Highest Voted 'ghidra' Questions

1

vote

1 answer

Hex values doubled in IDA/Ghidra decompiled code

I have the following piece of dart code, which check if the input is "ABCDE" and prints correct if the input matches, and it works fine. import 'dart:io'; final List flag = [65, 66, 67, 68, 69]; void main() { print("\ngive flag: "); …

asked Sep 03 '22 at 03:40

tortoise.meets.cheetah

13
3

1

vote

0 answers

Why doesn't -fvisibility hide symbols in .so file?

I've tried searching through existing answers, but didn't find anything that helps with this exact situation, so here goes ... I'm working on a project with a deliverable .so file that contains a lot of proprietary IP, so we want to tightly control…

clang export symbols .so ghidra

asked Aug 12 '22 at 15:29

deeej

11
2

1

vote

1 answer

What does "=>address" mean in Ghidra's disassembly, at the end of an instruction?

I am new to assembly & Ghidra and I am seeing a => on some lines for PUSH in a binary I am looking at and I cant seem to find what Ghidra is doing for instructions like this: 0040298b 56 PUSH ESI=>DAT_004046c8

assembly x86 disassembly ghidra

asked Jun 18 '22 at 03:59

eltabre

23
5

1

vote

2 answers

C code Ghidra decompile results in syntax I am unfamiliar with

I am working on reversing a simple binary using Ghidra. The decompile results in this line of code if ((param_1 != 4) && (func0(param_1 + 1), param_1 + 1 == 0x32)) The param_1+1==0x32 section is confusing me as I'm just not familiar with the syntax…

c ghidra

asked May 04 '22 at 02:00

Matthew Gaston

13
3

1

vote

0 answers

Get Assembly without Labels

I am currently attempting to output assembly using the script below: for instr in currentProgram.getListing().getInstructions(True): print("\" " + str(instr) + "\\n\\t" + "\"") It produces output like below: " ADD RBX,0x1\n\t" " CMP…

ghidra

asked May 03 '22 at 17:02

togethersword8

13
3

1

vote

0 answers

How disassembler files with Ghidra in cmd

How disassembler for example .elf file in Ghidra with cmd. I am trying do this with ./analyzeHeadless -import /my/path/file But in arguments required a Ghidra project. I want to disassembler just file without creating project and etc. I want like…

reverse-engineering disassembly decompiling decompiler ghidra

asked Apr 13 '22 at 10:54

BasicUser

108
1
8

1

vote

1 answer

Ghidra headless analyzer

I am trying to decompile nodejs bytecode using ghidra, and there is this specific plugin which decompiles the the nodejs bytecode. How can I install that plugin using ghidra headless method? And another question I have is, after analysing the nodejs…

node.js reverse-engineering bytecode ghidra

asked Mar 22 '22 at 06:38

Pradumn

13
2

1

vote

1 answer

Question marks in ghidra DAT_*

I disassembled a jni .so file(the native part of an android application) and I decompiled one of its function in ghidra. I saw a DAT_* in a part of decompiled code and when I double clicked on that ghidra show me only question marks. What should I…

reverse-engineering ghidra

asked Nov 06 '21 at 19:41

mahdi bigdely

23
1
3

1

vote

2 answers

Can Ghidra re-compile and run a short function?

I've picked out a short and "self-contained" function from the Ghidra decompiler. Can Ghidra itself compile the function again so I can try to run it for a couple different values, or would I need to compile it myself with e.g. gcc? Attaching the…

c reverse-engineering ghidra

asked Oct 21 '21 at 23:39

Anna

2,645
5
25
34

1

vote

1 answer

Ghidra Indexing C quad word

There's this Ghidra decompiled C code. I understand that local_60 is a quad word, but I don't understand indexing it What does local_60._3_1_ refer to here? local_60 = 0x6c46575935676a5a; local_28 = 0x7945474e3563544f; printf("Enter access…

c ghidra

asked Aug 18 '21 at 09:12

Paku

455
1
4
15

1

vote

0 answers

Ghidra doesn't find the functions

Im pretty new at reverse engineering and I use Ghidra and IDA Pro. But I try to use Ghidra more because of the decompiler. But right now I really don't know what to do because Ghidra doesn't want me to show the functions when I open the exe-File in…

function reverse-engineering ida ghidra

asked Aug 09 '21 at 22:13

LeSunset

11
2

1

vote

0 answers

new instruction in ghidra while patching

I'm trying to patch a binary with ghidra. Though I'm able to replace an existing instruction with new one, I see no option to add new instructions to the same func. How can I do that? What am I missing?

assembly reverse-engineering patch ghidra

asked Jun 23 '21 at 11:12

user16276271

11
3

1

vote

1 answer

What is undefined function when I use Ghidra to dissemble a .so file?

I am now trying to dissemble a .so file and I found a strange part : And follow FUN_004d9f38 lead me to this : Can any one help me understanding what is so called undefined __cdecl FUN_004d9f38(void), specifically what is a undefinde function. As…

linux reverse-engineering dynamic-linking ghidra

asked Jun 11 '21 at 08:21

ratsafalig

442
5
21

1

vote

2 answers

what does this ghidra-generated pseudo c-code generate?

I'm playing around doing a few challenges of reverse engineering with ghidra. I have analyzed a bin file, which should contain some information about a password. When you run the file, you can give it some input, and it will check if it's the…

c reverse-engineering ghidra

asked May 08 '21 at 13:36

Garsty100

133
9

1

vote

0 answers

Need help understanding line of decompiled code from ghidra

I'm reversing a simple binary in Ghidra and have run across the following decompiled C-code: original_key._0_4_ = original_key._0_4_ & 0xffff0000 | (uint)CONCAT11(original_key[0],(char)(original_key._0_4_ >> 8)); and here is the associated…

c reverse-engineering ghidra

asked May 06 '21 at 20:01

GSKI

11
1

Questions tagged [ghidra]