A powerful Ghidra extension that provides an MCP (Model Context Protocol) server, enabling AI assistants and other tools to interact with Ghidra's reverse engineering capabilities through a standardized API. GhidrAssistMCP bridges the gap between AI-powered analysis tools and Ghidra's comprehensive reverse engineering platform. By implementing the Model Context Protocol, this extension allows exte
Add this skill
npx mdskills install jtang613/ghidrassistmcpComprehensive MCP server exposing 34 Ghidra tools with excellent documentation and async task support
1# GhidrAssistMCP23A powerful Ghidra extension that provides an MCP (Model Context Protocol) server, enabling AI assistants and other tools to interact with Ghidra's reverse engineering capabilities through a standardized API.45## Overview67GhidrAssistMCP bridges the gap between AI-powered analysis tools and Ghidra's comprehensive reverse engineering platform. By implementing the Model Context Protocol, this extension allows external AI assistants, automated analysis tools, and custom scripts to seamlessly interact with Ghidra's analysis capabilities.89### Key Features1011- **MCP Server Integration**: Full Model Context Protocol server implementation using official SDK12- **Dual HTTP Transports**: Supports SSE and Streamable HTTP transports for maximum client compatibility13- **34 Built-in Tools**: Comprehensive set of analysis tools with action-based consolidation for cleaner APIs14- **5 MCP Resources**: Static data resources for program info, functions, strings, imports, and exports15- **5 MCP Prompts**: Pre-built analysis prompts for common reverse engineering tasks16- **Result Caching**: Intelligent caching system to improve performance for repeated queries17- **Async Task Support**: Long-running operations execute asynchronously with task management18- **Multi-Program Support**: Work with multiple open programs simultaneously using `program_name` parameter19- **Multi-Window Support**: Single MCP server shared across all CodeBrowser windows with intelligent focus tracking20- **Active Context Awareness**: Automatic detection of which binary window is in focus, with context hints in all tool responses21- **Configurable UI**: Easy-to-use interface for managing tools and monitoring activity22- **Real-time Logging**: Track all MCP requests and responses with detailed logging23- **Dynamic Tool Management**: Enable/disable tools individually with persistent settings2425## Clients2627Shameless self-promotion: [GhidrAssist](https://github.com/jtang613/GhidrAssist) supports GhidrAssistMCP right out of the box.2829## Screenshots3031323334## Installation3536### Prerequisites3738- **Ghidra 11.4+** (tested with Ghidra 12.0 Public)39- **An MCP Client (Like GhidrAssist)**4041### Binary Release (Recommended)42431. **Download the latest release**:44 - Go to the [Releases page](https://github.com/jtang613/GhidrAssistMCP/releases)45 - Download the latest `.zip` file (e.g., `GhidrAssistMCP-v1.0.0.zip`)46472. **Install the extension**:48 - In Ghidra: **File → Install Extensions → Add Extension**49 - Select the downloaded ZIP file50 - Restart Ghidra when prompted51523. **Enable the plugin**:53 - **File → Configure → Configure Plugins**54 - Search for "GhidrAssistMCP"55 - Check the box to enable the plugin5657### Building from Source58591. **Clone the repository**:6061 ```bash62 git clone <repository-url>63 cd GhidrAssistMCP64 ```65662. **Point Gradle at your Ghidra install**:67 - Set `GHIDRA_INSTALL_DIR` (environment variable), or pass `-PGHIDRA_INSTALL_DIR=<path>` when you run Gradle.68693. **Build + install**:7071 Ensure Ghidra isn't running and run:7273 ```bash74 gradle installExtension75 ```7677 This copies the built ZIP into your Ghidra install (`[GHIDRA_INSTALL_DIR]/Extensions/Ghidra`) and extracts it into your Ghidra **user** Extensions folder (replacing any existing extracted copy).7879 If you need to override that location, pass `-PGHIDRA_USER_EXTENSIONS_DIR=<path>`.80814. **Restart / verify**:82 - Restart Ghidra.83 - If the plugin doesn't appear, enable it via **File → Configure → Configure Plugins** (search for "GhidrAssistMCP").8485## Configuration8687### Initial Setup88891. **Open the Control Panel**:90 - Window → GhidrAssistMCP (or use the toolbar icon)91922. **Configure Server Settings**:93 - **Host**: Default is `localhost`94 - **Port**: Default is `8080`95 - **Enable/Disable**: Toggle the MCP server on/off9697### Tool Management9899The Configuration tab allows you to:100101- **View all available tools** (34 total)102- **Enable/disable individual tools** using checkboxes103- **Save configuration** to persist across sessions104- **Monitor tool status** in real-time105106## Available Tools107108GhidrAssistMCP provides 34 tools organized into categories. Several tools use an action-based API pattern where a single tool provides multiple related operations.109110### Program & Data Listing111112| Tool | Description |113| ---- | ----------- |114| `get_program_info` | Get basic program information (name, architecture, compiler, etc.) |115| `list_programs` | List all open programs across all CodeBrowser windows |116| `list_functions` | List functions with optional pattern filtering and pagination |117| `list_data` | List data definitions in the program |118| `list_data_types` | List all available data types |119| `list_strings` | List string references with optional filtering |120| `list_imports` | List imported functions/symbols |121| `list_exports` | List exported functions/symbols |122| `list_segments` | List memory segments |123| `list_namespaces` | List namespaces in the program |124| `list_relocations` | List relocation entries |125126### Function & Code Analysis127128| Tool | Description |129| ---- | ----------- |130| `get_function_info` | Get detailed function information (signature, variables, etc.) |131| `get_current_function` | Get function at current cursor position |132| `get_current_address` | Get current cursor address |133| `get_hexdump` | Get hexdump of memory at specific address |134| `get_call_graph` | Get call graph for a function (callers and callees) |135| `get_basic_blocks` | Get basic block information for a function |136137### Consolidated Tools138139These tools bundle related operations behind a discriminator parameter (e.g., `action`, `target`, `target_type`, or `format`).140141#### `get_code` - Code Retrieval Tool142143| Parameter | Values | Description |144| --------- | ------ | ----------- |145| `format` | `decompiler`, `disassembly`, `pcode` | Output format |146| `raw` | boolean | Only affects `format: "pcode"` (raw pcode ops vs grouped by basic blocks) |147148#### `class` - Class Operations Tool149150| Action | Description |151| ------ | ----------- |152| `list` | List classes with optional pattern filtering and pagination |153| `get_info` | Get detailed class information (methods, fields, vtables, virtual functions) |154155#### `xrefs` - Cross-Reference Tool156157| Parameter | Description |158| --------- | ----------- |159| `address` | Find all references to/from a specific address |160| `function` | Find all cross-references for a function |161162#### `struct` - Structure Operations Tool163164| Action | Description |165| ------ | ----------- |166| `create` | Create a new structure from C definition or empty |167| `modify` | Modify an existing structure with new C definition |168| `merge` | Merge (overlay) fields from a C definition onto an existing structure without deleting existing fields |169| `set_field` | Set/insert a single field at a specific offset without needing a full C struct (use `field_name` to name it) |170| `name_gap` | Convert undefined bytes at an offset/length into a named `byte[]`-like field (useful for “naming gaps”; uses `field_name`) |171| `auto_create` | Automatically create structure from variable usage patterns |172| `rename_field` | Rename a field within a structure |173| `field_xrefs` | Find cross-references to a specific struct field |174175#### `rename_symbol` - Symbol Renaming Tool176177| Parameter | Values | Description |178| --------- | ------ | ----------- |179| `target_type` | `function`, `data`, `variable` | What kind of symbol to rename |180181#### `set_comment` - Comment Tool182183| Parameter | Values | Description |184| --------- | ------ | ----------- |185| `target` | `function`, `address` | Where to set the comment |186| `comment_type` | `eol`, `pre`, `post`, `plate`, `repeatable` | Comment type for `target: "address"` (default `eol`) |187188#### `bookmarks` - Bookmark Management Tool189190| Action | Description |191| ------ | ----------- |192| `list` | List all bookmarks |193| `add` | Add a new bookmark |194| `delete` | Delete a bookmark |195196### Type & Prototype Tools197198| Tool | Description |199| ----- | ----------- |200| `get_data_type` | Get detailed data type information and structure definitions |201| `delete_data_type` | Delete a data type by name (optionally scoped by `category`) |202| `set_data_type` | Set data type at a specific address |203| `set_function_prototype` | Set function signature/prototype |204| `set_local_variable_type` | Set data type for local variables |205206### Search Tools207208| Tool | Description |209| ----- | ----------- |210| `search_bytes` | Search for byte patterns in memory |211212### Async Task Management213214Long-running operations (decompilation, structure analysis, field xrefs) execute asynchronously:215216| Tool | Description |217| ---- | ----------- |218| `get_task_status` | Check status and retrieve results of async tasks |219| `cancel_task` | Cancel a running async task |220| `list_tasks` | List all pending/running/completed tasks |221222## MCP Resources223224GhidrAssistMCP exposes 5 static resources that can be read by MCP clients:225226| Resource URI | Description |227| ------------ | ----------- |228| `ghidra://program/info` | Basic program information |229| `ghidra://program/functions` | List of all functions |230| `ghidra://program/strings` | String references |231| `ghidra://program/imports` | Imported symbols |232| `ghidra://program/exports` | Exported symbols |233234## MCP Prompts235236Pre-built prompts for common analysis tasks:237238| Prompt | Description |239| ------ | ----------- |240| `analyze_function` | Comprehensive function analysis prompt |241| `identify_vulnerability` | Security vulnerability identification |242| `document_function` | Generate function documentation |243| `trace_data_flow` | Data flow analysis prompt |244| `trace_network_data` | Trace network send/recv call stacks for protocol analysis and network vulnerability identification |245246## Usage Examples247248### Basic Program Information249250```json251{252 "method": "tools/call",253 "params": {254 "name": "get_program_info"255 }256}257```258259### List Functions with Pattern Filtering260261```json262{263 "method": "tools/call",264 "params": {265 "name": "list_functions",266 "arguments": {267 "pattern": "init",268 "case_sensitive": false,269 "limit": 50270 }271 }272}273```274275### Decompile Function (`get_code`)276277```json278{279 "method": "tools/call",280 "params": {281 "name": "get_code",282 "arguments": {283 "function": "main",284 "format": "decompiler"285 }286 }287}288```289290### Get Class Information (Action-Based)291292```json293{294 "method": "tools/call",295 "params": {296 "name": "class",297 "arguments": {298 "action": "get_info",299 "class_name": "MyClass"300 }301 }302}303```304305### Search Classes (Action-Based)306307```json308{309 "method": "tools/call",310 "params": {311 "name": "class",312 "arguments": {313 "action": "list",314 "pattern": "Socket",315 "case_sensitive": false316 }317 }318}319```320321### Auto-Create Structure (Action-Based)322323```json324{325 "method": "tools/call",326 "params": {327 "name": "struct",328 "arguments": {329 "action": "auto_create",330 "function_identifier": "0x00401000",331 "variable_name": "ctx"332 }333 }334}335```336337### Find Struct Field Cross-References (Action-Based)338339```json340{341 "method": "tools/call",342 "params": {343 "name": "struct",344 "arguments": {345 "action": "field_xrefs",346 "structure_name": "Host",347 "field_name": "port"348 }349 }350}351```352353### Delete a Data Type354355If multiple types share the same name across categories, pass `category` (or pass a full path in `name` starting with `/`).356357```json358{359 "method": "tools/call",360 "params": {361 "name": "delete_data_type",362 "arguments": {363 "name": "MyStruct",364 "category": "/mytypes"365 }366 }367}368```369370### Rename Function (Action-Based)371372```json373{374 "method": "tools/call",375 "params": {376 "name": "rename_symbol",377 "arguments": {378 "action": "function",379 "address": "0x00401000",380 "new_name": "decrypt_buffer"381 }382 }383}384```385386### Multi-Program Support387388When working with multiple open programs, first list them:389390```json391{392 "method": "tools/call",393 "params": {394 "name": "list_programs"395 }396}397```398399Then specify which program to target using `program_name`:400401```json402{403 "method": "tools/call",404 "params": {405 "name": "list_functions",406 "arguments": {407 "program_name": "target_binary.exe",408 "limit": 10409 }410 }411}412```413414## Multi-Window Support & Active Context Awareness415416GhidrAssistMCP uses a singleton architecture that enables seamless operation across multiple CodeBrowser windows:417418### How It Works4194201. **Single Shared Server**: One MCP server (port 8080) serves all CodeBrowser windows4212. **Focus Tracking**: Automatically detects which CodeBrowser window is currently active4223. **Context Hints**: All tool responses include context information to help AI understand which binary is in focus423424### Context Information in Responses425426Every tool response includes a context header:427428```plaintext429[Context] Operating on: malware.exe | Active window: malware.exe430431<tool response content>432```433434or when targeting a different program:435436```plaintext437[Context] Operating on: lib.so | Active window: main.exe | Total open programs: 3438439<tool response content>440```441442### Benefits for AI Assistants443444- **Smart Defaults**: When no `program_name` is specified, tools automatically use the program from the active window445- **Context Awareness**: AI knows which binary the user is currently viewing446- **Prevents Confusion**: Clear indication when operating on a different binary than what's in the active window447- **Multi-tasking**: Work with multiple binaries without constantly specifying which one to target448449## Architecture450451### Core Components452453```plaintext454GhidrAssistMCP/455├── GhidrAssistMCPManager # Singleton coordinator for multi-window support456│ ├── Tracks all CodeBrowser windows457│ ├── Manages focus tracking458│ └── Owns shared server and backend459├── GhidrAssistMCPPlugin # Plugin instance (one per CodeBrowser window)460│ └── Registers with singleton manager461├── GhidrAssistMCPServer # HTTP MCP server (SSE + Streamable)462│ └── Single shared instance on port 8080463├── GhidrAssistMCPBackend # Tool management and execution464│ ├── Tool registry with enable/disable states465│ ├── Result caching system466│ ├── Async task management467│ └── Resource and prompt registries468├── GhidrAssistMCPProvider # UI component provider469│ └── First registered instance provides UI470├── cache/ # Caching infrastructure471│ ├── McpCache.java472│ └── CacheEntry.java473├── tasks/ # Async task management474│ ├── McpTaskManager.java475│ └── McpTask.java476├── resources/ # MCP Resources (5 total)477│ ├── ProgramInfoResource.java478│ ├── FunctionListResource.java479│ ├── StringsResource.java480│ ├── ImportsResource.java481│ └── ExportsResource.java482├── prompts/ # MCP Prompts (5 total)483│ ├── AnalyzeFunctionPrompt.java484│ ├── IdentifyVulnerabilityPrompt.java485│ ├── DocumentFunctionPrompt.java486│ ├── TraceDataFlowPrompt.java487│ └── TraceNetworkDataPrompt.java488└── tools/ # MCP Tools (34 total)489 ├── Consolidated action-based tools490 ├── Analysis tools491 ├── Modification tools492 └── Navigation tools493```494495### Tool Design Patterns496497**Consolidated Tools**: Related operations are consolidated into single tools with a discriminator parameter:498499- `get_code`: `format: decompiler|disassembly|pcode`500- `class`: `action: list|get_info`501- `struct`: `action: create|modify|auto_create|rename_field|field_xrefs`502- `rename_symbol`: `target_type: function|data|variable`503- `set_comment`: `target: function|address`504- `bookmarks`: `action: list|add|delete`505506**Tool Interface Methods**:507508- `isReadOnly()`: Indicates if tool modifies program state509- `isLongRunning()`: Triggers async execution with task management510- `isCacheable()`: Enables result caching for repeated queries511- `isDestructive()`: Marks potentially dangerous operations512- `isIdempotent()`: Indicates if repeated calls produce same result513514### MCP Protocol Implementation515516- **Transports**:517 - HTTP with Server-Sent Events (SSE)518 - Streamable HTTP519- **Endpoints**:520 - `GET /sse` - SSE connection for bidirectional communication521 - `POST /message` - Message exchange endpoint522 - `GET /mcp` - Receive Streamable HTTP events523 - `POST /mcp` - Initialize Streamable HTTP session524 - `DELETE /mcp` - Terminate Streamable HTTP session525- **Capabilities**: Tools, Resources, Prompts526527## Development528529### Project Structure530531```plaintext532src/main/java/ghidrassistmcp/533├── GhidrAssistMCPPlugin.java # Main plugin class534├── GhidrAssistMCPManager.java # Singleton coordinator535├── GhidrAssistMCPProvider.java # UI provider with tabs536├── GhidrAssistMCPServer.java # MCP server implementation537├── GhidrAssistMCPBackend.java # Backend tool/resource/prompt management538├── McpBackend.java # Backend interface539├── McpTool.java # Tool interface540├── McpEventListener.java # Event notification interface541├── cache/ # Caching system542├── tasks/ # Async task system543├── resources/ # MCP resources544├── prompts/ # MCP prompts545└── tools/ # Tool implementations (34 files)546```547548### Adding New Tools5495501. **Implement McpTool interface**:551552 ```java553 public class MyCustomTool implements McpTool {554 @Override555 public String getName() { return "my_custom_tool"; }556557 @Override558 public String getDescription() { return "Description"; }559560 @Override561 public boolean isReadOnly() { return true; }562563 @Override564 public boolean isLongRunning() { return false; }565566 @Override567 public boolean isCacheable() { return true; }568569 @Override570 public McpSchema.JsonSchema getInputSchema() { /* ... */ }571572 @Override573 public McpSchema.CallToolResult execute(Map<String, Object> arguments, Program program) {574 // Implementation575 }576 }577 ```5785792. **Register in backend**:580581 ```java582 // In GhidrAssistMCPBackend constructor583 registerTool(new MyCustomTool());584 ```585586### Build Commands587588```bash589# Clean build590gradle clean591592# Build extension zip (written to dist/)593gradle buildExtension594595# Install (extract) extension into the Ghidra user Extensions directory596gradle installExtension597598# Uninstall (delete extracted directory from the Ghidra user Extensions directory)599gradle uninstallExtension600601# Build/install with specific Ghidra path (required if GHIDRA_INSTALL_DIR isn't set)602gradle -PGHIDRA_INSTALL_DIR=/path/to/ghidra installExtension603604# Debug build605gradle buildExtension --debug606```607608### Dependencies609610- **MCP SDK**: `io.modelcontextprotocol.sdk:mcp:0.17.1`611- **Jetty Server**: `11.0.20` (HTTP/SSE transport)612- **Jackson**: `2.18.3` (JSON processing)613- **Ghidra API**: Bundled with Ghidra installation614615## Logging616617### UI Logging618619The **Log** tab provides real-time monitoring:620621- **Session Events**: Server start/stop, program changes622- **Tool Requests**: `REQ: tool_name {parameters...}`623- **Tool Responses**: `RES: tool_name {response...}`624- **Error Messages**: Failed operations and diagnostics625- **Cache Hits**: When cached results are returned626627### Console Logging628629Detailed logging in Ghidra's console:630631- Tool registration and initialization632- MCP server lifecycle events633- Async task execution and completion634- Cache statistics635- Database transaction operations636- Error stack traces and debugging information637638## Troubleshooting639640### Common Issues641642#### Server Won't Start643644- Check if port 8080 is available645- Verify Ghidra installation path646- Examine console logs for errors647648#### Tools Not Appearing649650- Ensure plugin is enabled651- Check Configuration tab for tool status652- Verify backend initialization in logs653654#### MCP Client Connection Issues655656- Confirm server is running (check GhidrAssistMCP window)657- Test connection: `curl http://localhost:8080/sse`658- Check firewall settings659660#### Tool Execution Failures661662- Verify program is loaded in Ghidra663- Check tool parameters are correct664- Review error messages in Log tab665666#### Async Task Issues667668- Use `get_task_status` to check task state669- Use `list_tasks` to see all tasks670- Use `cancel_task` if a task is stuck671672### Debug Mode673674Enable debug logging by adding to Ghidra startup:675676```bash677-Dlog4j.logger.ghidrassistmcp=DEBUG678```679680## Contributing6816821. **Fork the repository**6832. **Create a feature branch**: `git checkout -b feature-name`6843. **Make your changes** with proper tests6854. **Follow code style**: Use existing patterns and conventions6865. **Submit a pull request** with detailed description687688### Code Standards689690- **Java 21+ features** where appropriate691- **Proper exception handling** with meaningful messages692- **Transaction safety** for all database operations693- **Thread safety** for UI operations694- **Comprehensive documentation** for public APIs695- **Action-based consolidation** for related tool operations696697## License698699This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.700701## Acknowledgments702703- **NSA/Ghidra Team** for the excellent reverse engineering platform704- **Anthropic** for the Model Context Protocol specification705706---707708**Questions or Issues?**709710Please open an issue on the project repository for bug reports, feature requests, or questions about usage and development.711
Full transparency — inspect the skill content before installing.