From the course: Ethical Hacking: The Complete Malware Analysis Process
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Disassembly with Ghidra
From the course: Ethical Hacking: The Complete Malware Analysis Process
Disassembly with Ghidra
- [Instructor] The first stage of reverse engineering is static analysis, which involves disassembling or decompiling the code and manually reviewing it. The most popular professional tool used for doing this is IDA Pro. However, there are some open source disassemblers we can use. Ghidra is a tool which has been released for public use by the National Security Agency's Research Directorate. It requires Java, but otherwise runs directly from the unzipped archive by running ghidrarun.bat. I've downloaded Ghidra and created a new project called Hexa. I'll import the original Hexa executable. File, import, and import the unpacked Hexa. I can now right click and open with code browser. It hasn't been analyzed yet, so we'll do that. Ghidra reports that this isn't a complete P-type executable, and so isn't able to do a full analysis. Given that this is our own assembly code, this is not surprising. At the top left, we can see…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.