├── README.md
└── winapi_32.gdt


/README.md:
--------------------------------------------------------------------------------
 1 | # Ghidra Data Type for Windows Malware Analysis
 2 | This gdt file fork from [0x6d696368/ghidra-data](https://github.com/0x6d696368/ghidra-data/tree/master/typeinfo).  
 3 | I add WINHTTP APIs for Windows Malware Analysis.  
 4 | 
 5 | ## Load gdt
 6 | 1. Download the winapi_32.gdt
 7 | 2. Click to Data Type Manager ▼ -> "Open File Archive"
 8 | 
 9 | ![1](https://user-images.githubusercontent.com/18203311/81836904-0e359800-957f-11ea-8677-ef6c20789ba8.png)
10 | 
11 | 3. Choose the winapi_32.gdt
12 | 
13 | ![2](https://user-images.githubusercontent.com/18203311/81836912-11308880-957f-11ea-87ad-a6d3c9618903.png)
14 | 
15 | 4. Selecte "Apply Funtion Data Type"
16 | 
17 | ![image](https://user-images.githubusercontent.com/18203311/81974548-b2dbd680-9660-11ea-894c-0138cc1d6aa3.png)
18 | 
19 | ## Example
20 | 
21 | ### Before
22 | ![image](https://user-images.githubusercontent.com/18203311/81974907-31387880-9661-11ea-86b8-572749184ef3.png)
23 | 
24 | ### After
25 | ![image](https://user-images.githubusercontent.com/18203311/81974929-3bf30d80-9661-11ea-845f-a6534f0aa3c7.png)
26 | 


--------------------------------------------------------------------------------
/winapi_32.gdt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AllsafeCyberSecurity/Ghidra_Data_Type/fdce291907a55216d1248ea38e5f5db97164bd3b/winapi_32.gdt


--------------------------------------------------------------------------------