https://florence-njeri.github.io/njeri/tags/ghidra/Recent content in Ghidra on Florence NjeriHugo -- gohugo.ioenSun, 01 Dec 2024 09:36:41 +0000https://florence-njeri.github.io/njeri/posts/reverse_engineering/Sun, 01 Dec 2024 09:36:41 +0000https://florence-njeri.github.io/njeri/posts/reverse_engineering/Reverse Engineering # Decompiling a program from assemnly back to high level language to try and understand what the program does. Example uses cases: Vulnerability Analysis Malware Research Binary Analysis Tools Summary (Ghidra Book, Ch. 2) # 1. file # What: Identifies the file format (ELF, PE, Mach-O), architecture (x86, ARM), and bit-width (32/64-bit). When: Step 1 (Triage). Use it the moment you receive a mystery file. Why vs Others: Use this instead of nm or objdump initially because it tells you if the file is even an executable or if it is “stripped” (missing names). Example Command: file <filename> 2.