maddo/Crusader_Decomp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Crusader_Decomp/.github/skills/pyghidra-ghidra-ops/SKILL.md
MaddoScientisto 24d4416003 Add various scripts and JSON plans for Ghidra project 
- Introduced `seg043_boundary_repair.json` to manage function boundaries in segment 043.
- Created `read_file.py` for reading and printing file content size.
- Added `resolve_bb4f.py` to resolve specific function call targets.
- Implemented `resolve_top_targets.py` to find resolved NE targets for top-called wrapper functions.
- Added `script_contents.txt` to summarize NE relocation far calls.
- Updated `tier4_ghidra.txt`, `tier4_ghidra_check.txt`, `tier4_output.txt`, and `tier4_result.txt` with function call statistics.
- Created `tier5_errors.txt` for error logging and `tier5_output.txt` for additional function call statistics.
- Established `tools` directory with helper scripts for the Ghidra project, including CLI and common functionalities.
- Implemented command-line interface in `cli.py` for various project operations.
- Added `common.py` for shared functions and configurations across tools.
- Introduced `validate_fixups.py` to validate NE relocation fixups against known addresses.
2026-03-20 23:50:39 +01:00

3.4 KiB
Raw Blame History

PyGhidra Ghidra Ops

Use this skill when Ghidra MCP is missing a needed write operation and you need native CPython access to the Ghidra API for the local Crusader project.

Use Cases

  • Create or delete functions in CRUSADER-RAW.EXE.
  • Apply small batched repairs driven by verified addresses.
  • Add comments or rename functions by address from a repeatable JSON plan.
  • Inspect project root files to confirm the program name/path before running edits.

Workspace Defaults

  • Ghidra install dir: I:\Apps\ghidra_11.3.2_PUBLIC
  • Ghidra project dir: repo root
  • Ghidra project name: Crusader
  • Default program: CRUSADER-RAW.EXE
  • Local Python env: .venv-pyghidra311
  • CLI entrypoint: .\.venv-pyghidra311\Scripts\python.exe -m tools.pyghidra_crusader

Constraints

  • Stay conservative. Use the same rename and batch-size rules as the main Ghidra workflow.
  • Prefer one focused plan or 1-5 direct edits at a time.
  • Write operations require the project to be openable for modification. If Crusader.lock is present because the GUI owns the project, close Ghidra first or work on a copy.
  • Keep crusader_decompilation_notes.md updated after verified repair batches.

Commands

List root project files:

.\.venv-pyghidra311\Scripts\python.exe -m tools.pyghidra_crusader project-files

Delete a bad function object:

.\.venv-pyghidra311\Scripts\python.exe -m tools.pyghidra_crusader delete-function --entry 0007:5b6f

Create a repaired function with an explicit body:

.\.venv-pyghidra311\Scripts\python.exe -m tools.pyghidra_crusader create-function \
  --entry 0007:5a90 \
  --name seg043_func_0090 \
  --body-start 0007:5a90 \
  --body-end 0007:5b79 \
  --plate-comment "Recovered from standalone seg043 boundary scan"

Rename a function by entry address:

.\.venv-pyghidra311\Scripts\python.exe -m tools.pyghidra_crusader rename-function --entry 0006:02cc --name entity_class_get_flag20

Apply a small JSON plan:

{
  "transaction": "Repair seg043 boundaries",
  "remove_functions": [
    "0007:5b6f"
  ],
  "create_functions": [
    {
      "entry": "0007:5a90",
      "name": "seg043_func_0090",
      "body_start": "0007:5a90",
      "body_end": "0007:5b79",
      "comment": "Recovered from standalone seg043 boundary scan"
    },
    {
      "entry": "0007:5b7a",
      "name": "seg043_func_017a",
      "body_start": "0007:5b7a",
      "body_end": "0007:5c1b"
    },
    {
      "entry": "0007:5c1c",
      "name": "seg043_func_021c",
      "body_start": "0007:5c1c",
      "body_end": "0007:5c80"
    }
  ],
  "comments": [
    {
      "address": "0007:5b6f",
      "text": "Old auto-created split overlaps the earlier seg043:0090..0179 routine.",
      "type": "plate"
    }
  ]
}

.\.venv-pyghidra311\Scripts\python.exe -m tools.pyghidra_crusader apply-plan --plan .\seg043_repair.json

Dry-run a plan before touching the project:

.\.venv-pyghidra311\Scripts\python.exe -m tools.pyghidra_crusader apply-plan --plan .\seg043_repair.json --dry-run

Implementation Notes

  • Address strings accept raw SSSS:OOOO form or plain integers such as 0x75a90.
  • The CLI tries a few root folder path variants when opening the program so it can tolerate minor project path differences.
  • Plan files support remove_functions, rename_functions, create_functions, comments, and assert_functions.