Reverse Engineering Stack Exchange
Reverse Engineering Stack Exchange

Questions tagged [ghidra]

Use this tag when asking questions related specifically to the NSA's Ghidra reverse engineering tool.

Ghidra is a reverse engineering tool created by NSA's Research Directorate and made available to the public in March 2019. One reason for the public release is assumed to be to harness community efforts and resources into the advancement of Ghidra, as it has been open sourced, documented through a wiki and users are encouraged to report issues and contribute. It provides a disassembler and a decompiler among other reverse engineering capabilities, integrated into a single tool.

Related Links

406 questions
10
votes
0 answers

Ghidra loading Linux kernel function signatures

TLTR I want to load Linux kernel headers vs. 4.19 to Ghidra so that it recognizes kernel structures and function signatures. Full description I'm trying to reverse engineer a Linux kernel module (kernel version 4.19). Ghidra does recognize correctly…
Rob D
  • 123
  • 1
  • 7
9
votes
4 answers

Use ghidra decompiler with command line

Is there a way to run ghidra from command line ? GUI interface is very heavy. What i want is just to get functions list and decompile them in c. Thanks
Bob5421
  • 797
  • 1
  • 9
  • 20
9
votes
1 answer

Ghidra define c++ string

So I want to define a c++ string in ghidra struct. I noticed while reverse engineering a C++ binary, I found that, it defines a basic_string class in the symbol tree. Now I want to define a std::string (not a pointer to it) within a struct. Is…
theKidOfArcrania
  • 191
  • 1
  • 4
8
votes
1 answer

Ghidra rename variable below current line

I have been starting to use Ghidra and I find the decompiler view very useful. However, when I rename a variable, the name propagates through all uses of that register or stack pointer throughout the function. In most cases this is good, however…
genghiskhan
  • 378
  • 2
  • 10
7
votes
1 answer

Is there documentation on the Ghidra 9.1 SleighDevTools?

I am working on adding a processor to Ghidra (I have no idea what I'm doing, just working my way through based off the documentation). I've seen SleighDevTools mentioned in the 9.1 release as being "support of processor module development", which…
Heiko
  • 73
  • 3
7
votes
1 answer

Is it possible to load multiple files into a single Ghidra memory map?

1980s arcade video games generally had multiple ROM chips. I suppose these often mapped into a single address space and often may have been bank switched in and out of sections of a single address space, and often a mix of the two. Conceptually…
hippietrail
  • 515
  • 4
  • 17
7
votes
1 answer

Ghidra does not display whole strings

It's pretty annoying. I think I might have changed some setting somewhere. Here's a screenshot of what I'm talking about. See all those "..." ? How do I turn that off?
user29223
  • 83
  • 1
  • 3
6
votes
2 answers

Can I import a C struct into Ghidra?

Either by pasting from a text file or typing it out into a dialog box, which is still much faster than using Ghidra's Structure editor.
hippietrail
  • 515
  • 4
  • 17
6
votes
1 answer

ghidra: how to run a python 3 script with headless analyzer

I read the documentation of headleass analyzer. It is used to perform analysis on existing binaries. I know that -postscript flag allows to enter the analysis script. I have a java script which works fine. But, I want to use python 3 for the…
R4444
  • 1,807
  • 10
  • 30
6
votes
1 answer

Can Ghidra show a function footer in the Listing window

In both IDA and Ghidra have a very nice beginning of function marker text Ghidra: ************************************************************** * FUNCTION *…
Simeon Pilgrim
  • 942
  • 6
  • 15
5
votes
2 answers

How to add a new CompilerSpec from a .cspec file to Ghidra?

Ghidra uses .cspec files like x86win.cspec to define compiler related information, which are imported in the .ldef files like x86.ldef that define a processor language. How can I add a new CompilerSpec via a .cspec file to Ghidra without editing the…
Florian Magin
  • 1,444
  • 6
  • 22
5
votes
1 answer

Ghidra what's the meaning of _0_4_

What does _0_4_ mean in ghidra?
bon
  • 53
  • 1
  • 3
5
votes
2 answers

Renaming shadowed variables in Ghidra

I'm working on a function in the Ghidra decompiler with a bunch of variables that are re-used across different scopes. I don't see any way to rename this variable on a per-line basis. Is it possible?
Griffin Byatt
  • 51
  • 1
  • 2
4
votes
0 answers

How can I progress reverse engineering this Novatek NT96650 firmware

I'm trying to RE a Novatek NT96650 based trail cam. This device is circa 2012, and has a MIPS32 24Kec core. I have copies of the firmware, I have extracted the contents of flash, and have a pretty good assembly language listing of it from…
Observer42
  • 41
  • 1
4
votes
1 answer

Reversing Tenda N300 Router Firmware with Ghidra

Hey I got interested in SRE so I picked up Binwalk and Ghidra though I have some issues. I was reversing a simple bin for Tenda router I did some information gathering: Tenda Router & bin file Info Processor & Part No => OCA9535 0VV MIPS32 24kc…
K3K
  • 61
  • 3
1
2 3 4 5 6