BinDSA is a binary data structure analysis framework built as a Ghidra script collection. The project implements Data Structure Analysis (DSA) algorithms for binary reverse engineering and program analysis.
- IndirectCallTargetResolving.java - The primary entry point script that performs indirect call target resolution using DSA
- Graph.java - Core data structure representing function-level graphs with cells, nodes, and call sites
- DSNode.java - Represents data structure nodes in the analysis graph
- Cell.java - Represents memory cells that can point to DSNodes
- CallSiteNode.java - Represents function call sites in the analysis
- GlobalRegion.java - Manages global memory regions and data structures
- Graph: Contains
HashMap<VarnodeAST, Cell>for variable-to-cell mapping and manages function-level analysis - DSNode: Represents heap/stack objects with member tracking, type information, and allocation sites
- Cell: Links variables to DSNodes and tracks pointer relationships
- CallSiteNode: Models function calls with argument/return value tracking
The DSA analysis works by:
- Building graphs for each function containing cells and DSNodes
- Resolving indirect call targets through bottom-up analysis
- Resolving other points-to relationships through top-down analysis
To execute the main analysis script in Ghidra:
- Load your binary in Ghidra
- Run the
IndirectCallTargetResolving.javascript from the Script Manager - The script will perform DSA and output results
- Ghidra API: Full dependency on Ghidra framework for binary analysis
- json-simple-1.1.1.jar: JSON processing library included in the repository
- Python helpers:
DefineUndefinedFunctions.pyfor preprocessing
- Core analysis classes:
Graph.java,DSNode.java,Cell.java - Main entry point:
IndirectCallTargetResolving.java - Utilities:
DebugUtil.java,Pair.java,AllocSite.java - Configuration:
SetAutoAnalysisOptions.java - Preprocessing:
DefineUndefinedFunctions.py,ExtractFuncSig.java