Stats
Actions
Tags
'%20stop-opacity%3D'0.16'%2F%3E%3Cstop%20offset%3D'1'%20stop-color%3D'rgb(200%2C90%2C60)'%20stop-opacity%3D'0.03'%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3Crect%20width%3D'320'%20height%3D'200'%20fill%3D'url(%23g)'%2F%3E%3Ccircle%20cx%3D'250'%20cy%3D'56'%20r%3D'92'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.06'%2F%3E%3Ccircle%20cx%3D'64'%20cy%3D'172'%20r%3D'58'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.05'%2F%3E%3C%2Fsvg%3E)
From ghidrasql
Lists Ghidra SQL functions for decompilation, type analysis, search, and persistence. Helps choose the right helper for reverse-engineering tasks.
How this skill is triggered — by the user, by Claude, or both
Slash command
/ghidrasql:functionsThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Use this skill when the user asks:
Use this skill when the user asks:
Route to:
decompiler for decompile-centric workflowstypes for parse_decls() and signature-related workannotations for full mutation loopsgrep for full-text search functions (search_*)ghidrasql registers 22 distinct names, 23 entries (search_snippet registers at arity 2 and 3). 19 are general-purpose helpers; 3 are cache-control helpers.
There is no shutdown(...) function — set the exit policy at launch via --shutdown and trigger the stop with POST /shutdown. There is no force-flag on decompile() — it takes a single argument; use cache_invalidate('pseudocode') or refresh_database() to drop stale state.
SELECT decompile(0x401000); -- full pseudocode text
SELECT rename_local(0x401000, '<local_id>', 'buffer'); -- == UPDATE decomp_lvars SET name
SELECT set_local_type(0x401000, '<local_id>', 'char *'); -- == UPDATE decomp_lvars SET type
SELECT parse_decls('typedef struct { int x; int y; } Point;');
SELECT normalize_text('SomeMixed_Case'); -- canonical form
SELECT search_match(haystack, query); -- 0/1 — every term matches
SELECT search_score(haystack, query); -- relevance score
SELECT search_snippet(haystack, query); -- snippet, default radius
SELECT search_snippet(haystack, query, radius); -- snippet, custom radius
SELECT search_rank(domain, haystack, query); -- domain-weighted rank
SELECT type_family('struct foo { int x; }'); -- aggregate|enum|alias|...
SELECT type_is_pointer('char *'); -- 0/1
SELECT type_strip_cv('const volatile int *'); -- strips const/volatile
SELECT hex(0x401000); -- '0x401000'
SELECT program_revision(); -- Ghidra native modification number
SELECT string_count(); -- live string-table size
SELECT rebuild_strings(); -- refresh string table
SELECT save_database(); -- commit pending mutations
SELECT discard_changes(); -- roll back pending mutations
SELECT refresh_database(); -- invalidate caches, reload
Materialisation is freshness-token scoped for libghidra live sources: repeated /query calls can reuse table rows while program_id, Ghidra's modification number, program path, and available file metadata are unchanged. External Ghidra UI/API edits or active-program switches refresh on the next query. Cache helpers matter mainly inside a batched script (-f, multi-statement REPL input) or when forcing a surface to rebuild:
SELECT cache_stats(); -- JSON: invalidations_total, revision, cacheable tables
SELECT cache_invalidate('pseudocode'); -- drop one table's cache; useful inside a batch after a write
SELECT cache_invalidate_all(); -- drop every cached table
decompile(addr) for a quick full-function read instead of
SELECT text FROM pseudocode WHERE func_addr = addr.rename_local() / set_local_type() when a function-shaped
call is clearer than UPDATE decomp_lvars.parse_decls() for any C declaration import — it goes through
Ghidra's CParser and avoids per-row INSERTs.save_database() explicitly after a mutation batch.func_addr discipline still applies to decompiler-backed tables
(pseudocode, decomp_lvars, decomp_tokens) even when you went
through a helper function.npx claudepluginhub 0xeb/ghidrasql-skills --plugin ghidrasqlDecompile functions using ghidrasql queries to inspect pseudocode, local variables, parameters, and ctree AST patterns.
Catalogs complete idasql SQL functions for disassembly, byte access/patching, and binary search in IDA databases. Use to look up signatures, parameters, and usage examples.
Analyzes binaries using IDA Pro's Domain API: program structure, functions, disassembly, cross-references, and strings. Provides Pythonic API usage, database opening, and configuration options for headless analysis.