Ghidra script for generating Ghidra Data Type (GDT) archives containing type and symbol information
Inspired by this post, I decided to make an alternative method of generating GDT archives to aid my windows kernel driver reverse engineering process. Ghidra Data Type (GDT) archives are used for storing function data type and symbol information and can be imported in different Ghidra projects through the Data Type Manager.
There wasn't much documentation about it but I found one article about the topic from Stack Overflow and decided to port the script over to python with a few minor adjustments. Ghidra also supports transferring data types through Capture Function Data Types but I preferred using this method.
Included in the repository are pregenerated GDT archives for various system images from Windows 11 Insider Dev Build 22504 including kernelbase, ntoskrnl and ntdll.
- Copy
ExportGDT.pyinto$GHIDRA_ROOT\Ghidra\Features\FunctionID\ghidra_scripts
- Open the desired file in Ghidra containing PDB/DWARF debug info
- Run this script and select the
.gdtoutput file - Open the other program and open the
Data Type Manager - Click on the dropdown and select
Open File Archive... - Select the
.gdtarchive then right click and selectApply Function Data Types