This plugin allows you to run dynamic emulation using the Malcore API. It provides an emulation of the program run in a Windows environment and allows you to understand how the program runs dynamically without the need for a sandbox.
This plugin attempts to incorporate your installed version of Python and its site-packages into Ghidras environment automatically. However, if this does not work installation steps are below:
This plugin requires the requests library version 2.27.1. You can install this library by running:
pip2 install --user requests==2.27.1
If you do not have pip installed for Python 2.x you can get pip from the following script: https://bootstrap.pypa.io/pip/2.7/get-pip.py
NOTE: If you get an SSL error you will need to install pyopenssl version 21.0.0 as well
In order to run this plugin you need a Malcore API key, you can get one from https://malcore.io. The API key will need to be set inside an environment variable called MALCORE_API_KEY
This plugin was tested from Ghidra version 9.2.3 - 10.1.4
To install the plugin you will need to do the following:
- Clone the repository into a path of your desire
- From inside the CodeBrowser click Window > Bundle Manager as seen below:
- From inside the bundle manager click the green
+and navigate to the location you cloned this repository to as seen below:
- Make sure that your path is checked and close the bundle manager window
- Now go to the script manager
- Search for Malcore and check the "In Tool" box to activate the toolbar button and the Shift-M keybinding
After this the plugin should be installed and able to be run.