ghidra2dwarf icon indicating copy to clipboard operation
ghidra2dwarf copied to clipboard

Published 20 hours ago verified publisher icon cesena

Using current ELF in Ghidra instead of file on disk?

Open Manouchehri opened this issue 3 years ago • 1 comments

Right now, ghidra2dwarf.py relies on having the original ELF on disk. It ends up breaking one of my automated workflows, since my tooling cleans up samples off disk after they've been imported to Ghidra.

https://github.com/cesena/ghidra2dwarf/blob/650597d7553654cd0c643c4bfbffaf9c8d9e1b4a/src/ghidra2dwarf.py#L69-L73

https://github.com/cesena/ghidra2dwarf/blob/650597d7553654cd0c643c4bfbffaf9c8d9e1b4a/src/ghidra2dwarf.py#L515

We should use the ElfExporter class instead to get the original ELF file. https://github.com/NationalSecurityAgency/ghidra/blob/master/Ghidra/Features/Base/src/main/java/ghidra/app/util/exporter/ElfExporter.java

Here's some examples of how to do that:

https://github.com/sengi12/GhidraScripting-Basics/blob/fa6181bf0634a12015296fed54068bff0585acc5/examples/exportLocalCopy.py#L22-L27

https://github.com/riverratz/ghidraheadless_binexport/blob/b69966cc6ece8820588355c5f5b893b6d0d1c613/sample_functions_cpy.py#L17-L32

Manouchehri avatar Feb 14 '22 18:02 Manouchehri

I'll do this myself, just wanted to make a ticket so I don't forget.

Manouchehri avatar Feb 14 '22 18:02 Manouchehri