search

dod-cyber-crime-center / pyhidra

Pyhidra is a Python library that provides direct access to the Ghidra API within a native CPython interpreter using jpype.
Other
176 stars 15 forks source link

Can't enable or disable specific analysers? #24

Open serek8 opened 1 year ago

serek8 commented 1 year ago

Hey, is there any way to set analysers? I am trying to set Options before calling analyzeAll but it doesn't work.

with pyhidra.open_program(filepath, analyze=False) as flat_api:
      program = flat_api.getCurrentProgram()
      program.getOptions(program.ANALYSIS_PROPERTIES).setBoolean("Aggressive Instruction Finder", True)
      flat_api.analyzeAll(program)

Apparently, it should be possible according to https://github.com/NationalSecurityAgency/ghidra/issues/2179 Thanks!

clearbluejar commented 1 year ago

I have run into this before... the following code seems to work for me. 

    def get_analysis_options(
        self,
        prog: "ghidra.program.model.listing.Program"
    ) -> dict:
        """
        Generate dict from program analysis options
        Inspired by: Ghidra/Features/Base/src/main/java/ghidra/app/script/GhidraScript.java#L1272
        """

        from ghidra.program.model.listing import Program

        prog_options = prog.getOptions(Program.ANALYSIS_PROPERTIES)
        options = {}

        for propName in prog_options.getOptionNames():
            options[propName] = prog_options.getValueAsString(propName)

        return options

    def set_analysis_option_bool(
        self,
        prog: "ghidra.program.model.listing.Program",
        option_name: str,
        value: bool
    ) -> None:
        """
        Set boolean program analysis options
        Inspired by: Ghidra/Features/Base/src/main/java/ghidra/app/script/GhidraScript.java#L1272
        """

        from ghidra.program.model.listing import Program

        prog_options = prog.getOptions(Program.ANALYSIS_PROPERTIES)

        prog_options.setBoolean(option_name, value)

The code you have looks OK. Try my get_analysis_options method to read out the options and see if your change has taken effect.

serek8 commented 1 year ago

Thanks @clearbluejar for a quick answer!

get_analysis_options gives me updated values but the analysis doesn't disassemble all the instructions. E.g. when I use flat_api.getInstructionContaining(flat_api.toAddr("0x100006114")) on a valid opcode, None is returned. If I set Aggressive Instruction Finder manually in Ghidra window and use this command in the Python window, it works fine.

Maybe I should use something else than flat_api.analyzeAll(program)? Maybe analyzeAll discards the custom options?