Chapter 3. Program Analysis with Ghidra
The most important part of Ghidra is, perhaps debatably, the program analysis. There are a lot of features that Ghidra offers. So, we should spend some time looking at how you can get started with some program analysis. With a program like the CodeBrowser in Ghidra, trying to skim through all the menus and options can be overwhelming, so let’s take it a step at a time and look at the core functions. This includes disassembly. It also includes decompilation of the disassembled code. We can also take a look at graphs that will help provide a better visual representation of the overall program. Of course, before we do anything, we need to get a program loaded up. So let’s start there.
Loading a Program into Ghidra
Before you get started, you need to load a program. This is not as straightforward a task as you might think. It’s not as simple as just clicking on File/Open and pointing it at the program you want to look at. Ghidra is project-oriented. You can work collaboratively in Ghidra or work alone. Ghidra refers to this as a shared or non-shared project. So, we need to start with creating a project before we can get to the fun part of looking at a program.
Creating a Project
To create a new project, Choose File → New Project and click through the wizard to choose your project directory. You will also be asked if you want your project to be Shared or Non-Shared. A Shared project can be viewed and analyzed by multiple parties, and requires ...
Get Getting Started with Ghidra now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
