Skip to content

Latest commit

 

History

History
47 lines (33 loc) · 1.48 KB

README.md

File metadata and controls

47 lines (33 loc) · 1.48 KB

winapi-ghidra

The development was based on the desire to enable PE to be analyzed quickly.

call_api_table.py

Lists the address of the CALL that calls the Windows API and its Windows API.

The output is a table, the number of API types and the number of API CALLs. Clicking on the address will take you to the CALL location, and clicking on the API will take you to the API information in .rdata.

output-table output-table2

※Caution.
This code does not pick up APIs (such as URLDownloadToFileA) used in Thunk Functions.

api_summary.py

Embed a summary of the api in a comment. The overview is in line with MSDN. It is not very practical because there are very few api's that are supported.
Load api_summary.json

※Beta
There are beta database in the summary branch.

auto_equate_setting.py

Set the correct equate for the API arguments (constants only).However, the following four APIs are supported.

  • CreateProcessA
  • RegCreateKeyExA
  • RegValueExA
  • SHGetSpecialFolderPathA

Load api_dict.json
The output is an array of arguments and an array of set equates.

output-table3

Before before

After after

equate_table

The future development process will be twofold.

  • Increase dictionaries.
  • Migration from dictionary to gdt.

If you are interested in this repository and have a suggestion, please feel free to pull request.