Enhance CLI functionality and improve common utilities

- Added new commands to the CLI for dumping regions, renaming functions by address, and setting various types of comments. - Implemented JSON output formatting for CLI commands. - Introduced functions for decompiling and disassembling functions, as well as retrieving cross-references. - Enhanced common utilities with functions for reading memory regions, iterating Java items, and managing function metadata. - Added suppress_output context manager to hide process output during Ghidra startup. - Updated existing functions to improve error handling and output formatting.
2026-03-21 09:44:35 +01:00 · 2026-03-21 09:44:35 +01:00 · a56851f994
commit a56851f994
parent 24d4416003
16 changed files with 1072 additions and 36 deletions
--- a/.github/instructions/ghidra.instructions.md
+++ b/.github/instructions/ghidra.instructions.md
@ -39,6 +39,7 @@ applyTo: "**"
 - Invoke the toolkit with `\.venv-pyghidra311\Scripts\python.exe -m tools.pyghidra_crusader ...` from the repo root.
 - Keep PyGhidra batches small too: prefer one focused repair plan or 1-5 direct edits at a time.
 - Write operations require the Ghidra project to open successfully. If `Crusader.lock` is present because the GUI owns the project, close Ghidra first or operate on a project copy.
+- If the workflow needs the user to change Ghidra state, use the ask-questions tool with a yes/no confirmation prompt instead of plain text. Ask the user to close Ghidra before PyGhidra write commands, and ask the user to open the Ghidra project before MCP server commands. The prompt should briefly describe exactly what to do and instruct the user to answer `Yes` only after the action is complete.

 # Current Verified Raw-Import Ports

--- a/.github/skills/pyghidra-ghidra-ops/SKILL.md
+++ b/.github/skills/pyghidra-ghidra-ops/SKILL.md
@ -1,12 +1,14 @@
 # PyGhidra Ghidra Ops

-Use this skill when Ghidra MCP is missing a needed write operation and you need native CPython access to the Ghidra API for the local Crusader project.
+Use this skill when Ghidra MCP is missing a needed operation and you need native CPython access to the Ghidra API for the local Crusader project.

 ## Use Cases

 - Create or delete functions in `CRUSADER-RAW.EXE`.
 - Apply small batched repairs driven by verified addresses.
 - Add comments or rename functions by address from a repeatable JSON plan.
+- Decompile or disassemble functions without switching back to the MCP server.
+- Query function metadata, search by name, and inspect xrefs from the same local CLI.
 - Inspect project root files to confirm the program name/path before running edits.

 ## Workspace Defaults
@ -56,6 +58,63 @@ Rename a function by entry address:
 .\.venv-pyghidra311\Scripts\python.exe -m tools.pyghidra_crusader rename-function --entry 0006:02cc --name entity_class_get_flag20
 ```

+MCP-style read/query commands are also available from the same CLI:
+
+```powershell
+.\.venv-pyghidra311\Scripts\python.exe -m tools.pyghidra_crusader get-function-by-address --address 000a:48ff
+.\.venv-pyghidra311\Scripts\python.exe -m tools.pyghidra_crusader get-function-containing --address 000a:4901
+.\.venv-pyghidra311\Scripts\python.exe -m tools.pyghidra_crusader decompile-function-by-address --address 000a:48ff
+.\.venv-pyghidra311\Scripts\python.exe -m tools.pyghidra_crusader disassemble-function --address 000a:48ff
+.\.venv-pyghidra311\Scripts\python.exe -m tools.pyghidra_crusader read-region --start 000a:48ff --end 000a:4912
+.\.venv-pyghidra311\Scripts\python.exe -m tools.pyghidra_crusader search-functions-by-name --query rng_
+.\.venv-pyghidra311\Scripts\python.exe -m tools.pyghidra_crusader list-strings --limit 20
+.\.venv-pyghidra311\Scripts\python.exe -m tools.pyghidra_crusader list-imports --limit 20
+.\.venv-pyghidra311\Scripts\python.exe -m tools.pyghidra_crusader list-exports --limit 20
+.\.venv-pyghidra311\Scripts\python.exe -m tools.pyghidra_crusader list-namespaces --limit 20
+.\.venv-pyghidra311\Scripts\python.exe -m tools.pyghidra_crusader list-segments --limit 20
+.\.venv-pyghidra311\Scripts\python.exe -m tools.pyghidra_crusader list-data-items --limit 20
+.\.venv-pyghidra311\Scripts\python.exe -m tools.pyghidra_crusader list-classes --limit 20
+.\.venv-pyghidra311\Scripts\python.exe -m tools.pyghidra_crusader get-xrefs-to --address 000a:48ff
+.\.venv-pyghidra311\Scripts\python.exe -m tools.pyghidra_crusader get-function-xrefs --name rng_next_modulo
+```
+
+All commands also support structured output for scripting:
+
+```powershell
+.\.venv-pyghidra311\Scripts\python.exe -m tools.pyghidra_crusader --format json get-function-by-address --address 000a:48ff
+```
+
+For ad hoc investigation, prefer `run-script` over multiline `python -c` or pasted PowerShell here-strings. It avoids leaving the shared shell stuck in an unfinished string/block state:
+
+```powershell
+.\.venv-pyghidra311\Scripts\python.exe -m tools.pyghidra_crusader run-script --script .\pyghidra_plans\inspect_rng.py --read-only
+```
+
+Script globals available inside `run-script`:
+
+```python
+config
+project
+program
+helpers["get_function"]
+helpers["get_function_containing"]
+helpers["decompile_function"]
+helpers["disassemble_function"]
+helpers["get_xrefs_to"]
+helpers["get_xrefs_from"]
+helpers["read_region_bytes"]
+helpers["rename_function"]
+helpers["set_comment"]
+```
+
+Write-side MCP-style aliases are available too:
+
+```powershell
+.\.venv-pyghidra311\Scripts\python.exe -m tools.pyghidra_crusader rename-function-by-address --entry 000a:48ff --name rng_next_modulo
+.\.venv-pyghidra311\Scripts\python.exe -m tools.pyghidra_crusader set-decompiler-comment --address 000a:48ff --text "Returns RNG output modulo the requested bound."
+.\.venv-pyghidra311\Scripts\python.exe -m tools.pyghidra_crusader set-disassembly-comment --address 000a:48ff --text "Modulo wrapper around rng_advance_state"
+```
+
 Apply a small JSON plan:

 ```json
@ -109,4 +168,9 @@ Dry-run a plan before touching the project:

 - Address strings accept raw `SSSS:OOOO` form or plain integers such as `0x75a90`.
 - The CLI tries a few root folder path variants when opening the program so it can tolerate minor project path differences.
- Plan files support `remove_functions`, `rename_functions`, `create_functions`, `comments`, and `assert_functions`.
+- Plan files support `remove_functions`, `rename_functions`, `create_functions`, `comments`, and `assert_functions`.
+- `set-decompiler-comment` maps to a pre-comment and `set-disassembly-comment` maps to an EOL comment.
+- Read/query commands open the program read-only; create/rename/comment/plan commands still require the project to be writable.
+- `run-script --read-only` is the safest way to do one-off inspection without getting the shared PowerShell session stuck in a multiline Python string.
+- `read-region` now reads bytes one address at a time instead of relying on a bulk `getBytes` path that produced misleading all-zero results in this project under PyGhidra.
+- PyGhidra startup now suppresses the noisy local GhidraMCP `Module.manifest` warnings during normal CLI operation.