1+ {
2+ "attributes" : {
3+ "function-name" :{
4+ "description" : " function name"
5+ "misp-attribute" : " text"
6+ "ui-priority" : 1 ,
7+ "disable_correlation" : true
8+ },
9+ "label" : {
10+ "description" : " ghidra symbol label(s) associated with the function"
11+ "misp-attribute" : " text"
12+ "ui-priority" : 0 ,
13+ "disable_correlation" : true ,
14+ "multiple" : true
15+ },
16+ "function-scope" : {
17+ "description" : " ghidra function scope (export, import, internal)"
18+ "misp-attribute" : " text"
19+ "ui-priority" : 0 ,
20+ "disable_correlation" : true ,
21+ "sane_default" : [
22+ " export"
23+ " import"
24+ " internal"
25+ ]
26+ },
27+ "is-thunk" : {
28+ "description" : " identifies a thunk function"
29+ "misp-attribute" : " boolean"
30+ "ui-priority" : 0 ,
31+ "disable_correlation" : true
32+ },
33+ "external-library" : {
34+ "description" : " external library name if the function is an import"
35+ "misp-attribute" : " text"
36+ "ui-priority" : 0 ,
37+ "disable_correlation" : true
38+ },
39+ "entrypoint-address" : {
40+ "description" : " function entrypoint address (integer in a text for consistency with the entrypoint-address in ELF/PE/Mach-O Objects)"
41+ "misp-attribute" : " text"
42+ "ui-priority" : 0 ,
43+ "disable_correlation" : true
44+ },
45+ "instruction-count" : {
46+ "description" : " Instruction count"
47+ "misp-attribute" : " integer"
48+ "ui-priority" : 0 ,
49+ "disable_correlation" : true
50+ },
51+ "bsim-vector" : {
52+ "description" : " comma separated BSIM Feature Vector"
53+ "misp-attribute" : " text"
54+ "ui-priority" : 0
55+ },
56+ "bsim-signature" : {
57+ "description" : " BSIM signature of the vector"
58+ "misp-attribute" : " hex"
59+ "ui-priority" : 0
60+ },
61+ "fid-fh-hash" : {
62+ "description" : " Function ID FH Function hash"
63+ "misp-attribute" : " hex"
64+ "ui-priority" : 0
65+ },
66+ "fid-fx-hash" : {
67+ "description" : " Function ID FX Extended hash"
68+ "misp-attribute" : " hex"
69+ "ui-priority" : 0
70+ },
71+ "flirt-hash" : {
72+ "description" : " IDA pro FLIRT hash"
73+ "misp-attribute" : " hex"
74+ "ui-priority" : 0
75+ },
76+ "decompiled-function" : {
77+ "description" : " Ghidra decompiled function"
78+ "misp-attribute" : " text"
79+ "ui-priority" : 0 ,
80+ "disable_correlation" : true
81+ },
82+ "function-signature" : {
83+ "description" : " Function signature"
84+ "misp-attribute" : " text"
85+ "ui-priority" : 0 ,
86+ "disable_correlation" : true
87+ },
88+ "return-type" : {
89+ "description" : " The data type returned by the function"
90+ "misp-attribute" : " text"
91+ "ui-priority" : 0 ,
92+ "disable_correlation" : true
93+ },
94+ "calling-convention" : {
95+ "description" : " The calling convention used by the function (e.g., cdecl, stdcall)"
96+ "misp-attribute" : " text"
97+ "ui-priority" : 0 ,
98+ "disable_correlation" : true
99+ },
100+ "language-id" : {
101+ "description" : " Language id of the program (architecture, compiler, etc.)"
102+ "misp-attribute" : " text"
103+ "ui-priority" : 0 ,
104+ "disable_correlation" : true
105+ },
106+ "decompiler-id" : {
107+ "description" : " ghidra's decompiler version used to generate the FID and BSIM hashes."
108+ "misp-attribute" : " text"
109+ "ui-priority" : 0 ,
110+ "disable_correlation" : true
111+ }
112+ },
113+ "description" : " ghidra function"
114+ "meta-category" : " ghidra"
115+ "name" : " ghidra-function"
116+ "required" : [
117+ " function-name"
118+ " decompiler-id"
119+ ],
120+ "uuid" : " 4679fa5b-a9b4-463a-aaec-1ca563abedde"
121+ "version" : 1
122+ }
0 commit comments