Ruby Dragon adds interactive Ruby shells to Ghidra, and also allows scripts to be written in Ruby with full access to all of Ghidra's functionality.
This is accomplished using JRuby to bridge the Java APIs of Ghidra with a Ruby environment.
The Ruby interactive interpreter runs as an IRB session, with all of the same functionality. The same variables that are available in Ghidra's Java and Python environments are also available in the Ruby interpreter as global variables, both for interactive sessions and scripts. There are also some extra variables, for commonly needed values such as the current function.
$current_address $current_data $current_function $current_highlight $current_instruction $current_location $current_program $current_selectionIn the interactive interpreter, there is also another global variable named $current_api, which has an instance of FlatProgramAPI for the current program. This can be used to access the convenience functions provided by the flat API.
If you're writing a script, you'll also be able to access the RubyScript instance (a subclass of GhidraScript) using the $script binding. This will provide access to all fields and methods for the instance. For example, to access the TaskMonitor for the script, simply use $script.monitor. There are examples of this in the GhidraBasicsScriptRuby script included in the Examples category with this plugin.
Ruby scripts may also be run during headless analysis. The following invocation uses one of the Ruby example scripts to save all strings found in a demo executable to a file named example_file_strings.txt.
support\analyzeHeadless ^ my\ghidra\projects DummyProject ^ -import demo_binary.exe ^ -postScript SaveStringsScriptRb.rb example_file_strings.txt ^ -deleteProject
Copy and paste from within the Ruby interpreter should work as expected for your given environment:
- Windows: CTRL+C / CTRL+V
- Linux: CTRL+C / CTRL+V
- OS X: COMMAND+C / COMMAND+V
When this option is set to true, a number of Ghidra classes are imported in the Ruby interactive interpreter automatically.
The list of classes (and their containing packages) is in a data file included in this extension's data folder named auto-import.xml. If you wish to add or remove classes from this list, edit this file and reset the interpeter. Note that changes to this file will affect the classes imported by all Ruby Dragon interpreters, not just Ruby.
For more information on the JRuby environment, such as how to interact with Java objects through a Ruby interface, please refer to JRuby wiki at https://github.com/jruby/jruby/wiki
Provided by: RubyDragon