Ghidra: Consider using JNI/JNA for Decompiler, Sleigh and PDB?

Created on 12 Mar 2019  路  2Comments  路  Source: NationalSecurityAgency/ghidra

Requires less resources than invoking an executable

ghidra_9.0/Ghidra/Features/Decompiler/os/win64/decompile.exe ghidra_9.0/Ghidra/Features/Decompiler/os/win64/sleigh.exe ghidra_9.0/Ghidra/Features/PDB/os/win64/pdb.exe

Question
Source
picture dazzleworth

Most helpful comment

We advise against using JNI when developing extensions for a couple of reasons. First, if there is a problem in an extension's native code, we don't want it to bring down the entire Ghidra process. Second, Ghidra discovers extensions at runtime and adds them to the classpath, but it cannot add native libraries to the process's library search path at runtime for all supported platforms. That would require a custom launch script which would be tough to distribute generically.

The decompiler and other native executables also benefit from the process isolation I mentioned above, at hopefully a lost cost in resources on modern hardware. Also, it might be worth noting that the sleigh executable can be run standalone.

picture ryanmkurtz on 12 Mar 2019
👍2

All 2 comments

From $GHIDRA_DIR/docs/GhidraClass/AdvancedDevelopment/GhidraAdvancedDevelopment.html:

  • NEVER EVER USE JNI!

    • Communicate with a native process using sockets, I/O stream, etc.

saruman9 picture saruman9 on 12 Mar 2019

We advise against using JNI when developing extensions for a couple of reasons. First, if there is a problem in an extension's native code, we don't want it to bring down the entire Ghidra process. Second, Ghidra discovers extensions at runtime and adds them to the classpath, but it cannot add native libraries to the process's library search path at runtime for all supported platforms. That would require a custom launch script which would be tough to distribute generically.

The decompiler and other native executables also benefit from the process isolation I mentioned above, at hopefully a lost cost in resources on modern hardware. Also, it might be worth noting that the sleigh executable can be run standalone.

ryanmkurtz picture ryanmkurtz on 12 Mar 2019
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

0x6d696368 picture 0x6d696368  路  19Comments
ghost picture ghost  路  29Comments
astrelsky picture astrelsky  路  21Comments
progmboy picture progmboy  路  19Comments
tzizi picture tzizi  路  17Comments