You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The analyzer automates the process of researching EFI files, helps to discover and analyze well-known protocols, smi handlers, etc.
Features
Finds known EFI GUID's
Identifies protocols located with LOCATE_PROTOCOL function
Identifies functions used as the NOTIFY function
Identifies protocols installed in the module through INSTALL_PROTOCOL_INTERFACE
Identifies functions used as an interrupt function (like some hardware, software/child interrupt)
Script for loading efi modules to relevant directories in Headless mode
Sorting smm modules relying on meta information into next folders:
SwInterrupts
ChildInterrupts
HwInterrupts
UnknownInterrupts
Installation
Set GHIDRA_INSTALL_DIR environment variable to ghidra path.
Start gradlew.bat, after the completion of building a copy archive from the dist directory to GHIDRA_HOME_DIR/Extensions/Ghidra/.
And turn on this extention in your ghidra.
Usage
After installation you are free to use this analyzer. If you open a EFI file, the analyzer appears selected automatically.
To start the analyzer, press A or Analysis/Auto Analyze and press Analyze.
