From a0cd558b120c473d7bdc6f42f53fffe4230b92d5 Mon Sep 17 00:00:00 2001
From: K VAISHAKH <133781093+vaishakh787@users.noreply.github.com>
Date: Mon, 26 Jan 2026 14:23:28 +0530
Subject: [PATCH 1/4] ghidra: initial capa explorer extension MVP

---
 capa/ghidra/plugin/extension/README.md        |   1 +
 capa/ghidra/plugin/extension/build.gradle     |  66 +++++++
 .../plugin/extension/extension.properties     |   5 +
 .../src/main/help/help/TOC_Source.xml         |  57 ++++++
 .../help/help/topics/capaexplorer/help.html   |  23 +++
 .../src/main/java/capa/ghidra/CapaPlugin.java |  59 ++++++
 .../main/java/capa/ghidra/CapaProvider.java   |  52 +++++
 .../java/capa/ghidra/CapaPythonBridge.java    |  47 +++++
 .../capaexplorer/CapaExplorerAnalyzer.java    |  74 +++++++
 .../capaexplorer/CapaExplorerExporter.java    |  77 ++++++++
 .../capaexplorer/CapaExplorerFileSystem.java  | 184 ++++++++++++++++++
 .../java/capaexplorer/CapaExplorerLoader.java |  80 ++++++++
 .../java/capaexplorer/CapaExplorerPlugin.java | 116 +++++++++++
 .../src/main/resources/images/README.txt      |   2 +
 14 files changed, 843 insertions(+)
 create mode 100644 capa/ghidra/plugin/extension/README.md
 create mode 100644 capa/ghidra/plugin/extension/build.gradle
 create mode 100644 capa/ghidra/plugin/extension/extension.properties
 create mode 100644 capa/ghidra/plugin/extension/src/main/help/help/TOC_Source.xml
 create mode 100644 capa/ghidra/plugin/extension/src/main/help/help/topics/capaexplorer/help.html
 create mode 100644 capa/ghidra/plugin/extension/src/main/java/capa/ghidra/CapaPlugin.java
 create mode 100644 capa/ghidra/plugin/extension/src/main/java/capa/ghidra/CapaProvider.java
 create mode 100644 capa/ghidra/plugin/extension/src/main/java/capa/ghidra/CapaPythonBridge.java
 create mode 100644 capa/ghidra/plugin/extension/src/main/java/capaexplorer/CapaExplorerAnalyzer.java
 create mode 100644 capa/ghidra/plugin/extension/src/main/java/capaexplorer/CapaExplorerExporter.java
 create mode 100644 capa/ghidra/plugin/extension/src/main/java/capaexplorer/CapaExplorerFileSystem.java
 create mode 100644 capa/ghidra/plugin/extension/src/main/java/capaexplorer/CapaExplorerLoader.java
 create mode 100644 capa/ghidra/plugin/extension/src/main/java/capaexplorer/CapaExplorerPlugin.java
 create mode 100644 capa/ghidra/plugin/extension/src/main/resources/images/README.txt

diff --git a/capa/ghidra/plugin/extension/README.md b/capa/ghidra/plugin/extension/README.md
new file mode 100644
index 000000000..08fe9847f
--- /dev/null
+++ b/capa/ghidra/plugin/extension/README.md
@@ -0,0 +1 @@
+# CapaExplorer
diff --git a/capa/ghidra/plugin/extension/build.gradle b/capa/ghidra/plugin/extension/build.gradle
new file mode 100644
index 000000000..a3a305cb9
--- /dev/null
+++ b/capa/ghidra/plugin/extension/build.gradle
@@ -0,0 +1,66 @@
+/* ###
+ * IP: GHIDRA
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Builds a Ghidra Extension for a given Ghidra installation.
+//
+// An absolute path to the Ghidra installation directory must be supplied either by setting the 
+// GHIDRA_INSTALL_DIR environment variable or Gradle project property:
+//
+//     > export GHIDRA_INSTALL_DIR=<Absolute path to Ghidra> 
+//     > gradle
+//
+//         or
+//
+//     > gradle -PGHIDRA_INSTALL_DIR=<Absolute path to Ghidra>
+//
+// Gradle should be invoked from the directory of the project to build.  Please see the
+// application.gradle.version property in <GHIDRA_INSTALL_DIR>/Ghidra/application.properties
+// for the correction version of Gradle to use for the Ghidra installation you specify.
+
+//----------------------START "DO NOT MODIFY" SECTION------------------------------
+def ghidraInstallDir
+
+if (System.env.GHIDRA_INSTALL_DIR) {
+	ghidraInstallDir = System.env.GHIDRA_INSTALL_DIR
+}
+else if (project.hasProperty("GHIDRA_INSTALL_DIR")) {
+	ghidraInstallDir = project.getProperty("GHIDRA_INSTALL_DIR")
+}
+else {
+	ghidraInstallDir = "<REPLACE>"
+}
+
+task distributeExtension {
+	group = "Ghidra"
+
+	apply from: new File(ghidraInstallDir).getCanonicalPath() + "/support/buildExtension.gradle"
+	dependsOn ':buildExtension'
+}
+//----------------------END "DO NOT MODIFY" SECTION-------------------------------
+
+repositories {
+	// Declare dependency repositories here.  This is not needed if dependencies are manually 
+	// dropped into the lib/ directory.
+	// See https://docs.gradle.org/current/userguide/declaring_repositories.html for more info.
+	// Ex: mavenCentral()
+}
+
+dependencies {
+	// Any external dependencies added here will automatically be copied to the lib/ directory when
+	// this extension is built.	
+}
+
+// Exclude additional files from the built extension
+// Ex: buildExtension.exclude '.idea/**'
diff --git a/capa/ghidra/plugin/extension/extension.properties b/capa/ghidra/plugin/extension/extension.properties
new file mode 100644
index 000000000..86a8a29a2
--- /dev/null
+++ b/capa/ghidra/plugin/extension/extension.properties
@@ -0,0 +1,5 @@
+name=@extname@
+description=The extension description can be customized by editing the extension.properties file.
+author=
+createdOn=
+version=@extversion@
diff --git a/capa/ghidra/plugin/extension/src/main/help/help/TOC_Source.xml b/capa/ghidra/plugin/extension/src/main/help/help/TOC_Source.xml
new file mode 100644
index 000000000..a34f62e8f
--- /dev/null
+++ b/capa/ghidra/plugin/extension/src/main/help/help/TOC_Source.xml
@@ -0,0 +1,57 @@
+<?xml version='1.0' encoding='ISO-8859-1' ?>
+<!-- 
+
+	This is an XML file intended to be parsed by the Ghidra help system.  It is loosely based 
+	upon the JavaHelp table of contents document format.  The Ghidra help system uses a 
+	TOC_Source.xml file to allow a module with help to define how its contents appear in the 
+	Ghidra help viewer's table of contents.  The main document (in the Base module) 
+	defines a basic structure for the 
+	Ghidra table of contents system.  Other TOC_Source.xml files may use this structure to insert
+	their files directly into this structure (and optionally define a substructure).
+	
+	
+	In this document, a tag can be either a <tocdef> or a <tocref>.  The former is a definition
+	of an XML item that may have a link and may contain other <tocdef> and <tocref> children.  
+	<tocdef> items may be referred to in other documents by using a <tocref> tag with the 
+	appropriate id attribute value.  Using these two tags allows any module to define a place 
+	in the table of contents system (<tocdef>), which also provides a place for 
+	other TOC_Source.xml files to insert content (<tocref>).  
+	
+	During the help build time, all TOC_Source.xml files will be parsed and	validated to ensure
+	that all <tocref> tags point to valid <tocdef> tags.  From these files will be generated
+	<module name>_TOC.xml files, which are table of contents files written in the format 
+	desired by the JavaHelp system.   Additionally, the genated files will be merged together
+	as they are loaded by the JavaHelp system.  In the end, when displaying help in the Ghidra
+	help GUI, there will be on table of contents that has been created from the definitions in 
+	all of the modules' TOC_Source.xml files.
+
+	
+	Tags and Attributes
+	
+	<tocdef>
+	-id          - the name of the definition (this must be unique across all TOC_Source.xml files)	
+	-text        - the display text of the node, as seen in the help GUI
+	-target**    - the file to display when the node is clicked in the GUI
+	-sortgroup   - this is a string that defines where a given node should appear under a given
+	               parent.  The string values will be sorted by the JavaHelp system using
+	               a javax.text.RulesBasedCollator.  If this attribute is not specified, then
+	               the text of attribute will be used.
+
+	<tocref>
+	-id			 - The id of the <tocdef> that this reference points to 
+	
+	**The URL for the target is relative and should start with 'help/topics'.  This text is 
+	used by the Ghidra help system to provide a universal starting point for all links so that
+	they can be resolved at runtime, across modules.
+	
+	
+-->
+
+
+<tocroot>
+	<!-- Uncomment and adjust fields to add help topic to help system's Table of Contents
+	<tocref id="Ghidra Functionality">
+		<tocdef id="HelpAnchor" text="My Feature" target="help/topics/my_topic/help.html" />
+	</tocref>
+	-->
+</tocroot>
diff --git a/capa/ghidra/plugin/extension/src/main/help/help/topics/capaexplorer/help.html b/capa/ghidra/plugin/extension/src/main/help/help/topics/capaexplorer/help.html
new file mode 100644
index 000000000..1f9d6a1fc
--- /dev/null
+++ b/capa/ghidra/plugin/extension/src/main/help/help/topics/capaexplorer/help.html
@@ -0,0 +1,23 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+
+<HTML>
+  <HEAD>
+    <META name="generator" content=
+    "HTML Tidy for Java (vers. 2009-12-01), see jtidy.sourceforge.net">
+    <META http-equiv="Content-Language" content="en-us">
+    <META http-equiv="Content-Type" content="text/html; charset=windows-1252">
+    <META name="GENERATOR" content="Microsoft FrontPage 4.0">
+    <META name="ProgId" content="FrontPage.Editor.Document">
+
+    <TITLE>Skeleton Help File for a Module</TITLE>
+    <LINK rel="stylesheet" type="text/css" href="help/shared/DefaultStyle.css">
+  </HEAD>
+
+  <BODY>
+    <H1><a name="HelpAnchor"></a>Skeleton Help File for a Module</H1>
+
+    <P>This is a simple skeleton help topic. For a better description of what should and should not
+    go in here, see the "sample" Ghidra extension in the Extensions/Ghidra directory, or see your 
+    favorite help topic. In general, language modules do not have their own help topics.</P>
+  </BODY>
+</HTML>
diff --git a/capa/ghidra/plugin/extension/src/main/java/capa/ghidra/CapaPlugin.java b/capa/ghidra/plugin/extension/src/main/java/capa/ghidra/CapaPlugin.java
new file mode 100644
index 000000000..9eadf6647
--- /dev/null
+++ b/capa/ghidra/plugin/extension/src/main/java/capa/ghidra/CapaPlugin.java
@@ -0,0 +1,59 @@
+package capa.ghidra;
+
+import docking.ActionContext;
+import docking.action.DockingAction;
+import docking.action.MenuData;
+import ghidra.app.plugin.PluginCategoryNames;
+import ghidra.app.plugin.ProgramPlugin;
+import ghidra.framework.plugintool.PluginInfo;
+import ghidra.framework.plugintool.PluginTool;
+import ghidra.framework.plugintool.util.PluginStatus;
+import ghidra.util.Msg;
+
+@PluginInfo(
+    status = PluginStatus.STABLE,
+    packageName = "Capa",
+    category = PluginCategoryNames.ANALYSIS,
+    shortDescription = "Run capa analysis",
+    description = "Capa explorer MVP for Ghidra"
+)
+public class CapaPlugin extends ProgramPlugin {
+
+    private DockingAction action;
+    private CapaProvider provider;
+
+    public CapaPlugin(PluginTool tool) {
+        super(tool);
+
+        provider = new CapaProvider(tool);
+        createActions();
+    }
+
+    private void createActions() {
+
+        action = new DockingAction("Run capa analysis", getName()) {
+
+            @Override
+            public void actionPerformed(ActionContext context) {
+
+                Msg.showInfo(
+                    this,
+                    null,
+                    "CapaPlugin",
+                    "Run capa analysis clicked"
+                );
+
+                provider.runCapa(currentProgram);
+            }
+        };
+
+        action.setMenuBarData(
+            new MenuData(new String[] {
+                "Tools",
+                "Run capa analysis"
+            })
+        );
+
+        tool.addAction(action);
+    }
+}
\ No newline at end of file
diff --git a/capa/ghidra/plugin/extension/src/main/java/capa/ghidra/CapaProvider.java b/capa/ghidra/plugin/extension/src/main/java/capa/ghidra/CapaProvider.java
new file mode 100644
index 000000000..9ad87a662
--- /dev/null
+++ b/capa/ghidra/plugin/extension/src/main/java/capa/ghidra/CapaProvider.java
@@ -0,0 +1,52 @@
+package capa.ghidra;
+
+import docking.ComponentProvider;
+import ghidra.framework.plugintool.PluginTool;
+import ghidra.program.model.listing.Program;
+
+import javax.swing.JScrollPane;
+import javax.swing.JTextArea;
+import javax.swing.JComponent;
+import java.awt.Font;
+
+public class CapaProvider extends ComponentProvider {
+
+    private final JTextArea output;
+
+    public CapaProvider(PluginTool tool) {
+        super(tool, "Capa Explorer", "CapaExplorer");
+
+        output = new JTextArea();
+        output.setEditable(false);
+        output.setFont(new Font("Monospaced", Font.PLAIN, 12));
+
+        tool.addComponentProvider(this, true);
+        tool.showComponentProvider(this, true);
+    }
+
+    @Override
+    public JComponent getComponent() {
+        return new JScrollPane(output);
+    }
+
+    public void runCapa(Program program) {
+
+        if (program == null) {
+            output.setText("No program is currently open.\n");
+            return;
+        }
+
+        output.setText("Running capa...\n");
+
+        try {
+            String result =
+                CapaPythonBridge.run(program);
+
+            output.append(result);
+        }
+        catch (Exception e) {
+            output.append("\nERROR:\n");
+            output.append(e.toString());
+        }
+    }
+}
\ No newline at end of file
diff --git a/capa/ghidra/plugin/extension/src/main/java/capa/ghidra/CapaPythonBridge.java b/capa/ghidra/plugin/extension/src/main/java/capa/ghidra/CapaPythonBridge.java
new file mode 100644
index 000000000..59b9a494e
--- /dev/null
+++ b/capa/ghidra/plugin/extension/src/main/java/capa/ghidra/CapaPythonBridge.java
@@ -0,0 +1,47 @@
+package capa.ghidra;
+
+import ghidra.framework.Application;
+import ghidra.program.model.listing.Program;
+import generic.jar.ResourceFile;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.InputStreamReader;
+
+public class CapaPythonBridge {
+
+    public static String run(Program program) throws Exception {
+
+        // data/python/
+        ResourceFile pythonDir =
+            Application.getModuleDataSubDirectory("python");
+
+        // data/python/capa_runner.py
+        File scriptFile =
+            new File(pythonDir.getFile(false), "capa_runner.py");
+
+        Process process =
+            new ProcessBuilder(
+                "python3",
+                scriptFile.getAbsolutePath()
+            )
+            .redirectErrorStream(true)
+            .start();
+
+        StringBuilder output = new StringBuilder();
+
+        try (BufferedReader reader =
+                 new BufferedReader(
+                     new InputStreamReader(
+                         process.getInputStream()))) {
+
+            String line;
+            while ((line = reader.readLine()) != null) {
+                output.append(line).append("\n");
+            }
+        }
+
+        process.waitFor();
+        return output.toString();
+    }
+}
\ No newline at end of file
diff --git a/capa/ghidra/plugin/extension/src/main/java/capaexplorer/CapaExplorerAnalyzer.java b/capa/ghidra/plugin/extension/src/main/java/capaexplorer/CapaExplorerAnalyzer.java
new file mode 100644
index 000000000..b73f7a936
--- /dev/null
+++ b/capa/ghidra/plugin/extension/src/main/java/capaexplorer/CapaExplorerAnalyzer.java
@@ -0,0 +1,74 @@
+/* ###
+ * IP: GHIDRA
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package capaexplorer;
+
+import ghidra.app.services.AbstractAnalyzer;
+import ghidra.app.services.AnalyzerType;
+import ghidra.app.util.importer.MessageLog;
+import ghidra.framework.options.Options;
+import ghidra.program.model.address.AddressSetView;
+import ghidra.program.model.listing.Program;
+import ghidra.util.exception.CancelledException;
+import ghidra.util.task.TaskMonitor;
+
+/**
+ * Provide class-level documentation that describes what this analyzer does.
+ */
+public class CapaExplorerAnalyzer extends AbstractAnalyzer {
+
+	public CapaExplorerAnalyzer() {
+
+		// Name the analyzer and give it a description.
+
+		super("My Analyzer", "Analyzer description goes here", AnalyzerType.BYTE_ANALYZER);
+	}
+
+	@Override
+	public boolean getDefaultEnablement(Program program) {
+
+		// Return true if analyzer should be enabled by default
+
+		return true;
+	}
+
+	@Override
+	public boolean canAnalyze(Program program) {
+
+		// Examine 'program' to determine of this analyzer should analyze it.  Return true
+		// if it can.
+
+		return true;
+	}
+
+	@Override
+	public void registerOptions(Options options, Program program) {
+
+		// If this analyzer has custom options, register them here
+
+		options.registerOption("Option name goes here", false, null,
+			"Option description goes here");
+	}
+
+	@Override
+	public boolean added(Program program, AddressSetView set, TaskMonitor monitor, MessageLog log)
+			throws CancelledException {
+
+		// Perform analysis when things get added to the 'program'.  Return true if the
+		// analysis succeeded.
+
+		return false;
+	}
+}
diff --git a/capa/ghidra/plugin/extension/src/main/java/capaexplorer/CapaExplorerExporter.java b/capa/ghidra/plugin/extension/src/main/java/capaexplorer/CapaExplorerExporter.java
new file mode 100644
index 000000000..d70fe9f62
--- /dev/null
+++ b/capa/ghidra/plugin/extension/src/main/java/capaexplorer/CapaExplorerExporter.java
@@ -0,0 +1,77 @@
+/* ###
+ * IP: GHIDRA
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package capaexplorer;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+import ghidra.app.util.*;
+import ghidra.app.util.exporter.Exporter;
+import ghidra.app.util.exporter.ExporterException;
+import ghidra.framework.model.DomainObject;
+import ghidra.program.model.address.AddressSetView;
+import ghidra.util.task.TaskMonitor;
+
+/**
+ * Provide class-level documentation that describes what this exporter does.
+ */
+public class CapaExplorerExporter extends Exporter {
+
+	/**
+	 * Exporter constructor.
+	 */
+	public CapaExplorerExporter() {
+
+		// Name the exporter and associate a file extension with it
+
+		super("My Exporter", "exp", null);
+	}
+
+	@Override
+	public boolean supportsAddressRestrictedExport() {
+
+		// Return true if addrSet export parameter can be used to restrict export
+
+		return false;
+	}
+
+	@Override
+	public boolean export(File file, DomainObject domainObj, AddressSetView addrSet,
+			TaskMonitor monitor) throws ExporterException, IOException {
+
+		// Perform the export, and return true if it succeeded
+
+		return false;
+	}
+
+	@Override
+	public List<Option> getOptions(DomainObjectService domainObjectService) {
+		List<Option> list = new ArrayList<>();
+
+		// If this exporter has custom options, add them to 'list'
+		list.add(new Option("Option name goes here", "Default option value goes here"));
+
+		return list;
+	}
+
+	@Override
+	public void setOptions(List<Option> options) throws OptionException {
+
+		// If this exporter has custom options, assign their values to the exporter here
+	}
+}
diff --git a/capa/ghidra/plugin/extension/src/main/java/capaexplorer/CapaExplorerFileSystem.java b/capa/ghidra/plugin/extension/src/main/java/capaexplorer/CapaExplorerFileSystem.java
new file mode 100644
index 000000000..43d2d5a4f
--- /dev/null
+++ b/capa/ghidra/plugin/extension/src/main/java/capaexplorer/CapaExplorerFileSystem.java
@@ -0,0 +1,184 @@
+/* ###
+ * IP: GHIDRA
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package capaexplorer;
+
+import java.io.IOException;
+import java.util.Comparator;
+import java.util.List;
+
+import ghidra.app.util.bin.ByteProvider;
+import ghidra.app.util.bin.ByteProviderWrapper;
+import ghidra.formats.gfilesystem.*;
+import ghidra.formats.gfilesystem.annotations.FileSystemInfo;
+import ghidra.formats.gfilesystem.factory.GFileSystemFactoryByteProvider;
+import ghidra.formats.gfilesystem.factory.GFileSystemProbeByteProvider;
+import ghidra.formats.gfilesystem.fileinfo.FileAttributeType;
+import ghidra.formats.gfilesystem.fileinfo.FileAttributes;
+import ghidra.util.exception.CancelledException;
+import ghidra.util.task.TaskMonitor;
+
+/**
+ * Provide class-level documentation that describes what this file system does.
+ */
+@FileSystemInfo(type = "fstypegoeshere", // ([a-z0-9]+ only)
+		description = "File system description goes here", factory = CapaExplorerFileSystem.MyFileSystemFactory.class)
+public class CapaExplorerFileSystem implements GFileSystem {
+
+	private final FSRLRoot fsFSRL;
+	private FileSystemIndexHelper<MyMetadata> fsih;
+	private FileSystemRefManager refManager = new FileSystemRefManager(this);
+
+	private ByteProvider provider;
+
+	/**
+	 * File system constructor.
+	 * 
+	 * @param fsFSRL The root {@link FSRL} of the file system.
+	 * @param provider The file system provider.
+	 */
+	public CapaExplorerFileSystem(FSRLRoot fsFSRL, ByteProvider provider) {
+		this.fsFSRL = fsFSRL;
+		this.provider = provider;
+		this.fsih = new FileSystemIndexHelper<>(this, fsFSRL);
+	}
+
+	/**
+	 * Mounts (opens) the file system.
+	 * 
+	 * @param monitor A cancellable task monitor.
+	 */
+	public void mount(TaskMonitor monitor) {
+		monitor.setMessage("Opening " + CapaExplorerFileSystem.class.getSimpleName() + "...");
+
+		// Customize how things in the file system are stored.  The following should be 
+		// treated as pseudo-code.
+		for (MyMetadata metadata : new MyMetadata[10]) {
+			if (monitor.isCancelled()) {
+				break;
+			}
+			fsih.storeFile(metadata.path, fsih.getFileCount(), false, metadata.size, metadata);
+		}
+	}
+
+	@Override
+	public void close() throws IOException {
+		refManager.onClose();
+		if (provider != null) {
+			provider.close();
+			provider = null;
+		}
+		fsih.clear();
+	}
+
+	@Override
+	public String getName() {
+		return fsFSRL.getContainer().getName();
+	}
+
+	@Override
+	public FSRLRoot getFSRL() {
+		return fsFSRL;
+	}
+
+	@Override
+	public boolean isClosed() {
+		return provider == null;
+	}
+
+	@Override
+	public int getFileCount() {
+		return fsih.getFileCount();
+	}
+
+	@Override
+	public FileSystemRefManager getRefManager() {
+		return refManager;
+	}
+
+	@Override
+	public GFile lookup(String path) throws IOException {
+		return fsih.lookup(path);
+	}
+
+	@Override
+	public GFile lookup(String path, Comparator<String> nameComp) throws IOException {
+		return fsih.lookup(null, path, nameComp);
+	}
+
+	@Override
+	public ByteProvider getByteProvider(GFile file, TaskMonitor monitor)
+			throws IOException, CancelledException {
+
+		// Get an ByteProvider for a file.  The following is an example of how the metadata
+		// might be used to get an sub-ByteProvider from a stored provider offset.
+		MyMetadata metadata = fsih.getMetadata(file);
+		return (metadata != null)
+				? new ByteProviderWrapper(provider, metadata.offset, metadata.size, file.getFSRL())
+				: null;
+	}
+
+	@Override
+	public List<GFile> getListing(GFile directory) throws IOException {
+		return fsih.getListing(directory);
+	}
+
+	@Override
+	public FileAttributes getFileAttributes(GFile file, TaskMonitor monitor) {
+		MyMetadata metadata = fsih.getMetadata(file);
+		FileAttributes result = new FileAttributes();
+		if (metadata != null) {
+			result.add(FileAttributeType.NAME_ATTR, metadata.name);
+			result.add(FileAttributeType.SIZE_ATTR, metadata.size);
+		}
+		return result;
+	}
+
+	// Customize for the real file system.
+	public static class MyFileSystemFactory
+			implements GFileSystemFactoryByteProvider<CapaExplorerFileSystem>,
+			GFileSystemProbeByteProvider {
+
+		@Override
+		public CapaExplorerFileSystem create(FSRLRoot targetFSRL,
+				ByteProvider byteProvider, FileSystemService fsService, TaskMonitor monitor)
+				throws IOException, CancelledException {
+
+			CapaExplorerFileSystem fs = new CapaExplorerFileSystem(targetFSRL, byteProvider);
+			fs.mount(monitor);
+			return fs;
+		}
+
+		@Override
+		public boolean probe(ByteProvider byteProvider, FileSystemService fsService,
+				TaskMonitor monitor) throws IOException, CancelledException {
+
+			// Quickly and efficiently examine the bytes in 'byteProvider' to determine if 
+			// it's a valid file system.  If it is, return true. 
+
+			return false;
+		}
+	}
+
+	// Customize with metadata from files in the real file system.  This is just a stub.
+	// The elements of the file system will most likely be modeled by Java classes external to this
+	// file.
+	private static class MyMetadata {
+		private String name;
+		private String path;
+		private long offset;
+		private long size;
+	}
+}
diff --git a/capa/ghidra/plugin/extension/src/main/java/capaexplorer/CapaExplorerLoader.java b/capa/ghidra/plugin/extension/src/main/java/capaexplorer/CapaExplorerLoader.java
new file mode 100644
index 000000000..ed24fd8bd
--- /dev/null
+++ b/capa/ghidra/plugin/extension/src/main/java/capaexplorer/CapaExplorerLoader.java
@@ -0,0 +1,80 @@
+/* ###
+ * IP: GHIDRA
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package capaexplorer;
+
+import java.io.IOException;
+import java.util.*;
+
+import ghidra.app.util.Option;
+import ghidra.app.util.bin.ByteProvider;
+import ghidra.app.util.opinion.AbstractProgramWrapperLoader;
+import ghidra.app.util.opinion.LoadSpec;
+import ghidra.framework.model.DomainObject;
+import ghidra.program.model.listing.Program;
+import ghidra.util.exception.CancelledException;
+
+/**
+ * Provide class-level documentation that describes what this loader does.
+ */
+public class CapaExplorerLoader extends AbstractProgramWrapperLoader {
+
+	@Override
+	public String getName() {
+
+		// Name the loader.  This name must match the name of the loader in the .opinion files.
+
+		return "My loader";
+	}
+
+	@Override
+	public Collection<LoadSpec> findSupportedLoadSpecs(ByteProvider provider) throws IOException {
+		List<LoadSpec> loadSpecs = new ArrayList<>();
+
+		// Examine the bytes in 'provider' to determine if this loader can load it.  If it 
+		// can load it, return the appropriate load specifications.
+
+		return loadSpecs;
+	}
+
+	@Override
+	protected void load(Program prgram, ImporterSettings settiings)
+			throws CancelledException, IOException {
+
+		// Load the bytes from 'settings.provider()' into the 'program'.
+	}
+
+	@Override
+	public List<Option> getDefaultOptions(ByteProvider provider, LoadSpec loadSpec,
+			DomainObject domainObject, boolean isLoadIntoProgram, boolean mirrorFsLayout) {
+		List<Option> list = super.getDefaultOptions(provider, loadSpec, domainObject,
+			isLoadIntoProgram, mirrorFsLayout);
+
+		// If this loader has custom options, add them to 'list'
+		list.add(new Option("Option name goes here", "Default option value goes here"));
+
+		return list;
+	}
+
+	@Override
+	public String validateOptions(ByteProvider provider, LoadSpec loadSpec, List<Option> options,
+			Program program) {
+
+		// If this loader has custom options, validate them here.  Not all options require
+		// validation.
+
+		return super.validateOptions(provider, loadSpec, options, program);
+	}
+}
diff --git a/capa/ghidra/plugin/extension/src/main/java/capaexplorer/CapaExplorerPlugin.java b/capa/ghidra/plugin/extension/src/main/java/capaexplorer/CapaExplorerPlugin.java
new file mode 100644
index 000000000..6651c17e6
--- /dev/null
+++ b/capa/ghidra/plugin/extension/src/main/java/capaexplorer/CapaExplorerPlugin.java
@@ -0,0 +1,116 @@
+/* ###
+ * IP: GHIDRA
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package capaexplorer;
+
+import java.awt.BorderLayout;
+
+import javax.swing.*;
+
+import docking.ActionContext;
+import docking.ComponentProvider;
+import docking.action.DockingAction;
+import docking.action.ToolBarData;
+import ghidra.app.ExamplesPluginPackage;
+import ghidra.app.plugin.PluginCategoryNames;
+import ghidra.app.plugin.ProgramPlugin;
+import ghidra.framework.plugintool.*;
+import ghidra.framework.plugintool.util.PluginStatus;
+import ghidra.util.HelpLocation;
+import ghidra.util.Msg;
+import resources.Icons;
+
+/**
+ * Provide class-level documentation that describes what this plugin does.
+ */
+//@formatter:off
+@PluginInfo(
+	status = PluginStatus.STABLE,
+	packageName = ExamplesPluginPackage.NAME,
+	category = PluginCategoryNames.EXAMPLES,
+	shortDescription = "Plugin short description goes here.",
+	description = "Plugin long description goes here."
+)
+//@formatter:on
+public class CapaExplorerPlugin extends ProgramPlugin {
+
+	MyProvider provider;
+
+	/**
+	 * Plugin constructor.
+	 * 
+	 * @param tool The plugin tool that this plugin is added to.
+	 */
+	public CapaExplorerPlugin(PluginTool tool) {
+		super(tool);
+
+		// Customize provider (or remove if a provider is not desired)
+		String pluginName = getName();
+		provider = new MyProvider(this, pluginName);
+
+		// Customize help (or remove if help is not desired)
+		String topicName = this.getClass().getPackage().getName();
+		String anchorName = "HelpAnchor";
+		provider.setHelpLocation(new HelpLocation(topicName, anchorName));
+	}
+
+	@Override
+	public void init() {
+		super.init();
+
+		// Acquire services if necessary
+	}
+
+	// If provider is desired, it is recommended to move it to its own file
+	private static class MyProvider extends ComponentProvider {
+
+		private JPanel panel;
+		private DockingAction action;
+
+		public MyProvider(Plugin plugin, String owner) {
+			super(plugin.getTool(), "Skeleton Provider", owner);
+			buildPanel();
+			createActions();
+		}
+
+		// Customize GUI
+		private void buildPanel() {
+			panel = new JPanel(new BorderLayout());
+			JTextArea textArea = new JTextArea(5, 25);
+			textArea.setEditable(false);
+			panel.add(new JScrollPane(textArea));
+			setVisible(true);
+		}
+
+		// Customize actions
+		private void createActions() {
+			action = new DockingAction("My Action", getOwner()) {
+				@Override
+				public void actionPerformed(ActionContext context) {
+					Msg.showInfo(getClass(), panel, "Custom Action", "Hello!");
+				}
+			};
+			action.setToolBarData(new ToolBarData(Icons.ADD_ICON, null));
+			action.setEnabled(true);
+			action.markHelpUnnecessary();
+			dockingTool.addLocalAction(this, action);
+		}
+
+		@Override
+		public JComponent getComponent() {
+			return panel;
+		}
+	}
+}
diff --git a/capa/ghidra/plugin/extension/src/main/resources/images/README.txt b/capa/ghidra/plugin/extension/src/main/resources/images/README.txt
new file mode 100644
index 000000000..f20ae77b7
--- /dev/null
+++ b/capa/ghidra/plugin/extension/src/main/resources/images/README.txt
@@ -0,0 +1,2 @@
+The "src/resources/images" directory is intended to hold all image/icon files used by
+this module.

From 1c8f75aff47e5282aa6a78f258312f5b4a36d678 Mon Sep 17 00:00:00 2001
From: K VAISHAKH <133781093+vaishakh787@users.noreply.github.com>
Date: Mon, 26 Jan 2026 16:06:28 +0530
Subject: [PATCH 2/4] ghidra: cleanup extension MVP and address review feedback

---
 .../plugin/extension/extension.properties     |   8 +-
 .../src/main/java/capa/ghidra/CapaPlugin.java |  25 +--
 .../main/java/capa/ghidra/CapaProvider.java   |  22 ++-
 .../java/capa/ghidra/CapaPythonBridge.java    |  41 +++-
 .../capaexplorer/CapaExplorerAnalyzer.java    |  74 -------
 .../capaexplorer/CapaExplorerExporter.java    |  77 --------
 .../capaexplorer/CapaExplorerFileSystem.java  | 184 ------------------
 .../java/capaexplorer/CapaExplorerLoader.java |  80 --------
 .../java/capaexplorer/CapaExplorerPlugin.java | 116 -----------
 9 files changed, 63 insertions(+), 564 deletions(-)
 delete mode 100644 capa/ghidra/plugin/extension/src/main/java/capaexplorer/CapaExplorerAnalyzer.java
 delete mode 100644 capa/ghidra/plugin/extension/src/main/java/capaexplorer/CapaExplorerExporter.java
 delete mode 100644 capa/ghidra/plugin/extension/src/main/java/capaexplorer/CapaExplorerFileSystem.java
 delete mode 100644 capa/ghidra/plugin/extension/src/main/java/capaexplorer/CapaExplorerLoader.java
 delete mode 100644 capa/ghidra/plugin/extension/src/main/java/capaexplorer/CapaExplorerPlugin.java

diff --git a/capa/ghidra/plugin/extension/extension.properties b/capa/ghidra/plugin/extension/extension.properties
index 86a8a29a2..ee393d8a3 100644
--- a/capa/ghidra/plugin/extension/extension.properties
+++ b/capa/ghidra/plugin/extension/extension.properties
@@ -1,5 +1,5 @@
 name=@extname@
-description=The extension description can be customized by editing the extension.properties file.
-author=
-createdOn=
-version=@extversion@
+description=Finds capabilities in programs, as detected by capa.
+author=Mandiant
+createdOn=2026-01-26
+version=@extversion@
\ No newline at end of file
diff --git a/capa/ghidra/plugin/extension/src/main/java/capa/ghidra/CapaPlugin.java b/capa/ghidra/plugin/extension/src/main/java/capa/ghidra/CapaPlugin.java
index 9eadf6647..3bab179e0 100644
--- a/capa/ghidra/plugin/extension/src/main/java/capa/ghidra/CapaPlugin.java
+++ b/capa/ghidra/plugin/extension/src/main/java/capa/ghidra/CapaPlugin.java
@@ -8,7 +8,6 @@
 import ghidra.framework.plugintool.PluginInfo;
 import ghidra.framework.plugintool.PluginTool;
 import ghidra.framework.plugintool.util.PluginStatus;
-import ghidra.util.Msg;
 
 @PluginInfo(
     status = PluginStatus.STABLE,
@@ -19,7 +18,6 @@
 )
 public class CapaPlugin extends ProgramPlugin {
 
-    private DockingAction action;
     private CapaProvider provider;
 
     public CapaPlugin(PluginTool tool) {
@@ -31,21 +29,14 @@ public CapaPlugin(PluginTool tool) {
 
     private void createActions() {
 
-        action = new DockingAction("Run capa analysis", getName()) {
+        DockingAction action =
+            new DockingAction("Run capa analysis", getName()) {
 
-            @Override
-            public void actionPerformed(ActionContext context) {
-
-                Msg.showInfo(
-                    this,
-                    null,
-                    "CapaPlugin",
-                    "Run capa analysis clicked"
-                );
-
-                provider.runCapa(currentProgram);
-            }
-        };
+                @Override
+                public void actionPerformed(ActionContext context) {
+                    provider.runCapa(currentProgram);
+                }
+            };
 
         action.setMenuBarData(
             new MenuData(new String[] {
@@ -56,4 +47,4 @@ public void actionPerformed(ActionContext context) {
 
         tool.addAction(action);
     }
-}
\ No newline at end of file
+}
diff --git a/capa/ghidra/plugin/extension/src/main/java/capa/ghidra/CapaProvider.java b/capa/ghidra/plugin/extension/src/main/java/capa/ghidra/CapaProvider.java
index 9ad87a662..55cfc9ddf 100644
--- a/capa/ghidra/plugin/extension/src/main/java/capa/ghidra/CapaProvider.java
+++ b/capa/ghidra/plugin/extension/src/main/java/capa/ghidra/CapaProvider.java
@@ -3,18 +3,24 @@
 import docking.ComponentProvider;
 import ghidra.framework.plugintool.PluginTool;
 import ghidra.program.model.listing.Program;
+import ghidra.util.Msg;
 
 import javax.swing.JScrollPane;
 import javax.swing.JTextArea;
 import javax.swing.JComponent;
 import java.awt.Font;
 
+import java.io.PrintWriter;
+import java.io.StringWriter;
+
 public class CapaProvider extends ComponentProvider {
 
+    private final PluginTool tool;
     private final JTextArea output;
 
     public CapaProvider(PluginTool tool) {
         super(tool, "Capa Explorer", "CapaExplorer");
+        this.tool = tool;
 
         output = new JTextArea();
         output.setEditable(false);
@@ -31,6 +37,9 @@ public JComponent getComponent() {
 
     public void runCapa(Program program) {
 
+        // Ensure panel is visible
+        tool.showComponentProvider(this, true);
+
         if (program == null) {
             output.setText("No program is currently open.\n");
             return;
@@ -39,14 +48,19 @@ public void runCapa(Program program) {
         output.setText("Running capa...\n");
 
         try {
-            String result =
-                CapaPythonBridge.run(program);
-
+            String result = CapaPythonBridge.run(program);
             output.append(result);
         }
         catch (Exception e) {
+            Msg.error(this, "Error running capa", e);
+
             output.append("\nERROR:\n");
-            output.append(e.toString());
+
+            StringWriter sw = new StringWriter();
+            PrintWriter pw = new PrintWriter(sw);
+            e.printStackTrace(pw);
+
+            output.append(sw.toString());
         }
     }
 }
\ No newline at end of file
diff --git a/capa/ghidra/plugin/extension/src/main/java/capa/ghidra/CapaPythonBridge.java b/capa/ghidra/plugin/extension/src/main/java/capa/ghidra/CapaPythonBridge.java
index 59b9a494e..0ebc9b255 100644
--- a/capa/ghidra/plugin/extension/src/main/java/capa/ghidra/CapaPythonBridge.java
+++ b/capa/ghidra/plugin/extension/src/main/java/capa/ghidra/CapaPythonBridge.java
@@ -1,28 +1,47 @@
 package capa.ghidra;
 
+import generic.jar.ResourceFile;
 import ghidra.framework.Application;
 import ghidra.program.model.listing.Program;
-import generic.jar.ResourceFile;
+import ghidra.util.Msg;
 
 import java.io.BufferedReader;
 import java.io.File;
 import java.io.InputStreamReader;
 
 public class CapaPythonBridge {
+	/**
+	 * Execute capa analysis for the currently loaded program.
+	 *
+	 * NOTE: The Program parameter is intentionally unused in this MVP.
+	 * In future iterations, program metadata (path, architecture, hashes,
+	 * memory layout, etc.) will be passed to the Python capa runner.
+	 */
 
     public static String run(Program program) throws Exception {
 
-        // data/python/
         ResourceFile pythonDir =
             Application.getModuleDataSubDirectory("python");
 
-        // data/python/capa_runner.py
         File scriptFile =
-            new File(pythonDir.getFile(false), "capa_runner.py");
+            new File(
+                pythonDir.getFile(false),
+                "capa_runner.py"
+            );
+
+        String python = System.getenv("CAPA_PYTHON");
+        if (python == null || python.isBlank()) {
+            python = "python3";
+        }
+
+        Msg.info(
+            CapaPythonBridge.class,
+            "Using Python executable: " + python
+        );
 
         Process process =
             new ProcessBuilder(
-                "python3",
+                python,
                 scriptFile.getAbsolutePath()
             )
             .redirectErrorStream(true)
@@ -37,11 +56,17 @@ public static String run(Program program) throws Exception {
 
             String line;
             while ((line = reader.readLine()) != null) {
-                output.append(line).append("\n");
+                output.append(line).append('\n');
             }
         }
 
-        process.waitFor();
+        int exit = process.waitFor();
+        if (exit != 0) {
+            throw new RuntimeException(
+                "Python exited with code " + exit
+            );
+        }
+
         return output.toString();
     }
-}
\ No newline at end of file
+}
diff --git a/capa/ghidra/plugin/extension/src/main/java/capaexplorer/CapaExplorerAnalyzer.java b/capa/ghidra/plugin/extension/src/main/java/capaexplorer/CapaExplorerAnalyzer.java
deleted file mode 100644
index b73f7a936..000000000
--- a/capa/ghidra/plugin/extension/src/main/java/capaexplorer/CapaExplorerAnalyzer.java
+++ /dev/null
@@ -1,74 +0,0 @@
-/* ###
- * IP: GHIDRA
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package capaexplorer;
-
-import ghidra.app.services.AbstractAnalyzer;
-import ghidra.app.services.AnalyzerType;
-import ghidra.app.util.importer.MessageLog;
-import ghidra.framework.options.Options;
-import ghidra.program.model.address.AddressSetView;
-import ghidra.program.model.listing.Program;
-import ghidra.util.exception.CancelledException;
-import ghidra.util.task.TaskMonitor;
-
-/**
- * Provide class-level documentation that describes what this analyzer does.
- */
-public class CapaExplorerAnalyzer extends AbstractAnalyzer {
-
-	public CapaExplorerAnalyzer() {
-
-		// Name the analyzer and give it a description.
-
-		super("My Analyzer", "Analyzer description goes here", AnalyzerType.BYTE_ANALYZER);
-	}
-
-	@Override
-	public boolean getDefaultEnablement(Program program) {
-
-		// Return true if analyzer should be enabled by default
-
-		return true;
-	}
-
-	@Override
-	public boolean canAnalyze(Program program) {
-
-		// Examine 'program' to determine of this analyzer should analyze it.  Return true
-		// if it can.
-
-		return true;
-	}
-
-	@Override
-	public void registerOptions(Options options, Program program) {
-
-		// If this analyzer has custom options, register them here
-
-		options.registerOption("Option name goes here", false, null,
-			"Option description goes here");
-	}
-
-	@Override
-	public boolean added(Program program, AddressSetView set, TaskMonitor monitor, MessageLog log)
-			throws CancelledException {
-
-		// Perform analysis when things get added to the 'program'.  Return true if the
-		// analysis succeeded.
-
-		return false;
-	}
-}
diff --git a/capa/ghidra/plugin/extension/src/main/java/capaexplorer/CapaExplorerExporter.java b/capa/ghidra/plugin/extension/src/main/java/capaexplorer/CapaExplorerExporter.java
deleted file mode 100644
index d70fe9f62..000000000
--- a/capa/ghidra/plugin/extension/src/main/java/capaexplorer/CapaExplorerExporter.java
+++ /dev/null
@@ -1,77 +0,0 @@
-/* ###
- * IP: GHIDRA
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package capaexplorer;
-
-import java.io.File;
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.List;
-
-import ghidra.app.util.*;
-import ghidra.app.util.exporter.Exporter;
-import ghidra.app.util.exporter.ExporterException;
-import ghidra.framework.model.DomainObject;
-import ghidra.program.model.address.AddressSetView;
-import ghidra.util.task.TaskMonitor;
-
-/**
- * Provide class-level documentation that describes what this exporter does.
- */
-public class CapaExplorerExporter extends Exporter {
-
-	/**
-	 * Exporter constructor.
-	 */
-	public CapaExplorerExporter() {
-
-		// Name the exporter and associate a file extension with it
-
-		super("My Exporter", "exp", null);
-	}
-
-	@Override
-	public boolean supportsAddressRestrictedExport() {
-
-		// Return true if addrSet export parameter can be used to restrict export
-
-		return false;
-	}
-
-	@Override
-	public boolean export(File file, DomainObject domainObj, AddressSetView addrSet,
-			TaskMonitor monitor) throws ExporterException, IOException {
-
-		// Perform the export, and return true if it succeeded
-
-		return false;
-	}
-
-	@Override
-	public List<Option> getOptions(DomainObjectService domainObjectService) {
-		List<Option> list = new ArrayList<>();
-
-		// If this exporter has custom options, add them to 'list'
-		list.add(new Option("Option name goes here", "Default option value goes here"));
-
-		return list;
-	}
-
-	@Override
-	public void setOptions(List<Option> options) throws OptionException {
-
-		// If this exporter has custom options, assign their values to the exporter here
-	}
-}
diff --git a/capa/ghidra/plugin/extension/src/main/java/capaexplorer/CapaExplorerFileSystem.java b/capa/ghidra/plugin/extension/src/main/java/capaexplorer/CapaExplorerFileSystem.java
deleted file mode 100644
index 43d2d5a4f..000000000
--- a/capa/ghidra/plugin/extension/src/main/java/capaexplorer/CapaExplorerFileSystem.java
+++ /dev/null
@@ -1,184 +0,0 @@
-/* ###
- * IP: GHIDRA
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package capaexplorer;
-
-import java.io.IOException;
-import java.util.Comparator;
-import java.util.List;
-
-import ghidra.app.util.bin.ByteProvider;
-import ghidra.app.util.bin.ByteProviderWrapper;
-import ghidra.formats.gfilesystem.*;
-import ghidra.formats.gfilesystem.annotations.FileSystemInfo;
-import ghidra.formats.gfilesystem.factory.GFileSystemFactoryByteProvider;
-import ghidra.formats.gfilesystem.factory.GFileSystemProbeByteProvider;
-import ghidra.formats.gfilesystem.fileinfo.FileAttributeType;
-import ghidra.formats.gfilesystem.fileinfo.FileAttributes;
-import ghidra.util.exception.CancelledException;
-import ghidra.util.task.TaskMonitor;
-
-/**
- * Provide class-level documentation that describes what this file system does.
- */
-@FileSystemInfo(type = "fstypegoeshere", // ([a-z0-9]+ only)
-		description = "File system description goes here", factory = CapaExplorerFileSystem.MyFileSystemFactory.class)
-public class CapaExplorerFileSystem implements GFileSystem {
-
-	private final FSRLRoot fsFSRL;
-	private FileSystemIndexHelper<MyMetadata> fsih;
-	private FileSystemRefManager refManager = new FileSystemRefManager(this);
-
-	private ByteProvider provider;
-
-	/**
-	 * File system constructor.
-	 * 
-	 * @param fsFSRL The root {@link FSRL} of the file system.
-	 * @param provider The file system provider.
-	 */
-	public CapaExplorerFileSystem(FSRLRoot fsFSRL, ByteProvider provider) {
-		this.fsFSRL = fsFSRL;
-		this.provider = provider;
-		this.fsih = new FileSystemIndexHelper<>(this, fsFSRL);
-	}
-
-	/**
-	 * Mounts (opens) the file system.
-	 * 
-	 * @param monitor A cancellable task monitor.
-	 */
-	public void mount(TaskMonitor monitor) {
-		monitor.setMessage("Opening " + CapaExplorerFileSystem.class.getSimpleName() + "...");
-
-		// Customize how things in the file system are stored.  The following should be 
-		// treated as pseudo-code.
-		for (MyMetadata metadata : new MyMetadata[10]) {
-			if (monitor.isCancelled()) {
-				break;
-			}
-			fsih.storeFile(metadata.path, fsih.getFileCount(), false, metadata.size, metadata);
-		}
-	}
-
-	@Override
-	public void close() throws IOException {
-		refManager.onClose();
-		if (provider != null) {
-			provider.close();
-			provider = null;
-		}
-		fsih.clear();
-	}
-
-	@Override
-	public String getName() {
-		return fsFSRL.getContainer().getName();
-	}
-
-	@Override
-	public FSRLRoot getFSRL() {
-		return fsFSRL;
-	}
-
-	@Override
-	public boolean isClosed() {
-		return provider == null;
-	}
-
-	@Override
-	public int getFileCount() {
-		return fsih.getFileCount();
-	}
-
-	@Override
-	public FileSystemRefManager getRefManager() {
-		return refManager;
-	}
-
-	@Override
-	public GFile lookup(String path) throws IOException {
-		return fsih.lookup(path);
-	}
-
-	@Override
-	public GFile lookup(String path, Comparator<String> nameComp) throws IOException {
-		return fsih.lookup(null, path, nameComp);
-	}
-
-	@Override
-	public ByteProvider getByteProvider(GFile file, TaskMonitor monitor)
-			throws IOException, CancelledException {
-
-		// Get an ByteProvider for a file.  The following is an example of how the metadata
-		// might be used to get an sub-ByteProvider from a stored provider offset.
-		MyMetadata metadata = fsih.getMetadata(file);
-		return (metadata != null)
-				? new ByteProviderWrapper(provider, metadata.offset, metadata.size, file.getFSRL())
-				: null;
-	}
-
-	@Override
-	public List<GFile> getListing(GFile directory) throws IOException {
-		return fsih.getListing(directory);
-	}
-
-	@Override
-	public FileAttributes getFileAttributes(GFile file, TaskMonitor monitor) {
-		MyMetadata metadata = fsih.getMetadata(file);
-		FileAttributes result = new FileAttributes();
-		if (metadata != null) {
-			result.add(FileAttributeType.NAME_ATTR, metadata.name);
-			result.add(FileAttributeType.SIZE_ATTR, metadata.size);
-		}
-		return result;
-	}
-
-	// Customize for the real file system.
-	public static class MyFileSystemFactory
-			implements GFileSystemFactoryByteProvider<CapaExplorerFileSystem>,
-			GFileSystemProbeByteProvider {
-
-		@Override
-		public CapaExplorerFileSystem create(FSRLRoot targetFSRL,
-				ByteProvider byteProvider, FileSystemService fsService, TaskMonitor monitor)
-				throws IOException, CancelledException {
-
-			CapaExplorerFileSystem fs = new CapaExplorerFileSystem(targetFSRL, byteProvider);
-			fs.mount(monitor);
-			return fs;
-		}
-
-		@Override
-		public boolean probe(ByteProvider byteProvider, FileSystemService fsService,
-				TaskMonitor monitor) throws IOException, CancelledException {
-
-			// Quickly and efficiently examine the bytes in 'byteProvider' to determine if 
-			// it's a valid file system.  If it is, return true. 
-
-			return false;
-		}
-	}
-
-	// Customize with metadata from files in the real file system.  This is just a stub.
-	// The elements of the file system will most likely be modeled by Java classes external to this
-	// file.
-	private static class MyMetadata {
-		private String name;
-		private String path;
-		private long offset;
-		private long size;
-	}
-}
diff --git a/capa/ghidra/plugin/extension/src/main/java/capaexplorer/CapaExplorerLoader.java b/capa/ghidra/plugin/extension/src/main/java/capaexplorer/CapaExplorerLoader.java
deleted file mode 100644
index ed24fd8bd..000000000
--- a/capa/ghidra/plugin/extension/src/main/java/capaexplorer/CapaExplorerLoader.java
+++ /dev/null
@@ -1,80 +0,0 @@
-/* ###
- * IP: GHIDRA
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package capaexplorer;
-
-import java.io.IOException;
-import java.util.*;
-
-import ghidra.app.util.Option;
-import ghidra.app.util.bin.ByteProvider;
-import ghidra.app.util.opinion.AbstractProgramWrapperLoader;
-import ghidra.app.util.opinion.LoadSpec;
-import ghidra.framework.model.DomainObject;
-import ghidra.program.model.listing.Program;
-import ghidra.util.exception.CancelledException;
-
-/**
- * Provide class-level documentation that describes what this loader does.
- */
-public class CapaExplorerLoader extends AbstractProgramWrapperLoader {
-
-	@Override
-	public String getName() {
-
-		// Name the loader.  This name must match the name of the loader in the .opinion files.
-
-		return "My loader";
-	}
-
-	@Override
-	public Collection<LoadSpec> findSupportedLoadSpecs(ByteProvider provider) throws IOException {
-		List<LoadSpec> loadSpecs = new ArrayList<>();
-
-		// Examine the bytes in 'provider' to determine if this loader can load it.  If it 
-		// can load it, return the appropriate load specifications.
-
-		return loadSpecs;
-	}
-
-	@Override
-	protected void load(Program prgram, ImporterSettings settiings)
-			throws CancelledException, IOException {
-
-		// Load the bytes from 'settings.provider()' into the 'program'.
-	}
-
-	@Override
-	public List<Option> getDefaultOptions(ByteProvider provider, LoadSpec loadSpec,
-			DomainObject domainObject, boolean isLoadIntoProgram, boolean mirrorFsLayout) {
-		List<Option> list = super.getDefaultOptions(provider, loadSpec, domainObject,
-			isLoadIntoProgram, mirrorFsLayout);
-
-		// If this loader has custom options, add them to 'list'
-		list.add(new Option("Option name goes here", "Default option value goes here"));
-
-		return list;
-	}
-
-	@Override
-	public String validateOptions(ByteProvider provider, LoadSpec loadSpec, List<Option> options,
-			Program program) {
-
-		// If this loader has custom options, validate them here.  Not all options require
-		// validation.
-
-		return super.validateOptions(provider, loadSpec, options, program);
-	}
-}
diff --git a/capa/ghidra/plugin/extension/src/main/java/capaexplorer/CapaExplorerPlugin.java b/capa/ghidra/plugin/extension/src/main/java/capaexplorer/CapaExplorerPlugin.java
deleted file mode 100644
index 6651c17e6..000000000
--- a/capa/ghidra/plugin/extension/src/main/java/capaexplorer/CapaExplorerPlugin.java
+++ /dev/null
@@ -1,116 +0,0 @@
-/* ###
- * IP: GHIDRA
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package capaexplorer;
-
-import java.awt.BorderLayout;
-
-import javax.swing.*;
-
-import docking.ActionContext;
-import docking.ComponentProvider;
-import docking.action.DockingAction;
-import docking.action.ToolBarData;
-import ghidra.app.ExamplesPluginPackage;
-import ghidra.app.plugin.PluginCategoryNames;
-import ghidra.app.plugin.ProgramPlugin;
-import ghidra.framework.plugintool.*;
-import ghidra.framework.plugintool.util.PluginStatus;
-import ghidra.util.HelpLocation;
-import ghidra.util.Msg;
-import resources.Icons;
-
-/**
- * Provide class-level documentation that describes what this plugin does.
- */
-//@formatter:off
-@PluginInfo(
-	status = PluginStatus.STABLE,
-	packageName = ExamplesPluginPackage.NAME,
-	category = PluginCategoryNames.EXAMPLES,
-	shortDescription = "Plugin short description goes here.",
-	description = "Plugin long description goes here."
-)
-//@formatter:on
-public class CapaExplorerPlugin extends ProgramPlugin {
-
-	MyProvider provider;
-
-	/**
-	 * Plugin constructor.
-	 * 
-	 * @param tool The plugin tool that this plugin is added to.
-	 */
-	public CapaExplorerPlugin(PluginTool tool) {
-		super(tool);
-
-		// Customize provider (or remove if a provider is not desired)
-		String pluginName = getName();
-		provider = new MyProvider(this, pluginName);
-
-		// Customize help (or remove if help is not desired)
-		String topicName = this.getClass().getPackage().getName();
-		String anchorName = "HelpAnchor";
-		provider.setHelpLocation(new HelpLocation(topicName, anchorName));
-	}
-
-	@Override
-	public void init() {
-		super.init();
-
-		// Acquire services if necessary
-	}
-
-	// If provider is desired, it is recommended to move it to its own file
-	private static class MyProvider extends ComponentProvider {
-
-		private JPanel panel;
-		private DockingAction action;
-
-		public MyProvider(Plugin plugin, String owner) {
-			super(plugin.getTool(), "Skeleton Provider", owner);
-			buildPanel();
-			createActions();
-		}
-
-		// Customize GUI
-		private void buildPanel() {
-			panel = new JPanel(new BorderLayout());
-			JTextArea textArea = new JTextArea(5, 25);
-			textArea.setEditable(false);
-			panel.add(new JScrollPane(textArea));
-			setVisible(true);
-		}
-
-		// Customize actions
-		private void createActions() {
-			action = new DockingAction("My Action", getOwner()) {
-				@Override
-				public void actionPerformed(ActionContext context) {
-					Msg.showInfo(getClass(), panel, "Custom Action", "Hello!");
-				}
-			};
-			action.setToolBarData(new ToolBarData(Icons.ADD_ICON, null));
-			action.setEnabled(true);
-			action.markHelpUnnecessary();
-			dockingTool.addLocalAction(this, action);
-		}
-
-		@Override
-		public JComponent getComponent() {
-			return panel;
-		}
-	}
-}

From 03f9f5b3f3bcdf39e5a987a9988ae686b31df3cd Mon Sep 17 00:00:00 2001
From: K VAISHAKH <133781093+vaishakh787@users.noreply.github.com>
Date: Mon, 26 Jan 2026 18:51:49 +0530
Subject: [PATCH 3/4] added new line in the end

---
 .../plugin/extension/src/main/java/capa/ghidra/CapaPlugin.java  | 1 +
 .../extension/src/main/java/capa/ghidra/CapaProvider.java       | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/capa/ghidra/plugin/extension/src/main/java/capa/ghidra/CapaPlugin.java b/capa/ghidra/plugin/extension/src/main/java/capa/ghidra/CapaPlugin.java
index 3bab179e0..6ead8b1d9 100644
--- a/capa/ghidra/plugin/extension/src/main/java/capa/ghidra/CapaPlugin.java
+++ b/capa/ghidra/plugin/extension/src/main/java/capa/ghidra/CapaPlugin.java
@@ -48,3 +48,4 @@ public void actionPerformed(ActionContext context) {
         tool.addAction(action);
     }
 }
+
diff --git a/capa/ghidra/plugin/extension/src/main/java/capa/ghidra/CapaProvider.java b/capa/ghidra/plugin/extension/src/main/java/capa/ghidra/CapaProvider.java
index 55cfc9ddf..14dff43ec 100644
--- a/capa/ghidra/plugin/extension/src/main/java/capa/ghidra/CapaProvider.java
+++ b/capa/ghidra/plugin/extension/src/main/java/capa/ghidra/CapaProvider.java
@@ -63,4 +63,4 @@ public void runCapa(Program program) {
             output.append(sw.toString());
         }
     }
-}
\ No newline at end of file
+}

From f8e9961fa377408ae007525269bcd9364033f708 Mon Sep 17 00:00:00 2001
From: K VAISHAKH <133781093+vaishakh787@users.noreply.github.com>
Date: Mon, 26 Jan 2026 20:34:12 +0530
Subject: [PATCH 4/4] trigger changelog check