Ghidrion : a Ghidra plugin to support symbolic execution

Flum, Silvan; Huber, Valentin

doi:10.21256/zhaw-29942

Please use this identifier to cite or link to this item: https://doi.org/10.21256/zhaw-29942

Publication type:	Bachelor thesis
Title:	Ghidrion : a Ghidra plugin to support symbolic execution
Authors:	Flum, Silvan Huber, Valentin
Advisors / Reviewers:	Wagner, Arno Gür, Gürkan Pfammatter, Damian
DOI:	10.21256/zhaw-29942
Extent:	62
Issue Date:	2023
Series:	Bachelorarbeiten ZHAW School of Engineering
Publisher / Ed. Institution:	ZHAW Zürcher Hochschule für Angewandte Wissenschaften
Publisher / Ed. Institution:	Winterthur
Language:	English
Subjects:	Symbolic execution; Ghidra; Vulnerability research; Binary analysis; Software reverse engineering
Subject (DDC):	005: Computer programming, programs and data
Abstract:	Symbolic execution is a powerful technique for automatic analysis of and reasoning about program behaviour, particularly in binary analysis. However, popular reverse engineering tools such as Ghidra lack native support for symbolic execution. Existing extensions advertising symbolic execution are limited in functionality, do not scale well enough to be employed on practical binaries and provide limited documentation. The Cyber-Defence Campus of armasuisse, as part of its vulnerability research program, has developed a proof-of-concept tool called Morion, that enables symbolic execution-based analysis of various vulnerability types on practical binaries. Previously, it had to be configured by manually writing configuration files. This thesis proposes Ghidrion, an open-source Ghidra plugin that leverages information gathered from Ghidra’s analysis tools to enhance analysts’ usage of Morion. Ghidrion suggests calls to external functions that can be hooked and simplifies configuring the setup necessary to run Morion. It further supports the analysis of Morion’s results by visually highlighting executed instructions and providing a side-by-side comparison of memory and register values at the beginning and end of the execution. Alongside the code, previously missing documentation on developing Ghidra plugins is provided. This thesis further proposes future research directions, such as improvements to Ghidra’s loader to match external functions to their libraries and added support for interactive Python shells to run Morion’s analysis modules from within Ghidra.
URI:	https://digitalcollection.zhaw.ch/handle/11475/29942
License (according to publishing contract):	CC BY 4.0: Attribution 4.0 International
Departement:	School of Engineering
Appears in collections:	Bachelorarbeiten ZHAW School of Engineering

Files in This Item:

File	Description	Size	Format
2023_Flum-Silvan_Huber-Valentin_BA_SoE.pdf		5.38 MB	Adobe PDF	View/Open

Show full item record

Flum, S., & Huber, V. (2023). Ghidrion : a Ghidra plugin to support symbolic execution [Bachelor’s thesis, ZHAW Zürcher Hochschule für Angewandte Wissenschaften]. https://doi.org/10.21256/zhaw-29942

Flum, S. and Huber, V. (2023) Ghidrion : a Ghidra plugin to support symbolic execution. Bachelor’s thesis. ZHAW Zürcher Hochschule für Angewandte Wissenschaften. Available at: https://doi.org/10.21256/zhaw-29942.

S. Flum and V. Huber, “Ghidrion : a Ghidra plugin to support symbolic execution,” Bachelor’s thesis, ZHAW Zürcher Hochschule für Angewandte Wissenschaften, Winterthur, 2023. doi: 10.21256/zhaw-29942.

FLUM, Silvan und Valentin HUBER, 2023. Ghidrion : a Ghidra plugin to support symbolic execution. Bachelor’s thesis. Winterthur: ZHAW Zürcher Hochschule für Angewandte Wissenschaften

Flum, Silvan, and Valentin Huber. 2023. “Ghidrion : A Ghidra Plugin to Support Symbolic Execution.” Bachelor’s thesis, Winterthur: ZHAW Zürcher Hochschule für Angewandte Wissenschaften. https://doi.org/10.21256/zhaw-29942.

Flum, Silvan, and Valentin Huber. Ghidrion : A Ghidra Plugin to Support Symbolic Execution. ZHAW Zürcher Hochschule für Angewandte Wissenschaften, 2023, https://doi.org/10.21256/zhaw-29942.