Ghidra Deep Links

18 Oct 2023 - FoundryZero

We’ve released a plugin for Ghidra which allows you to create URIs for a place in the disassembly or decompilation. We use this to collaborate on reversing projects and to make reverse-engineering notes more useful.

You can get it here: github.com/foundryzero/ghidra-deep-links

Ghidra Deep Links logo

We were inspired by Heimdallr (github.com/interruptlabs/heimdallr-ida), which does the same but for IDA. We collaborated with the author to come up with a tool-independent URI scheme so that users of IDA and Ghidra can work together (if they will countenance such behaviour).

How to use it

You’re working in Ghidra, reversing a binary and making notes (you are making notes, right?). You find something interesting! You name it “parsing_function?” and right-click on it:

Ghidra Deep Links Context Menu

Then you click on “Copy Deep Link” and this appears in your clipboard:

disas://5d0c5c3a72883be8d36e4cf089f51ab8/?ghidra_path=/hello_world&offset=0x0041749a&label=parsing_function%3F

You send that to your buddy on Slack, who also has Ghidra Deep Links installed, they click that link and are taken straight to the function of interest. Alternatively, you put it in your reversing notes so that when you come back later it’s easy to navigate between your points of interest.

Ghidra Deep Links currently works on Windows, Mac and Linux.

How it works

Oh boy. Most of how this works is simple, but trying to add a URI handler to an application which doesn’t have one involves a clunky middleware approach on all the supported operating systems. We think we’ve managed to hide most of this away from the user so that installation is easy, but behind the scenes it’s more complicated than we’d like!

Here’s a simplified view of what happens when you open a disas:// link:

Ghidra Deep Links Click Process

Let’s make it better!

Ghidra deep links is open source and we accept pull requests in the usual fashion. If you have feature requests, feel free to submit them but please make sure that they are well-formatted, fully-described and provide some examples.

Additionally, If you are a maintainer of software that would benefit from having the ability to deep link directly to disassembly addresses please feel free to adopt the disas:// URI schema to enable wider cross compatibility. More details on the schema parameters on the Github repo or get in touch with us to collaborate!