PowerShell Ghidra

[SleepTheGod]

This PowerShell script automates the installation and operation of Ghidra, a reverse engineering tool, on Windows systems. It starts by defining the Ghidra installation directory path and checks if Ghidra is already installed. If Ghidra is not found, it proceeds to download Ghidra from its GitHub repository, extracts the downloaded zip file, and renames the extracted folder. The script also checks for administrative privileges and attempts to elevate permissions if needed. It then handles different commands provided as parameters (decompile, analyze, help) by displaying corresponding messages, but these sections would typically contain the actual commands to execute Ghidra's functionalities. Overall, this script streamlines the installation process and facilitates the execution of Ghidra commands based on user input, This script allows windows users to port Ghidra over to PowerShell thought it would be a good tool for you guys to have

`param (
[string]$command
)

Path to the Ghidra installation directory

$ghidraInstallDir = Join-Path $env:ProgramFiles 'Ghidra'

Check if Ghidra is installed

$ghidraInstalled = Test-Path $ghidraInstallDir

if (-not $ghidraInstalled) {
Write-Host "Ghidra is not installed. Downloading and installing..."

# Download Ghidra from the GitHub repository
$ghidraDownloadURL = "https://github.com/NationalSecurityAgency/ghidra/archive/master.zip"
$downloadPath = Join-Path $env:TEMP 'ghidra.zip'
Invoke-WebRequest -Uri $ghidraDownloadURL -OutFile $downloadPath

# Extract Ghidra to the installation directory
Expand-Archive -Path $downloadPath -DestinationPath $ghidraInstallDir
Rename-Item -Path (Join-Path $ghidraInstallDir 'ghidra-master') -NewName 'ghidra'

# Remove the downloaded zip file
Remove-Item -Path $downloadPath

Write-Host "Ghidra has been installed to $ghidraInstallDir"

}

Check for administrative privileges

if (-not ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] 'Administrator')) {
Write-Host "Script requires elevated permissions. Restarting with elevated rights..."
Start-Process powershell.exe -ArgumentList "-File "$PSCommandPath"", "-command", $command -Verb RunAs
exit
}

switch ($command) {
"decompile" {
# Replace this with the actual command to run Ghidra's decompile functionality
Write-Host "Running Ghidra's decompile functionality..."
}
"analyze" {
# Replace this with the actual command to run Ghidra's analysis functionality
Write-Host "Running Ghidra's analysis functionality..."
}
"help" {
# Help message for command usage
Write-Host "Ghidra PowerShell Tool"
Write-Host "Usage: ghidra "
Write-Host ""
Write-Host "Available commands:"
Write-Host " decompile - Run Ghidra's decompile functionality"
Write-Host " analyze - Run Ghidra's analysis functionality"
}
default {
Write-Host "Command not recognized. Use 'ghidra help' for available commands."
}
}
`

[SleepTheGod]

`param (
[string]$command
)

Path to the Ghidra installation directory

$ghidraInstallDir = Join-Path $env:ProgramFiles 'Ghidra'

Check if Ghidra is installed

$ghidraInstalled = Test-Path $ghidraInstallDir

if (-not $ghidraInstalled) {
Write-Host "Ghidra is not installed. Downloading and installing..."

# Download Ghidra from the GitHub repository
$ghidraDownloadURL = "https://github.com/NationalSecurityAgency/ghidra/releases/download/Ghidra_10.0.1_build/ghidra_10.0.1_PUBLIC_20211014.zip"
$downloadPath = Join-Path $env:TEMP 'ghidra.zip'
Invoke-WebRequest -Uri $ghidraDownloadURL -OutFile $downloadPath

# Extract Ghidra to the installation directory
Expand-Archive -Path $downloadPath -DestinationPath $ghidraInstallDir

Write-Host "Ghidra has been installed to $ghidraInstallDir"
Remove-Item -Path $downloadPath

}

Check for administrative privileges

if (-not ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] 'Administrator')) {
Write-Host "Script requires elevated permissions. Restarting with elevated rights..."
Start-Process powershell.exe -ArgumentList "-File "$PSCommandPath"", "-command", $command -Verb RunAs
exit
}

Ghidra command execution

switch ($command) {
"decompile" {
# Replace this with the actual command to run Ghidra's decompile functionality
Write-Host "Running Ghidra's decompile functionality..."
# Example command: Start-Process -FilePath "$ghidraInstallDir\ghidraRun.bat" -ArgumentList "decompile"
}
"analyze" {
# Replace this with the actual command to run Ghidra's analysis functionality
Write-Host "Running Ghidra's analysis functionality..."
# Example command: Start-Process -FilePath "$ghidraInstallDir\ghidraRun.bat" -ArgumentList "analyze"
}
"help" {
# Help message for command usage
Write-Host "Ghidra PowerShell Tool"
Write-Host "Usage: ghidra "
Write-Host ""
Write-Host "Available commands:"
Write-Host " decompile - Run Ghidra's decompile functionality"
Write-Host " analyze - Run Ghidra's analysis functionality"
}
default {
Write-Host "Command not recognized. Use 'ghidra help' for available commands."
}
}
`

[SleepTheGod]