This is a fork of https://github.com/Nalen98/eBPF-for-Ghidra and modified to support Solana eBPF programs.
It is recommended to use Eclipse with the GhidraDev plugin for development.
See ${GHIDRA_INSTALLATION}/Extensions/Eclipse/GhidraDev/GhidraDev_README.html
on how this works.
Once installed, go to File > Open Projects from File System and select this
directory. Click on GhidraDev in the menu bar and select link ghidra.
You now should be able to right click on the project and choose
Run as > Ghidra to start ghidra with the extension installed.
- Download Release version of extension and install it in Ghidra
File → Install Extensions... - Use gradle to build extension:
GHIDRA_INSTALL_DIR=${GHIDRA_HOME} gradleand use Ghidra to install it:File → Install Extensions...
- Rebasing after a program has been imported might lead to messed up relocations. Everything should work as expected when specifying base address in import options.
- Main source for how solana eBPF works. Contains a disassembler, implements relocations, etc.
- General Ghidra processor module resource. Covers implementing a processor module for V8 bytecode with lots of background info.