https://florencenjeri.com/tags/ghidra/ Recent content in Ghidra on Florence Njeri Hugo -- gohugo.io en Sun, 01 Dec 2024 09:36:41 +0000 https://florencenjeri.com/posts/reverse_engineering/ Sun, 01 Dec 2024 09:36:41 +0000 https://florencenjeri.com/posts/reverse_engineering/ Reverse Engineering # Decompiling a program from assemnly back to high level language to try and understand what the program does. Example uses cases: Vulnerability Analysis Malware Research Binary Analysis Tools Summary (Ghidra Book, Ch. 2) # 1. file # What: Identifies the file format (ELF, PE, Mach-O), architecture (x86, ARM), and bit-width (32/64-bit). When: Step 1 (Triage). Use it the moment you receive a mystery file. Why vs Others: Use this instead of nm or objdump initially because it tells you if the file is even an executable or if it is “stripped” (missing names). Example Command: file <filename> 2.