2024-09-22, 13:55–14:55 (Europe/Belgrade), Tesla
While the reverse engineering suite Ghidra is typically extended through its Java and Python APIs, these APIs hide many of the lower level details available in the decompiler component. Using this API makes it possible to access decompiler internals and integrate the decompiler into other tools (e.g. the Radare2/Rizin plugin). This talk gives an overview of the decompiler architecture and presents the tools we are building to make the decompiler more extensible.
This talk will go over the architecture of the Ghidra decompiler, how you can leverage it for integration in your own tools and what tools we are building in order to improve extensibility of the decompiler when used with Ghidra.
The first part will cover the basic architecture of the decompiler and the systems it works with:
- How Ghidra communicates with the decompiler
- Architecture descriptions using SLEIGH
- The intermediate language, P-Code
Afterwards, the talk will show concrete examples on how to interface with the decompiler from your own programs:
- Feeding data into the decompiler
- Disassembly/P-Code Lifting
- Adding your own output language
- Adding custom P-Code rewriting rules
Finally, the talk will present some of the work being done in the ReOxide project. While the overall goal of the project is improving Rust decompilation, this requires us to expose the decompiler API in a nicer and more extensible way. The talk will cover:
- The ReOxide plugin API
- Working with ReOxide plugins and linking them with an existing Ghidra installation
Currently a PhD student at the University of Vienna, working together with the Industrial, Systems and IoT-Security group at SBA-Research. Previously worked several years as a software engineer in the field of mechanical simulation. Main interests are software reverse engineering and graphics programming.