Color me impressed with Ghidra. Just stuff like this alone is worth it over IDA. No more fumbling over getting function prototype syntax just right to IDA's liking.pic.twitter.com/MQfprAfOuK
Show this thread
I like that the decompiler calls x86 INT 'swi(x)'. You can tell what architecture they were thinking about when they did that...pic.twitter.com/Nq3hdD5Dce
-
-
Okay, this *desperately* needs IDA's 'highlight everything that matches whatever the cursor is over' thing though. If this isn't implemented (and I just haven't found it yet), this is the very first feature I'd add.pic.twitter.com/dWi6Lsr3Hz
Show this thread -
Ah, you can *manually* trigger it to do backwards or forwards data flow analysis, which is really cool. But I still kind of would rather it do a dumb text match by default without any additional clicks.pic.twitter.com/XbRdgX3NaW
Show this thread -
You can map them to hotkeys though. I could get used to this workflow, but it's too strict (e.g. doesn't work for globals). I just want a dumb "highlight all the same symbol/text" thing...
Show this thread -
Very cool that it has this "project" concept with a bunch of associated files, and you can link them together (e.g. follow refs from one DLL to another).pic.twitter.com/4H9itAtJ8V
Show this thread -
And it's not just an ugly hack that loads another file; the history is seamless, you can go back to where you came from. Cool.
Show this thread -
All the keybindings are configurable, and some of the defaults are just dumb (this used to be Ctrl-Shift-F), so let's fix that.pic.twitter.com/BAAoSaWDVc
Show this thread -
Hah, figures it had to be in there somewhere. Honestly it should just do this by default, but I'm cool with middle mouse.https://twitter.com/0Ekho/status/1103191269029736448 …
Show this thread -
The dark theme is... questionable, mostly because Java. It makes the menu bar unreadable. Oh well, I guess I can live with a light theme for now. Someone will probably get annoyed enough to fix this at some point.
Show this thread -
Ah, this is a bit sad. It doesn't know that __chkesp() does not touch ST0, which breaks dataflow analysis of float return values. I can't find a sane way to override it that doesn't involve declaring it as taking a float and returning a float, which would affect *every* call.pic.twitter.com/3IQPnlWFKE
Show this thread -
I wonder if there's a way of customizing clobbers... if it knew __chkesp() does not clobber ST0 it would work. I can make it take an arg at ST0 and return in ST0 and at least get the dataflow, but then that gunks up every function that *doesn't* return a float...
Show this thread -
Fixed it. You can define your own calling conventions easily enough by editing Ghidra/Processors/x86/data/languages/x86win.cspec. I just defined a __fastcall_nofloat that doesn't kill float regs, and it works now.pic.twitter.com/FbwgyQ4dqC
Show this thread
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.