diff --git a/objects/ghidra-function/definition.json b/objects/ghidra-function/definition.json new file mode 100644 index 00000000..0fabde98 --- /dev/null +++ b/objects/ghidra-function/definition.json @@ -0,0 +1,122 @@ +{ + "attributes": { + "bsim-signature": { + "description": "BSIM signature of the vector", + "misp-attribute": "hex", + "ui-priority": 0 + }, + "bsim-vector": { + "description": "comma separated BSIM Feature Vector", + "misp-attribute": "text", + "ui-priority": 0 + }, + "calling-convention": { + "description": "The calling convention used by the function (e.g., cdecl, stdcall)", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "decompiled-function": { + "description": "Ghidra decompiled function", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "decompiler-id": { + "description": "ghidra's decompiler version used to generate the FID and BSIM hashes.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "entrypoint-address": { + "description": "function entrypoint address (integer in a text for consistency with the entrypoint-address in ELF/PE/Mach-O Objects)", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "external-library": { + "description": "external library name if the function is an import", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "fid-fh-hash": { + "description": "Function ID FH Function hash", + "misp-attribute": "hex", + "ui-priority": 0 + }, + "fid-fx-hash": { + "description": "Function ID FX Extended hash", + "misp-attribute": "hex", + "ui-priority": 0 + }, + "flirt-hash": { + "description": "IDA pro FLIRT hash", + "misp-attribute": "hex", + "ui-priority": 0 + }, + "function-name": { + "description": "function name", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "function-scope": { + "description": "ghidra function scope (export, import, internal)", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "export", + "import", + "internal" + ], + "ui-priority": 0 + }, + "function-signature": { + "description": "Function signature", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "instruction-count": { + "description": "Instruction count", + "disable_correlation": true, + "misp-attribute": "integer", + "ui-priority": 0 + }, + "is-thunk": { + "description": "identifies a thunk function", + "disable_correlation": true, + "misp-attribute": "boolean", + "ui-priority": 0 + }, + "label": { + "description": "ghidra symbol label(s) associated with the function", + "disable_correlation": true, + "misp-attribute": "text", + "multiple": true, + "ui-priority": 0 + }, + "language-id": { + "description": "Language id of the program (architecture, compiler, etc.)", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "return-type": { + "description": "The data type returned by the function", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + } + }, + "description": "ghidra function", + "meta-category": "misc", + "name": "ghidra-function", + "required": [ + "function-name", + "decompiler-id" + ], + "uuid": "4679fa5b-a9b4-463a-aaec-1ca563abedde", + "version": 1 +} \ No newline at end of file