On this weblog collection, I will probably be placing the highlight on helpful Ghidra options you might have missed. Every put up will take a look at a distinct characteristic and present the way it helps you save time and be simpler in your reverse engineering workflows. Ghidra is an extremely highly effective device, however a lot of this energy comes from understanding find out how to use it successfully.
On this put up, I will probably be discussing what slice highlighting is and the way it helps us visualize relationships between variables to higher perceive a program. Earlier than we will talk about find out how to use slice highlighting in Ghidra, I’d prefer to take a second to introduce the idea of program slicing. When it comes to software program reverse engineering, program slicing is a means of abstracting code into smaller teams of statements generally known as slices. Slices are shaped by following how a selected variable’s worth impacts or is affected by the values of different variables. The Ghidra Decompiler exposes performance to shortly apply highlighting to visualise these program slices.
The best solution to entry slice highlighting inside Ghidra is to right-click on a variable within the Decompiler:
It is very important notice that the slice highlighting choices are solely obtainable when the cursor is at a variable whose worth is getting used or set. Slice highlighting just isn’t obtainable within the context menu if the cursor is at a variable declaration or a program level the place the deal with of operator (&) is getting used. The Spotlight Ahead Slice motion will spotlight variables whose values are affected by the worth of the variable beneath the cursor.
Within the above instance, a ahead slice was requested for index on line 31. Be aware that on line 31, the utilization of floor_area wouldn’t be affected by index till after the loop restarts.
Spotlight Backward Slice will spotlight variables whose values contributed to the worth of the variable beneath the cursor.
Within the above instance, a backward slice was requested for index on line 31. The one highlighted variable on this case is index, and it consists of the initialization of index previous to coming into the loop.
Along with these choices, Ghidra additionally has ahead and backward ‘Inst Slice’ choices. That is brief for instruction slice and can embrace all directions that have an effect on or are affected by the worth of the variable beneath the cursor.
Within the context of vulnerability analysis, slice highlighting offers a solution to shortly establish the scope of management an attacker has once they management a selected variable or alternatively which variables they would wish to manage to affect the worth of a variable.
Learn Extra about Ghidra
Ghidra 101: Cursor Textual content Highlighting