| ... | @@ -27,30 +27,27 @@ Once done, click `Finish`. |
... | @@ -27,30 +27,27 @@ Once done, click `Finish`. |
|
|
Now that you have a project, you'll need one or more binary files to analyze.
|
|
Now that you have a project, you'll need one or more binary files to analyze.
|
|
|
Binaries can be added to a project by selecting `File > Import File...` for a single file, or `File > Batch Import` for multiple files.
|
|
Binaries can be added to a project by selecting `File > Import File...` for a single file, or `File > Batch Import` for multiple files.
|
|
|
Alternatively, binaries can be dragged and dropped into the project window to add them.
|
|
Alternatively, binaries can be dragged and dropped into the project window to add them.
|
|
|
In this example, I'll add Window's notepad.exe (located at C:\Windows\system32\notepad.exe) for analysis.
|
|
In this example, we'll look at binary compiled from the C program available [here](https://raw.githubusercontent.com/NoraCodes/crackmes/master/crackme01.c).
|
|
|
A dialogue box will present you with the format and language Ghidra has identified from the binary; if you know these ahead of time, you will want to verify that Ghidra has made the correct selections.
|
|
A dialogue box will present you with the format and language Ghidra has identified from the binary; if you know these ahead of time, you will want to verify that Ghidra has made the correct selections.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Click `OK` once finished and Ghidra will begin the import process (this can take some time for large binaries).
|
|
Click `OK` once finished and Ghidra will begin the import process (this can take some time for large binaries).
|
|
|
When finished, Ghidra will present a summary of the import results; odd results might indicate an improper selection of binary format or language.
|
|
When finished, Ghidra will present a summary of the import results; odd results might indicate an improper selection of binary format or language.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Click `OK` to continue, then double click on the binary in the project window.
|
|
Click `OK` to continue, then double click on the binary in the project window.
|
|
|
The first time you open a binary, Ghidra will ask if you want it analyzed; click `Yes`.
|
|
The first time you open a binary, Ghidra will ask if you want it analyzed; click `Yes`.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
You'll be presented with a list of optional analyzers, including some experimental prototype options.
|
|
You'll be presented with a list of optional analyzers, including some experimental prototype options.
|
|
|
For now, you can just leave it as the default set of analyzers and click `Analyze`.
|
|
For now, you can just leave it as the default set of analyzers and click `Analyze`.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Ghidra will then run the selected analyzers, which can take a while for large binaries; progress is shown in the bottom right.
|
|
Ghidra will then run the selected analyzers, which can take a while for large binaries; progress is shown in the bottom right.
|
|
|
Once completed, you'll see the Code Browser window, the main interface for Ghidra.
|
|
Once completed, you'll see the Code Browser window, the main interface for Ghidra.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
On the left at the top is the Program Trees window, which shows the layout of the sections of binary (e.g., headers, text, data).
|
|
On the left at the top is the Program Trees window, which shows the layout of the sections of binary (e.g., headers, text, data).
|
|
|
You can double-click these to navigate to the associated section.
|
|
You can double-click these to navigate to the associated section.
|
| ... | | ... | |
