This is a rebase of https://github.com/Toizi/eBPF-for-Ghidra which is a fork of https://github.com/Nalen98/eBPF-for-Ghidra.
It adds support to Ghidra to decompile Solana eBPF files. It supports Ghidra 11.0.3.
- Download Release version of extension and install it in Ghidra
File → Install Extensions... - Use gradle to build extension:
GHIDRA_INSTALL_DIR=${GHIDRA_HOME} gradleand use Ghidra to install it:File → Install Extensions...
- Rebasing after a program has been imported might lead to messed up relocations. Everything should work as expected when specifying base address in import options.
- Functions with more than 5 parameters are not correctly decompiled. See data/languages/eBPFSol.cspec.
- Main source for how solana eBPF works. Contains a disassembler, implements relocations, etc.
- General Ghidra processor module resource. Covers implementing a processor module for V8 bytecode with lots of background info.