rz-ghidra
rz-ghidra integrates the Ghidra decompiler and Sleigh disassembler into rizin for binary analysis. It uses only the C++ decompiler part of Ghidra, making it self-contained without requiring the full Ghidra application.
Description
rz-ghidra provides a plugin for rizin that brings Ghidra's decompiler and Sleigh Disassembler capabilities directly into the rizin framework. This enables reverse engineers to perform advanced decompilation and disassembly within rizin's environment.
The tool is designed for users analyzing binaries who need high-quality decompilation without the overhead of the complete Ghidra suite. It supports typical reverse engineering workflows such as understanding compiled code structure and logic.
As a self-contained plugin built entirely in C++, rz-ghidra eliminates dependencies on the full Ghidra installation, streamlining deployment in environments like Kali Linux.
How It Works
rz-ghidra integrates solely the decompiler component of Ghidra, rewritten in C++, with rizin's plugin system. It leverages Ghidra's Sleigh Disassembler for precise instruction decoding and applies the decompiler to generate higher-level representations of binary code. The plugin operates as a self-contained module within rizin, processing binaries through these internalized Ghidra components without external dependencies.
Installation
sudo apt install rz-ghidraExamples
rizin -p rz-ghidra /path/to/binaryr2 -p rz-ghidra sample.exerizin -p rz-ghidra -A firmware.binr2 -p rz-ghidra --rizin -qc "pD 10" -p rz-ghidra binaryr2 -p rz-ghidra malware