├── README.md └── winapi_32.gdt /README.md: -------------------------------------------------------------------------------- 1 | # Ghidra Data Type for Windows Malware Analysis 2 | This gdt file fork from [0x6d696368/ghidra-data](https://github.com/0x6d696368/ghidra-data/tree/master/typeinfo). 3 | I add WINHTTP APIs for Windows Malware Analysis. 4 | 5 | ## Load gdt 6 | 1. Download the winapi_32.gdt 7 | 2. Click to Data Type Manager ▼ -> "Open File Archive" 8 | 9 | ![1](https://user-images.githubusercontent.com/18203311/81836904-0e359800-957f-11ea-8677-ef6c20789ba8.png) 10 | 11 | 3. Choose the winapi_32.gdt 12 | 13 | ![2](https://user-images.githubusercontent.com/18203311/81836912-11308880-957f-11ea-87ad-a6d3c9618903.png) 14 | 15 | 4. Selecte "Apply Funtion Data Type" 16 | 17 | ![image](https://user-images.githubusercontent.com/18203311/81974548-b2dbd680-9660-11ea-894c-0138cc1d6aa3.png) 18 | 19 | ## Example 20 | 21 | ### Before 22 | ![image](https://user-images.githubusercontent.com/18203311/81974907-31387880-9661-11ea-86b8-572749184ef3.png) 23 | 24 | ### After 25 | ![image](https://user-images.githubusercontent.com/18203311/81974929-3bf30d80-9661-11ea-845f-a6534f0aa3c7.png) 26 | -------------------------------------------------------------------------------- /winapi_32.gdt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AllsafeCyberSecurity/Ghidra_Data_Type/fdce291907a55216d1248ea38e5f5db97164bd3b/winapi_32.gdt --------------------------------------------------------------------------------