Changes

Page history
Update An Introduction to Ghidra authored by Aaron Scott Pope's avatar Aaron Scott Pope
Show whitespace changes
Inline Side-by-side
Tool-Guides/An-Introduction-to-Ghidra.md
View page @ c793914e
...@@ -27,30 +27,27 @@ Once done, click `Finish`. ...@@ -27,30 +27,27 @@ Once done, click `Finish`.
Now that you have a project, you'll need one or more binary files to analyze. Now that you have a project, you'll need one or more binary files to analyze.
Binaries can be added to a project by selecting `File > Import File...` for a single file, or `File > Batch Import` for multiple files. Binaries can be added to a project by selecting `File > Import File...` for a single file, or `File > Batch Import` for multiple files.
Alternatively, binaries can be dragged and dropped into the project window to add them. Alternatively, binaries can be dragged and dropped into the project window to add them.
In this example, I'll add Window's notepad.exe (located at C:\Windows\system32\notepad.exe) for analysis. In this example, we'll look at binary compiled from the C program available [here](https://raw.githubusercontent.com/NoraCodes/crackmes/master/crackme01.c).
A dialogue box will present you with the format and language Ghidra has identified from the binary; if you know these ahead of time, you will want to verify that Ghidra has made the correct selections. A dialogue box will present you with the format and language Ghidra has identified from the binary; if you know these ahead of time, you will want to verify that Ghidra has made the correct selections.
![import-notepad](uploads/e9bda8005167c47bb30d2ef312a2fba2/import-notepad.png) ![import-binary](uploads/b910fca62cf817456bd6dd0408c0bd47/import-binary.png)
Click `OK` once finished and Ghidra will begin the import process (this can take some time for large binaries). Click `OK` once finished and Ghidra will begin the import process (this can take some time for large binaries).
When finished, Ghidra will present a summary of the import results; odd results might indicate an improper selection of binary format or language. When finished, Ghidra will present a summary of the import results; odd results might indicate an improper selection of binary format or language.
![import-summary](uploads/1c724f9c9711efba5d70480d41da6330/import-summary.png) ![import-summary](uploads/63d53a251aa17b879b9effccafca3686/import-summary.png)
Click `OK` to continue, then double click on the binary in the project window. Click `OK` to continue, then double click on the binary in the project window.
The first time you open a binary, Ghidra will ask if you want it analyzed; click `Yes`. The first time you open a binary, Ghidra will ask if you want it analyzed; click `Yes`.
![analyze](uploads/61762e110b57110631b08ee5375c8899/analyze.png)
You'll be presented with a list of optional analyzers, including some experimental prototype options. You'll be presented with a list of optional analyzers, including some experimental prototype options.
For now, you can just leave it as the default set of analyzers and click `Analyze`. For now, you can just leave it as the default set of analyzers and click `Analyze`.
![analyzers](uploads/2c1b7de53f8501838a11abe801331532/analyzers.png) ![analysis-options](uploads/066bdb4d69dafd41c599e57b8118e6a9/analysis-options.png)
Ghidra will then run the selected analyzers, which can take a while for large binaries; progress is shown in the bottom right. Ghidra will then run the selected analyzers, which can take a while for large binaries; progress is shown in the bottom right.
Once completed, you'll see the Code Browser window, the main interface for Ghidra. Once completed, you'll see the Code Browser window, the main interface for Ghidra.
![code-browser](uploads/cdc2f8db983aca8aa38c8a7012a0154a/code-browser.png) ![code-browser](uploads/3483bdb0da5fc8249da0450e900103d9/code-browser.png)
On the left at the top is the Program Trees window, which shows the layout of the sections of binary (e.g., headers, text, data). On the left at the top is the Program Trees window, which shows the layout of the sections of binary (e.g., headers, text, data).
You can double-click these to navigate to the associated section. You can double-click these to navigate to the associated section.
... ...
......