By Andrea Marcelli and Holger Unterbrink.
If you're looking for something to keep you busy while we're all stuck inside during the holidays, Cisco Talos has a few tools for you you can play with in the coming days and weeks.
We recently updated GhIDA to work with the latest version of IDA and we are releasing new features for the award-winning Dynamic Data Resolver (DDR).
GhIDA
GhIDA is an IDA Pro plugin that integrates the Ghidra decompiler in IDA Pro. The plugin either communicates with Ghidra directly, by calling the Headless Analyzer, or by REST APIs, through the Ghidraaas docker container. GhIDA provides an easy and convenient way to display Ghidra decompiled code in IDA Pro and allows some basic interaction, such as function renaming, code highlighting and comments.Here's a rundown of the main functionalities of GhIDA and Ghidraaas. If you need more information, you can refer to the original blog post and the GitHub page.
Let GhIDA help you while reversing
Taking a look at the decompiled code may help identify the core operations of a function, especially if there are many basic blocks and a complex CFG. We will look at two functions — 0x00403860 and 0x00403960 — from an Emotet binary to show how to use GhIDA effectively during the binary reversing:
Launch GhIDA decompilation on 0x00403860 using the CTRL+ALT+D shortcut.
Move the GhIDA decompiled view side ..
Support the originator by clicking the read the rest link below.
