Pull apart an EXE file with Ghidra (NSA Tool) (Reverse Engineering)

preview_player
Показать описание
In this introduction to Ghidra we will find the source code of a simple executable without reading any assembly code!

Pull apart an EXE with Ghidra (NSA Tool).

We will also look at some more difficult executables and learn a little about the exe file format and what to look for.

We can blame John Hammond and the PWD challenge.
They get way more into the Assembly than I.
His Videos are worth a look. They find exploits and do lots of geeky things.

Want to know about the EXE header segments ?

Want an alternative to Ghidra ?

Tools used in this video

Please subscribe, ring the bell and share this video.
(and comment)

This Video brought to you by the Virus Doctor. You will get a 15% discount on a course if you use coupon code Mickyj15.

Help give this channel a fighting chance !
Please share in your community, forums, user groups and blogs !

** To help fund this adventure, here are some of the products I recommend. **

Tools used
- virustotal
- Hybrid-analysis
- HexRays /IDA
- Process Hacker
- Process Monitor
- Wireshark
- many more specific to each video

..........: About the music :..........

Music Provided by the Following

  1. Michael Jenkin
  2. Malware
  3. virus
  4. hacker
  5. IT Professional
  6. malware fighter
Рекомендации по теме
Pull apart an 0:45:28

Pull apart an EXE file with Ghidra (NSA Tool) (Reverse Engineering)

Convert .EXE to 0:08:05

Convert .EXE to Source Code!

What's inside a 0:08:27

What's inside a .EXE File?

everything is open 0:13:56

everything is open source if you can reverse engineer (try it RIGHT NOW!)

How do I 0:03:23

How do I decompile a .NET EXE into readable C# source code?

How to get 0:02:22

How to get Source code from .exe

How to edit 0:03:24

How to edit or modify EXE or DLL file in any Windows computer ?

Extract Source code 0:03:09

Extract Source code from .exe file

Use chatGPT for 0:06:13

Use chatGPT for Reverse Engineering (chatGPT as Decompiler)

How to view 0:02:21

How to view source code of exe file?

Convert .exe to 0:01:42

Convert .exe to source code with IDApro

Decompiling an EXE 0:02:55

Decompiling an EXE file (2 Solutions!!)

Disassembling a C++ 0:02:25

Disassembling a C++ Crackme - using IDA Pro

How to get 0:02:57

How to get Snowman Decompiler in x64dbg and get a working source code of the functions from assembly

Part 5: Reverse 0:00:56

Part 5: Reverse Engineering: Converting assembly code to C code Ghidra Decompiler #shorts #short

Extracting and viewing 0:27:18

Extracting and viewing bundled malware in EXE file

Simple EXE Hacking 0:12:47

Simple EXE Hacking with OllyDbg

Breaking apart a 0:25:18

Breaking apart a DotNet Malware (Subscriber request)

Get Code From 0:04:11

Get Code From .exe File | Programming Hack

How do I 0:00:37

How do I analyze an EXE file?

How to decompile/unpack 0:01:40

How to decompile/unpack python exe files compiled with pyinstaller | 2023 | pydumpck under 1 minute!

How to mod 0:21:24

How to mod an exe executable file, change strings and icons

C++ : Is 0:01:30

C++ : Is it possible to decompile a C++ executable file

How to View 0:04:02

How to View Source Code of .NET EXE

Комментарии
Автор

Personal Plea: As you can appreciate, it is very hard to get noticed on YouTube. I am doing my best to educate other IT people (MSP's, Technicians, engineers, resellers, VARs and hobbiests) so that we can know the tricks and fight back against malware.


The more education out there, the better our lives will be (and data safer).


I am an IT engineer. I am not a vlogger, a picture editor, a graphics artist or audio engineer. I make mistakes and am learning. Youtube is a tricky platform to navigate and to be heard.


I appreciate every subscriber I get but what I really need ... is your feedback, your comments, your suggestions, video ideas and if you like a video, link it on your Facebook, Twitter, Forums, Reddit or other social media. Spread the word. I can only make this channel effective if people know about it.


If you find this helpful, insightful or engaging, let others know. If you hate the format, let me know. every new video is made from advice from the last video.


Thanks everyone. You have all been great !

MichaelJenkin
Автор

Pls do not play music in the background!

TheTavaro
Автор

hey mate,
i have recently purchased binary destroyer indicator for fx trading i have it as zip file dowloaded as i purchased but it does t allow me to crack into the source code in it how can i crack the algo file and read the source code ..

nancypinancypi
Автор

Next time, no music. It's not doing you any favors.

corycourtney
Автор

Great video and demo of Ghidra, I'm now subscribed. I noticed in some parts of the video that the audio was several seconds ahead of the video, which made it a little hard to follow, but not prohibitively so. I'll share your whitehat vids with my son, it's right up his alley.

Sarge
Автор

10:57 the MS DOS header (the one that starts with MZ) is not there so that "the executable could run in command line." It used to be called from the MS DOS mode as the name suggests. Today, in Windows, that header is not used, except for its two members. The first one, that contains MZ, and the other one with the offset to the NT headers.

sentdc
Автор

If you get a missing PDB error upon analyzing, and you don't have the PDB file, are you pretty much screwed?

EpicTyphlosionTV
Автор

the audio video is out of sync on this

jefferywilkins
Автор

do you have here on the channel a video with dll decompile by ghidra?

SpaceSpice
Автор

Thank you Michael! The part where you looked into functions imported from DLL was especially interesting. Now I'm having a problem with decompiling DLL being used by a simple exe. In a nutshell, that DLL exports a few dozens of functions but my exe utilizes only one of them. Can I use Ghidra to patch the DLL so that to drop away all unused functions? It would by nice to have a video showing how to shrink DLL so that it contains only the functions used by specific exe.

alexmindr
Автор

the background music is abusively distracting!

ronraz
Автор

For anyone who searches for the word in 18:09 and is not a native speaker: "obfuscated" is the word. I recommend to search "obfuscated assembly code" to get further information on what it does. There is also a mention on stackoverflow that code obfuscation and code protection are two different things.

meylaul
Автор

Thank you for the great intro video, Michael! Very nice overview of Ghidra and how to use it.
Could you please make some follow-on videos about how to specifically analyze and RE certain types of programs (i.e. PE, Mac OS X, ELF, etc)?

PhilAlbu
Автор

Please help, i play alpine ski racing 2007, and i want change player names and stats, with quickbms i enter this setting but i can't reimport file, exe file need PAK file, i am noob in programing...

boris.utjesinovic
Автор

Thank you I'm 16 reverse engineering some stuff to improve my coding and overall tech skills and this video really helped. I found this website where there's puzzles in which you have to reverse engineer in order solve it and it's really interesting so I'm trying to solve one.

brEZ
Автор

Can you tell me how to remove a malware from an exe file. The thing is I want to use that program but it has malware that sends my data to the hacker. How do I kick the malware out and still be able to use the exe. Please atleast tell what to search for to learn how to do it myself. Please sir @Michael Jenkin

onelaugh
Автор

I'd like to figure out how to change a program from using a HLP to using a CHM for it's help.

davidmauricio
Автор

I use Retdec by Avast to decompile Dynamic Libraries, then use CppCheck or whatever to demangle the general code and recompile it to a .a library... Dynamic to static libraries ARE POSSIBLE

Автор

very interesting, thanks! keep it up dude!

ReversingHub
Автор

Have I covered everything you would expect to see ? Let me know in the comments.

MichaelJenkin