kzaremski · February 25, 2026 00:02
diff --git a/GhidraDecompile.java b/GhidraDecompile.java
 import ghidra.app.script.GhidraScript;
 import ghidra.app.decompiler.*;
 import ghidra.program.model.listing.*;
 import java.io.*;
 public class GhidraDecompile extends GhidraScript {
    @Override
    public void run() throws Exception {
        DecompInterface decomp = new DecompInterface();
        decomp.openProgram(currentProgram);
        FunctionManager fm = currentProgram.getFunctionManager();
        FunctionIterator funcs = fm.getFunctions(true);
        String[] targets = {
            "ZMEDIA=NULL", "ZMEDIA=%lld", "Z_PK=%ld", "ZFILENAME",
            "ZFALLBACKIMAGEGENERATION", "ZFALLBACKPDFGENERATION",
            "ZPASSWORDPROTECTED", "Z_PRIMARYKEY", "ZICCLOUDSYNCINGOBJECT",
            "PRAGMA table_info", "NoteStore.sqlite",
            "AppleNotesDatabaseParser", "TableParser",
            "sqlite3_open", "sqlite3_prepare", "sqlite3_step",
            "fetchNotes", "fetchFolders", "generateHTML",
            "resolveAttachment", "getTableColumns", "parseTable"
        };
        PrintWriter out = new PrintWriter(new FileWriter("/tmp/ghidra_decompiled.txt"));
        int count = 0; int decompiled = 0;
        while (funcs.hasNext()) {
            Function f = funcs.next(); count++;
            DecompileResults results = decomp.decompileFunction(f, 30, monitor);
            if (results.getDecompiledFunction() != null) {
                String code = results.getDecompiledFunction().getC();
                if (code != null) {
                    boolean match = false;
                    for (String target : targets) {
                        if (code.contains(target)) { match = true; break; }
                    }
                    if (match) {
                        decompiled++;
                        out.println("=== FUNCTION: " + f.getName() + " @ " + f.getEntryPoint() + " ===");
                        out.println(code); out.println("");
                    }
                }
            }
        }
        out.close(); decomp.dispose();
        println("Scanned " + count + " functions, found " + decompiled + " matching");
    }
 }
	import ghidra.app.script.GhidraScript;
	import ghidra.app.decompiler.*;
	import ghidra.program.model.listing.*;
	import java.io.*;
	public class GhidraDecompile extends GhidraScript {
	@Override
	public void run() throws Exception {
	DecompInterface decomp = new DecompInterface();
	decomp.openProgram(currentProgram);
	FunctionManager fm = currentProgram.getFunctionManager();
	FunctionIterator funcs = fm.getFunctions(true);
	String[] targets = {
	"ZMEDIA=NULL", "ZMEDIA=%lld", "Z_PK=%ld", "ZFILENAME",
	"ZFALLBACKIMAGEGENERATION", "ZFALLBACKPDFGENERATION",
	"ZPASSWORDPROTECTED", "Z_PRIMARYKEY", "ZICCLOUDSYNCINGOBJECT",
	"PRAGMA table_info", "NoteStore.sqlite",
	"AppleNotesDatabaseParser", "TableParser",
	"sqlite3_open", "sqlite3_prepare", "sqlite3_step",
	"fetchNotes", "fetchFolders", "generateHTML",
	"resolveAttachment", "getTableColumns", "parseTable"
	};
	PrintWriter out = new PrintWriter(new FileWriter("/tmp/ghidra_decompiled.txt"));
	int count = 0; int decompiled = 0;
	while (funcs.hasNext()) {
	Function f = funcs.next(); count++;
	DecompileResults results = decomp.decompileFunction(f, 30, monitor);
	if (results.getDecompiledFunction() != null) {
	String code = results.getDecompiledFunction().getC();
	if (code != null) {
	boolean match = false;
	for (String target : targets) {
	if (code.contains(target)) { match = true; break; }
	}
	if (match) {
	decompiled++;
	out.println("=== FUNCTION: " + f.getName() + " @ " + f.getEntryPoint() + " ===");
	out.println(code); out.println("");
	}
	}
	}
	}
	out.close(); decomp.dispose();
	println("Scanned " + count + " functions, found " + decompiled + " matching");
	}
	}
No results found