Clients

Shameless self-promotion: GhidrAssist supports GhidrAssistMCP right out of the box.

Screenshots

Installation

Prerequisites

• Ghidra 11.4+ (tested with Ghidra 12.0 Public)
• An MCP Client (Like GhidrAssist)

Binary Release (Recommended)

1. Download the latest release:

   • Go to the Releases page
   • Download the latest .zip file (e.g., GhidrAssistMCP-v1.0.0.zip)

2. Install the extension:

   • In Ghidra: File → Install Extensions → Add Extension
   • Select the downloaded ZIP file
   • Restart Ghidra when prompted

3. Enable the plugin:

   • File → Configure → Configure Plugins
   • Search for "GhidrAssistMCP"
   • Check the box to enable the plugin

Building from Source

1. Clone the repository:

   git clone <repository-url>
   cd GhidrAssistMCP
   

2. Point Gradle at your Ghidra install:

   • Set GHIDRA_INSTALL_DIR (environment variable), or pass -PGHIDRA_INSTALL_DIR=<path> when you run Gradle.

3. Build + install:

   Ensure Ghidra isn't running and run:

   gradle installExtension
   

   This copies the built ZIP into your Ghidra install ([GHIDRA_INSTALL_DIR]/Extensions/Ghidra) and extracts it into your Ghidra user Extensions folder (replacing any existing extracted copy).

   If you need to override that location, pass -PGHIDRA_USER_EXTENSIONS_DIR=<path>.

4. Restart / verify:

   • Restart Ghidra.
   • If the plugin doesn't appear, enable it via File → Configure → Configure Plugins (search for "GhidrAssistMCP").

Configuration

Initial Setup

1. Open the Control Panel:

   • Window → GhidrAssistMCP (or use the toolbar icon)

2. Configure Server Settings:

   • Host: Default is localhost
   • Port: Default is 8080
   • Enable/Disable: Toggle the MCP server on/off

Tool Management

The Configuration tab allows you to:

• View all available tools (34 total)
• Enable/disable individual tools using checkboxes
• Save configuration to persist across sessions
• Monitor tool status in real-time

Available Tools

GhidrAssistMCP provides 34 tools organized into categories. Several tools use an action-based API pattern where a single tool provides multiple related operations.

Program & Data Listing

| Tool | Description | | ---- | ----------- | | get_program_info | Get basic program information (name, architecture, compiler, etc.) | | list_programs | List all open programs across all CodeBrowser windows | | list_functions | List functions with optional pattern filtering and pagination | | list_data | List data definitions in the program | | list_data_types | List all available data types | | list_strings | List string references with optional filtering | | list_imports | List imported functions/symbols | | list_exports | List exported functions/symbols | | list_segments | List memory segments | | list_namespaces | List namespaces in the program | | list_relocations | List relocation entries |

Function & Code Analysis

| Tool | Description | | ---- | ----------- | | get_function_info | Get detailed function information (signature, variables, etc.) | | get_current_function | Get function at current cursor position | | get_current_address | Get current cursor address | | get_hexdump | Get hexdump of memory at specific address | | get_call_graph | Get call graph for a function (callers and callees) | | get_basic_blocks | Get basic block information for a function |

Consolidated Tools

These tools bundle related operations behind a discriminator parameter (e.g., action, target, target_type, or format).

get_code - Code Retrieval Tool

| Parameter | Values | Description | | --------- | ------ | ----------- | | format | decompiler, disassembly, pcode | Output format | | raw | boolean | Only affects format: "pcode" (raw pcode ops vs grouped by basic blocks) |

class - Class Operations Tool

| Action | Description | | ------ | ----------- | | list | List classes with optional pattern filtering and pagination | | get_info | Get detailed class information (methods, fields, vtables, virtual functions) |

xrefs - Cross-Reference Tool

| Parameter | Description | | --------- | ----------- | | address | Find all references to/from a specific address | | function | Find all cross-references for a function |

struct - Structure Operations Tool

| Action | Description | | ------ | ----------- | | create | Create a new structure from C definition or empty | | modify | Modify an existing structure with new C definition | | merge | Merge (overlay) fields from a C definition onto an existing structure without deleting existing fields | | set_field | Set/insert a single field at a specific offset without needing a full C struct (use field_name to name it) | | name_gap | Convert undefined bytes at an offset/length into a named byte[]-like field (useful for “naming gaps”; uses field_name) | | auto_create | Automatically create structure from variable usage patterns | | rename_field | Rename a field within a structure | | field_xrefs | Find cross-references to a specific struct field |

rename_symbol - Symbol Renaming Tool

| Parameter | Values | Description | | --------- | ------ | ----------- | | target_type | function, data, variable | What kind of symbol to rename |

set_comment - Comment Tool

| Parameter | Values | Description | | --------- | ------ | ----------- | | target | function, address | Where to set the comment | | comment_type | eol, pre, post, plate, repeatable | Comment type for target: "address" (default eol) |

bookmarks - Bookmark Management Tool

| Action | Description | | ------ | ----------- | | list | List all bookmarks | | add | Add a new bookmark | | delete | Delete a bookmark |

Type & Prototype Tools

| Tool | Description | | ----- | ----------- | | get_data_type | Get detailed data type information and structure definitions | | delete_data_type | Delete a data type by name (optionally scoped by category) | | set_data_type | Set data type at a specific address | | set_function_prototype | Set function signature/prototype | | set_local_variable_type | Set data type for local variables |

Search Tools

| Tool | Description | | ----- | ----------- | | search_bytes | Search for byte patterns in memory |

Async Task Management

Long-running operations (decompilation, structure analysis, field xrefs) execute asynchronously:

| Tool | Description | | ---- | ----------- | | get_task_status | Check status and retrieve results of async tasks | | cancel_task | Cancel a running async task | | list_tasks | List all pending/running/completed tasks |

MCP Resources

GhidrAssistMCP exposes 5 static resources that can be read by MCP clients:

| Resource URI | Description | | ------------ | ----------- | | ghidra://program/info | Basic program information | | ghidra://program/functions | List of all functions | | ghidra://program/strings | String references | | ghidra://program/imports | Imported symbols | | ghidra://program/exports | Exported symbols |

MCP Prompts

Pre-built prompts for common analysis tasks:

| Prompt | Description | | ------ | ----------- | | analyze_function | Comprehensive function analysis prompt | | identify_vulnerability | Security vulnerability identification | | document_function | Generate function documentation | | trace_data_flow | Data flow analysis prompt | | trace_network_data | Trace network send/recv call stacks for protocol analysis and network vulnerability identification |

Usage Examples

Basic Program Information

{
  "method": "tools/call"