Locked Ghidra 10.1.2

[itsMe]

This is the hidden content, please

• Sign In
• or
• Sign Up

Ghidra Software Reverse Engineering Framework

Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra extension components and/or scripts using Java or Python.

In support of NSA's Cybersecurity mission, Ghidra was built to solve scaling and teaming problems on complex SRE efforts, and to provide a customizable and extensible SRE research platform. NSA has applied Ghidra SRE capabilities to a variety of problems that involve analyzing malicious code and generating deep insights for SRE analysts who seek a better understanding of potential vulnerabilities in networks and systems.

If you are a U.S. citizen interested in projects like this, to develop Ghidra and other cybersecurity tools for NSA to help protect our nation and its allies, consider applying for a career with us.

Ghidra 10.1.2 Change History (January 2022)

    Improvements

        Basic Infrastructure. Upgraded Gson to 2.8.9. (GP-1632, Issue #3802)
        Basic Infrastructure. Upgraded log4j to 2.17.1. (GP-1641)
        Build. Increased minimum supported Gradle version from 6.4 to 6.8. (GP-1680)
        Debugger:Emulator. Emulator's PcodeStepper now displays the decoded instruction. (GP-1474)
        Debugger:Watches. Double-clicking a pointer value in the Watches window navigates to the pointer rather than its address. (GP-1469)
        Listing. Updated the Listing Operands field to support word-wrapping for enum data types. (GP-1665, Issue #3812)
        Scripting. Improved the RecoverClassesFromRTTIScript to create function definitions for multi-inheritance and single virtual inheritance classes in the correct ancestor class data type folders. (GP-1663)
        Scripting. Updated RecoverClassesFromRTTI script for GCC programs to only create typeinfo structures in non-executable memory. (GP-1686)

    Bugs

        Analysis. Fixed another bug with recovering Objective-C method names. (GP-1642, Issue #3817)
        Analysis. Certain switch cases using the AARCH64 CSEL instruction will now recover correctly. Previously internal CBRANCH instructions could cause switch flow recovery failure in the decompiler switch analyzer. (GP-1687)
        Analysis. Fixed unused Microsoft Demangler options. (GP-1688, Issue #3892)
        Analysis. (U) Reverted change (GP-1575) introduced with Ghidra 10.1 which improperly factored image-base into analysis of ELF LSDA Gcc exception records. (GP-1702)
        Build. Fixed gradle buildGhidra issue where a second build doesn't include all the files. This issue appears to be a bug introduced in Gradle 7. (GP-1648, Issue #3827)
        Data Types. Fixed display of multiple Enum values. (GP-1657, Issue #3810)
        Debugger. Now invalidating caches for dbgeng/dbgmodel in the GADP variants so the memory is not left stale. (GP-846)
        Debugger. Fixed exception when cancelling password entry for GDBOverSSH. (GP-1655, Issue #3578)
        Debugger:Memory. Fixed Debugger Memory background colors during emulation. (GP-1590)
        Debugger:Trace. Fixed issue where emulated state leaked into recorded state. (GP-1620)
        Debugger:Trace. Fixed NullPointerException when disassembling stale memory. (GP-1646)
        Decompiler. Fixed the Decompiler Retype Field action to not rename the field. (GP-1654, Issue #3783)
        Decompiler. Decompiler now recovers jump tables that use PIC mechanisms or other forms relying on injected p-code. (GP-1659)
        Demangler. Fixed demangling bug that produced incorrect types such as unsigned_short. (GP-1662)
        GUI. Fixed incorrect tool option reference in the Create Table From Selection action. (GP-1676, Issue #3858)
        GUI. Fixed the Decompiler Find Text dialog's auto-complete feature to not change the default text entry added to the dialog. (GP-1685, Issue #3890)
        Importer:Mach-O. Fixed an IllegalArgumentException that occurred when loading some kernelcache images. (GP-1675, Issue #2487)
        Importer:PE. Fixed an exception that occurred when re-parsing PE programs with a .pdata section from memory. (GP-1636, Issue #3347, #3800, #3805)
        PDB. Fixed incorrect bounds on item type iteration; one effect of the fix is that the user might notice more unsupported PDB data type messages in the log. (GP-1677)
        Processors. Fixed issue with Motorola 6809 immediate operands being set to zero. (GP-1611, Issue #2116, #3755)
        Processors. Corrected PowerPC efscmp* and efstst* instructions condition register usage. (GP-1639, Issue #2528)
        Processors. Fixed the target of JUMP and JSR for the 6809 to use [target] instead of jumping directly to target which incorrectly jumped to the address of the unique variable. Also fixed a compile issue in the half-finished 6309 EXG and TFR instructions. (GP-1690, Issue #3825)
        Scripting. Fixed the ApplyClassFunctionDefinitionUpdatesScript and the ApplyClassFunctionSignatureUpdatesScript to work correctly with the recent RecoverClassesForRTTI changes to function definitions. (GP-1601)
        Scripting. Fixed bug in a class recovery helper class that was causing an exception in some cases when trying to replace a component in a structure. (GP-1670)
        Scripting. Removed a misplaced space character in the name passed to setLabel in RecoverClassesForRTTIScript. (GP-1671)
        Sleigh. Fixed bug that could cause erroneous decompilation of functions in overlays. (GP-1661, Issue #3828)

This is the hidden content, please

• Sign In
• or
• Sign Up