Скачати "Intro to Ghidra Tutorial 2023 | Setup to Disassembly Window | Ghidra SRE"

Happy Cybersecurity Month 2023! In this video, you are introduced to Ghidra, a software reverse engineering framework. I take you from setup through to the disassembly window, with a few twists and turns between. This video focuses on setup/use of Ghidra on Windows... we reverse engineer a small Windows PE binary created using Visual Studio 2022 Community Edition. Even if you do not know C++ or Ghidra or anything about reverse engineering, if you have a curiosity about these tools, I recommend you try to follow along... even if it's over your head, that's where many begin the journey and it simply means you will get more out of each moment than someone who knows "everything." If you are familiar with Ghidra, feel free to jump ahead to later sections as you wish. See clickable Table of Contents below. DemoApp source code: 1. git clone https://github.com/AshleyT3/tutorial-sample-code 2. open ./src/Intro-to-Ghidra-Tutorial/DemoApp/DemoApp.sln in Visual Studio. ...okay, let's get going! Table of Contents 0:00:00 Start 0:01:54 Download Ghidra 0:03:03 Ghidra Requirements/Setup 0:03:36 Download OpenJDK from Microsoft 0:04:49 Download OpenJDK from Amazon 0:06:15 Install OpenJDK from Microsoft 0:06:56 Install Ghidra 0:08:09 SmartScreen block 0:09:49 Ghidra first run, fix scaling, small font issue 0:11:36 ZIP file JDK (i.e., Amazon Corretto) 0:13:21 Run Ghidra, fix scaling issues (ZIP file JDK) 0:14:28 Install Visual Studio 0:15:09 Visual Studio initial startup 0:15:24 Create DemoApp project 0:16:16 Visual Studio quick test drive 0:17:33 Debug vs Release build intro 0:27:07 The DemoApp source, building, initial use. 0:30:50 Visual Studio binary hex editor 0:31:30 VSCode Hex Editor 0:33:37 Caution, do not edit the binary! 0:34:03 Create a Ghidra Project 0:37:39 The 'main' function 0:38:26 Initial analysis 0:39:39 The Luxury of Decompiling 0:41:06 Top-down not required 0:41:19 Lucky helpful strings 0:43:10 C++ Console Output 0:45:35 The binary is not the source code 0:46:57 Adding Labels 0:50:17 An adventure with levels 0:51:24 Secondary highlights 0:51:59 The art of names and more 0:53:00 STL string intro 0:58:16 Variable naming pt1 0:58:59 The operator != function 1:01:52 Le door de back 1:04:11 Another label 1:04:56 Add a comment 1:05:25 Fearless naming. 1:07:40 C++ Console Input 1:08:08 Removing secondary highlight 1:08:41 STL string, C-string, pointers pt1 1:12:49 Navigate to a function 1:13:50 Shortcuts==saved brain cycles 1:14:52 Function arguments pt1 1:16:10 Strings and pointers pt2 1:19:42 C++ this pointer 1:21:33 The purity of source code 1:22:35 Coach Ghidra, Reset/Recap 1:26:37 Strings/bytes and pointers pt3 1:32:27 Copying hex from Ghidra 1:34:28 Naming pt2 1:38:07 Top-down not required pt2 1:43:07 The 'for' loop 1:48:09 Decoding the_big_secret 1:57:11 Exiting the 'for' loop 1:58:56 The 'flag' 2:00:59 Fundamental Data Types (x86/x64) 2:02:33 Middle mouse button highlight 2:03:17 General Purpose CPU Registers 2:07:09 Register variables 2:08:43 Calling conventions 2:09:23 Return values in RAX 2:10:34 x64 Calling Conventions Summary 2:14:05 Rename register variable 2:16:21 Temp-saving RAX during other operations 2:21:00 Hiding symbols from Ghidra 2:23:41 Ghidra without symbols 2:27:43 Naming pt3: Use what works! 2:30:19 Release vs Debug w/symbols 2:34:07 Inlined functions 2:38:17 Rel vs Dbg: Decompile Window 2:43:30 Inline example 2:46:24 Finding, examining the _Myptr() function 2:51:00 &_Buf vs _Ptr value 2:54:59 Disassembly Window, inviting coach Visual Studio to help 2:56:01 LEA instruction pt1 2:57:12 Register variables 2:57:26 Calling conventions pt3 2:58:35 Easy/Nuanced register variable naming 2:59:49 Renaming an existing register variable 3:01:00 Nuanced register variable renaming 3:01:19 Undo/Redo to observe changes 3:05:43 Processor Manual Setup 3:08:45 LEA instruction pt2 3:09:12 CMP instruction 3:10:27 CPU Flags, EFLAGS register 3:11:27 Ghidra and 'string' memory layout pt1 3:14:37 CPU Carry Flag (CF) 3:17:06 CMOVNC instruction, 'string' mem layout pt3 3:20:18 LEA/CMP/CMOVNC recap 3:22:20 MOV instruction 3:23:07 CMP instruction pt2 3:23:56 JNZ instruction 3:24:19 JNZ/JNE, JZ/JE instructions 3:25:25 LEA instruction pt3 3:25:52 Compiler as strategist 3:29:52 TEST instruction 3:32:29 Outro... Thank you! Happy reversing! Buy Me a Coffee https://buymeacoffee.com/ricochettech Subscribe to the the RicochetTech email list: https://ricochettech.net/subscribe/ if you liked this video, don't forget to click the Like button! (Thank you!) If you want to see more of this content, click the 'Subscribe' button to receive RicochetTech channel updates! The appearance of U.S. Department of Defense (DoD) visual information does not imply or constitute DoD endorsement.