mellow-hype/symgrep.sh

## symgrep.sh
#!/usr/bin/env bash
# -- search for specific strings in the output of ghidra decompiler for a
# -- specific target binary.
# --
# -- ghidra script from: https://github.com/0xdea/ghidra-scripts
# ---------------------------------------------------------------------------

# update this to point to the location where ghidra is installed
GHIDRA_PATH="$HOME/tools/ghidra_10.1.4"
# update this to point to the location where the ghidra-scripts repo was downloaded
SCRIPTDIR="$HOME/tools/ghidra-scripts"

# check args
if [ "$#" != 2 ]; then
    echo "usage: $0 /path/to/target 'symbol-pattern'"
    exit 1
fi

TARGET="$1"
SEARCH="$2"
RESULT_FILE="$(basename $TARGET)_symgrep.txt"
OUTDIR="/tmp/ghidra-decomp_$(basename $TARGET)"

# make outdir if it doesnt exist
if [ ! -d "$OUTDIR" ]; then
    mkdir $OUTDIR
fi

# run ghidra headless
echo "running ghidra analysis and decompiler..."
$GHIDRA_PATH/support/analyzeHeadless /tmp tmp_project -import "$TARGET" -scriptPath "$SCRIPTDIR" -postscript Haruspex.java "$OUTDIR" > /dev/null 2>&1

# search for the given pattern, grabbing the preceding 5 lines of context, and
# tee'ing the output to a file
echo -e "\n=== SEARCH RESULTS ===\n"
grep -B 5 -R "$SEARCH" "${OUTDIR}" | tee ./"$RESULT_FILE"
echo -e "\n======================"
echo "decompiler output files saved to: $OUTDIR"
echo "search results saved to: $RESULT_FILE"
echo "========================"

# remove the ghidra project files that were created to avoid
# conflicts if this is run against the same target more than once
rm -rf /tmp/tmp_project*
	#!/usr/bin/env bash
	# -- search for specific strings in the output of ghidra decompiler for a
	# -- specific target binary.
	# --
	# -- ghidra script from: https://github.com/0xdea/ghidra-scripts
	# ---------------------------------------------------------------------------

	# update this to point to the location where ghidra is installed
	GHIDRA_PATH="$HOME/tools/ghidra_10.1.4"
	# update this to point to the location where the ghidra-scripts repo was downloaded
	SCRIPTDIR="$HOME/tools/ghidra-scripts"

	# check args
	if [ "$#" != 2 ]; then
	echo "usage: $0 /path/to/target 'symbol-pattern'"
	exit 1
	fi

	TARGET="$1"
	SEARCH="$2"
	RESULT_FILE="$(basename $TARGET)_symgrep.txt"
	OUTDIR="/tmp/ghidra-decomp_$(basename $TARGET)"

	# make outdir if it doesnt exist
	if [ ! -d "$OUTDIR" ]; then
	mkdir $OUTDIR
	fi

	# run ghidra headless
	echo "running ghidra analysis and decompiler..."
	$GHIDRA_PATH/support/analyzeHeadless /tmp tmp_project -import "$TARGET" -scriptPath "$SCRIPTDIR" -postscript Haruspex.java "$OUTDIR" > /dev/null 2>&1

	# search for the given pattern, grabbing the preceding 5 lines of context, and
	# tee'ing the output to a file
	echo -e "\n=== SEARCH RESULTS ===\n"
	grep -B 5 -R "$SEARCH" "${OUTDIR}" \| tee ./"$RESULT_FILE"
	echo -e "\n======================"
	echo "decompiler output files saved to: $OUTDIR"
	echo "search results saved to: $RESULT_FILE"
	echo "========================"

	# remove the ghidra project files that were created to avoid
	# conflicts if this is run against the same target more than once
	rm -rf /tmp/tmp_project*