“A few Ghidra tips for IDA users, part 3 – conversion, labels, and comments”

In this entry in my series, I’ll look at a few more of the features I regularly use in IDA and how to accomplish the same in Ghidra.

The first one is simple conversion. In this case, hex to ASCII characters (classic stack strings stuff that we cover in Day 5 of FOR610). I miss IDA’s ‘R’ key mapping, but that is currently taken by View/Edit References From. You can change that or create your own key mapping, Ctrl-Alt-R isn’t currently taken, so that’s what I use. Just like in IDA, you can right-click on the value, but then you have to choose Convert and then Char from the submenu.

01_char-convert

Another of the features I use regularly, is renaming arguments, variables, and functions as I begin to figure out their purposes. In IDA, this is the ‘N’ key, in Ghidra, it is the ‘L’ key for Label. It works exactly like in IDA. In the screenshot below, you’ll see it in the right-click menu.

 

02_edit-label0(1)

And below is the actual dialog to do the renaming.

03_edit-label1

And, the last functionality I want to cover in this post is comments. There are 4 (well, 5) types of comments that you can create with Ghidra. Pre-comments which will appear above the instruction where you place it, post-comments which appear below, EOL (and repeatable) comments at the end of the line, and Plate comments, which change the generic “Function” comment at the top of the function. I actually like some of the additions, especially the plate comment which can be used to fill in info on what I’ve discovered about the functionality of the function in question.

04_set-comment

05_set-comment-dialog

And here are examples of each

06_comment-examples

07_plate-comment-ex

I’ve got at least one more post in this series, probably next week. As with the others, if you have any tips, comments, corrections, etc. let me know via our contact page, e-mail, or via the comments below. Until next time…

—————
Jim Clausing, GIAC GSE #26
jclausing -at- isc [dot] sans (dot) edu

I will be teaching next: Malware Reverse-Engineering Challenge – SANS New York City 2019

*** This is a Security Bloggers Network syndicated blog from SANS Digital Forensics and Incident Response Blog authored by eneuens. Read the original post at: http://feedproxy.google.com/~r/SANSForensics/~3/TQCJKV6ILUE/a-few-ghidra-tips-for-ida-users-part-3-conversion-labels-and-comments