Chapter 6: Scripting Malware Analysis

In this chapter, we will apply the scripting capabilities of Ghidra to malware analysis. By using and writing Ghidra scripts, you will be able to analyze malware in a more efficient way.

You will learn how to statically resolve the Kernel32 API hashed functions used by Alina shellcode, which was superficially analyzed in the previous chapter.

The Flat APIs are simple but powerful versions of the full-fledged complex Ghidra API. They are a great starting point for anyone looking to develop Ghidra modules and/or scripts.

We will start by classifying the Ghidra Flat API functions into categories in order to get more comfortable when looking for a function. Following that, we will look at how to iterate over ...

Get Ghidra Software Reverse Engineering for Beginners now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Ghidra Software Reverse Engineering for Beginners by A. P. David

Chapter 6: Scripting Malware Analysis

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly