Embedded-Hacking/WEEK04/slides/WEEK04-IMG05.svg

<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1200 800">
<style>
  .bg{fill:#0a0a0f}.pnl{fill:#12121a;stroke:#1a1a2e}.hdr{fill:#12121a}
  .title{font:bold 42px 'Courier New',monospace;fill:#00ff41}
  .sub{font:bold 28px 'Courier New',monospace;fill:#00d4ff}
  .txt{font:24px 'Courier New',monospace;fill:#c0c0c0}
  .dim{font:20px 'Courier New',monospace;fill:#888}
  .grn{font:bold 24px 'Courier New',monospace;fill:#00ff41}
  .red{font:bold 24px 'Courier New',monospace;fill:#ff0040}
  .cyn{font:bold 24px 'Courier New',monospace;fill:#00d4ff}
  .amb{font:bold 24px 'Courier New',monospace;fill:#ffaa00}
  .badge{stroke:#00ff41;rx:14}
</style>
<rect class="bg" width="1200" height="800"/>

<!-- Title -->
<text x="600" y="52" text-anchor="middle" class="title">Ghidra Binary Analysis</text>
<text x="600" y="88" text-anchor="middle" class="dim">Analyzing a Raw .bin Without Symbols</text>

<!-- Step 1: Import -->
<rect x="40" y="110" width="360" height="280" rx="8" class="pnl"/>
<text x="220" y="148" text-anchor="middle" class="sub">1. Import</text>
<rect x="60" y="165" width="320" height="40" rx="4" fill="#0a0a0f" stroke="#00ff41" stroke-width="1"/>
<text x="80" y="192" class="grn">File -> Import</text>
<text x="60" y="232" class="txt">Language:</text>
<text x="60" y="262" class="cyn">ARM Cortex 32 LE</text>
<text x="60" y="302" class="txt">Block:</text>
<text x="200" y="302" class="grn">.text</text>
<text x="60" y="340" class="txt">Base:</text>
<text x="200" y="340" class="amb">10000000</text>
<text x="60" y="370" class="dim">XIP address for RP2350</text>

<!-- Step 2: Analyze -->
<rect x="420" y="110" width="360" height="280" rx="8" class="pnl"/>
<text x="600" y="148" text-anchor="middle" class="sub">2. Analyze</text>
<rect x="440" y="165" width="320" height="40" rx="4" fill="#0a0a0f" stroke="#00ff41" stroke-width="1"/>
<text x="460" y="192" class="grn">Auto-Analyze: Yes</text>
<text x="440" y="235" class="txt">Ghidra finds:</text>
<text x="440" y="270" class="dim">FUN_1000019a</text>
<text x="440" y="300" class="dim">FUN_10000210</text>
<text x="440" y="330" class="dim">FUN_10000234</text>
<text x="440" y="365" class="dim">Auto-generated names</text>

<!-- Step 3: Resolve -->
<rect x="800" y="110" width="360" height="280" rx="8" class="pnl"/>
<text x="980" y="148" text-anchor="middle" class="sub">3. Resolve</text>
<rect x="820" y="165" width="320" height="40" rx="4" fill="#0a0a0f" stroke="#00ff41" stroke-width="1"/>
<text x="840" y="192" class="grn">Edit Function Sig</text>
<text x="820" y="235" class="txt">Rename to:</text>
<text x="820" y="270" class="cyn">data_cpy</text>
<text x="820" y="300" class="cyn">frame_dummy</text>
<text x="820" y="330" class="grn">main</text>
<text x="820" y="365" class="dim">Fix signatures</text>

<!-- Bottom: Decompiled Output -->
<rect x="40" y="410" width="1120" height="370" rx="8" class="pnl"/>
<text x="60" y="448" class="sub">Decompiled main() in Ghidra</text>

<rect x="60" y="465" width="520" height="295" rx="6" fill="#0a0a0f" stroke="#ff0040" stroke-width="1"/>
<text x="80" y="500" class="red">Before Resolving:</text>
<text x="80" y="535" class="txt">void FUN_10000234(void){</text>
<text x="100" y="570" class="dim">FUN_10002f54();</text>
<text x="100" y="605" class="txt">do {</text>
<text x="120" y="640" class="dim">FUN_100030e4(</text>
<text x="140" y="675" class="dim">DAT_10000244,0x2b);</text>
<text x="100" y="710" class="txt">} while(true);</text>
<text x="80" y="740" class="txt">}</text>

<rect x="600" y="465" width="540" height="295" rx="6" fill="#0a0a0f" stroke="#00ff41" stroke-width="1"/>
<text x="620" y="500" class="grn">After Resolving:</text>
<text x="620" y="535" class="txt">int main(void) {</text>
<text x="640" y="570" class="cyn">stdio_init_all();</text>
<text x="640" y="605" class="txt">do {</text>
<text x="660" y="640" class="cyn">printf(</text>
<text x="680" y="675" class="amb">"age: %d\r\n"</text>
<text x="680" y="700" class="grn">, 0x2b);</text>
<text x="640" y="725" class="txt">} while(true);</text>
<text x="620" y="750" class="txt">}</text>
</svg>