GhidrAssistMCP

A powerful Ghidra extension that provides an MCP (Model Context Protocol) server, enabling AI assistants and other tools to interact with Ghidra's reverse engineering capabilities through a standardized API.

Overview

GhidrAssistMCP bridges the gap between AI-powered analysis tools and Ghidra's comprehensive reverse engineering platform. By implementing the Model Context Protocol, this extension allows external AI assistants, automated analysis tools, and custom scripts to seamlessly interact with Ghidra's analysis capabilities.

Key Features

• MCP Server Integration: Full Model Context Protocol server implementation using official SDK
• Dual HTTP Transports: Supports SSE and Streamable HTTP transports for maximum client compatibility
• 34 Built-in Tools: Comprehensive set of analysis tools with action-based consolidation for cleaner APIs
• 5 MCP Resources: Static data resources for program info, functions, strings, imports, and exports
• 5 MCP Prompts: Pre-built analysis prompts for common reverse engineering tasks
• Result Caching: Intelligent caching system to improve performance for repeated queries
• Async Task Support: Long-running operations execute asynchronously with task management
• Multi-Program Support: Work with multiple open programs simultaneously using program_name parameter
• Multi-Window Support: Single MCP server shared across all CodeBrowser windows with intelligent focus tracking
• Active Context Awareness: Automatic detection of which binary window is in focus, with context hints in all tool responses
• Configurable UI: Easy-to-use interface for managing tools and monitoring activity
• Real-time Logging: Track all MCP requests and responses with detailed logging
• Dynamic Tool Management: Enable/disable tools individually with persistent settings

Clients

Shameless self-promotion: GhidrAssist supports GhidrAssistMCP right out of the box.

Screenshots

Installation

Prerequisites

• Ghidra 11.4+ (tested with Ghidra 12.0 Public)
• An MCP Client (Like GhidrAssist)

Binary Release (Recommended)

1. Download the latest release:

   • Go to the Releases page
   • Download the latest .zip file (e.g., GhidrAssistMCP-v1.0.0.zip)

2. Install the extension:

   • In Ghidra: File → Install Extensions → Add Extension
   • Select the downloaded ZIP file
   • Restart Ghidra when prompted

3. Enable the plugin:

   • File → Configure → Configure Plugins
   • Search for "GhidrAssistMCP"
   • Check the box to enable the plugin

Building from Source

1. Clone the repository:

   git clone <repository-url>
   cd GhidrAssistMCP
   

2. Point Gradle at your Ghidra install:

   • Set GHIDRA_INSTALL_DIR (environment variable), or pass -PGHIDRA_INSTALL_DIR=<path> when you run Gradle.

3. Build + install:

   Ensure Ghidra isn't running and run:

   gradle installExtension
   

   This copies the built ZIP into your Ghidra install ([GHIDRA_INSTALL_DIR]/Extensions/Ghidra) and extracts it into your Ghidra user Extensions folder (replacing any existing extracted copy).

   If you need to override that location, pass -PGHIDRA_USER_EXTENSIONS_DIR=<path>.

4. Restart / verify:

   • Restart Ghidra.
   • If the plugin doesn't appear, enable it via File → Configure → Configure Plugins (search for "GhidrAssistMCP").

Configuration

Initial Setup

1. Open the Control Panel:

   • Window → GhidrAssistMCP (or use the toolbar icon)

2. Configure Server Settings:

   • Host: Default is localhost
   • Port: Default is 8080
   • Enable/Disable: Toggle the MCP server on/off

Tool Management

The Configuration tab allows you to:

• View all available tools (34 total)
• Enable/disable individual tools using checkboxes
• Save configuration to persist across sessions
• Monitor tool status in real-time

Available Tools

GhidrAssistMCP provides 34 tools organized into categories. Several tools use an action-based API pattern where a single tool provides multiple related operations.

Program & Data Listing

| Tool | Description | | ---- | ----------- | | get_program_info | Get basic program information (name, architecture, compiler, etc.) | | list_programs | List all open programs across all CodeBrowser windows | | list_functions | List functions with optional pattern filtering and pagination | | list_data | List data definitions in the program | | list_data_types | List all available data types | | list_strings | List string references with optional filtering | | list_imports | List imported functions/symbols | | list_exports | List exported functions/symbols | | list_segments | List memory segments | | list_namespaces | List namespaces in the program | | list_relocations | List relocation entries |

Function & Code Analysis

| Tool | Description | | ---- | ----------- | | get_function_info | Get detailed function information (signature, variables, etc.) | | get_current_function | Get function at current cursor position | | get_current_address | Get current cursor address | | get_hexdump | Get hexdump of memory at specific address | | get_call_graph | Get call graph for a function (callers and callees) | | get_basic_blocks | Get basic block information for a function |

Consolidated Tools

These tools bundle related operations behind a discriminator parameter (e.g., action, target, target_type, or format).

get_code - Code Retrieval Tool

| Parameter | Values | Description | | --------- | ------ | ----------- | | format | decompiler, disassembly, pcode | Output format | | raw | boolean | Only affects format: "pcode" (raw pcode ops vs grouped by basic blocks) |

class - Class Operations Tool

| Action | Description | | ------ | ----------- | | list | List classes with optional pattern filtering and pagination | | get_info | Get detailed class information (methods, fields, vtables, virtual functions) |

xrefs - Cross-Reference Tool

| Parameter | Description | | --------- | ----------- | | address | Find all references to/from a specific address | | function | Find all cross-references for a function |

struct - Structure Operations Tool

| Action | Description | | ------ | ----------- | | create | Create a new structure from C definition or empty | | modify | Modify an existing structure with new C definition | | merge | Merge (overlay) fields from a C definition onto an existing structure without deleting existing fields | | set_field | Set/insert a single field at a specific offset without needing a full C struct (use field_name to name it) | | name_gap | Convert undefined bytes at an offset/length into a named byte[]-like field (useful for “naming gaps”; uses field_name) | | auto_create | Automatically create structure from variable usage patterns | | rename_field | Rename a field within a structure | | field_xrefs | Find cross-references to a specific struct field |

rename_symbol - Symbol Renaming Tool

| Parameter | Values | Description | | --------- | ------ | ----------- | | target_type | function, data, variable | What kind of symbol to rename |

set_comment - Comment Tool

| Parameter | Values | Description | | --------- | ------ | ----------- | | target | function, address | Where to set the comment | | comment_type | eol, pre, post, plate, repeatable | Comment type for target: "address" (default eol) |

bookmarks - Bookmark Management Tool

| Action | Description | | ------ | ----------- | | list | List all bookmarks | | add | Add a new bookmark | | delete | Delete a bookmark |

Type & Prototype Tools

| Tool | Description | | ----- | ----------- | | get_data_type | Get detailed data type information and structure definitions | | delete_data_type | Delete a data type by name (optionally scoped by category) | | set_data_type | Set data type at a specific address | | set_function_prototype | Set function signature/prototype | | set_local_variable_type | Set data type for local variables |

Search Tools

| Tool | Description | | ----- | ----------- | | search_bytes | Search for byte patterns in memory |

Async Task Management

Long-running operations (decompilation, structure analysis, field xrefs) execute asynchronously:

| Tool | Description | | ---- | ----------- | | get_task_status | Check status and retrieve results of async tasks | | cancel_task | Cancel a running async task | | list_tasks | List all pending/running/completed tasks |

MCP Resources

GhidrAssistMCP exposes 5 static resources that can be read by MCP clients:

| Resource URI | Description | | ------------ | ----------- | | ghidra://program/info | Basic program information | | ghidra://program/functions | List of all functions | | ghidra://program/strings | String references | | ghidra://program/imports | Imported symbols | | ghidra://program/exports | Exported symbols |

MCP Prompts

Pre-built prompts for common analysis tasks:

| Prompt | Description | | ------ | ----------- | | analyze_function | Comprehensive function analysis prompt | | identify_vulnerability | Security vulnerability identification | | document_function | Generate function documentation | | trace_data_flow | Data flow analysis prompt | | trace_network_data | Trace network send/recv call stacks for protocol analysis and network vulnerability identification |

Usage Examples

Basic Program Information

{
  "method": "tools/call"