Wow is that even possible with ghidra?

Gil Bytepatching should be simple, worst case you just use like a Hex Editor and jump to the offset and manually patch ig

@@gilperon its possible i. Gdb, i would hope so! :)

Tech KZbinrs always have their view count scaled way down

And that's Mac OS for you

@@ytxstream ⌘ + ⌥ + d is your friend

@@ytxstream *Java's half-assed implementation of

He actually just moved it to the right.

^^ effing owned dude... 😅 By a Polock Frank... sick digs

(Thank you classic Godzilla movies.)

you've literally got a black hat on. don't lie

It is pronounced "Gee-druh" (github.com/NationalSecurityAgency/ghidra/wiki/Frequently-asked-questions#how-do-you-pronounce-ghidra), but that's okay. This video was a very nice introduction, by the way!

You sir are a thought criminal reading those agreements... tut tut..

@@EchoXIIIGO I do recall about 10 years ago, a very prominent software vendor had an Easter egg in the terms and conditions. something about giving away your first born and pledging elegance to satan. It took about 5 or more years for someone to finally read it and mention it. (Mickyj Whitehat)

@benzo I highly doubt an opensource project would send data to the NSA, I feel like people are very aware of their role in the world, especially floss peeps.

You must know what you are agreeing to before you agree.

In dialog boxes like that the only buttonnshould be renamed from "Ok" to "Whatever" 🤪

argv[0] is the program Name, 1 is the first argument, 2 the second argument etc :) So if you call “ls /etc” argv[0] contains “ls”

I'm having the same problem

It’s a SSH connection into a VM

Ah I see. Thanks for the reply

Set it to char ** argv instead of char * argv[] That’s also how it’s in the video in the second step - I assume [] is now reserved

@@stacksmashing yep it works, thank you!

No worries :) hope they eventually support that syntax

It's a tool called Keycastr

@@stacksmashing why am i getting this error ? /ghidraprojects/rev50_linux64-bit: cannot execute binary file

I'm a normie, no govlarp here, IDA is the only one I've heard of, Would be interesting to see how file analysis programs are built from scratch, as well as what language they would have to use to build a file analysis tool like ghidra or IDA Ghidra is kind of esoteric, IDA all the normies like me will recognize I know the govlarp people like using python

There should be a list of "X-REFS" on the far right of the listing (you might need to scroll horizontally). There should also be a right-click option to show/list references.

Will do later today!

Because Ghidra unfortunately does not support [] in the function signature - so instead of saying 'this is a pointer to an array' we say 'this is a pointer to a pointer', which gives us the result we want :) (Simplified: Working with an array in C is basically just pointer-arithmetic in the background)

Songchen Han In this case he’s analyzing a Linux binary, so it physically cannot run on macOS so there is no concern there. Same if you’re analyzing Windows malware on macOS or Linux (yes it may run under Wine, but you’d have to do that manually and it most likely wouldn’t work anyway). Also even if it was Mac malware, or if you were running Linux or Windows and analyzing Linux or Windows malware respectively, as long as you don’t execute the file it can’t do anything to your machine. Now with that said, if you’re analyzing malware at all, I agree it’s probably best to always do it inside a VM with networking and file sharing disabled just to be safe. Of course if your just reversing some normal software you don’t need to worry about any of that.

@@einsteinx2 OMG you are so sweet! That is a very good detailed explanation I could ever expected, that is very kind of you. I see, we can still reverse software/malware without of running environment. Huh, I ask because the only reverse engineer I do is the buffer overflow attack with requires the application to run and interact while monitor the registers and such in Immunity Debugger. I guess this is different from just purely "Reverse engineering". I am so happy I learned something today, thanks Ben!

@@wutangdaug Glad to help :) Yes exactly, when reversing with Ghidra, it's doing a disassembly and decompilation which is a static analysis. It never actually runs the binary. That's why he's able to analyze a linux elf on macOS, as it doesn't need to be compiled for that OS or even for that CPU architecture. He could just as easily be reverse engineering some ARM linux firmware or something. It's basically the same as looking at the file in a hex editor, except it's doing the extra work of converting the machine code into assembly and then a step further into C code which you can then annotate and comment to better understand the code flow. If you were to want to then use the information you learned from Ghidra to modify the binary for example to change a command and control server address or something like that so you could do some dynamic analysis by running it and viewing it's network traffic in Wireshark for example, then you would definitely want to do that in an isolated VM. But all Ghidra is doing is just looking at the bytes, it's not executing anything (unless it has some dynamic analysis features I'm unaware of).

@@einsteinx2 Thank you sir! I think I am more interested in the latter(modify the binary or control address). I guess that is dynamic analysis then. What tools you recommend for dynamic access then? Immunity Debugger/IDA PRO for windows, GDB for linux ?

@@einsteinx2 Also, do you have a twitter or something I can follow?

Thanks! Yes it does, and they’ll be marked as a bookmark

@@stacksmashing Thanks!! Yep I see them all in bookmarks, now I need to figure out how to view them!

Just double click on the bookmark, and the picture should be in the disassembly view

How can i fix this error? I'm at the moment a noob at programming.

@@letsplayer9558 the LARP groups are showing people how to use this shit lmao, hire me LARP people, I don't second guess stuff when I know what the shot is