/ghidra2dwarf

🐉 Export ghidra decompiled code to dwarf sections inside ELF binary

Primary LanguagePythonMIT LicenseMIT

Ghidra2Dwarf

Inspired by: dwarfexport

Contributions are welcome, feel free to open an issue if something is broken.

Ghidra2Dwarf is a ghidra plugin that allows to exports informations (such as functions, decompiled code, types) from ghidra to dwarf sections inside ELF binaries.

More specifically it exports inside a source file named ${program}_dbg.c all the decompiled functions, and create an ELF binary named ${program}_dbg that can be used to do source code level debugging.

Example:

Inside gdb now you can use:

  1. list <function> to display the function's source code.
  2. n to step one source code line instruction.
  3. ni to step one assembly instruction.
  4. p variable to print the variable's value.

Install

  • Unzip the latest release.
  • In the script manager -> script directories add the extracted directory:

Run

Run ghidra2dwarf.py inside the script manager:

Headless mode

This mode only works in ghidra 9.1.2 at the moment NationalSecurityAgency/ghidra#2561

Linux

If you saved the project and ghidra is closed, you can launch ghidra2dwarf.sh to run ghidra in headless mode and export the dwarf informations:

$ ./src/ghidra2dwarf.sh <Project directory> <Project name> <Binary path> <Binary>
$ # Example: ./src/ghidra2dwarf.sh ~/.local/share/ghidra/ TEST ~/CTF/ chall

Windows

TODO