Highest Voted 'ghidra' Questions

15

votes

5 answers

gradle Could not target platform: 'Java SE 11' using tool chain: 'JDK 8 (1.8)'

I'm building ghidra according to the installation guide. Everything goes fine Until I get here. Once I call $ gradle buildGhidra I get the following error: > Could not target platform: 'Java SE 11' using tool chain: 'JDK 8 (1.8)' This seems weird…

java gradle ghidra

asked Oct 01 '20 at 10:29

OrenIshShalom

5,974
9
37
87

5

votes

0 answers

Ghidra using odd field names like "._0_4_" to represent non-default access size in C decompilation

I've been using Ghidra to decompile some .o library files originally compiled for ARMv7, for which I have header files for some of the functions and structs. Let's say a struct has several single-byte "char" members: struct myStruct { char…

c reverse-engineering decompiling ghidra

asked Apr 20 '20 at 08:30

beammy

161
4

5

votes

0 answers

How do I compare two EXE files, find differences and decompile those with Cutter or Radare2?

After struggling for days, I'd like to ask the community :) I have two exe files. Both at the same size and pretty big (around 80MB). The first exe is the original file, which has been compiled some time ago. I also have the corresponding PDB…

disassembly decompiler hexdump radare2 ghidra

asked Jan 27 '20 at 13:32

Knutwurst

53
2
8

4

votes

1 answer

What does CONCAT15 and CONCAT412 mean in ghidra?

I decompiled a file in ghidra and I sawed a lot of CONCAT+RandomNumber in decompiled file! what does they mean ?

ghidra

asked Oct 04 '21 at 04:07

Meendufski

61
1
7

3

votes

0 answers

How to create GUI components using Ghidra Python Scripting?

Is someone here with experience in developing Python script for Ghidra? It seems that there is not much information about python scripts, especially for GUI components. I would like to create some GUI parts using Python2/Jython from Ghidra that will…

python scripting jython ghidra

asked Jul 31 '23 at 16:16

joker

31
2

3

votes

1 answer

How do I switch Ghidra to showing canonical register names instead of aliases?

I am new to Ghidra SRE. How do I switch Ghidra's view mode to display canonical (real world) register names instead of such aliases as param_1 and param_2 ? Here is a screenshot of a CodeBrowser showing a listing of ASM commands which I talk about.…

assembly x86-64 cpu-registers disassembly ghidra

asked Apr 20 '23 at 13:41

user17471643

3

votes

0 answers

Pixel conversion in decompiled assembly from Ghidra

I'm reversing an assembly function that I believe is converting an array of pixels (RGB) or photosites (RGGB) into a final array with an original (I think) encoding made of 10bits or 12bits per pixel. My goal is to understand in terms of c/c++…

c image assembly reverse-engineering ghidra

asked Jan 17 '21 at 06:56

Soleil

6,404
5
41
61

3

votes

1 answer

ghidra full of thunk functions

I am trying to do a crackme in ghidra. I was already able to find the answer but I want to know how I would have done this "properly" as I used a debugger and looked at strings. In the image below you can see obviously there are a lot of thunk…

reverse-engineering ghidra

asked Aug 05 '20 at 19:05

LoopTurn

107
2
5

3

votes

0 answers

How can i setting Ghidra like ida pro?

I'm using Ghidra. I have something question. when i open binary IDA pro, The code was very good to analyze. This is IDA pro Decompile code printf("Tell me something about yourself: "); fgets(&s, 32, edata); std::string::operator=(&input, &s); …

c++ ida ghidra

asked May 07 '20 at 15:37

user11278217

89
9

3

votes

1 answer

Calling function from dll with pointer not working

I made a test program and made a function that just prints some text, and I am trying to call it from a DLL by reversing it using IDA/Ghidra and getting a pointer to it. What it looks like in Ghidra I thought IDA was giving the wrong address so I…

c++ pointers ida reversing ghidra

asked Apr 19 '20 at 14:17

imnotdax

67
5

2

votes

1 answer

How to solve the Unsupported class file major version 63 error when using Eclipse to build the ghidra plug-in?

How to solve the Unsupported class file major version 63 error when using Eclipse to build the ghidra plug-in? version： Eclipse：4.19.0; Gradle：6.8.1; Java SDK：16.0.1; Ghidra：9.2.2; report error： FAILURE: Build failed with an exception. *…

eclipse gradle ghidra

asked Dec 13 '22 at 03:57

Stay

21
1
2

2

votes

1 answer

Ghidra: Automagically set Bytes to Unicode / CString

I have a Ghidra question for you. I am disecting an executable binary and I am noticing a TON of data types that are clearly Unicode in the "Listing" Pane but are showing up as unknown Bytes. I am aware that I can click on the first address and then…

assembly unicode reverse-engineering binaryfiles ghidra

asked Jul 11 '22 at 01:37

Stryker2k2

108
9

2

votes

1 answer

Ghidra decompile windows is greyed backgound

For some methods, Ghidra's decompiler background window is greyed out and I can't rename the function nor the local variables. Why? It works fine for methods with a "white background". Example: Matching code 004d49dd cc ?? …

ghidra

asked Feb 13 '22 at 17:21

Lou

277
1
5
15

2

votes

0 answers

Reverse engineering a ELF binary containing LUA bytecode

I have to reverse engineer a ELF binary file that also contains LUA bytecode, what would be the best approach for extracting the LUA bytecode to decompile it with luadec or similar tools ? Currently I loaded the binary in Ghidra, mostly understood…

lua reverse-engineering ghidra

asked Feb 02 '22 at 13:15

Ppop

21
1

2

votes

1 answer

Decompiler not working in Ghidra Disassembler

I'm kind of new to Ghidra Disassembler so kindly bear with me . I was trying to install Ghidra to analyse an executable. After opening the executable in Ghidra it loads everything fine except Decompiler. Decompiler window displays Decompiler:…

reverse-engineering ghidra

asked Jan 09 '22 at 10:53

Jaffer Sheriff

1,444
13
33

Questions tagged [ghidra]