A better Ghidra MCP server – GhidrAssistMCP
GhidrAssistMCP
A powerful Ghidra extension that provides an MCP (Model Context Protocol) server, enabling AI assistants and other tools to interact with Ghidra's reverse engineering capabilities through a standardized API.
Overview
GhidrAssistMCP bridges the gap between AI-powered analysis tools and Ghidra's comprehensive reverse engineering platform. By implementing the Model Context Protocol, this extension allows external AI assistants, automated analysis tools, and custom scripts to seamlessly interact with Ghidra's analysis capabilities.
Key Features
- ** MCP Server Integration**: Full Model Context Protocol server implementation using official SDK
- ** 31 Built-in Tools**: Comprehensive set of analysis tools covering functions, data, cross-references, and more
- ** Configurable UI**: Easy-to-use interface for managing tools and monitoring activity
- ** Real-time Logging**: Track all MCP requests and responses with detailed logging
- ** Dynamic Tool Management**: Enable/disable tools individually with persistent settings
- ** Current Context Awareness**: Tools that understand Ghidra's current cursor position and active function
Screenshots
Installation
Prerequisites
- Ghidra 11.4+ (tested with Ghidra 11.4 Public)
- An MCP Client (Like GhidrAssist)
Binary Release (Recommended)
-
Download the latest release:
- Go to the Releases page
- Download the latest
.zipfile (e.g.,GhidrAssistMCP-v1.0.0.zip)
-
Install the extension:
- In Ghidra: File → Install Extensions → Add Extension
- Select the downloaded ZIP file
- Restart Ghidra when prompted
-
Enable the plugin:
- File → Configure → Configure Plugins
- Search for "GhidrAssistMCP"
- Check the box to enable the plugin
Building from Source
-
Clone the repository:
git clone <repository-url> cd GhidrAssistMCP
-
Set Ghidra installation path:
export GHIDRA_INSTALL_DIR=/path/to/your/ghidra/installation -
Build the extension:
gradle buildExtension
-
Install the extension:
- Copy the generated ZIP file from
dist/directory - In Ghidra: File → Install Extensions → Add Extension
- Select the ZIP file and restart Ghidra
- Copy the generated ZIP file from
-
Enable the plugin:
- File → Configure → Configure Plugins
- Search for "GhidrAssistMCP"
- Check the box to enable the plugin
Configuration
Initial Setup
-
Open the Control Panel:
- Window → GhidrAssistMCP (or use the toolbar icon)
-
Configure Server Settings:
- Host: Default is
localhost - Port: Default is
8080 - Enable/Disable: Toggle the MCP server on/off
- Host: Default is
Tool Management
The Configuration tab allows you to:
- View all available tools (29 total)
- Enable/disable individual tools using checkboxes
- Save configuration to persist across sessions
- Monitor tool status in real-time
Available Tools
Program Analysis
get_program_info- Get basic program informationlist_functions- List all functions in the programlist_data- List data definitionslist_strings- List string referenceslist_imports- List imported functionslist_exports- List exported functionslist_segments- List memory segmentslist_namespaces- List namespaceslist_classes- List class definitionslist_methods- List method definitions
Function Analysis
get_function_info- Get detailed function informationget_class_info- Get detailed class informationget_function_by_address- Find function at specific addressget_current_function- Get function at cursor positiondecompile_function- Decompile function to C-like codedisassemble_function- Get assembly disassemblysearch_functions- Search functions by name patternsearch_classes- Search classes by name patternfunction_xrefs- Get function cross-references
Location & Navigation
get_current_address- Get current cursor addressxrefs_to- Find references to an addressxrefs_from- Find references from an address
Modification Tools
rename_function- Rename functionsrename_function_by_address- Rename function at specific addressrename_variable- Rename variablesrename_data- Rename data definitionsset_function_prototype- Set function signaturesset_local_variable_type- Set variable data typesset_disassembly_comment- Add disassembly commentsset_decompiler_comment- Add decompiler comments
Advanced Analysis
auto_create_struct- Automatically create structures from variable usage patterns
Usage Examples
Basic Program Information
{
"method": "tools/call",
"params": {
"name": "get_program_info"
}
}
Function Analysis
{
"method": "tools/call",
"params": {
"name": "get_function_info",
"arguments": {
"function_name": "main"
}
}
}
Decompilation
{
"method": "tools/call",
"params": {
"name": "decompile_function",
"arguments": {
"function_name": "encrypt_data"
}
}
}
Structure Creation
{
"method": "tools/call",
"params": {
"name": "auto_create_struct",
"arguments": {
"function_identifier": "0x00401000",
"variable_name": "ctx"
}
}
}
Setting Function Prototype
{
"method": "tools/call",
"params": {
"name": "set_function_prototype",
"arguments": {
"function_address": "0x00401000",
"prototype": "int main(int argc, char** argv)"
}
}
}
Architecture
Core Components
GhidrAssistMCP/
├── GhidrAssistMCPPlugin # Main plugin entry point
├── GhidrAssistMCPServer # HTTP/SSE MCP server
├── GhidrAssistMCPBackend # Tool management and execution
├── GhidrAssistMCPProvider # UI component provider
└── tools/ # Individual MCP tools
├── Analysis Tools/
├── Modification Tools/
└── Navigation Tools/
MCP Protocol Implementation
- Transport: HTTP with Server-Sent Events (SSE)
- Endpoints:
GET /sse- SSE connection for bidirectional communicationPOST /message- Message exchange endpoint
- Tool Registration: Dynamic tool discovery and registration
- Session Management: Stateful sessions with proper lifecycle management
Plugin Architecture
- Observer Pattern: Decoupled UI updates using event listeners
- Transaction Management: Safe database operations with rollback support
- Tool Registry: Dynamic tool registration with enable/disable capability
- Settings Persistence: Configuration saved in Ghidra's settings system
- Thread Safety: Proper Swing EDT handling for UI operations
Development
Project Structure
src/main/java/ghidrassistmcp/
├── GhidrAssistMCPPlugin.java # Main plugin class
├── GhidrAssistMCPProvider.java # UI provider with tabs
├── GhidrAssistMCPServer.java # MCP server implementation
├── GhidrAssistMCPBackend.java # Backend tool management
├── McpBackend.java # Backend interface
├── McpTool.java # Tool interface
├── McpEventListener.java # Event notification interface
└── tools/ # Tool implementations
├── ProgramInfoTool.java
├── ListFunctionsTool.java
├── DecompileFunctionTool.java
├── AutoCreateStructTool.java
└── ... (29 total tools)
Adding New Tools
-
Implement McpTool interface:
public class MyCustomTool implements McpTool { @Override public String getName() { return "my_custom_tool"; } @Override public String getDescription() { return "Description"; } @Override public McpSchema.JsonSchema getInputSchema() { /* ... */ } @Override public McpSchema.CallToolResult execute(Map<String, Object> arguments, Program program) { // Implementation } }
-
Register in backend:
// In GhidrAssistMCPBackend constructor registerTool(new MyCustomTool());
Build Commands
# Clean build gradle clean # Build extension gradle buildExtension # Build with specific Ghidra path gradle -PGHIDRA_INSTALL_DIR=/path/to/ghidra buildExtension # Debug build gradle buildExtension --debug
Dependencies
- MCP SDK:
io.modelcontextprotocol.sdk:mcp:0.10.0 - Jetty Server:
11.0.20(HTTP/SSE transport) - Jackson:
2.17.0(JSON processing) - Ghidra API: Bundled with Ghidra installation
Logging
UI Logging
The Log tab provides real-time monitoring:
- Session Events: Server start/stop, program changes
- Tool Requests:
REQ: tool_name {parameters...} - Tool Responses:
RES: tool_name {response...} - Error Messages: Failed operations and diagnostics
Console Logging
Detailed logging in Ghidra's console:
- Tool registration and initialization
- MCP server lifecycle events
- Database transaction operations
- Error stack traces and debugging information
Troubleshooting
Common Issues
Server Won't Start
- Check if port 8080 is available
- Verify Ghidra installation path
- Examine console logs for errors
Tools Not Appearing
- Ensure plugin is enabled
- Check Configuration tab for tool status
- Verify backend initialization in logs
MCP Client Connection Issues
- Confirm server is running (check GhidrAssistMCP window)
- Test connection:
curl http://localhost:8080/sse - Check firewall settings
Tool Execution Failures
- Verify program is loaded in Ghidra
- Check tool parameters are correct
- Review error messages in Log tab
Debug Mode
Enable debug logging by adding to Ghidra startup:
-Dlog4j.logger.ghidrassistmcp=DEBUG
Contributing
- Fork the repository
- Create a feature branch:
git checkout -b feature-name - Make your changes with proper tests
- Follow code style: Use existing patterns and conventions
- Submit a pull request with detailed description
Code Standards
- Java 21+ features where appropriate
- Proper exception handling with meaningful messages
- Transaction safety for all database operations
- Thread safety for UI operations
- Comprehensive documentation for public APIs
License
This project is licensed under the MIT License - see the LICENSE file for details.
Acknowledgments
- NSA/Ghidra Team for the excellent reverse engineering platform
- Anthropic for the Model Context Protocol specification
** Questions or Issues?**
Please open an issue on the project repository for bug reports, feature requests, or questions about usage and development.
What's Your Reaction?
Like
0
Dislike
0
Love
0
Funny
0
Angry
0
Sad
0
Wow
0
