guus
/
reman3
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
reman3/GhidraPlugin
History
Guus Waals a559f68de2 WIP Program plugin 2025-06-02 18:39:23 +08:00
..
src/main/java/symbollogger WIP Program plugin 2025-06-02 18:39:23 +08:00
README.md WIP Program plugin 2025-06-02 18:39:23 +08:00
build.gradle WIP Program plugin 2025-06-02 18:39:23 +08:00
extension.properties WIP Program plugin 2025-06-02 18:39:23 +08:00

README.md

Symbol Rename Logger Plugin

A Ghidra plugin that monitors and logs all symbol and function rename events to the console. This plugin is useful for tracking changes to your reverse engineering work and understanding how symbols are being modified during analysis.

Features

  • Symbol Rename Monitoring: Logs when any symbol is renamed, including the old and new names
  • Function Rename Monitoring: Specifically tracks function renames with additional details like function signatures
  • Symbol Addition/Removal: Optionally logs when symbols are added or removed
  • Detailed Logging: Provides context including symbol type, namespace, and address information
  • Real-time Monitoring: Events are logged as they happen during your analysis session

Build Instructions

Prerequisites

  • Java 17 or higher
  • Ghidra 11.x installed
  • Gradle (or use the wrapper)

Building the Plugin

  1. Set the GHIDRA_INSTALL_DIR environment variable to your Ghidra installation directory:

    export GHIDRA_INSTALL_DIR="/path/to/ghidra_11.x.x_PUBLIC"

  2. Build the plugin:

    cd GhidraPlugin
./gradlew build

  3. The built plugin JAR will be located at build/libs/GhidraPlugin.jar

Installation

Method 1: Install from Ghidra

  1. Open Ghidra
  2. Go to FileInstall Extensions...
  3. Click the + button to add a new extension
  4. Navigate to and select the built GhidraPlugin.jar file
  5. Restart Ghidra when prompted

Method 2: Manual Installation

  1. Copy the built JAR file to your Ghidra user directory:

    cp build/libs/GhidraPlugin.jar ~/ghidra_scripts/

  2. Or copy to the Ghidra Extensions directory:

    cp build/libs/GhidraPlugin.jar $GHIDRA_INSTALL_DIR/Ghidra/Extensions/

Usage

Enabling the Plugin

  1. Open a program in Ghidra's CodeBrowser
  2. Go to FileConfigure...
  3. In the Configure Tool dialog, navigate to Misc category
  4. Check the box next to SymbolRenameLoggerPlugin
  5. Click OK

Viewing Logs

The plugin logs all events to Ghidra's console. To view the logs:

  1. Go to WindowConsole
  2. The console will show messages like: 
    INFO  REPORT: SymbolRenameLoggerPlugin initialized
INFO  REPORT: Started listening for rename events in program: example.exe
INFO  REPORT: SYMBOL RENAMED: 'FUN_00401000' -> 'main' at address 00401000
INFO  REPORT:   Symbol type: Function, Namespace: Global
INFO  REPORT:   Function signature: undefined main(void)

Log Message Types

The plugin generates several types of log messages:

  • SYMBOL RENAMED: When any symbol is renamed
  • FUNCTION RENAMED: Specific function rename events with signatures
  • SYMBOL ADDED: When new symbols are created
  • SYMBOL REMOVED: When symbols are deleted

Each message includes:

  • Old and new symbol names
  • Memory address
  • Symbol type (Function, Label, etc.)
  • Namespace information
  • Function signatures (for functions)

Example Output

INFO  REPORT: SYMBOL RENAMED: 'FUN_00401000' -> 'main' at address 00401000
INFO  REPORT:   Symbol type: Function, Namespace: Global
INFO  REPORT:   Function signature: undefined main(void)

INFO  REPORT: SYMBOL RENAMED: 'DAT_00403000' -> 'g_config' at address 00403000
INFO  REPORT:   Symbol type: Label, Namespace: Global

INFO  REPORT: FUNCTION RENAMED: 'FUN_00401234' -> 'initialize_system' at address 00401234
INFO  REPORT:   Function signature: void initialize_system(int param_1)

Development

Project Structure

GhidraPlugin/
├── build.gradle                 # Build configuration
├── extension.properties         # Plugin metadata
├── README.md                    # This file
└── src/main/java/symbollogger/
    └── SymbolRenameLoggerPlugin.java  # Main plugin class

Customization

You can modify the plugin behavior by editing SymbolRenameLoggerPlugin.java:

  • Filter events: Add conditions in handleProgramChange() to only log certain types of symbols
  • Change log format: Modify the String.format() calls in the handler methods
  • Add more details: Extend the symbol information gathering in handleSymbolRenamed()
  • Export to file: Modify the logging to write to files instead of console

Event Types Monitored

The plugin currently monitors these Ghidra program events:

  • ProgramEvent.SYMBOL_RENAMED
  • ProgramEvent.FUNCTION_CHANGED
  • ProgramEvent.SYMBOL_ADDED
  • ProgramEvent.SYMBOL_REMOVED

You can add monitoring for additional events by modifying the handleProgramChange() method.

Troubleshooting

Plugin Not Loading

  • Ensure Java 17+ is being used
  • Check that GHIDRA_INSTALL_DIR is set correctly
  • Verify the plugin JAR is in the correct directory
  • Check Ghidra's console for error messages

No Log Messages

  • Ensure the plugin is enabled in the tool configuration
  • Check that the Console window is open (WindowConsole)
  • Verify that a program is loaded and active
  • Try renaming a symbol to test if events are being captured

Build Errors

  • Ensure all Ghidra JAR dependencies are accessible
  • Check that the Ghidra installation is complete
  • Verify Java version compatibility

License

This plugin is provided as-is for educational and research purposes.