Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

In addition to IDA, I highly recommend looking into ghidra. It's open source, so you can peak under the hood and see how it does things.

https://github.com/NationalSecurityAgency/ghidra



Yep. It's a FOSS-quality disassembler; good if you don't have IDA (I wish), supports maybe 10% of what IDA does in total but has some other niceities that it doesn't (think: disassembler-equivalent of LLVM). (Ideally, you'd have both.) For those who don't know, IDA disassembles basically every unclassified, commercially-available architecture and executable/library/object container format (think: disassembler-equivalent of GCC if it were an IBM or Green Hills product -:P). It also has a built-in scripting API in Python(?), IIRC.

An interesting semi-abandonware static disassembler that was really good is Sourcer 8.01 from V-Communications. I think it supports Pentium II/Pro/III at most, which would include real, protected mode and long mode DOS/DOS extended/Win16/Win32 EXEs and COMs IIRC. It did a lot of memory typing and clever analysis long before IDA existed, and still interesting for retro computing.

https://www.vetusware.com/download/Sourcer%208.01%208.01/?id...


You might be interested in this talk from the creator of IDA, Ilfak Guilfanov, explaining how he used Sourcer and it's shortcomings lead directly to him creating IDA.

https://m.youtube.com/watch?v=hLBlck1lTUs


It's way better than IDA Pro. I have used the Pro version with the Hex-Rays decompiler. Ghidra is legitimately better. I wouldn't recommend IDA to anyone at this point because I don't see it having much of a future (sorry not sorry).

It's worth learning the Ghidra Scripting API because you can write ad-hoc scripts with Jython syntax to automate tasks/do custom analysis.


I was using ghidra for one of my uhh research projects earlier and I actually found the decompiler from hex rays still does better in some cases. In ghidra sometimes it times out and fails to decompile. Maybe I'm not using it correctly? I haven't begun exploring what kind of plug-ins and stuff it has, maybe that helps?


For me ghidra is better with c++ disassembling than hex ray, but hex ray is better with c style assemblies

Thanks to the better RTTI Analyzer


It depends massively on platform, architecture, and programming language. Hex-Rays is probably still ideal for embedded and obscure platforms. Ghidra's decompiler seems optimized for ARM and amd64 userland consumer-level stuff that the NSA was most interested in hacking.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: