I like that the decompiler calls x86 INT 'swi(x)'. You can tell what architecture they were thinking about when they did that...pic.twitter.com/Nq3hdD5Dce
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
I like that the decompiler calls x86 INT 'swi(x)'. You can tell what architecture they were thinking about when they did that...pic.twitter.com/Nq3hdD5Dce
Okay, this *desperately* needs IDA's 'highlight everything that matches whatever the cursor is over' thing though. If this isn't implemented (and I just haven't found it yet), this is the very first feature I'd add.pic.twitter.com/dWi6Lsr3Hz
Ah, you can *manually* trigger it to do backwards or forwards data flow analysis, which is really cool. But I still kind of would rather it do a dumb text match by default without any additional clicks.pic.twitter.com/XbRdgX3NaW
You can map them to hotkeys though. I could get used to this workflow, but it's too strict (e.g. doesn't work for globals). I just want a dumb "highlight all the same symbol/text" thing...
Very cool that it has this "project" concept with a bunch of associated files, and you can link them together (e.g. follow refs from one DLL to another).pic.twitter.com/4H9itAtJ8V
And it's not just an ugly hack that loads another file; the history is seamless, you can go back to where you came from. Cool.
All the keybindings are configurable, and some of the defaults are just dumb (this used to be Ctrl-Shift-F), so let's fix that.pic.twitter.com/BAAoSaWDVc
Hah, figures it had to be in there somewhere. Honestly it should just do this by default, but I'm cool with middle mouse.https://twitter.com/0Ekho/status/1103191269029736448 …
The dark theme is... questionable, mostly because Java. It makes the menu bar unreadable. Oh well, I guess I can live with a light theme for now. Someone will probably get annoyed enough to fix this at some point.
Ah, this is a bit sad. It doesn't know that __chkesp() does not touch ST0, which breaks dataflow analysis of float return values. I can't find a sane way to override it that doesn't involve declaring it as taking a float and returning a float, which would affect *every* call.pic.twitter.com/3IQPnlWFKE
I wonder if there's a way of customizing clobbers... if it knew __chkesp() does not clobber ST0 it would work. I can make it take an arg at ST0 and return in ST0 and at least get the dataflow, but then that gunks up every function that *doesn't* return a float...
Fixed it. You can define your own calling conventions easily enough by editing Ghidra/Processors/x86/data/languages/x86win.cspec. I just defined a __fastcall_nofloat that doesn't kill float regs, and it works now.pic.twitter.com/FbwgyQ4dqC
They really released it...
I wonder if we can trust the NSA... (especially because it looks like no source code has been released yet)
It seems most, if not all, of the Ghidra components come with a *-src.zip file containing the source.
Seems the Java bits are largely open source already, but the decompiler is a binary blob written in C++. They're supposed to open source that later.
So I never really used ida, but what happens in it? curious because when I used it, it seemed pretty standard and nice to me in ghidra.
IDA just has you type the prototype in pseudo-C syntax with its own weirdness, and if it doesn't like it it just shouts at you. Getting a function prototype into IDA is always a stupid trial and error process.
oh god..... that sounds very very bad lol
try the data type manager. right click on type like int, then "find uses of". lists then all uses of int. with asm and deconpiled line. wow. just wow.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.