Highest Voted 'ghidra' Questions

0

votes

1 answer

Getting Imports/Exports from an PE using a Ghidra Script

I'm using ghidra to Reverse Engineer an EXE file. I want to extract the imports and exports from the symbol tree. I've Written this script but it doesn't return anything. sm = currentProgram.getSymbolTable() symb =…

reverse-engineering ghidra

asked Jun 15 '20 at 13:09

Sajjad Zulphekari

23
5

0

votes

1 answer

Java: ArrayList.clear removes elements from ArrayList passed to Map

This is my first time writing Java code in years and I'm working on a Ghidra script that Maps system call symbols to their calling functions. private HashMap symbolRefs = new HashMap(); private…

java arraylist ghidra

asked Jun 08 '20 at 15:34

Melvin

407
5
16

0

votes

1 answer

I need help figuring out what this C code does

I've got this snippet of C code from Ghidra, and I can't quite figure out what it's doing. I suspect some kind of root, maybe? The two args passed in are a sum of squares (sometimes 2 sometimes 3 terms), and an extra value such as 0x18, 0x10 or, 0…

c function reverse-engineering ghidra

asked May 18 '20 at 03:21

schwooples

23
5

0

votes

0 answers

Where does fread get's stored in the stack?

I have a small doubt, i'm doing a ctf that provides me only the ELF file. I have been able, using Ghidra to decompile it, but here is the problem: at a certain point i read: fread(flag,0x400,1,__stream); (before there was : __stream =…

c fread decompiling ctf ghidra

asked May 09 '20 at 11:19

Jrghen

11
2

0

votes

1 answer

Disassembly of bin-file with Ghridra

Im having an issue. I have a bin file that i want to disassemble. The processor is a Intel Atom® x5-Z8350. Im using Ghidra but im not sure what language I should choose when disassembling this. Any experts that could get me a bit further in…

reverse-engineering disassembly bin ghidra

asked Mar 02 '20 at 01:06

Oliver_Nymann

11

0

votes

0 answers

Add an instruction to a compiled x86 exe

We use an application at work whose maintence has long since been abandoned but we still need to maintain. In this case that means reverse engineering the program. I have used ghidra to decompile the program and have found the line of code I want to…

assembly x86 reverse-engineering ghidra

asked Feb 19 '20 at 16:22

richbai90

4,994
4
50
85

0

votes

1 answer

Why are Strings with meaning but no usage in decompiled EXE?

I'm RE an executable file of a game with Ghidra, and I searched for strings. I found a lot of strings in the .rdata section, which have a readable meaning, but if I look for "references to this address", there are no results. Why are they included…

reverse-engineering decompiling ghidra

asked Sep 25 '19 at 18:49

admin'--

13
5

0

votes

0 answers

Why is Ghidra appending a memory address to a string that is displayed instead of a variable?

This is my first time using Ghidra and debugging. My project deals with reverse engineering a Dos executable from 2007, to understand how it generates a code. I looked for the strings I can read when launching the program through wine (debugging…

c reverse-engineering ghidra

asked Jul 18 '19 at 13:38

HelloWorld

2,275
18
29

-1

votes

1 answer

Explaining Ghidra pointer (ELI don't know about C/C++)

Given param_1 is the input file bytes, can someone explains what does uVar4 = *(uint *)(param_1 + 3) do? Is it casting param_1 to uint then uVar4 = param_1[3]? Also any clarification about pointer is also good bc my experience with C/Cpp is close to…

c++ c ghidra

asked Aug 07 '20 at 12:24

Minh Nguyen

17
1

-2

votes

1 answer

Whats up with this non virtual function after it gets decompiled?

So I decided to try my hand at Ghidra decompiling / disassembling a simple c++ class with a virtual function and a non virtual function. However; the decompilation confused me a bit. Below, is both my source and my decompilation. What I do not…

c++ windows reverse-engineering ghidra

asked Mar 06 '21 at 01:50

efel

1,054
3
14
29

Questions tagged [ghidra]