Last active
March 12, 2025 12:54
-
-
Save bukowa/f33704d67a77006e5b4f8b249cff6887 to your computer and use it in GitHub Desktop.
ghidra decompiler scripy string
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import re | |
| from time import sleep | |
| import ghidra | |
| import ghidra.util.UndefinedFunction.findFunction | |
| def collect_and_print_matches(): | |
| pattern = r'L"([^"]+)"' # Regex to capture wide string literals | |
| refs = getReferencesTo(toAddr(0x112A7EB0)) | |
| decomp = ghidra.app.decompiler.DecompInterface() | |
| decomp.openProgram(currentProgram) | |
| valid_function_count = 0 # Counter for valid functions | |
| for ref in refs: | |
| func = getFunctionContaining(ref.getFromAddress()) | |
| if not func: | |
| func = ghidra.util.UndefinedFunction.findFunction(currentProgram, ref.getFromAddress(), monitor) | |
| # Proceed with the valid function, whether it's explicitly defined or treated as undefined | |
| decomp_results = decomp.decompileFunction(func, 30, monitor) | |
| if decomp_results.decompileCompleted(): | |
| fn_code = decomp_results.getDecompiledFunction().getC() | |
| matches = re.findall(pattern, fn_code) | |
| if matches: | |
| valid_function_count += 1 # Increment valid function count | |
| print("===============") | |
| for match in matches: | |
| print(match) | |
| else: | |
| # If no matches are found, still add the function code for inspection | |
| print(fn_code) | |
| sleep(5) | |
| else: | |
| print("Decompilation failed for {} at {}".format(func.getName(), func.getEntryPoint())) | |
| # Print the number of valid functions processed | |
| print("\nTotal valid functions with matches: {}".format(valid_function_count)) | |
| collect_and_print_matches() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment