Ghidra: Consider using JNI/JNA for Decompiler, Sleigh and PDB?

Created on 12 Mar 2019  路  2Comments  路  Source: NationalSecurityAgency/ghidra

Requires less resources than invoking an executable

ghidra_9.0/Ghidra/Features/Decompiler/os/win64/decompile.exe ghidra_9.0/Ghidra/Features/Decompiler/os/win64/sleigh.exe ghidra_9.0/Ghidra/Features/PDB/os/win64/pdb.exe

Question
Source
picture dazzleworth

Most helpful comment

We advise against using JNI when developing extensions for a couple of reasons. First, if there is a problem in an extension's native code, we don't want it to bring down the entire Ghidra process. Second, Ghidra discovers extensions at runtime and adds them to the classpath, but it cannot add native libraries to the process's library search path at runtime for all supported platforms. That would require a custom launch script which would be tough to distribute generically.

The decompiler and other native executables also benefit from the process isolation I mentioned above, at hopefully a lost cost in resources on modern hardware. Also, it might be worth noting that the sleigh executable can be run standalone.

picture ryanmkurtz on 12 Mar 2019
👍2

All 2 comments

From $GHIDRA_DIR/docs/GhidraClass/AdvancedDevelopment/GhidraAdvancedDevelopment.html:

  • NEVER EVER USE JNI!

    • Communicate with a native process using sockets, I/O stream, etc.

saruman9 picture saruman9 on 12 Mar 2019

We advise against using JNI when developing extensions for a couple of reasons. First, if there is a problem in an extension's native code, we don't want it to bring down the entire Ghidra process. Second, Ghidra discovers extensions at runtime and adds them to the classpath, but it cannot add native libraries to the process's library search path at runtime for all supported platforms. That would require a custom launch script which would be tough to distribute generically.

The decompiler and other native executables also benefit from the process isolation I mentioned above, at hopefully a lost cost in resources on modern hardware. Also, it might be worth noting that the sleigh executable can be run standalone.

ryanmkurtz picture ryanmkurtz on 12 Mar 2019
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

huettenhain picture huettenhain  路  3Comments
Barakat picture Barakat  路  3Comments
marcushall42 picture marcushall42  路  3Comments
toor-de-force picture toor-de-force  路  3Comments
rrivera1849 picture rrivera1849  路  3Comments