windows-exe-decompiler-mcp-server 0.1.0

package/ghidra_scripts/DecompileFunction.java

@@ -0,0 +1,487 @@
+// DecompileFunction.java - Java fallback for function decompilation
+// @category Analysis
+// @description Decompiles a specific function and returns pseudocode, callers, callees, and xrefs
+
+import ghidra.app.decompiler.DecompInterface;
+import ghidra.app.decompiler.DecompileOptions;
+import ghidra.app.decompiler.DecompileResults;
+import ghidra.app.script.GhidraScript;
+import ghidra.program.model.address.Address;
+import ghidra.program.model.address.AddressIterator;
+import ghidra.program.model.listing.Function;
+import ghidra.program.model.listing.FunctionIterator;
+import ghidra.program.model.listing.FunctionManager;
+import ghidra.program.model.listing.Instruction;
+import ghidra.program.model.symbol.Reference;
+import ghidra.program.model.symbol.ReferenceIterator;
+import ghidra.program.model.symbol.Symbol;
+import ghidra.program.model.symbol.SymbolIterator;
+import ghidra.program.model.symbol.SymbolType;
+import ghidra.util.task.ConsoleTaskMonitor;
+
+import java.util.LinkedHashMap;
+import java.util.LinkedHashSet;
+import java.util.Map;
+import java.util.Set;
+
+public class DecompileFunction extends GhidraScript {
+
+    private static class ResolvedTarget {
+        Function function;
+        String address;
+        String name;
+        String resolvedBy;
+        boolean exact;
+    }
+
+    private static class RelationshipAccumulator {
+        String address;
+        String name;
+        String resolvedBy;
+        boolean exact;
+        Set<String> relationTypes = new LinkedHashSet<>();
+        Set<String> referenceTypes = new LinkedHashSet<>();
+        Set<String> referenceAddresses = new LinkedHashSet<>();
+        Set<String> targetAddresses = new LinkedHashSet<>();
+    }
+
+    private String escapeJson(String value) {
+        if (value == null) {
+            return "";
+        }
+        StringBuilder out = new StringBuilder(value.length() + 16);
+        for (int i = 0; i < value.length(); i++) {
+            char c = value.charAt(i);
+            switch (c) {
+                case '"':
+                    out.append("\\\"");
+                    break;
+                case '\\':
+                    out.append("\\\\");
+                    break;
+                case '\b':
+                    out.append("\\b");
+                    break;
+                case '\f':
+                    out.append("\\f");
+                    break;
+                case '\n':
+                    out.append("\\n");
+                    break;
+                case '\r':
+                    out.append("\\r");
+                    break;
+                case '\t':
+                    out.append("\\t");
+                    break;
+                default:
+                    if (c < 0x20) {
+                        out.append(String.format("\\u%04x", (int) c));
+                    } else {
+                        out.append(c);
+                    }
+            }
+        }
+        return out.toString();
+    }
+
+    private Function resolveFunction(String addressOrSymbol) {
+        FunctionManager manager = currentProgram.getFunctionManager();
+        try {
+            Address address = currentProgram.getAddressFactory().getAddress(addressOrSymbol);
+            Function byAddress = manager.getFunctionAt(address);
+            if (byAddress != null) {
+                return byAddress;
+            }
+            Function byContaining = manager.getFunctionContaining(address);
+            if (byContaining != null) {
+                return byContaining;
+            }
+        } catch (Exception ignored) {
+        }
+
+        SymbolIterator iterator = currentProgram.getSymbolTable().getSymbols(addressOrSymbol);
+        while (iterator.hasNext()) {
+            Symbol symbol = iterator.next();
+            if (symbol.getSymbolType() != SymbolType.FUNCTION) {
+                continue;
+            }
+            Function bySymbol = manager.getFunctionAt(symbol.getAddress());
+            if (bySymbol != null) {
+                return bySymbol;
+            }
+            Function byContaining = manager.getFunctionContaining(symbol.getAddress());
+            if (byContaining != null) {
+                return byContaining;
+            }
+        }
+
+        FunctionIterator functions = manager.getFunctions(true);
+        while (functions.hasNext()) {
+            Function function = functions.next();
+            if (addressOrSymbol.equals(function.getName())) {
+                return function;
+            }
+        }
+
+        return null;
+    }
+
+    private void appendNamedAddressList(StringBuilder sb, Map<String, String> entries) {
+        sb.append('[');
+        boolean first = true;
+        for (Map.Entry<String, String> entry : entries.entrySet()) {
+            if (!first) {
+                sb.append(',');
+            }
+            first = false;
+            sb.append("{\"address\":\"")
+                .append(escapeJson(entry.getKey()))
+                .append("\",\"name\":\"")
+                .append(escapeJson(entry.getValue()))
+                .append("\"}");
+        }
+        sb.append(']');
+    }
+
+    private void appendStringArray(StringBuilder sb, Set<String> values) {
+        sb.append('[');
+        boolean first = true;
+        for (String value : values) {
+            if (!first) {
+                sb.append(',');
+            }
+            first = false;
+            sb.append('"').append(escapeJson(value)).append('"');
+        }
+        sb.append(']');
+    }
+
+    private void appendRelationshipList(StringBuilder sb, Map<String, RelationshipAccumulator> relationships) {
+        sb.append('[');
+        boolean first = true;
+        for (RelationshipAccumulator relationship : relationships.values()) {
+            if (!first) {
+                sb.append(',');
+            }
+            first = false;
+            sb.append('{');
+            sb.append("\"address\":\"").append(escapeJson(relationship.address)).append("\",");
+            sb.append("\"name\":\"").append(escapeJson(relationship.name)).append("\",");
+            sb.append("\"relation_types\":");
+            appendStringArray(sb, relationship.relationTypes);
+            sb.append(",\"reference_types\":");
+            appendStringArray(sb, relationship.referenceTypes);
+            sb.append(",\"reference_addresses\":");
+            appendStringArray(sb, relationship.referenceAddresses);
+            sb.append(",\"target_addresses\":");
+            appendStringArray(sb, relationship.targetAddresses);
+            sb.append(",\"resolved_by\":\"").append(escapeJson(relationship.resolvedBy)).append("\",");
+            sb.append("\"is_exact\":").append(relationship.exact);
+            sb.append('}');
+        }
+        sb.append(']');
+    }
+
+    private String makeRelationKey(String address, String name) {
+        return address + "|" + name;
+    }
+
+    private void addRelationship(
+        Map<String, RelationshipAccumulator> relationships,
+        String relationKey,
+        String address,
+        String name,
+        String relationType,
+        String referenceType,
+        String referenceAddress,
+        String targetAddress,
+        String resolvedBy,
+        boolean exact
+    ) {
+        RelationshipAccumulator relationship = relationships.get(relationKey);
+        if (relationship == null) {
+            relationship = new RelationshipAccumulator();
+            relationship.address = address;
+            relationship.name = name;
+            relationship.resolvedBy = resolvedBy;
+            relationship.exact = exact;
+            relationships.put(relationKey, relationship);
+        }
+
+        relationship.relationTypes.add(relationType);
+        relationship.referenceTypes.add(referenceType == null ? "unknown" : referenceType);
+        relationship.referenceAddresses.add(referenceAddress);
+        relationship.targetAddresses.add(targetAddress);
+
+        if (!relationship.exact && exact) {
+            relationship.exact = true;
+        }
+        if (!"function_at".equals(relationship.resolvedBy) && "function_at".equals(resolvedBy)) {
+            relationship.resolvedBy = resolvedBy;
+        } else if ("primary_symbol".equals(relationship.resolvedBy)
+            && !"primary_symbol".equals(resolvedBy)) {
+            relationship.resolvedBy = resolvedBy;
+        }
+    }
+
+    private Map<String, String> toNamedAddressMap(Map<String, RelationshipAccumulator> relationships) {
+        Map<String, String> entries = new LinkedHashMap<>();
+        for (RelationshipAccumulator relationship : relationships.values()) {
+            entries.put(relationship.address, relationship.name);
+        }
+        return entries;
+    }
+
+    private ResolvedTarget resolveCallableTarget(FunctionManager manager, Address address) {
+        ResolvedTarget target = new ResolvedTarget();
+
+        Function function = manager.getFunctionAt(address);
+        if (function != null) {
+            target.function = function;
+            target.address = function.getEntryPoint().toString();
+            target.name = function.getName();
+            target.resolvedBy = "function_at";
+            target.exact = address.equals(function.getEntryPoint());
+            return target;
+        }
+
+        function = manager.getFunctionContaining(address);
+        if (function != null) {
+            target.function = function;
+            target.address = function.getEntryPoint().toString();
+            target.name = function.getName();
+            target.resolvedBy = "function_containing";
+            target.exact = address.equals(function.getEntryPoint());
+            return target;
+        }
+
+        Symbol symbol = currentProgram.getSymbolTable().getPrimarySymbol(address);
+        if (symbol != null) {
+            target.function = null;
+            target.address = symbol.getAddress().toString();
+            target.name = symbol.getName();
+            target.resolvedBy = "primary_symbol";
+            target.exact = address.equals(symbol.getAddress());
+            return target;
+        }
+
+        return null;
+    }
+
+    private boolean isTailJumpHint(Function sourceFunction, Address fromAddress) {
+        Instruction instruction = currentProgram.getListing().getInstructionContaining(fromAddress);
+        if (instruction == null || !instruction.getFlowType().isJump() || instruction.getFlowType().isConditional()) {
+            return false;
+        }
+
+        Instruction next = instruction.getNext();
+        return next == null || !sourceFunction.getBody().contains(next.getAddress());
+    }
+
+    private String classifyRelationType(Function sourceFunction, ResolvedTarget target, Reference ref) {
+        if (ref == null || ref.getReferenceType() == null || target == null) {
+            return null;
+        }
+
+        if (ref.getReferenceType().isCall()) {
+            return target.exact ? "direct_call" : "direct_call_body";
+        }
+
+        boolean sameFunction = target.function != null
+            && sourceFunction.getEntryPoint().equals(target.function.getEntryPoint());
+        if (sameFunction) {
+            return null;
+        }
+
+        if (ref.getReferenceType().isJump()) {
+            return isTailJumpHint(sourceFunction, ref.getFromAddress())
+                ? "tail_jump_hint"
+                : "body_reference_hint";
+        }
+
+        Instruction instruction = currentProgram.getListing().getInstructionContaining(ref.getFromAddress());
+        if (instruction != null) {
+            return "body_reference_hint";
+        }
+
+        return null;
+    }
+
+    private Map<String, RelationshipAccumulator> collectCallerRelationships(Function function) {
+        Map<String, RelationshipAccumulator> callers = new LinkedHashMap<>();
+        FunctionManager manager = currentProgram.getFunctionManager();
+        AddressIterator addresses = function.getBody().getAddresses(true);
+        while (addresses.hasNext()) {
+            Address targetAddress = addresses.next();
+            ReferenceIterator refsTo = currentProgram.getReferenceManager().getReferencesTo(targetAddress);
+            while (refsTo.hasNext()) {
+                Reference ref = refsTo.next();
+                Function caller = manager.getFunctionContaining(ref.getFromAddress());
+                if (caller == null) {
+                    continue;
+                }
+
+                ResolvedTarget target = new ResolvedTarget();
+                target.function = function;
+                target.address = function.getEntryPoint().toString();
+                target.name = function.getName();
+                target.resolvedBy = targetAddress.equals(function.getEntryPoint())
+                    ? "function_at"
+                    : "function_containing";
+                target.exact = targetAddress.equals(function.getEntryPoint());
+
+                String relationType = classifyRelationType(caller, target, ref);
+                if (relationType == null) {
+                    continue;
+                }
+
+                addRelationship(
+                    callers,
+                    caller.getEntryPoint().toString(),
+                    caller.getEntryPoint().toString(),
+                    caller.getName(),
+                    relationType,
+                    ref.getReferenceType().getName(),
+                    ref.getFromAddress().toString(),
+                    targetAddress.toString(),
+                    target.resolvedBy,
+                    target.exact
+                );
+            }
+        }
+        return callers;
+    }
+
+    private Map<String, RelationshipAccumulator> collectCalleeRelationships(Function function) {
+        Map<String, RelationshipAccumulator> callees = new LinkedHashMap<>();
+        FunctionManager manager = currentProgram.getFunctionManager();
+        AddressIterator addresses = function.getBody().getAddresses(true);
+        while (addresses.hasNext()) {
+            Address fromAddress = addresses.next();
+            Reference[] refsFrom = currentProgram.getReferenceManager().getReferencesFrom(fromAddress);
+            for (Reference ref : refsFrom) {
+                ResolvedTarget target = resolveCallableTarget(manager, ref.getToAddress());
+                String relationType = classifyRelationType(function, target, ref);
+                if (target == null || relationType == null) {
+                    continue;
+                }
+                addRelationship(
+                    callees,
+                    makeRelationKey(target.address, target.name),
+                    target.address,
+                    target.name,
+                    relationType,
+                    ref.getReferenceType().getName(),
+                    fromAddress.toString(),
+                    ref.getToAddress().toString(),
+                    target.resolvedBy,
+                    target.exact
+                );
+            }
+        }
+        return callees;
+    }
+
+    private void appendXrefs(StringBuilder sb, Function function) {
+        sb.append('[');
+        boolean first = true;
+        FunctionManager manager = currentProgram.getFunctionManager();
+        ReferenceIterator refsTo = currentProgram.getReferenceManager().getReferencesTo(function.getEntryPoint());
+        while (refsTo.hasNext()) {
+            Reference ref = refsTo.next();
+            if (!first) {
+                sb.append(',');
+            }
+            first = false;
+            sb.append("{\"from_address\":\"")
+                .append(escapeJson(ref.getFromAddress().toString()))
+                .append("\",\"type\":\"")
+                .append(escapeJson(ref.getReferenceType().getName()))
+                .append("\",\"is_call\":")
+                .append(ref.getReferenceType().isCall())
+                .append(",\"is_data\":")
+                .append(ref.getReferenceType().isData());
+
+            Function fromFunction = manager.getFunctionContaining(ref.getFromAddress());
+            if (fromFunction != null) {
+                sb.append(",\"from_function\":\"")
+                    .append(escapeJson(fromFunction.getName()))
+                    .append("\"");
+            }
+            sb.append('}');
+        }
+        sb.append(']');
+    }
+
+    @Override
+    protected void run() throws Exception {
+        if (currentProgram == null) {
+            println("{\"error\":\"No program loaded\"}");
+            return;
+        }
+
+        String[] args = getScriptArgs();
+        if (args.length < 1) {
+            println("{\"error\":\"Usage: DecompileFunction.java <address|symbol> [include_xrefs]\"}");
+            return;
+        }
+
+        String addressOrSymbol = args[0];
+        boolean includeXrefs = args.length > 1 && "true".equalsIgnoreCase(args[1]);
+
+        Function function = resolveFunction(addressOrSymbol);
+        if (function == null) {
+            println("{\"error\":\"Function not found: " + escapeJson(addressOrSymbol) + "\"}");
+            return;
+        }
+
+        Map<String, RelationshipAccumulator> callerRelationships = collectCallerRelationships(function);
+        Map<String, RelationshipAccumulator> calleeRelationships = collectCalleeRelationships(function);
+        Map<String, String> callers = toNamedAddressMap(callerRelationships);
+        Map<String, String> callees = toNamedAddressMap(calleeRelationships);
+
+        DecompInterface decompiler = new DecompInterface();
+        DecompileOptions options = new DecompileOptions();
+        decompiler.setOptions(options);
+        decompiler.openProgram(currentProgram);
+
+        try {
+            DecompileResults result = decompiler.decompileFunction(function, 30, new ConsoleTaskMonitor());
+            if (result == null || !result.decompileCompleted()) {
+                String error = result == null ? "Decompilation failed" : result.getErrorMessage();
+                println("{\"error\":\"" + escapeJson(error) + "\"}");
+                return;
+            }
+
+            String pseudocode = "";
+            if (result.getDecompiledFunction() != null) {
+                pseudocode = result.getDecompiledFunction().getC();
+            }
+
+            StringBuilder sb = new StringBuilder(32768);
+            sb.append('{');
+            sb.append("\"function\":\"").append(escapeJson(function.getName())).append("\",");
+            sb.append("\"address\":\"").append(escapeJson(function.getEntryPoint().toString())).append("\",");
+            sb.append("\"pseudocode\":\"").append(escapeJson(pseudocode)).append("\",");
+            sb.append("\"callers\":");
+            appendNamedAddressList(sb, callers);
+            sb.append(",\"caller_relationships\":");
+            appendRelationshipList(sb, callerRelationships);
+            sb.append(",\"callees\":");
+            appendNamedAddressList(sb, callees);
+            sb.append(",\"callee_relationships\":");
+            appendRelationshipList(sb, calleeRelationships);
+
+            if (includeXrefs) {
+                sb.append(",\"xrefs\":");
+                appendXrefs(sb, function);
+            }
+
+            sb.append('}');
+            println(sb.toString());
+        } finally {
+            decompiler.dispose();
+        }
+    }
+}

package/ghidra_scripts/DecompileFunction.py

@@ -0,0 +1,150 @@
+# DecompileFunction.py - Ghidra script to decompile a specific function
+# @category Analysis
+# @description Decompiles a specific function and returns pseudocode, callers, callees, and xrefs
+
+import json
+import sys
+from ghidra.app.decompiler import DecompInterface, DecompileOptions
+from ghidra.util.task import ConsoleTaskMonitor
+
+def decompile_function(address_str, include_xrefs=False):
+    """
+    Decompile a specific function by address or symbol name
+    
+    Args:
+        address_str: Function address (hex string) or symbol name
+        include_xrefs: Whether to include cross-references
+    
+    Returns:
+        JSON object with decompilation results
+    """
+    program = getCurrentProgram()
+    if program is None:
+        return {"error": "No program loaded"}
+    
+    function_manager = program.getFunctionManager()
+    
+    # Try to find function by address or name
+    target_function = None
+    
+    # First try as address
+    try:
+        addr = program.getAddressFactory().getAddress(address_str)
+        target_function = function_manager.getFunctionAt(addr)
+    except:
+        pass
+    
+    # If not found, try as symbol name
+    if target_function is None:
+        for function in function_manager.getFunctions(True):
+            if function.getName() == address_str:
+                target_function = function
+                break
+    
+    if target_function is None:
+        return {"error": "Function not found: {}".format(address_str)}
+    
+    # Initialize decompiler
+    decompiler = DecompInterface()
+    decompiler.openProgram(program)
+    
+    # Set decompiler options
+    options = DecompileOptions()
+    decompiler.setOptions(options)
+    
+    # Set timeout (30 seconds default)
+    monitor = ConsoleTaskMonitor()
+    
+    try:
+        # Decompile the function
+        decompile_results = decompiler.decompileFunction(target_function, 30, monitor)
+        
+        if decompile_results is None or not decompile_results.decompileCompleted():
+            error_msg = "Decompilation failed"
+            if decompile_results:
+                error_msg = decompile_results.getErrorMessage()
+            return {"error": error_msg}
+        
+        # Get pseudocode
+        decomp_code = decompile_results.getDecompiledFunction()
+        pseudocode = decomp_code.getC() if decomp_code else ""
+        
+        # Get callers
+        callers = []
+        for caller_ref in target_function.getSymbol().getReferences():
+            if caller_ref.getReferenceType().isCall():
+                from_addr = caller_ref.getFromAddress()
+                caller_func = function_manager.getFunctionContaining(from_addr)
+                if caller_func:
+                    callers.append({
+                        "address": caller_func.getEntryPoint().toString(),
+                        "name": caller_func.getName()
+                    })
+        
+        # Get callees
+        callees = []
+        for ref in target_function.getBody().getAddresses(True):
+            refs_from = program.getReferenceManager().getReferencesFrom(ref)
+            for ref_from in refs_from:
+                if ref_from.getReferenceType().isCall():
+                    to_addr = ref_from.getToAddress()
+                    callee_func = function_manager.getFunctionAt(to_addr)
+                    if callee_func:
+                        callees.append({
+                            "address": callee_func.getEntryPoint().toString(),
+                            "name": callee_func.getName()
+                        })
+        
+        # Build result
+        result = {
+            "function": target_function.getName(),
+            "address": target_function.getEntryPoint().toString(),
+            "pseudocode": pseudocode,
+            "callers": callers,
+            "callees": callees
+        }
+        
+        # Add cross-references if requested
+        if include_xrefs:
+            xrefs = []
+            ref_manager = program.getReferenceManager()
+            
+            # Get all references to this function
+            for ref in ref_manager.getReferencesTo(target_function.getEntryPoint()):
+                xref_info = {
+                    "from_address": ref.getFromAddress().toString(),
+                    "type": ref.getReferenceType().getName(),
+                    "is_call": ref.getReferenceType().isCall(),
+                    "is_data": ref.getReferenceType().isData()
+                }
+                
+                # Try to get the containing function
+                from_func = function_manager.getFunctionContaining(ref.getFromAddress())
+                if from_func:
+                    xref_info["from_function"] = from_func.getName()
+                
+                xrefs.append(xref_info)
+            
+            result["xrefs"] = xrefs
+        
+        return result
+        
+    except Exception as e:
+        return {"error": "Decompilation error: {}".format(str(e))}
+    
+    finally:
+        decompiler.dispose()
+
+# Main execution
+if __name__ == "__main__":
+    # Get arguments from command line
+    # Expected format: address [include_xrefs]
+    if len(sys.argv) < 2:
+        print(json.dumps({"error": "Usage: DecompileFunction.py <address|symbol> [include_xrefs]"}))
+        sys.exit(1)
+    
+    address_arg = sys.argv[1]
+    include_xrefs_arg = len(sys.argv) > 2 and sys.argv[2].lower() == "true"
+    
+    result = decompile_function(address_arg, include_xrefs_arg)
+    print(json.dumps(result, indent=2))