidraScript {
+
+    @Override
+    public void run() throws Exception {
+        String outputDir = System.getenv("GHIDRA_OUTPUT_DIR");
+        if (outputDir == null || outputDir.isEmpty()) {
+            outputDir = ".";
+        }
+
+        String programName = currentProgram.getName().replaceAll("[^a-zA-Z0-9._-]", "_");
+        File outputFile = new File(outputDir, programName + "_calls.json");
+
+        println("Exporting call graph to: " + outputFile.getAbsolutePath());
+
+        // Build call graph
+        Map<String, Set<String>> callGraph = new LinkedHashMap<>();
+        Map<String, String> functionAddresses = new LinkedHashMap<>();
+
+        FunctionIterator functions = currentProgram.getFunctionManager().getFunctions(true);
+
+        while (functions.hasNext() && !monitor.isCancelled()) {
+            Function func = functions.next();
+            String funcName = func.getName();
+            functionAddresses.put(funcName, func.getEntryPoint().toString());
+
+            Set<String> calls = new TreeSet<>();
+            Set<Function> calledFunctions = func.getCalledFunctions(monitor);
+
+            for (Function called : calledFunctions) {
+                calls.add(called.getName());
+            }
+
+            callGraph.put(funcName, calls);
+        }
+
+        // Write output
+        try (PrintWriter writer = new PrintWriter(new FileWriter(outputFile))) {
+            writer.println("{");
+            writer.println("  \"program\": \"" + escapeJson(currentProgram.getName()) + "\",");
+            writer.println("  \"totalFunctions\": " + callGraph.size() + ",");
+            writer.println("  \"callGraph\": {");
+
+            boolean firstFunc = true;
+            for (Map.Entry<String, Set<String>> entry : callGraph.entrySet()) {
+                if (!firstFunc) {
+                    writer.println(",");
+                }
+                firstFunc = false;
+
+                String funcName = entry.getKey();
+                Set<String> calls = entry.getValue();
+
+                writer.print("    \"" + escapeJson(funcName) + "\": {");
+                writer.print("\"address\": \"" + functionAddresses.get(funcName) + "\", ");
+                writer.print("\"calls\": [");
+
+                boolean firstCall = true;
+                for (String call : calls) {
+                    if (!firstCall) {
+                        writer.print(", ");
+                    }
+                    firstCall = false;
+                    writer.print("\"" + escapeJson(call) + "\"");
+                }
+
+                writer.print("]}");
+            }
+
+            writer.println();
+            writer.println("  },");
+
+            // Also export interesting functions (potential entry points, etc.)
+            writer.println("  \"interestingFunctions\": {");
+
+            // Find functions with no callers (potential entry points)
+            Set<String> noCaller = new TreeSet<>();
+            Set<String> allCalled = new TreeSet<>();
+            for (Set<String> calls : callGraph.values()) {
+                allCalled.addAll(calls);
+            }
+            for (String func : callGraph.keySet()) {
+                if (!allCalled.contains(func)) {
+                    noCaller.add(func);
+                }
+            }
+
+            writer.print("    \"potentialEntryPoints\": [");
+            boolean first = true;
+            for (String func : noCaller) {
+                if (!first) writer.print(", ");
+                first = false;
+                writer.print("\"" + escapeJson(func) + "\"");
+            }
+            writer.println("],");
+
+            // Find functions with many callers (commonly used)
+            Map<String, Integer> callerCount = new HashMap<>();
+            for (Set<String> calls : callGraph.values()) {
+                for (String call : calls) {
+                    callerCount.merge(call, 1, Integer::sum);
+                }
+            }
+
+            List<Map.Entry<String, Integer>> sorted = new ArrayList<>(callerCount.entrySet());
+            sorted.sort((a, b) -> b.getValue().compareTo(a.getValue()));
+
+            writer.print("    \"mostCalled\": [");
+            first = true;
+            for (int i = 0; i < Math.min(20, sorted.size()); i++) {
+                if (!first) writer.print(", ");
+                first = false;
+                Map.Entry<String, Integer> e = sorted.get(i);
+                writer.print("{\"name\": \"" + escapeJson(e.getKey()) + "\", \"count\": " + e.getValue() + "}");
+            }
+            writer.println("]");
+
+            writer.println("  }");
+            writer.println("}");
+
+            println("Exported call graph with " + callGraph.size() + " functions");
+        }
+    }
+
+    private String escapeJson(String s) {
+        if (s == null) return "";
+        return s.replace("\\", "\\\\")
+                .replace("\"", "\\\"")
+                .replace("\n", "\\n")
+                .replace("\r", "\\r")
+                .replace("\t", "\\t");
+    }
+}

package/skills/ghidra/scripts/ghidra_scripts/ExportDecompiled.java

@@ -0,0 +1,84 @@
+/* ###
+ * Export decompiled C code for all functions
+ * @category Export
+ */
+
+import ghidra.app.decompiler.DecompInterface;
+import ghidra.app.decompiler.DecompileOptions;
+import ghidra.app.decompiler.DecompileResults;
+import ghidra.app.script.GhidraScript;
+import ghidra.program.model.listing.Function;
+import ghidra.program.model.listing.FunctionIterator;
+
+import java.io.File;
+import java.io.FileWriter;
+import java.io.PrintWriter;
+
+public class ExportDecompiled extends GhidraScript {
+
+    @Override
+    public void run() throws Exception {
+        String outputDir = System.getenv("GHIDRA_OUTPUT_DIR");
+        if (outputDir == null || outputDir.isEmpty()) {
+            outputDir = ".";
+        }
+
+        String programName = currentProgram.getName().replaceAll("[^a-zA-Z0-9._-]", "_");
+        File outputFile = new File(outputDir, programName + "_decompiled.c");
+
+        println("Decompiling all functions to: " + outputFile.getAbsolutePath());
+
+        DecompInterface decompiler = new DecompInterface();
+        DecompileOptions options = new DecompileOptions();
+        decompiler.setOptions(options);
+
+        if (!decompiler.openProgram(currentProgram)) {
+            printerr("Failed to initialize decompiler: " + decompiler.getLastMessage());
+            return;
+        }
+
+        try (PrintWriter writer = new PrintWriter(new FileWriter(outputFile))) {
+            // Write header
+            writer.println("/*");
+            writer.println(" * Decompiled from: " + currentProgram.getName());
+            writer.println(" * Architecture: " + currentProgram.getLanguage().getProcessor());
+            writer.println(" * Compiler: " + currentProgram.getCompilerSpec().getCompilerSpecID());
+            writer.println(" */");
+            writer.println();
+
+            FunctionIterator functions = currentProgram.getFunctionManager().getFunctions(true);
+            int count = 0;
+            int failed = 0;
+
+            while (functions.hasNext() && !monitor.isCancelled()) {
+                Function func = functions.next();
+
+                // Skip external/thunk functions
+                if (func.isExternal() || func.isThunk()) {
+                    continue;
+                }
+
+                monitor.setMessage("Decompiling: " + func.getName());
+
+                DecompileResults results = decompiler.decompileFunction(func, 30, monitor);
+
+                if (results.decompileCompleted()) {
+                    String decompiledCode = results.getDecompiledFunction().getC();
+                    writer.println("/* Function: " + func.getName() + " @ " + func.getEntryPoint() + " */");
+                    writer.println(decompiledCode);
+                    writer.println();
+                    count++;
+                } else {
+                    writer.println("/* FAILED TO DECOMPILE: " + func.getName() + " @ " + func.getEntryPoint() + " */");
+                    writer.println("/* Error: " + results.getErrorMessage() + " */");
+                    writer.println();
+                    failed++;
+                }
+            }
+
+            println("Decompiled " + count + " functions (" + failed + " failed)");
+        } finally {
+            decompiler.dispose();
+        }
+    }
+}

package/skills/ghidra/scripts/ghidra_scripts/ExportFunctions.java

@@ -0,0 +1,114 @@
+/* ###
+ * Export function list with addresses, signatures, and metadata as JSON
+ * @category Export
+ */
+
+import ghidra.app.script.GhidraScript;
+import ghidra.program.model.listing.Function;
+import ghidra.program.model.listing.FunctionIterator;
+import ghidra.program.model.listing.Parameter;
+import ghidra.program.model.symbol.SourceType;
+
+import java.io.File;
+import java.io.FileWriter;
+import java.io.PrintWriter;
+
+public class ExportFunctions extends GhidraScript {
+
+    @Override
+    public void run() throws Exception {
+        String outputDir = System.getenv("GHIDRA_OUTPUT_DIR");
+        if (outputDir == null || outputDir.isEmpty()) {
+            outputDir = ".";
+        }
+
+        String programName = currentProgram.getName().replaceAll("[^a-zA-Z0-9._-]", "_");
+        File outputFile = new File(outputDir, programName + "_functions.json");
+
+        println("Exporting functions to: " + outputFile.getAbsolutePath());
+
+        try (PrintWriter writer = new PrintWriter(new FileWriter(outputFile))) {
+            writer.println("{");
+            writer.println("  \"program\": \"" + escapeJson(currentProgram.getName()) + "\",");
+            writer.println("  \"architecture\": \"" + currentProgram.getLanguage().getProcessor() + "\",");
+            writer.println("  \"functions\": [");
+
+            FunctionIterator functions = currentProgram.getFunctionManager().getFunctions(true);
+            boolean first = true;
+            int count = 0;
+
+            while (functions.hasNext() && !monitor.isCancelled()) {
+                Function func = functions.next();
+
+                if (!first) {
+                    writer.println(",");
+                }
+                first = false;
+
+                writer.println("    {");
+                writer.println("      \"name\": \"" + escapeJson(func.getName()) + "\",");
+                writer.println("      \"address\": \"" + func.getEntryPoint() + "\",");
+                writer.println("      \"size\": " + func.getBody().getNumAddresses() + ",");
+                writer.println("      \"signature\": \"" + escapeJson(func.getPrototypeString(false, false)) + "\",");
+                writer.println("      \"returnType\": \"" + escapeJson(func.getReturnType().getDisplayName()) + "\",");
+                writer.println("      \"callingConvention\": \"" + escapeJson(func.getCallingConventionName()) + "\",");
+                writer.println("      \"isExternal\": " + func.isExternal() + ",");
+                writer.println("      \"isThunk\": " + func.isThunk() + ",");
+                writer.println("      \"hasVarArgs\": " + func.hasVarArgs() + ",");
+                writer.println("      \"sourceType\": \"" + func.getSymbol().getSource() + "\",");
+
+                // Parameters
+                writer.print("      \"parameters\": [");
+                Parameter[] params = func.getParameters();
+                for (int i = 0; i < params.length; i++) {
+                    if (i > 0) writer.print(", ");
+                    writer.print("{\"name\": \"" + escapeJson(params[i].getName()) + "\", ");
+                    writer.print("\"type\": \"" + escapeJson(params[i].getDataType().getDisplayName()) + "\"}");
+                }
+                writer.println("],");
+
+                // Called functions
+                writer.print("      \"calls\": [");
+                java.util.Set<Function> called = func.getCalledFunctions(monitor);
+                int callIdx = 0;
+                for (Function calledFunc : called) {
+                    if (callIdx >= 50) break;  // Limit to 50 calls
+                    if (callIdx > 0) writer.print(", ");
+                    writer.print("\"" + escapeJson(calledFunc.getName()) + "\"");
+                    callIdx++;
+                }
+                writer.println("],");
+
+                // Calling functions
+                writer.print("      \"calledBy\": [");
+                java.util.Set<Function> callers = func.getCallingFunctions(monitor);
+                int callerIdx = 0;
+                for (Function caller : callers) {
+                    if (callerIdx >= 50) break;  // Limit to 50 callers
+                    if (callerIdx > 0) writer.print(", ");
+                    writer.print("\"" + escapeJson(caller.getName()) + "\"");
+                    callerIdx++;
+                }
+                writer.println("]");
+
+                writer.print("    }");
+                count++;
+            }
+
+            writer.println();
+            writer.println("  ]");
+            writer.println("}");
+
+            println("Exported " + count + " functions");
+        }
+    }
+
+    private String escapeJson(String s) {
+        if (s == null) return "";
+        return s.replace("\\", "\\\\")
+                .replace("\"", "\\\"")
+                .replace("\n", "\\n")
+                .replace("\r", "\\r")
+                .replace("\t", "\\t");
+    }
+}