[Scummvm-devel] Ghidra - a FOSS RE toolkit from NSA
Walter van Niftrik
walter at vanniftrik-it.nl
Sat Mar 9 11:58:08 CET 2019
I've been playing around with Ghidra for a couple of days now. Here's my
findings...
What I liked:
- Wide range of supported architectures.
- Built-in architecture-agnostic decompiler that seems to do a pretty
decent job.
- Undo functionality.
What I didn't like or couldn't figure out:
- There's an "Apply Enum", but how do you replace scalars with struct field
offsets or struct sizes like you can in IDA? The decompiler can often work
this out, but that won't help when you're working on handwritten assembly
code that can't be decompiled.
- (real-mode x86) When an offset is assigned to a register (and as such
there is no segment directly associated with that offset at this time, e.g.
MOV SI,0x1234), how do I tell Ghidra that 0x1234 is actually "offset Foo"
in (say) DS. When SI is later used to read from memory, the assembly
listing will correctly display the memory location, but I'd also like to
see it when the offset is assigned to SI. Note: the decompiler seems broken
for this scenario and insists on using CS for the memory read no matter
what I tried.
- No library/interrupt recognition.
I tested it on 6502 code, where it performed reasonably well. For real-mode
x86 it felt nearly unusable, due to the segment-related issues mentioned
above. There's a lot of potential here though, and if Ghidra improves over
time, I can see it becoming my main reverse engineering tool. Right now,
however, I don't think it's ready to replace IDA.
If anyone got real-mode x86 to work properly in Ghidra, I'd love to hear
about it.
Kind regards,
Walter van Niftrik
Op do 7 mrt. 2019 om 00:15 schreef Filippos Karapetis <bluegr at gmail.com>:
> Great news!
>
> Yesterday, NSA (yes, THAT NSA) released a FOSS RE toolkit. It’s written in
> Java, it’s comparable to IDA and it’s free and open source!
>
> You can read all about it here:
>
> https://www.zdnet.com/article/nsa-release-ghidra-a-free-software-reverse-engineering-toolkit/
>
> Website:
> https://ghidra-sre.org/
>
> Regards
> Filippos Karapetis
> --
> "Experience is the name every one gives to their mistakes" - Oscar Wilde
> _______________________________________________
> Scummvm-devel mailing list
> Scummvm-devel at lists.scummvm.org
> https://lists.scummvm.org/listinfo/scummvm-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.scummvm.org/pipermail/scummvm-devel/attachments/20190309/cfa62b80/attachment.html>
More information about the Scummvm-devel
mailing list