Reversing Looping Control Structures - Ghidra Reversing Tutorials
Vložit
- čas přidán 21. 05. 2020
- In this video, part of the Ghidra Reversing Tutorials series, we'll take a look at several basic looping structures in a C program, compile from source and reverse them using Ghidra. Our goals will be to analyze the resulting program flow using both the listing view (disassembly) and the decompiler, identify key logic and discuss the underlying assembly instructions. Understanding basic control structures is one of the first steps in developing key reverse engineering skills.
Cybersecurity, reverse engineering, malware analysis and ethical hacking content!
🎓 Courses on Pluralsight 👉🏻 www.pluralsight.com/authors/j...
🌶️ CZcams 👉🏻 Like, Comment & Subscribe!
🙏🏻 Support my work 👉🏻 / joshstroschein
🌎 Follow me 👉🏻 / jstrosch , / joshstroschein
⚙️ Tinker with me on Github 👉🏻 github.com/jstrosch
Part 1 - Reversing Looping Control Structures - Ghidra Reversing Tutorials • Reversing Looping Cont...
Part 2 - Reversing Array Data Structures - Ghidra Reversing Tutorials • Reversing Array Data S...
Part 3 - Reversing Structures - Ghidra Reversing Tutorials • Reversing Structures -...
Part 4 - Understanding Calling Conventions - Ghidra Reversing Tutorials • Understanding Calling ...
Part 5 - Getting Started Reversing C++ Objects with Ghidra - Ghidra Reversing Tutorials • Getting Started Revers...
Part 6 - Inheritance and Polymorphism in C++ - Ghidra Reversing Tutorials • Inheritance and Polymo...
The source code for the sample program can be found on my Github:
github.com/jstrosch/learning-... - Věda a technologie
![Reverse engineering player structures in a game [Game Hacking 101]](http://i.ytimg.com/vi/rTBRRpc9OUk/mqdefault.jpg)
Really nice series! Ty Josh :)
Thanks 🙏
I have a question. I'd appreciate it if anybody answered me. In Ghidra, most of the code is written in Java, except the decompiler, which is written in C++. The question is that how the C++ decompiler is connected with the Java backend?
At 5:23 you show a loop arrow, but my m1 mac Ghidra doesnt seem to show these control arrows. Does anyone know if its just a setting not enabled by default on mac or is this feature just not implemented on mac.
Great video.
I wondered why main always comes with 3 pushes?
I dont know where to read about this
I can't remember where I cam across this information, likely a blog post or talk somewhere. It's just stuck with me and I try to share with everyone new to reversing. I imagine it's documented somewhere, but I haven't sought out where. A very quick search brings up blogs like this www.bigmessowires.com/2015/10/02/what-happens-before-main/ that appear to be quite helpful in understanding this process. of course, you don't know what you don't know and it's things like this that can make getting into RE a little challenging :)
Thank you
You're very welcome!
Why Ghidra cannot identify "printf" function? Is there any option to make Ghidra interpret the C functions?
Hi, how can I change in ghidra in decompiler while to for or vice versa?
I'm not sure off-hand if there is an easy way to do that... usually recognizing that there is a looping structure is enough. I'll poke around the docs some and see if I can't find an answer - however, I suspect there isn't an easy solution since I haven't come across by now :)
@@jstrosch thanks anyway
Hi dr Josh, i am using ghidra for 3 days, and i wanted to ask , why it calls some things like &(bitwise AND)DAT_(random numbers)
It's not a bitwise AND when applied to a single variable. It is the reference to the address of said variable, I recommend you look up how pointers work in C