MCP/mcghidra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add progress reporting for long-running prompts

Browse Source 
Add real-time progress notifications to 7 MCP prompts that perform
multi-step scanning operations. Uses FastMCP's Context.report_progress()
and Context.info() for numeric progress and descriptive step messages.

Prompts updated:
- malware_triage (21 steps)
- analyze_imports (12 capability categories)
- identify_crypto (20 pattern scans)
- find_authentication (30 auth patterns)
- find_main_logic (22 entry point searches)
- find_error_handlers (35 error patterns)
- find_config_parsing (23 config patterns)

Infrastructure added:
- ProgressReporter class for throttled progress updates
- report_step() and report_progress() helper functions
- Graceful handling when ctx=None for backwards compatibility
This commit is contained in:
Ryan Malloy 2025-12-03 10:55:03 -07:00
parent c747abe813
commit f640df70ca
2 changed files with 2742 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
CHANGELOG.md
View File

@ -6,6 +6,33 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
## [Unreleased] ## [Unreleased]
### Added
- **Progress Reporting for Long Operations:** 7 MCP prompts now report real-time progress during multi-step scanning operations:
- `malware_triage` - Reports progress across 21 scanning steps
- `analyze_imports` - Reports progress across 12 capability categories
- `identify_crypto` - Reports progress across 20 pattern scans
- `find_authentication` - Reports progress across 30 auth pattern scans
- `find_main_logic` - Reports progress across 22 entry point searches
- `find_error_handlers` - Reports progress across 35 error pattern scans
- `find_config_parsing` - Reports progress across 23 config pattern scans
- Uses FastMCP's `Context.report_progress()` for numeric progress updates
- Uses `Context.info()` for descriptive step notifications
- Helper functions `report_step()` and `report_progress()` for consistent reporting
- **Specialized Analysis Prompts:** 13 new MCP prompts for common reverse engineering workflows:
- `analyze_strings` - String analysis with categorization and cross-reference guidance
- `trace_data_flow` - Data flow and taint analysis through functions
- `identify_crypto` - Cryptographic function and constant identification
- `malware_triage` - Quick malware analysis with capability assessment checklist
- `analyze_protocol` - Network/file protocol reverse engineering framework
- `find_main_logic` - Navigate past CRT initialization to find actual program logic
- `analyze_imports` - Categorize imports by capability with suspicious pattern detection
- `find_authentication` - Locate auth, license checks, and credential handling code
- `analyze_switch_table` - Reverse engineer command dispatchers and jump tables
- `find_config_parsing` - Identify configuration file parsing and settings management
- `compare_functions` - Compare two functions for similarity (patches, variants, libraries)
- `document_struct` - Comprehensively document data structure fields and usage
- `find_error_handlers` - Map error handling, cleanup routines, and exit paths
## [2025.12.1] - 2025-12-01 ## [2025.12.1] - 2025-12-01
### Added ### Added
@ -22,14 +49,14 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
- `cursor_delete(cursor_id)` - Delete specific cursor - `cursor_delete(cursor_id)` - Delete specific cursor
- `cursor_delete_all()` - Delete all session cursors - `cursor_delete_all()` - Delete all session cursors
- **Enumeration Resources:** New lightweight MCP resources for quick data enumeration (more efficient than tool calls): - **Enumeration Resources:** New lightweight MCP resources for quick data enumeration (more efficient than tool calls):
- `/instances` - List all active Ghidra instances - `ghidra://instances` - List all active Ghidra instances
- `/instance/{port}/summary` - Program overview with statistics - `ghidra://instance/{port}/summary` - Program overview with statistics
- `/instance/{port}/functions` - List functions (capped at 1000) - `ghidra://instance/{port}/functions` - List functions (capped at 1000)
- `/instance/{port}/strings` - List strings (capped at 500) - `ghidra://instance/{port}/strings` - List strings (capped at 500)
- `/instance/{port}/data` - List data items (capped at 1000) - `ghidra://instance/{port}/data` - List data items (capped at 1000)
- `/instance/{port}/structs` - List struct types (capped at 500) - `ghidra://instance/{port}/structs` - List struct types (capped at 500)
- `/instance/{port}/xrefs/to/{address}` - Cross-references to an address - `ghidra://instance/{port}/xrefs/to/{address}` - Cross-references to an address
- `/instance/{port}/xrefs/from/{address}` - Cross-references from an address - `ghidra://instance/{port}/xrefs/from/{address}` - Cross-references from an address
### Changed ### Changed
- **MCP Dependency Upgrade:** Updated from `mcp==1.6.0` to `mcp>=1.22.0` for FastMCP Context support. - **MCP Dependency Upgrade:** Updated from `mcp==1.6.0` to `mcp>=1.22.0` for FastMCP Context support.

2723
bridge_mcp_hydra.py
View File

File diff suppressed because it is too large Load Diff