Patfind plugin

Patfind plugin makes it possible to automatically find functions in binary files.

It relies on bit pattern definitions for typical function starts and function ends.

Those bit patterns are defined in XML files, based on Ghidra's function patterns format. A collection of bit pattern files is provided for the commonly used CPU architectures.

It is possible to add new architectures by simply adding a new XML file, just like the other XML files.

It's also possible to add, remove or change existing patterns for better matching.

Configuration

'cfg/patfind.cfg' file presents all the options

The config file also contains the documentation on how to use or change the XML pattern files.

If desired, new XML files can be added to the 'cfg/ghidra_patterns/' directory.

'-Opatfind' command line switches can be used to select the type of run differently for this session of IDA.

List of options

  autorun=0 : don't automatically search for bit pattern
  autorun=1 : search for bit pattern only on binary like files
  autorun=2 : search for bit pattern on any input file

Examples

  -Opatfind:autorun=0

Last updated 1 month ago