Highest Voted 'ghidra' Questions

0

votes

2 answers

Why is this binary vulnerable to buffer overflow?

This is an extract of a binary that is buffer overflowed. I decompiled it with Ghidra. char local_7 [32]; long local_78; printf("Give it a try"); gets(local_7); if (local_78 != 0x4141414141414141) { if (local_78 ==…

asked Apr 30 '21 at 15:07

Julien

45
1
3
15

0

votes

1 answer

Ghidra disassembly: x86 MOV instruction with colon

I came across an unfamilar syntax when studying a dissassembly with Ghidra. One line contains MOV EAX,GS:[0x14] what does the colon syntax mean? I'm actually fairly new to all of this, both ASM and Ghidra analysis. I understand that this…

assembly x86 disassembly ghidra

asked Mar 10 '21 at 22:31

FreelanceConsultant

13,167
27
115
225

0

votes

1 answer

Compiling variables/data types into executable (Ghidra, C, C++, gcc)

I am currently reverse engineering a software sample in which the original author has pre-defined a series of unicode data types/variables into the .data portion of the sample upon compilation. Thus, since they seem to be compiled into the…

c++ c variables reverse-engineering ghidra

asked Feb 24 '21 at 18:03

Stryker2k2

108
9

0

votes

1 answer

Named pipe between Rust and Java Ghidra Process Access Rights

I'm trying to create a named Pipe between a Rust program that executes a Ghidra process and the Java Program that is running as part of the Ghidra process. I've currently trouble to get the correct access rights (permission…

java rust pipe access-rights ghidra

asked Feb 09 '21 at 10:13

Melvin

407
5
16

0

votes

2 answers

JDK for Ghidra give me Error: "Could not find or load main class LaunchSupport"

I downloaded JDK 15 for my windows 10 64 bit pc and put the environment variable JAVA-HOME correct and the PATH also. This give me in cmd: C:\Users\patpin>java -version java version "15.0.2" 2021-01-19 Java(TM) SE Runtime Environment…

java ghidra

asked Feb 07 '21 at 11:06

patpin

11
1
4

0

votes

1 answer

How to change the program path in Ghidra

I have a Ghidra project with an imported binary file, which was created on computer A, then I want to move this project to Computer B. However, the path of the binary file isn't the same as A. How do I change the path setting in…

ghidra

asked Jan 15 '21 at 09:25

qqaatw

3
3

0

votes

1 answer

How the stack is overwritten via deferencing MOV operation [Assembler x86]?

I am learning how to use Ghidra Tool and I have a question of how to interpret one function. This is the simplified version: Take this scenario: the location [RBP – 0x40], of the stack, has this value: 0xFFFF7710 (indeed this value is an address of…

assembly stack x86-64 mov ghidra

asked Jan 02 '21 at 16:29

Federico Jensen

3
1
2

0

votes

1 answer

Ghidra and MSP430 decompiler does not show any functions

I'm experimenting with Ghidra and decompiling code intended for the MSP430 FR4133 Launchpad. I'm not sure if it's supported but Ghidra appeared to support MSP430 devices. For a simple test, I'm using the example code at this link for the MSP…

msp430 ghidra

asked Dec 30 '20 at 11:09

sdbol

413
4
17

0

votes

0 answers

Clear several functions (with options)

Is it possible to select and clear several functions without resorting to scripting from the Functions window (i.e right click->clear with options)? Currently I can only do it one-by-one on the Listing window: I would like to wipe clearly…

ghidra

asked Dec 15 '20 at 22:17

brainstorm

720
7
24

0

votes

1 answer

Ghidra addresses do not align in with cheat engine (still need help)

I’m practicing a bit of reverse engineering right now, and I came across a problem. If I copy an address from Cheat Engine and then want to jump to the same place in Ghidra, I end up in a veerem place. For example, 0x00429D1F is sub [ebx+4],edi in…

reverse-engineering ghidra

asked Dec 12 '20 at 22:14

Hydrated Dragon

58
6

0

votes

1 answer

How do i export the binary code of a function in Ghidra (Ghidra script)

I want to write a ghidra script in python (jython) that exports to a .bin file the binary code of all the functions in the current program. I came up with this code but i am not sure how i should use the export() function in the BinaryExporter…

jython-2.7 ghidra

asked Dec 04 '20 at 17:59

tronux7

13
6

0

votes

1 answer

Why does thunk not demand as many parameters as function?

I'm dealing with the following thunk in Ghidra: Now when I double-click the thunked function, Ghidra takes me to the real function, and I can see that it expects 2 parameters ("param_1" and "param_2"). Why is it allowed to call it with a single…

ghidra

asked Nov 23 '20 at 23:43

MaikenRosk

47
4

0

votes

0 answers

Ghidra doing messy stuff at simple ADD instruction?

I can't figure out if ghidra is doing messy stuff @ the decompiler or I did enough reversing this day. Assembly: 00400b76 48 83 45 f8 01 ADD qword ptr [RBP + local_10],offset DAT_006020c1 where DAT_006020c1 is: …

assembly x86-64 reverse-engineering disassembly ghidra

asked Aug 02 '20 at 19:59

user5605056

0

votes

1 answer

ghidra errors when trying to open ELF file

I am very new to Ghidra, I have just installed it in order to try and decompile an ELF file. when trying to assign the file to the new Ghidra project, I get these error messages: Loading language 'x86:LE:64:default' - Uncaught Exception:…

x86-64 reverse-engineering decompiling ghidra

asked Jul 27 '20 at 21:55

rubberband

25
1
5

0

votes

1 answer

Two compiled binary files with exactly same assembly code behaves differently while cracking binary file ? Or may be i am missing something?

I have two exe files one is original file and another one is cracked exe file of software Vector magic and cracked file is vmbe.zip Both files have exactly same size. I am using ghidra to decompile those binary files Then i just export those files…

diff reverse-engineering patch cracking ghidra

asked Jun 18 '20 at 05:18

Navpreet Devpuri

503
4
19

Questions tagged [ghidra]