Highest Voted 'ghidra' Questions

0

votes

1 answer

Finding and patching an instruction in a DLL

I have a (C++) program where, in one of its dll's, the following is done: if (m_Map.GetMaxValue() >= MAX_CLASSES) { I have two binaries of this program (compiled with various versions of Visual Studio), one where MAX_CLASSES was #define'd to 50,…

asked Aug 10 '22 at 14:35

Roel

19,338
6
61
90

0

votes

1 answer

Is it possible to execute part of the decompiled code?

I am currently trying to solve a reversing challenge, where c code is compiled for a 32bit linux system. To solve this challenge I am trying to make use of ghidra but am faced with a few issues. A bit of a summary what I have done up to this…

reverse-engineering ghidra

asked Jun 15 '22 at 18:54

Barry

337
1
2
15

0

votes

1 answer

Trying to run a buffer-overflow with Python/pwntools

I work on a online program in which I should do a buffer Overflow. When I run the program, I have to complete a sum of two numbers generated randomly) : >>> 451389913 + 1587598959 = If I put the right result, I get a "That's okay". Otherwise the…

python reverse-engineering buffer-overflow ghidra pwntools

asked May 05 '22 at 17:59

Julien

699
3
14
30

0

votes

1 answer

"No Java runtime present, requesting install" for Ghidra Installation

Trying to run Ghidra, which require me to download Java runtime and development kit (JDK) and put it on the path. I extracted the JDK and got the bin. However, I'm not really sure how to do the following steps: Open ~/.bashrc with an editor of…

java security ghidra

asked Apr 06 '22 at 05:41

Naomi Wang

1
1

0

votes

1 answer

Are Mach-O Lazy Symbol Pointer addresses masked?

I am looking through a PowerPC Mach-O executable in different programs, and I noticed something strange. For symbols that are to stubbed functions, XMachOViewer and any normal hex viewing of the file reports the address differently than Ghidra…

macos reverse-engineering powerpc mach-o ghidra

asked Mar 09 '22 at 17:42

ChrisNonyminus

55
1
3

0

votes

1 answer

How to understand memory reference in assembly using ghidra

When analyzing the assembly listing in Ghidra, the following instructions are not clear to me: MOV ECX,dword ptr [R13 + 8192] LEA RDX,[R13 + RSI*0x1 + 8196] In the MOV, I assume that the register ECX will get the value pointed to the register…

c 64-bit reverse-engineering ghidra

asked Feb 10 '22 at 07:33

Giacota

11
1

0

votes

1 answer

how to make Ghidra use a function's complete/original stackframe for decompiled code

I have a case where some function allocates/uses a 404 bytes temporary structure on the stack for its internal calculations (the function is self-contained and shuffles data around within that data structure). Conceptually the respective structure…

reverse-engineering ghidra

asked Jan 13 '22 at 13:07

wothke

130
1
8

0

votes

1 answer

ARM Change string to different length? Ghidra, Ida Pro

I'm trying to translate compiled script to native language. I'm using ida pro and ghidra, but I've stuck on problem. I can change string values to any, if string length is same. But if string length is bigger or smaller, I have problems. I'm newbie…

arm reverse-engineering ida ghidra

asked Nov 14 '21 at 21:51

Dewagg

1

0

votes

1 answer

can we concate (byte *) to (int) in c++?

I decompiled a .so file in ghidra and I found a line of code : puVar24 = (ulong *)(pbVar12 + 0x10); pbVar12 type : byte * 0x10 type : int so if we can concate byte* with int how in python ?

python c++ reverse-engineering ghidra

asked Oct 04 '21 at 03:03

Meendufski

61
1
7

0

votes

2 answers

print to the Ghidra console from a Ghidra java plugin

In ghidra script you can just println("to the console"); However I need to print to the ghidra console from a ghidra plugin (a real jar plugin, not a script). I found that I can get an instance of ConsoleService via: ConsoleService consoleService =…

plugins ghidra

asked Sep 22 '21 at 20:57

Ilya Kharlamov

3,698
1
31
33

0

votes

1 answer

Finding AES Key in binary using Ghidra and FindCrypt

I would like to learn more about RE. I wrote a simple program on a STM32F107 which does nothing else than encrypting and decrypting a text once using AES128-ECB. Here is the C code (I intentionally left out the key so far): struct AES_ctx…

encryption aes reverse-engineering ghidra

asked Sep 20 '21 at 18:06

guenthernagel

73
1
3
14

0

votes

1 answer

Finding all uses of a local variable (ghidra script)

Is there a way to get all the PcodeOps within a given function for a given local variable? So far I can find the HighSymbol given the function and the name, but I want to then grab all the uses of that variable? DecompileResults res =…

ghidra

asked Jun 29 '21 at 02:59

kew

1
1

0

votes

1 answer

What does this C syntax do: iVar = (*DAT)(param_2,PTR_s);

i am quite new to reverse engineering and using Ghidra. Recently i have decompiled some arduino code. When i was looking at the decompiled code i noticed the following line. iVar = (*DAT)(param_2,PTR_s); I have cut of some parts of the variables.…

c decompiling ghidra

asked Jun 04 '21 at 19:46

Hakan

21
4

0

votes

0 answers

Local variable addressing in Ghidra

I've been trying to solve a crackme challenge by examining it's decompiled version by Ghidra. So I figured the code where the strcmp is done as shown in the figure below. Now I need to to patch the program to make it print the password if strcmp…

assembly reverse-engineering ghidra

asked May 20 '21 at 15:42

Nimrod

375
1
12

0

votes

1 answer

how to call a func with parameters from an executable using gdb

I need help running a program in an executable using GDB. I have an executable file name vuln. I do not know the source code as I am doing a CTF. When I analyzed the executable, I found three exciting functions: main, vuln, and flag. Vuln func is…

gdb executable buffer-overflow ghidra

asked May 10 '21 at 01:18

Jenny Patel

39
1
6

Questions tagged [ghidra]