Ruby Dragon adds interactive Clojure shells to Ghidra, and also allows scripts to be written in Clojure with full access to all of Ghidra's functionality. This is accomplished using a standalaone Clojure jar.
The Clojure interactive interpreter runs as a REPL, with all of the same functionality. The same variables that are available in Ghidra's native Java and Python environments are also available in the Clojure interpreter as global variables, both for interactive sessions and scripts. There are also some extra variables for commonly needed values such as the current function. These are all added to the ghidra namespace.
ghidra/current-address ghidra/current-data ghidra/current-function ghidra/current-highlight ghidra/current-instruction ghidra/current-location ghidra/current-program ghidra/current-selectionIn the interactive interpreter, there is also another variable named ghidra/current-api, which has an instance of FlatProgramAPI for the current program. This can be used to access the convenience functions provided by the flat API.
If you're writing a script, you'll also be able to access the ClojureScript instance (a subclass of GhidraScript) using the ghidra/script binding. This will provide access to all public fields and methods for the instance. If you need to access private fields and methods, then you can simply use them by name, since they are injected into the ghidra namespace as well. For example, to access the TaskMonitor for the script, simply reference the ghidra/monitor binding. There are examples of this in the GhidraBasicsScriptClj script included in the Examples category with this plugin.
Clojure scripts may also be run during headless analysis. The following invocation uses one of the Clojure example scripts to save all strings found in a demo executable to a file named example_file_strings.txt.
support\analyzeHeadless ^ my\ghidra\projects DummyProject ^ -import demo_binary.exe ^ -postScript SaveStringsScriptClj.clj example_file_strings.txt ^ -deleteProject
Copy and paste from within the Clojure interpreter should work as expected for your given environment:
- Windows: CTRL+C / CTRL+V
- Linux: CTRL+C / CTRL+V
- OS X: COMMAND+C / COMMAND+V
When this option is set to true, a number of Ghidra classes are imported in the Clojure interactive interpreter automatically.
The imports are done in the ghidra namespace, alongside the other automatically created variables such as current-address. If you intend to use these heavily, consider changing into this namespace so that you don't have to fully qualify things using (ns ghidra).
The list of classes (and their containing packages) is in a data file included in this extension's data folder named auto-import.xml. If you wish to add or remove classes from this list, edit this file and reset the interpeter. Note that changes to this file will affect the classes imported by all Ruby Dragon interpreters, not just Clojure.
Provided by: ClojureDragon