C Structures in Ghidra: How to Reverse Engineer Faster

Рет қаралды 6,459

Күн бұрын

Learn how C structures can improve your reverse engineering workflow.
0:00 How I failed
0:38 How developers use C structures in their programs
3:13 Reverse Engineering C structures in Ghidra
6:10 Using structures vs no structures
~~~ 🐵 Social ~~~
🐦 Twitter: / slava_moskvin_
👨‍💼 LinkedIn: www.linkedin.com/in/vyacheslav-moskvin

Пікірлер: 18

@nordgaren2358 Жыл бұрын

@Path Cybersec [Slava Moskvin] ahh, yea. It saves me a lot of time when REing a structure in a function, but it's also not amazing or perfect, so you do have to do some stuff manually! A suggestion for your next tutorial on the subject could be how to get the size of the individual fields from the asm, as I don't think Ghidra automaticlly does that when you rename a field. Btw, you can type the size in directly at the bottom of the structure editor, and it will create the correct amount of bytes! Glad to see people are making RE tutorials! Hope you keep making them!

@nordgaren2358 Жыл бұрын

Idk why this wasn't a reply to my first comment. Sorry!

@icarus1656 Жыл бұрын

awesome :D

@PathCybersecSlavaMoskvin Жыл бұрын

Thank you!

@TheSimpleLife7 Жыл бұрын

Sir, can you explain how to reverse engineering quickbooks with advance inventory

@alqaeda308 Жыл бұрын

Always upload sir

@nordgaren2358 Жыл бұрын

Have you used the auto fill struct function to make structure dissection even faster?

@PathCybersecSlavaMoskvin Жыл бұрын

Hey! Yes, I have, but I felt like I need to show the longer way to do it in the video, because it may allow new people to understand structures better

@heapninja 8 ай бұрын

@@PathCybersecSlavaMoskvin your videos are amazing, i would love to see an extended version, its very amazing the way you explain it!

@eyalv8153 Жыл бұрын

Love your videos , Although I still struggle with reverse engineering.

@PathCybersecSlavaMoskvin Жыл бұрын

Thanks! Why do you think you're struggling?

@eyalv8153 Жыл бұрын

@@PathCybersecSlavaMoskvin the struggle is focusing as much as necessary on each topic(that you suggested in earlier video)and combining in to actual reversing and understand the code structure and calls etc', so it makes you feal at point zero all the time :)

@PathCybersecSlavaMoskvin Жыл бұрын

Oh yeah, I feel you. I feel the same way each time I start researching a new topic - just overwhelmed and not sure if I'm gonna be able to make anything of it

@anonsurf4901 Жыл бұрын

is reverse engineering and exploit development processor specific?INTEL/AMD ...can i do reversing and develop exploit with amd pc same as computers with intel processor ???? and does reversing tools like ghidra work on amd ??

@PathCybersecSlavaMoskvin Жыл бұрын

There is no difference between Intel and AMD unless you’re working on a really, really low level

@vedaryan334 8 ай бұрын

unrealted question can you link the music used?

@MrLuckyTomas 11 ай бұрын

Ну да у нас же у всех есть размер и названия полей... Попробуй разобрать структуру о которой ты вообще ничего не знаешь и инициализируется она в стеке (без malloc). И еще, ghidra и ida выдают разный код. Вот например в csgo есть структура netadr_t, гидра пишет что движок игры обращается к оффсету 0x28 или типа того, что вообще за пределами структуры. А IDA пишет что обращается по оффсету 5, что является вторым байтом ip адреса. А по факту они оба обращались к первому полю структуры, где хранится тип адреса (netadrtype_t) и как с этим работать? Если бы у меня не было исходников движка игры, то я бы никогда в жизни не догадался где что там. Вот например есть кс 2, там исходников уже нет и как разбираться в нем я вообще без понятия.

@rafk5341 4 ай бұрын

Использовать reclass?