| ... | ... | @@ -57,7 +57,69 @@ Below the Symbol Tree is the Data Type Manager Window, which is useful for ident | 
|  |  |  | 
|  |  | In the center, the Listing window shows the disassembled binary. | 
|  |  | For interpretability, Ghidra adds a great deal of color coding and annotative comments to the assembly display. | 
|  |  | To the right of the Listing window is the Decompile window which shows Ghidra's best guess of the source code used to produce the corresponding assembly. | 
|  |  | Clicking on a function in the Symbol Tree window or within a function in the Listing window will load the relevant decompiled source code in the Decompile window. | 
|  |  | To the right of the Listing window is the Decompiler window which shows Ghidra's best guess of the source code used to produce the corresponding assembly. | 
|  |  | Clicking on a function in the Symbol Tree window or within a function in the Listing window will load the relevant decompiled source code in the Decompiler window. | 
|  |  | Clicking on code in the Decompiler window will highlight the associated assembly instructions; this can be used to inspect how well the decompiler translated the assembly to source code. | 
|  |  |  | 
|  |  | We can use the functions list in the Symbol Tree window to locate the main function of the executable. | 
|  |  | Clicking on the name of the function brings us to the relevant portion of the assembly and loads the decompiled C code. | 
|  |  |  | 
|  |  |  | 
|  |  |  | 
|  |  | We can see that the decompiler has some mistakes that we can work to correct to improve readability. | 
|  |  | Right-clicking in the Decompiler window gives the option `Edit Function Signature` which presents the following dialogue: | 
|  |  |  | 
|  |  |  | 
|  |  |  | 
|  |  | We can provide the correct function signature for main, then click `OK`: | 
|  |  |  | 
|  |  |  | 
|  |  |  | 
|  |  | The code in the Decompiler window is updated and references to `argc` and `argv` are corrected throughout. | 
|  |  | We can also rename variables and fix their type to make the code more understandable. | 
|  |  | Middle-clicking with the mouse on a variable highlights its use throughout the code: | 
|  |  |  | 
|  |  |  | 
|  |  |  | 
|  |  | Pressing `l` allows us to change the variable name, and pressing `Ctrl+l` lets us change the variable type. | 
|  |  | We can see that `iVar1` is used as a return value, so let's rename it `retvar`. | 
|  |  | This actually splits the uses of `iVar1` into two variables, one of which is used as the return value of a `strcmp` call. | 
|  |  | We'll rename that to `cmpvar`. | 
|  |  | We'll also change the type and name of `size_t __n` to `int password_length` to match its use. | 
|  |  |  | 
|  |  |  | 
|  |  |  | 
|  |  | Once we've identified the intended behavior of a section of code, we can make a comment to save ourselves from repeated work. | 
|  |  | Right-click and select `Comments > Set ...` to open the comment dialogue. | 
|  |  | Types of comments possible include end-of-line, pre, post, plate, and repeatable. | 
|  |  |  | 
|  |  |  | 
|  |  |  | 
|  |  | Depending on the type, an entered comment will show up in the assembly listing, decompiled source, or both. | 
|  |  |  | 
|  |  |  | 
|  |  |  | 
|  |  | Double-clicking the name of any function will show the code of the selected function. | 
|  |  | Here we'll double-click `strlen` to show the placeholder assembly code used for the external function. | 
|  |  |  | 
|  |  |  | 
|  |  |  | 
|  |  | There are numerous views that can be used to further analyze a binary. | 
|  |  | `Window > Function Call Graph` shows the calling relationship between functions as a graph. | 
|  |  |  | 
|  |  |  | 
|  |  |  | 
|  |  | `Window > Function Graph` shows how execution can be traced through the assembly by function calls or jump instructions. | 
|  |  |  | 
|  |  |  | 
|  |  |  | 
|  |  | `Window > Defined Strings` shows a list of extracted strings and clicking on a string takes you to the relevant portion of the assembly code. | 
|  |  |  | 
|  |  |  | 
|  |  |  | 
|  |  |  | 
|  |  |  | 
|  |  |  | 
|  |  |  | 
|  |  |  | 
|  |  | ### Under construction | 
|  |  | \ No newline at end of file |