ListingLover allows to choose between “Add” and “Remove” commands, because it can also be used to remove the POST comments it inserts. gzf file can then be imported by creating a new Ghidra project and selecting the “Import file…” option. postScript ExportToGzf.java #ARCHIVE_OUTPUT_PATH scriptPath #SCRIPT_FOLDER_PATH -postScript ListingLover.java \ # deleting the project folder after the export If the analysis is executed on another machine, the results can be exported to GZF format using this script as follows: scriptPath #SCRIPT_FOLDER_PATH -postScript ListingLover.java $ analyzeHeadless #PROJECT_DIRECTORY #PROJECT_NAME -import #BINARY_PATH \ The best way to mitigate this issue is to launch the script in batch mode, using Ghidra headless mode (but the script can be used from the GUI as well), as follows: Based on some tests I did, ListingLover requires an amount of time comparable to that spent during initial analysis. These operations may require a lot of time, especially when reversing huge binaries. In Ghidra, instead, I had to scroll all disassembly, decompile every function and add all needed comments to the disassembly listing. One big caveat is that this feature in IDA Pro instantly adds the pseudo-code to the disassembly listing, because probably the pseudo-code data is already associated to the disassembly listing internally. POST comments are perfect for this purpose, because by default they are shown in the disassembly listing and not in the decompiler pane, avoiding filling this pane with duplicate data.Īn example of result is the following one: My script adds the comments after the related disassembly instructions, using a POST comment. Well, once I started using Ghidra I really missed this functionality and so I decided to build this feature in a Ghidra script. With this feature, it is possible to work on the disassembly listing while still benefiting from the decompiled pseudo-code. Get the best from both IDA’s decompiler
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |