Framework Overview

​

What is Ghidra?

​

Core Framework Philosophy

​

Framework Components

​

Framework Layer

• Project Management - Handles project lifecycle, workspaces, and tool management
• Domain Objects - Base abstraction for persistent data with transaction support
• Database Layer - Custom file-based database for efficient storage and versioning
• GUI Framework - Docking window system for building extensible interfaces

​

Software Modeling Layer

• Program Model - Represents executable binaries with memory, symbols, and code
• Address Spaces - Multi-space architecture for memory, registers, and special contexts
• Language Definitions - Processor specifications using SLEIGH language
• Analysis Services - Plugin architecture for automated program analysis

​

Features Layer

• CodeBrowser - Primary interactive analysis tool
• Decompiler - High-level C-like representation of machine code
• Version Tracking - Compare and merge program versions
• Debugger - Runtime debugging integration

​

Key Abstractions

​

DomainObject

public interface DomainObject {
    boolean isChanged();
    void save(String comment, TaskMonitor monitor);
    Transaction openTransaction(String description);
    void addListener(DomainObjectListener dol);
    // ... transaction and event management
}

• Transaction Management - All changes must occur within transactions
• Event Notification - Observers receive change notifications
• Undo/Redo - Full transaction history with rollback capabilities
• Versioning - Save with version comments and history tracking

​

Project

public interface Project extends AutoCloseable, Iterable<DomainFile> {
    String getName();
    ProjectData getProjectData();
    ToolManager getToolManager();
    RepositoryAdapter getRepository();
    ProjectData addProjectView(URL projectURL, boolean visible);
    // ... project lifecycle and views
}

• Manage collections of domain files and folders
• Coordinate tools and their state
• Support project views for multi-project workflows
• Optional repository integration for collaboration

​

Transaction Model

int txId = program.startTransaction("Add function");

Function func = createFunction(program, addr, "myFunction");

program.endTransaction(txId, true); // true = commit

try (Transaction tx = program.openTransaction("Add function")) {
    Function func = createFunction(program, addr, "myFunction");
}

​

Event System

• Domain Object Events - Notify listeners of program changes
• Plugin Events - Tool-level communication between plugins
• Event Buffering - Batches rapid changes for efficiency
• Private Queues - Isolated event streams for specific listeners

program.addListener(new DomainObjectListener() {
    @Override
    public void domainObjectChanged(DomainObjectChangedEvent ev) {
        for (DomainObjectChangeRecord record : ev) {
            if (record.getEventType() == DomainObjectEvent.RESTORED) {
                // Handle program restoration
            }
        }
    }
});

​

Plugin Architecture

@PluginInfo(
    status = PluginStatus.RELEASED,
    packageName = CorePluginPackage.NAME,
    category = PluginCategoryNames.COMMON,
    description = "Provides program analysis services",
    servicesProvided = { AnalysisService.class }
)
public class MyAnalyzerPlugin extends Plugin {
    // Plugin implementation
}

• Provide services to other plugins
• Consume services from other plugins
• Respond to tool and domain object events
• Contribute UI components and actions

​

Module Organization

​

Design Patterns

• Manager Pattern - Coordinate related functionality (SymbolTable, FunctionManager)
• Adapter Pattern - Abstract database storage details
• Observer Pattern - Event notification system
• Command Pattern - Encapsulate operations for undo/redo
• Factory Pattern - Create domain objects and addresses

​

Next Steps