... | ... | @@ -27,30 +27,27 @@ Once done, click `Finish`. |
|
|
Now that you have a project, you'll need one or more binary files to analyze.
|
|
|
Binaries can be added to a project by selecting `File > Import File...` for a single file, or `File > Batch Import` for multiple files.
|
|
|
Alternatively, binaries can be dragged and dropped into the project window to add them.
|
|
|
In this example, I'll add Window's notepad.exe (located at C:\Windows\system32\notepad.exe) for analysis.
|
|
|
In this example, we'll look at binary compiled from the C program available [here](https://raw.githubusercontent.com/NoraCodes/crackmes/master/crackme01.c).
|
|
|
A dialogue box will present you with the format and language Ghidra has identified from the binary; if you know these ahead of time, you will want to verify that Ghidra has made the correct selections.
|
|
|
|
|
|
![import-notepad](uploads/e9bda8005167c47bb30d2ef312a2fba2/import-notepad.png)
|
|
|
![import-binary](uploads/b910fca62cf817456bd6dd0408c0bd47/import-binary.png)
|
|
|
|
|
|
Click `OK` once finished and Ghidra will begin the import process (this can take some time for large binaries).
|
|
|
When finished, Ghidra will present a summary of the import results; odd results might indicate an improper selection of binary format or language.
|
|
|
|
|
|
![import-summary](uploads/1c724f9c9711efba5d70480d41da6330/import-summary.png)
|
|
|
![import-summary](uploads/63d53a251aa17b879b9effccafca3686/import-summary.png)
|
|
|
|
|
|
Click `OK` to continue, then double click on the binary in the project window.
|
|
|
The first time you open a binary, Ghidra will ask if you want it analyzed; click `Yes`.
|
|
|
|
|
|
![analyze](uploads/61762e110b57110631b08ee5375c8899/analyze.png)
|
|
|
|
|
|
You'll be presented with a list of optional analyzers, including some experimental prototype options.
|
|
|
For now, you can just leave it as the default set of analyzers and click `Analyze`.
|
|
|
|
|
|
![analyzers](uploads/2c1b7de53f8501838a11abe801331532/analyzers.png)
|
|
|
![analysis-options](uploads/066bdb4d69dafd41c599e57b8118e6a9/analysis-options.png)
|
|
|
|
|
|
Ghidra will then run the selected analyzers, which can take a while for large binaries; progress is shown in the bottom right.
|
|
|
Once completed, you'll see the Code Browser window, the main interface for Ghidra.
|
|
|
|
|
|
![code-browser](uploads/cdc2f8db983aca8aa38c8a7012a0154a/code-browser.png)
|
|
|
![code-browser](uploads/3483bdb0da5fc8249da0450e900103d9/code-browser.png)
|
|
|
|
|
|
On the left at the top is the Program Trees window, which shows the layout of the sections of binary (e.g., headers, text, data).
|
|
|
You can double-click these to navigate to the associated section.
|
... | ... | |