Ghidra Basics – Cross References From Imported Functions

by Prapattimynk, Sunday, 26 November 2023 (3 months ago)
Ghidra Basics – Cross References From Imported Functions


Leveraging Ghidra to establish context and intent behind imported functions.

In this blog, we’ll use Ghidra to analyse a suspicious imported function identified with PeStudio.

This forms a basic and repeatable workflow within Ghidra, where imported functions are cross-referenced to establish context and intent.

Not only does this establish context, but it almost always establishes an area of code that you can begin to work from within Ghidra. This significantly improves the process of “starting from scratch”.

A simple cobalt strike loader will be used here, this loader uses very basic apis and obfuscation to decode and load embedded shellcode.

Comments

Your email address will not be published. Required fields are marked *

Ads Blocker Image Powered by Code Help Pro

AdBlocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.