Advanced Ghidra
Ghidra is a fairly complex reverse engineering tool, that has a lot of great features, that are not really intuitive to use. This talk was given together with intrigus for our CTF team KITCTF. It touches on many interesting but not easy to use features, specifically:
- Importing processor manuals
- Syncing decompiler and debugger
- pcode emulation
- Ghidra scripts in Java, and how you one use python 3 instead of python 2.7
- Function signatures, how to use them in static binaries and how they work internally
- Adding custom architectures
The slides should be navigated with n
and p
instead of arrow keys, because they are 2D slides.
Furthermore, they are exported from markdown to reveal.js, messing up some alignments, but that shouldn’t matter for understanding the contents.