A universal interface for running scripts under multiple disassemblers.
Project description
Dragodis
Dragodis is a python scripting framework that allows the use of any disassembler in
reverse engineering related work. This project provides a generic disassembler API that can be
integrated into anything from simple scripts to large tools and applications. Once integrated,
the script/tool can be run using any disassembler supported by Dragodis as if it were
built to run with the specified disassembler from the start. Dragodis currently supports
Ghidra and IDA.
Dragodis is meant to be used for headless analysis. The plan for the project is to first
build a flat API that will provide all the disassembler functionality that should be needed
and then later build an object-oriented API on top of the flat API for cleaner usage. This version
of the project is very limited in what it can currently do. It lacks a lot of core functionality
so this release is primarily a simple proof of concept.
Installation
To complete the installation, first install Dragodis and then follow one or more of the following sets of instructions to setup your desired disassembler(s).
pip install Dragodis
IDA
-
Download and install IDA Pro 7.* with Python 3 mode. (Tested on version 7.4 and 7.5)
-
Set the
IDA_DIRenvironment variable to point to the directory where IDA is installed. (e.g.C:\Program Files\IDA Pro 7.5) -
Dragodis uses jfx_bridge_ida to communicate with IDA. This is installed automatically when you install Dragodis. However, if you are using a different python environment than IDA, you can manually install the library in the IDA environment using the
--targetflag.pip install jfx_bridge_ida --target=%IDA_DIR%\python\3
-
Install the IDA bridge server script files into the IDA Python folder.
python -m jfx_bridge_ida.install_server %IDA_DIR%\python\3
Ghidra
-
Download and install Ghidra to a desired location.
-
Set the
GHIDRA_DIRenvironment variable to point to the directory where Ghidra is installed. (e.g.C:\Tools\ghidra_9.1.2_PUBLIC) -
Dragodis uses ghidra_bridge to communicate with Ghidra. Install the Ghidra bridge server script files into the
ghidra_scriptsfolder in the user home folder.python -m ghidra_bridge.install_server ~/ghidra_scripts
Usage
To use, simply pass in the path to your input binary file into either the IDA or Ghidra class.
This will create an instance of the disassembler with the given input file analyzed.
import dragodis
with dragodis.Ghidra(r"C:\strings.exe") as ghidra:
print(ghidra.get_dword(0x401000))
import dragodis
with dragodis.IDA(r"C:\strings.exe") as ida:
print(ida.get_dword(0x401000))
A disassembler can also be run without using a context manager using the start() and stop() functions.
import dragodis
ghidra = dragodis.Ghidra(r"C:\strings.exe")
ghidra.start()
ghidra.get_dword(ghidra)
ghidra.get_dword(0x401000)
ghidra.stop()
There is currently a limitation of the bridge that forces the IDA GUI to pop up when using IDA as the underlying disassembler. IDA must be manually closed after use in order to save the .idb file. This will be fixed in a future release.
Testing of Dragodis has been done with IDA 7.4, 7.5, and Ghidra 9.1.2.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
