PMA 510: Starting with Ghidra (10 pts)

What you need

Purpose

To start using Ghidra, the NSA's disassembler.

Getting the Sample Files

In a Web browser, go to

https://ghidrabook.com/

At the lower left, click the "Download.zip" button.

Save the zip file.

Unzip it. If you are using Windows, right-click the file, click Extract, and then click "Extract All".

Installing Ghidra

If you don't already have Java installed, go to https://www.oracle.com/java/technologies/javase-downloads.html and install the JDK.

In a Web browser, go to

https://ghidra-sre.org/

Click the red "Download Ghidra" button.

Save the file. Unzip it.

In the "ghidra_9.1.2_PUBLIC" folder, if you are using Windows, double-click ghidraRun.bat.

If you are on a Mac or Linux machine, double-click ghidraRun.

Creating a Project

In Ghidra, click File, "New Project".

Accept the default option of "Non-Shared" project and click Next.

Accept the default name and locatino and click Finish.

Importing a File

Click File, "Import File". Browse to ch4_example.exe and double-click it.

In the Import dialog box, accept the default options and click OK.

In the "Import Results Summary" window, click OK.

The file appears in the Tool Chest window, as shown below.

Analyzing the File

In the the Tool Chest window, double-click the ch4_example.exe file.

A pop-up box asks if you want to analyze the file now. Click Yes.

In the Analysis Options box, accept the default options and click Analyze.

A box pops up warning that the file has "Incomplete PDB information". That's common. Click OK.

When the analysis finishes, a "CodeBrowser" window appears.

PMA 510.1: Functions (10 pts)

From the Ghidra menu bar, click Help, "About ch4_example.exe".

The flag appears, covered by a green box in the image below.

Saving the Project

In the CodeBrowser window, click File, "Save 'ch4_example.exe'".

Click File, "Exit Ghidra".

Posted 8-25-2020