Skip to content

MEhrn00/GhidraCOFFParser

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 

Repository files navigation

Ghidra COFF Parser

Ghidra script which fully parses COFF files.

Installation

Basic install.

Download the script into the ~/ghidra_scripts directory.

$ mkdir ~/ghidra_scripts
$ curl -L https://raw.githubusercontent.com/MEhrn00/GhidraCOFFParser/main/COFFParser.py -o ~/ghidra_scripts/COFFParser.py

In the Windows -> Script Manager menu of the CodeBrowser tool, select the In Tool check box under Scripts -> Analysis -> COFFParser.py. (May need to refresh the script list by clicking the Refresh Script List button in the top right corner.

COFF files can be analyzed from the Analysis -> One Shot -> COFF Parser in the menu bar after normal Ghidra analysis.

Features

  • Adds COFF type definitions
  • Maps in the COFF header, string table, symbol table and any section relocation tables
  • Performs relocations across the file and adds xrefs

Example

Before

Ghidra only parses a few sections and excludes all of the headers.

before_pictures.png


After

Headers and other metadata are mapped in.

after_program_tree.png

COFF metadata includes correct types and relocations.

after_coff_header.png

COFF types added to the Ghidra data type manager under Data Types/[program name]/COFFDefs.

after_coff_types.png

Disclaimer

This hasn't been tested thoroughly so there may be bugs.

About

Ghidra script which fully parses COFF files

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages