On this page

GhidrAssistMCP

GhidrAssistMCP

A powerful Ghidra extension that provides an MCP (Model Context Protocol) server, enabling AI assistants and other tools to interact with Ghidra’s reverse engineering capabilities through a standardized API.

Overview

GhidrAssistMCP bridges the gap between AI-powered analysis tools and Ghidra’s comprehensive reverse engineering platform. By implementing the Model Context Protocol, this extension allows external AI assistants, automated analysis tools, and custom scripts to seamlessly interact with Ghidra’s analysis capabilities.

Key Features

MCP Server Integration: Full Model Context Protocol server implementation using official SDK
Dual HTTP Transports: Supports SSE and Streamable HTTP transports for maximum client compatibility
34 Built-in Tools: Comprehensive set of analysis tools with action-based consolidation for cleaner APIs
5 MCP Resources: Static data resources for program info, functions, strings, imports, and exports
5 MCP Prompts: Pre-built analysis prompts for common reverse engineering tasks
Result Caching: Intelligent caching system to improve performance for repeated queries
Async Task Support: Long-running operations execute asynchronously with task management
Multi-Program Support: Work with multiple open programs simultaneously using program_name parameter
Multi-Window Support: Single MCP server shared across all CodeBrowser windows with intelligent focus tracking
Active Context Awareness: Automatic detection of which binary window is in focus, with context hints in all tool responses
Configurable UI: Easy-to-use interface for managing tools and monitoring activity
Real-time Logging: Track all MCP requests and responses with detailed logging
Dynamic Tool Management: Enable/disable tools individually with persistent settings

Clients

Shameless self-promotion: GhidrAssist supports GhidrAssistMCP right out of the box.

Screenshots

Screenshot

Installation

Prerequisites

Ghidra 11.4+ (tested with Ghidra 12.0 Public)
An MCP Client (Like GhidrAssist)

Binary Release (Recommended)

Download the latest release:
- Go to the Releases page
- Download the latest .zip file (e.g., GhidrAssistMCP-v1.0.0.zip)
Install the extension:
- In Ghidra: File → Install Extensions → Add Extension
- Select the downloaded ZIP file
- Restart Ghidra when prompted
Enable the plugin:
- File → Configure → Configure Plugins
- Search for “GhidrAssistMCP”
- Check the box to enable the plugin

Building from Source

Clone the repository:

git clone <repository-url>
cd GhidrAssistMCP

Point Gradle at your Ghidra install:
- Set GHIDRA_INSTALL_DIR (environment variable), or pass -PGHIDRA_INSTALL_DIR=<path> when you run Gradle.
Build + install:

Ensure Ghidra isn’t running and run:
```
gradle installExtension
```
This copies the built ZIP into your Ghidra install ([GHIDRA_INSTALL_DIR]/Extensions/Ghidra) and extracts it into your Ghidra user Extensions folder (replacing any existing extracted copy).

If you need to override that location, pass -PGHIDRA_USER_EXTENSIONS_DIR=<path>.
Restart / verify:
- Restart Ghidra.
- If the plugin doesn’t appear, enable it via File → Configure → Configure Plugins (search for “GhidrAssistMCP”).

Configuration

Initial Setup

Open the Control Panel:
- Window → GhidrAssistMCP (or use the toolbar icon)
Configure Server Settings:
- Host: Default is localhost
- Port: Default is 8080
- Enable/Disable: Toggle the MCP server on/off

Tool Management

The Configuration tab allows you to:

View all available tools (34 total)
Enable/disable individual tools using checkboxes
Save configuration to persist across sessions
Monitor tool status in real-time

Available Tools

GhidrAssistMCP provides 34 tools organized into categories. Several tools use an action-based API pattern where a single tool provides multiple related operations.

Program & Data Listing

Tool	Description
`get_program_info`	Get basic program information (name, architecture, compiler, etc.)
`list_programs`	List all open programs across all CodeBrowser windows
`list_functions`	List functions with optional pattern filtering and pagination
`list_data`	List data definitions in the program
`list_data_types`	List all available data types
`list_strings`	List string references with optional filtering
`list_imports`	List imported functions/symbols
`list_exports`	List exported functions/symbols
`list_segments`	List memory segments
`list_namespaces`	List namespaces in the program
`list_relocations`	List relocation entries

Function & Code Analysis

Tool	Description
`get_function_info`	Get detailed function information (signature, variables, etc.)
`get_current_function`	Get function at current cursor position
`get_current_address`	Get current cursor address
`get_hexdump`	Get hexdump of memory at specific address
`get_call_graph`	Get call graph for a function (callers and callees)
`get_basic_blocks`	Get basic block information for a function

Consolidated Tools

These tools bundle related operations behind a discriminator parameter (e.g., action, target, target_type, or format).

`get_code` - Code Retrieval Tool

Parameter	Values	Description
`format`	`decompiler`, `disassembly`, `pcode`	Output format
`raw`	boolean	Only affects `format: "pcode"` (raw pcode ops vs grouped by basic blocks)

`class` - Class Operations Tool

Action	Description
`list`	List classes with optional pattern filtering and pagination
`get_info`	Get detailed class information (methods, fields, vtables, virtual functions)

`xrefs` - Cross-Reference Tool

Parameter	Description
`address`	Find all references to/from a specific address
`function`	Find all cross-references for a function

`struct` - Structure Operations Tool

Action	Description
`create`	Create a new structure from C definition or empty
`modify`	Modify an existing structure with new C definition
`merge`	Merge (overlay) fields from a C definition onto an existing structure without deleting existing fields
`set_field`	Set/insert a single field at a specific offset without needing a full C struct (use `field_name` to name it)
`name_gap`	Convert undefined bytes at an offset/length into a named `byte[]`-like field (useful for “naming gaps”; uses `field_name`)
`auto_create`	Automatically create structure from variable usage patterns
`rename_field`	Rename a field within a structure
`field_xrefs`	Find cross-references to a specific struct field

`rename_symbol` - Symbol Renaming Tool

Parameter	Values	Description
`target_type`	`function`, `data`, `variable`	What kind of symbol to rename

`set_comment` - Comment Tool

Parameter	Values	Description
`target`	`function`, `address`	Where to set the comment
`comment_type`	`eol`, `pre`, `post`, `plate`, `repeatable`	Comment type for `target: "address"` (default `eol`)

`bookmarks` - Bookmark Management Tool

Action	Description
`list`	List all bookmarks
`add`	Add a new bookmark
`delete`	Delete a bookmark

Type & Prototype Tools

Tool	Description
`get_data_type`	Get detailed data type information and structure definitions
`delete_data_type`	Delete a data type by name (optionally scoped by `category`)
`set_data_type`	Set data type at a specific address
`set_function_prototype`	Set function signature/prototype
`set_local_variable_type`	Set data type for local variables

Search Tools

Tool	Description
`search_bytes`	Search for byte patterns in memory

Async Task Management

Long-running operations (decompilation, structure analysis, field xrefs) execute asynchronously:

Tool	Description
`get_task_status`	Check status and retrieve results of async tasks
`cancel_task`	Cancel a running async task
`list_tasks`	List all pending/running/completed tasks

MCP Resources

GhidrAssistMCP exposes 5 static resources that can be read by MCP clients:

Resource URI	Description
`ghidra://program/info`	Basic program information
`ghidra://program/functions`	List of all functions
`ghidra://program/strings`	String references
`ghidra://program/imports`	Imported symbols
`ghidra://program/exports`	Exported symbols

MCP Prompts

Pre-built prompts for common analysis tasks:

Prompt	Description
`analyze_function`	Comprehensive function analysis prompt
`identify_vulnerability`	Security vulnerability identification
`document_function`	Generate function documentation
`trace_data_flow`	Data flow analysis prompt
`trace_network_data`	Trace network send/recv call stacks for protocol analysis and network vulnerability identification

Usage Examples

Basic Program Information

{
  "method": "tools/call",
  "params": {
    "name": "get_program_info"
  }
}

List Functions with Pattern Filtering

{
  "method": "tools/call",
  "params": {
    "name": "list_functions",
    "arguments": {
      "pattern": "init",
      "case_sensitive": false,
      "limit": 50
    }
  }
}

Decompile Function (`get_code`)

{
  "method": "tools/call",
  "params": {
    "name": "get_code",
    "arguments": {
      "function": "main",
      "format": "decompiler"
    }
  }
}

Get Class Information (Action-Based)

{
  "method": "tools/call",
  "params": {
    "name": "class",
    "arguments": {
      "action": "get_info",
      "class_name": "MyClass"
    }
  }
}

Search Classes (Action-Based)

{
  "method": "tools/call",
  "params": {
    "name": "class",
    "arguments": {
      "action": "list",
      "pattern": "Socket",
      "case_sensitive": false
    }
  }
}

Auto-Create Structure (Action-Based)

{
  "method": "tools/call",
  "params": {
    "name": "struct",
    "arguments": {
      "action": "auto_create",
      "function_identifier": "0x00401000",
      "variable_name": "ctx"
    }
  }
}

Find Struct Field Cross-References (Action-Based)

{
  "method": "tools/call",
  "params": {
    "name": "struct",
    "arguments": {
      "action": "field_xrefs",
      "structure_name": "Host",
      "field_name": "port"
    }
  }
}

Delete a Data Type

If multiple types share the same name across categories, pass category (or pass a full path in name starting with /).

{
  "method": "tools/call",
  "params": {
    "name": "delete_data_type",
    "arguments": {
      "name": "MyStruct",
      "category": "/mytypes"
    }
  }
}

Rename Function (Action-Based)

{
  "method": "tools/call",
  "params": {
    "name": "rename_symbol",
    "arguments": {
      "action": "function",
      "address": "0x00401000",
      "new_name": "decrypt_buffer"
    }
  }
}

Multi-Program Support

When working with multiple open programs, first list them:

{
  "method": "tools/call",
  "params": {
    "name": "list_programs"
  }
}

Then specify which program to target using program_name:

{
  "method": "tools/call",
  "params": {
    "name": "list_functions",
    "arguments": {
      "program_name": "target_binary.exe",
      "limit": 10
    }
  }
}

Multi-Window Support & Active Context Awareness

GhidrAssistMCP uses a singleton architecture that enables seamless operation across multiple CodeBrowser windows:

How It Works

Single Shared Server: One MCP server (port 8080) serves all CodeBrowser windows
Focus Tracking: Automatically detects which CodeBrowser window is currently active
Context Hints: All tool responses include context information to help AI understand which binary is in focus

Context Information in Responses

Every tool response includes a context header:

[Context] Operating on: malware.exe | Active window: malware.exe

<tool response content>

or when targeting a different program:

[Context] Operating on: lib.so | Active window: main.exe | Total open programs: 3

<tool response content>

Benefits for AI Assistants

Smart Defaults: When no program_name is specified, tools automatically use the program from the active window
Context Awareness: AI knows which binary the user is currently viewing
Prevents Confusion: Clear indication when operating on a different binary than what’s in the active window
Multi-tasking: Work with multiple binaries without constantly specifying which one to target

Architecture

Core Components

GhidrAssistMCP/
├── GhidrAssistMCPManager     # Singleton coordinator for multi-window support
│   ├── Tracks all CodeBrowser windows
│   ├── Manages focus tracking
│   └── Owns shared server and backend
├── GhidrAssistMCPPlugin      # Plugin instance (one per CodeBrowser window)
│   └── Registers with singleton manager
├── GhidrAssistMCPServer      # HTTP MCP server (SSE + Streamable)
│   └── Single shared instance on port 8080
├── GhidrAssistMCPBackend     # Tool management and execution
│   ├── Tool registry with enable/disable states
│   ├── Result caching system
│   ├── Async task management
│   └── Resource and prompt registries
├── GhidrAssistMCPProvider    # UI component provider
│   └── First registered instance provides UI
├── cache/                    # Caching infrastructure
│   ├── McpCache.java
│   └── CacheEntry.java
├── tasks/                    # Async task management
│   ├── McpTaskManager.java
│   └── McpTask.java
├── resources/                # MCP Resources (5 total)
│   ├── ProgramInfoResource.java
│   ├── FunctionListResource.java
│   ├── StringsResource.java
│   ├── ImportsResource.java
│   └── ExportsResource.java
├── prompts/                  # MCP Prompts (5 total)
│   ├── AnalyzeFunctionPrompt.java
│   ├── IdentifyVulnerabilityPrompt.java
│   ├── DocumentFunctionPrompt.java
│   ├── TraceDataFlowPrompt.java
│   └── TraceNetworkDataPrompt.java
└── tools/                    # MCP Tools (34 total)
    ├── Consolidated action-based tools
    ├── Analysis tools
    ├── Modification tools
    └── Navigation tools

Tool Design Patterns

Consolidated Tools: Related operations are consolidated into single tools with a discriminator parameter:

get_code: format: decompiler|disassembly|pcode
class: action: list|get_info
struct: action: create|modify|auto_create|rename_field|field_xrefs
rename_symbol: target_type: function|data|variable
set_comment: target: function|address
bookmarks: action: list|add|delete

Tool Interface Methods:

isReadOnly(): Indicates if tool modifies program state
isLongRunning(): Triggers async execution with task management
isCacheable(): Enables result caching for repeated queries
isDestructive(): Marks potentially dangerous operations
isIdempotent(): Indicates if repeated calls produce same result

MCP Protocol Implementation

Transports:
- HTTP with Server-Sent Events (SSE)
- Streamable HTTP
Endpoints:
- GET /sse - SSE connection for bidirectional communication
- POST /message - Message exchange endpoint
- GET /mcp - Receive Streamable HTTP events
- POST /mcp - Initialize Streamable HTTP session
- DELETE /mcp - Terminate Streamable HTTP session
Capabilities: Tools, Resources, Prompts

Development

Project Structure

src/main/java/ghidrassistmcp/
├── GhidrAssistMCPPlugin.java      # Main plugin class
├── GhidrAssistMCPManager.java     # Singleton coordinator
├── GhidrAssistMCPProvider.java    # UI provider with tabs
├── GhidrAssistMCPServer.java      # MCP server implementation
├── GhidrAssistMCPBackend.java     # Backend tool/resource/prompt management
├── McpBackend.java                # Backend interface
├── McpTool.java                   # Tool interface
├── McpEventListener.java          # Event notification interface
├── cache/                         # Caching system
├── tasks/                         # Async task system
├── resources/                     # MCP resources
├── prompts/                       # MCP prompts
└── tools/                         # Tool implementations (34 files)

Adding New Tools

Implement McpTool interface:

public class MyCustomTool implements McpTool {
    @Override
    public String getName() { return "my_custom_tool"; }

    @Override
    public String getDescription() { return "Description"; }

    @Override
    public boolean isReadOnly() { return true; }

    @Override
    public boolean isLongRunning() { return false; }

    @Override
    public boolean isCacheable() { return true; }

    @Override
    public McpSchema.JsonSchema getInputSchema() { /* ... */ }

    @Override
    public McpSchema.CallToolResult execute(Map<String, Object> arguments, Program program) {
        // Implementation
    }
}

Register in backend:

// In GhidrAssistMCPBackend constructor
registerTool(new MyCustomTool());

Build Commands

# Clean build
gradle clean

# Build extension zip (written to dist/)
gradle buildExtension

# Install (extract) extension into the Ghidra user Extensions directory
gradle installExtension

# Uninstall (delete extracted directory from the Ghidra user Extensions directory)
gradle uninstallExtension

# Build/install with specific Ghidra path (required if GHIDRA_INSTALL_DIR isn't set)
gradle -PGHIDRA_INSTALL_DIR=/path/to/ghidra installExtension

# Debug build
gradle buildExtension --debug

Dependencies

MCP SDK: io.modelcontextprotocol.sdk:mcp:0.17.1
Jetty Server: 11.0.20 (HTTP/SSE transport)
Jackson: 2.18.3 (JSON processing)
Ghidra API: Bundled with Ghidra installation

Logging

UI Logging

The Log tab provides real-time monitoring:

Session Events: Server start/stop, program changes
Tool Requests: REQ: tool_name {parameters...}
Tool Responses: RES: tool_name {response...}
Error Messages: Failed operations and diagnostics
Cache Hits: When cached results are returned

Console Logging

Detailed logging in Ghidra’s console:

Tool registration and initialization
MCP server lifecycle events
Async task execution and completion
Cache statistics
Database transaction operations
Error stack traces and debugging information

Troubleshooting

Common Issues

Server Won’t Start

Check if port 8080 is available
Verify Ghidra installation path
Examine console logs for errors

Tools Not Appearing

Ensure plugin is enabled
Check Configuration tab for tool status
Verify backend initialization in logs

MCP Client Connection Issues

Confirm server is running (check GhidrAssistMCP window)
Test connection: curl http://localhost:8080/sse
Check firewall settings

Tool Execution Failures

Verify program is loaded in Ghidra
Check tool parameters are correct
Review error messages in Log tab

Async Task Issues

Use get_task_status to check task state
Use list_tasks to see all tasks
Use cancel_task if a task is stuck

Debug Mode

Enable debug logging by adding to Ghidra startup:

-Dlog4j.logger.ghidrassistmcp=DEBUG

Contributing

Fork the repository
Create a feature branch: git checkout -b feature-name
Make your changes with proper tests
Follow code style: Use existing patterns and conventions
Submit a pull request with detailed description

Code Standards

Java 21+ features where appropriate
Proper exception handling with meaningful messages
Transaction safety for all database operations
Thread safety for UI operations
Comprehensive documentation for public APIs
Action-based consolidation for related tool operations

License

This project is licensed under the MIT License - see the LICENSE file for details.

Acknowledgments

NSA/Ghidra Team for the excellent reverse engineering platform
Anthropic for the Model Context Protocol specification

Questions or Issues?

Please open an issue on the project repository for bug reports, feature requests, or questions about usage and development.