Highest Voted 'ghidra' Questions

2

votes

1 answer

Is Ghidra misinterpreting a function call?

When analyzing the assembly listing in Ghidra, I stumbled upon this instruction: CALL dword ptr [EBX*0x4 + 0x402ac0]=>DAT_00402abc I assumed that the program was calling a function whose address was inside DAT_00402abc, which I initially thought it…

asked Oct 21 '21 at 17:31

lilith

63
5

2

votes

1 answer

Null address in Sslpinning bypass of flutter app by using frida

I was working on pentesting a flutter android app on genymotion x86 to bypass sslpinning by using this and this approaches, but my function address return null when running Frida. First of all, by Ghidra found the address of the function which is…

android flutter frida ghidra sslpinning

asked Aug 15 '21 at 05:40

Maede Hojjati

21
4

2

votes

1 answer

frida hook native non exported functions

i am reversing this android app for learning purposes and the app implements all of the interesting functionality on the native layer, so i ran the app on a arm android studio image and reversed the shared library .so the app is making calls to,…

android reverse-engineering frida ghidra

asked Jul 11 '21 at 02:14

ahmed mani

182
1
10

2

votes

1 answer

How to Get the currentProgram object in Ghidra?

I want to write a python script that can extract and print objects from a ghidra project such as enums and structs and for that I need to call the DataTypeManager from the currentProgram object, but I'm not sure how to call currentProgram in a…

python ghidra

asked May 23 '21 at 06:08

Rex

53
7

2

votes

2 answers

How to break in x64dbg from ghidra's corresponding instructions?

I have x64dbg and ghidra synchronized via ret-sync. I found an interesting point in ghidra: 1800382b1 4d 8b e0 MOV R12,rebitData 1800382b4 48 63 f2 MOVSXD packetSize_,packetSize in the listing view; the file…

debugging assembly breakpoints ghidra x64dbg

asked Jan 18 '21 at 03:16

Soleil

6,404
5
41
61

2

votes

0 answers

Getting around the Lenovo BIOS whitelist

I have a Lenovo Thinkpad that only allows certain hardware to be installed. If there is a piece of hardware connected that is not on the whitelist, BIOS will tell you to remove it and restart. Otherwise the machine will not boot. Now I want to…

bios whitelist ghidra

asked May 28 '20 at 07:25

BraveSentry

339
4
19

2

votes

0 answers

Seeing the contents of a memory address in ghidra

For a course at university, I am trying to statically analyse a binary with ghidra. In the decompiled code, I have a line like local_78 = 0x50999c39eefe455c; I need to know the content of that local variable / where 0x50999c39eefe455c is pointing…

reverse-engineering binaryfiles decompiler ghidra

asked May 15 '20 at 16:22

krise

485
1
10
22

2

votes

1 answer

How to remove ellipses (...) in Ghidra disassembly listing display?

Ghidra often truncates text in the disassembly listing display with ellipses (...) as pictured below in several examples: My question is this: How can I make Ghidra stop doing this? I have looked all over in the extensive configuration options…

configuration customization reverse-engineering ghidra

asked Jan 03 '20 at 19:34

pooley1994

723
4
16

1

vote

0 answers

Increasing windows clipboard history size by reverse engineering

I'm trying to increase the clipboard history size of the clipboard manager in windows (That is the clipboard that shows when you press Win+V). It shows your copy history but only your last 25 copies which is a shame if you want to keep a larger…

windows reverse-engineering ghidra

asked Jun 28 '23 at 19:09

Nidal Barada

373
2
14

1

vote

0 answers

How do I set Ghidra to display static addresses in the listing view?

I'm doing static analysis on a binary in Ghidra. Ghidra displays the addresses of code and data in the listing view as the location where that item would be in memory if the binary were running, e.g. 0xffffffff811759d0. How can I instead set it to…

reverse-engineering binaryfiles hexdump computer-forensics ghidra

asked Jun 22 '23 at 23:25

Jousboxx

23
1
5

1

vote

1 answer

Hooking native function with android's exit() method

Background I'm currently doing OWASP Uncrackable3. I know that there are many writeups online, the only problem I have with these writeups online is when they're doing root bypass detection, all of them seem to bypass it by instrumenting the…

android reverse-engineering frida ghidra

asked May 04 '23 at 15:08

Reflected Name

11
2

1

vote

1 answer

x86 ASM using Ghidra, understanding decompiler results for an inlined function call

#include int addition(int a, int b) { int funcA = a; int funcB = b; return funcA + funcB; }; int main() { volatile int count1 = 8; volatile int count2 = 9; volatile int anotherRandomVar = 0; volatile int…

assembly x86 reverse-engineering decompiling ghidra

asked May 02 '23 at 12:44

sb99

27
5

1

vote

1 answer

X64dbg is not loading program expected address space (Not same as Ghidra shows)

I have this code written in "Visual studio community edition" in main.cpp and built a release version called Test.exe #include int main() { int i = 0; i++; std::string s; std::cout << "Hello World" << i << std::endl; …

assembly reverse-engineering ghidra x64dbg

asked May 01 '23 at 19:28

rajesh.khanna

43
4

1

vote

0 answers

Patching a JMP in Ghidra

I'm pretty new to assembly, I'm trying to understand things better. My goal is to change the default text colour of controls in a win32 x86 application, these are stored as RGB values for different states of elements (like normal, hovered,…

assembly winapi x86 patch ghidra

asked Apr 08 '23 at 09:02

iegrm

57
5

1

vote

0 answers

Is there an Arm Instructions parser for Ghidra that allows to replace References?

I am trying to replace References in CodeUnits with Ghidra. The problem is that every instruction with a reference might look different e.g.: bne LAB_00001234 or cbz r3, LAB_00001234 My goal would be to just change the reference i.e.…

parsing reference arm instructions ghidra

asked Apr 06 '23 at 14:31

silsa100

11
1

Questions tagged [ghidra]