All Questions
14
questions
1
vote
0
answers
41
views
Is there a way to sync symbol labels in Ghidra Disassembler with its Decompiler?
I swear that in IDA Pro, when I renamed a stack var in the disassembler, that name would port over to the decompiled view, but this doesn't seem to occur in Ghidra. In fact, in Ghidra, when I try to ...
- 1,880
2
votes
0
answers
111
views
Merge HEX file into existing ELF file in ghidra
I have an Infineon Tricore ELF file. I have a HEX file that has been patched with minor changes and new code appended (e.g. the hex from the ELF was exported and then had changes made to it manually ...
- 263
0
votes
0
answers
734
views
Basic buffer-overflow on a remote program with Python/pwntools
I work on a online program in which I should do a buffer Overflow.
When I run the program, I have to complete a sum of two numbers generated randomly) :
>>> 451389913 + 1587598959 =
If I put ...
- 101
2
votes
0
answers
185
views
How do relocations work for imported functions in SH4 ELF?
I build very simple hello world code with sh4 gcc compiler as shared library:
#include <stdio.h>
void hello()
{
printf("Hello world!\n");
}
But when I load .so file into the ...
- 1,850
5
votes
2
answers
8k
views
How to decompile external functions of *.so library in ELF with Ghidra?
There are some *.so libraries in my ELF file.
I can see the *.so names in "Imports" directory of "Symbol Tree" Window in Ghidra tool.
I think there are some external functions in ...
- 119
2
votes
1
answer
2k
views
How can I find an external function code correctly in Ghidra and Radare2?
This is a code to call an external function(get_random_name) in the main function
push {fp, lr}
add fp, sp, 4
sub sp, sp, 0x1d8
str r0, [fp, -0x1d8]
str r1, [fp, -0x1dc]
sub r3, fp, 0x44
...
- 119
2
votes
0
answers
672
views
Tool/parser for symbol tables produced with objdump -t to be used with IDA / Ghidra?
Working with a binary (arm64) file that seems to be some sort of a broken ELF file. The header data is missing and for some reason it contains a symbol table in a format that to me seem to be equal to ...
- 121
0
votes
1
answer
219
views
How do i identify parameters function of md5sum of specific binary?
So, i downloaded the binary. Here are some details before moving forward:
revbinary: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2,...
- 103
1
vote
1
answer
5k
views
How to open new window of decompiler or resize the decompiler of Ghidra?
This is very small and inconvenient to read. How do i open new Window (any shortcut key) or resize it, for some reason i cant resize.
Any help?
EDIT: Oh thanks Shane Riley, i clicked the blue button ...
- 113
0
votes
1
answer
220
views
"check:" keyword in Ghidra
I have disassembled the crackme0x06 challenge (http://security.cs.rpi.edu/courses/binexp-spring2015 inside challenges.zip). It's an ELF 32bit unstripped binary. The decompiled C code using Ghidra ...
- 3
3
votes
1
answer
3k
views
Ghidra python - get program base address
What is the way to get the program base address in Ghidra?
- 1,858
0
votes
1
answer
302
views
Conditional to check bytes against user input [ELF 32-bit]
I'm trying to understand the following snippet code from a CTF binary. It is part of an ELF 32-bit and I decompiled it with Ghidra.
undefined4 check_serial(char *code)
{
size_t sVar1;
undefined4 ...
- 1
0
votes
1
answer
237
views
How to determine when/where pointers in .ctors get mapped?
So I am learning about ELF, and am looking through a binary in Ghidra as I do. I've made sense of the ELF header, and now I am looking through the program header table.
My binary has a bunch of ...
- 129
7
votes
1
answer
12k
views
How to export a working elf binary from Ghidra?
When patching a program and then using the export binary function, it turns the elf headers are corrupt.
Is there any way to work around this problem?
- 71