Gx64Sync stands for Ghidra-x64Dbg SYNChronization. It is a set of plugins that help synchronize a debugging x64Dbg session with Ghidra. The underlying idea is simple: take the best from both worlds (static and dynamic analysis).
Debuggers and dynamic analysis provide us with:
- local view, with live dynamic context (registers, memory, etc.)
- built-in specialized features/API
Disassemblers and static analysis provide us with:
- macro view over modules
- code analysis, signatures, types, etc.
- fancy graph view
- decompilation
- persistent storage of knowledge within IDBs/GPRs
Gx64Sync is a fork of ret-sync, but is totally rewritten from scratch. See Features for more details.
To correctly work with the
Either use the pre-built version from the ext_ghidra/dist folder or follow the instruction to build it.
Each extension build only supports the version of Ghidra specified in the plugin's file name.
E.g. ghidra_9.1_PUBLIC_20191104_retsync.zip is for Ghidra 9.1 Public.
- Install Ghidra
- Install gradle
apt install gradle- Build extension for your Ghidra installation (replace
$GHIDRA_DIRwith your installation directory)
cd ext_ghidra
gradle -PGHIDRA_INSTALL_DIR=$GHIDRA_DIR- From Ghidra projects manager:
File->Install Extensions..., click on the+sign and select theext_ghidra/dist/ghidra_*_retsync.zipand click OK. This will effectively extract theretsyncfolder from the zip into$GHIDRA_DIR/Extensions/Ghidra/ - Restart Ghidra as requested
- After reloading Ghidra, open a module in CodeBrowser. It should tell you a new extension plugin has been detected. Select "yes" to configure it. Then tick "RetSyncPlugin" and click OK. The console should show something like:
[*] retsync init
[>] programOpened: tm.sys
imageBase: 0x1c0000000
- From Ghidra CodeBrowser tool: use toolbar icons or shortcuts to enable (
Alt+s)/disable (Alt+Shift+s)/restart (Alt+r) synchronization.
A status window is also available from Windows -> RetSyncPlugin. You
generally want to drop it on the side to integrate it with the Ghidra
environment windows.
Based on testplugin, https://github.com/x64dbg/testplugin. x64dbg support is experimental, however:
- Build the plugin using the VS solution (optional, see pre-built binaries).
May you need a different version of the plugin sdk,
a copy can be found in each release of x64dbg.
Paste the "
pluginsdk" directory into "ext_x64dbg\x64dbg_sync" - Copy the dll (extension is
.d32or.dp64) within x64dbg's plugin directory.
- Fast and fully async
- Allows for synchronization of adresses in both ways (sync addresses from Ghidra to x64Dbg and from x64Dbg to Ghidra)
- Easily extensible, see DEV.md
- fix x64Dbg closing crash
- Implement all the features of ret-sync
- Improve logging in GSync and x64Sync
- Implement HyperSync (fully automatic syncing, that is once an address is highlited, both in Ghidra or x64Sync, it is synced in the other tool)
- Automatic C++ virtual methods shenanigans?
Have suggestions? Open an issue or contact me at diommsantos@gmail.com!
- x64Dbg sometimes crashes when closing
- THERE IS NO AUTHENTICATION/ENCRYPTION whatsoever between the parties; you're on your own.
Conflict(s):
- Logitech Updater software is known to use the same default port (9100).