replica: Ghidra Analysis Enhancer

replica

Ghidra Analysis Enhancer

✨Features

• ⚡ Disassemble missed instructions – Define code that Ghidra’s auto analysis missed
• ⚡ Detect and fix missed functions – Define functions that Ghidra’s auto analysis missed
• ⚡ Fix ‘undefinedN’ datatypes – Enhance Disassembly and Decompilation by fixing ‘undefinedN’ DataTypes
• ⚡ Set MSDN API info as comments – Integrate information about functions, arguments and return values into Ghidra’s disassembly listing in the form of comments
• ⚡ Tag Functions based on API calls – rename functions that call one or more APIs with the API name and API type family if available
• ⚡ Detect and mark wrapper functions – Rename wrapper functions with the wrapping level and wrapped function name
• ⚡ Fix undefined data and strings – Defines ASCII strings that Ghidra’s auto analysis missed and Converts undefined bytes in the data segment into DWORDs/QWORDs
• ⚡ Detect and label crypto constants – Search and label constants known to be associated with the cryptographic algorithm in the code
• ⚡ Detect and comment stack strings – Find and post-comment stack strings
• ⚡ Rename Functions Based on string references – rename functions that reference one or more strings with the function name followed by the string name.
• ⚡ Bookmark String Hints – Bookmark interesting strings (file extensions, browser agents, registry keys, etc..)

Install

git clone https://github.com/reb311ion/replica.git

Copy the repository files into any of ghidra_scripts directories and extract db.7z, directories can be found from Window->Script Manager->Script Directories

Search for replica and enable in option option

Done!

Copyright (C) 2020 reb311ion