Highest Voted 'ghidra' Questions

1

vote

0 answers

Need Ghidra to Auto Analyze common Microsoft C Functions

Fellow Reverse Engineerers, I've been using Ghidra for quite some time now and I began realizing that there are certain functions, like rand and wcscpy, that Ghidra just will not auto analyze and will not auto populate (see attached picture). How…

asked Apr 22 '21 at 15:09

Stryker2k2

108
9

1

vote

1 answer

How to add an Enum with python into a Ghidra project

Saw someone using ghidra.app.util.cparser.C to parse a string of a struct into a struct object and than they added it into Ghidra using data_type_manager.addDataType(). I want to implement that method with Enumerates but I'm not sure how. If there…

python ghidra

asked Mar 17 '21 at 07:24

Rex

53
7

1

vote

1 answer

Assembly PUSH instruction with an OFFSET tag

I've written a simple 'Hello World' program in assembly: global _main extern _printf section .text _main: push offset message call _printf add esp, 4 ret section .data message db 'Hello, World2', 10, 0 I've opened the…

windows assembly x86 ghidra

asked Feb 08 '21 at 16:42

Daros911

435
5
14

1

vote

0 answers

Windows Sandbox dependency

I am trying to run Ghidra(malware analysis software) inside Windows Sandbox. I brought Ghidra over to the Sandbox environment by creating a shared directory between the Sandbox and the host using .wsb file. When I try to run Ghidra inside the…

dependencies sandbox ghidra windows-sandbox

asked Jan 10 '21 at 03:46

luke.lcim

91
1
7

1

vote

0 answers

Why ghidra skip some some address

I have an so. Load in ghidra and set the base address to 0. I found that some address has skipped like this: And the so is: https://www.dropbox.com/s/wmea0pcirzopoll/libxxx.so?dl=0

ghidra

asked Jan 07 '21 at 09:40

user3875388

541
1
6
19

1

vote

0 answers

Offset Calculation is incorrect based on VirutalAddress Property in PE Section Header

I have created a simple .exe file with flat assembler which is actually doing nothing but just having one instruction format pe64 use64 section '.text' code executable readable mov eax, 20 After created i opened the executable in Ghidra which…

assembly reverse-engineering offset ghidra

asked Jan 03 '21 at 02:54

user7145038

1

vote

1 answer

Meaning of Stack[0x4]:1

So I have encounter something strange that I don't understand. I am reading theory about assembly, and I would like to know what does this Stack[0x4]:1 do. undefined AL:1 XREF[2]: …

assembly ghidra

asked Jul 11 '20 at 20:11

aurora

60
1
10

1

vote

2 answers

Ghidra : unable to find PDB and Couldn't find type info structure

I downloaded Ghidra about a week ago(I am new to reverse engineering), I did what the tutorial video from Ghidra official site was showing, I made a simple C++ program to Visual Studio, the program has an infinity while(while(1)) that prints "Hello…

pdb ghidra

asked May 12 '20 at 17:23

platinoob_

151
1
11

1

vote

0 answers

Visual C++ 6.0 WholeArchive

I'm reverse engineering an old computer program compiled using Microsoft Visual C++ 6.0. I'd like to let Ghidra recognize all the functions from the CRT library which is statically linked. I've tried compiling a simple program that uses fopen and…

c++ visual-c++ visual-c++-6 ghidra

asked May 01 '20 at 18:01

Ahoj Lidi

11
1

1

vote

1 answer

What is the addr instruction after the reverse

I use ghidra armv7 reverse firmware. Analyzing to address 0x0002843a looks like r0 loads the data of address 0x0002881c but address 0x0002881c addr looks like an instruction. I read the ARM®v7-M ArchitectureReference Manual and do not see the addr…

arm reverse instructions ghidra

asked Mar 16 '20 at 16:11

henry80602

11
1

1

vote

1 answer

Get informations from decompiled ASM

I am willing to modify camera coordinate on a little 3D game. I have been able to find three functions, one for each axes. Let's call them CameraX, CameraY and CameraZ. I have been working only with the first one, when I found out that I was missing…

assembly reverse-engineering calling-convention ghidra

asked Mar 13 '20 at 13:37

Nox

713
7
16

1

vote

1 answer

ghidra: how to get static variables using ghidra python api?

I have a following c code (from a benchmark): int main(int argc, char *argv[]) { static char buf[10] = ""; /* OK */ buf[9] = 'A'; return 0; } I am using ghidra api to get some information out of the binary (precompiled using flag…

x86-64 reverse-engineering ghidra

asked Aug 01 '19 at 00:23

R4444

2,016
2
19
30

1

vote

0 answers

How to set HeadlessContinuationOption in Ghidra Python preScript

I'm running a Ghidra python script in headless mode from the commandline specifying my script as a preScript. e.g. ./analyzeHeadless project_path project_name -preScript pre.py -import my_exec_file I would like so set the HeadlessContinuationOption…

python reverse-engineering jython-2.7 ghidra

asked Jul 10 '19 at 06:11

Eran

2,324
3
22
27

0

votes

0 answers

Ghidra Python script to print codeunits with symbols

I'm using Ghidra to disassemble and study a 68000 binary. I want to write a Python script to get a pretty print version of the disassembly (Save as menu won't be sufficient here). I thought about simply iterating through codeunits, printing labels…

python ghidra

asked Aug 27 '23 at 10:04

T. Tournesol

310
2
14

0

votes

0 answers

How to change the namespace of a function label from something other than Global?

When I hit "L" at an address at the start of a function I can enter a name in field "Enter Name:" There's also a "Namespace" dropdown, but the only value in this dropdown is "Global" and there seems to be no way to enter a new namespace name. How…

ghidra

asked Jul 19 '23 at 02:35

Dae Glyth

29
4

Questions tagged [ghidra]