Welcome to my blog!
I'll tell you about RE-
Writing a wasm loader for Ghidra. Part 2: Implement loader
In the previous article I’ve described how to build the simple module to parse WebAssembly binary loader for the Ghidra. The module, I’ve created, contained a blank loader, blank analyzer, and placeholder for the processor. The only functionality it provided – verification of the header and suggesting the loader which will parse the input file.
In this article, I’m going to finish the implementation of the loader. I’ll tell how to parse a binary file and show its structure in human-readable representation, using WebAssembly format as an example.
But before I dive into coding, I propose to review the workflow of file analysis and understand what callbacks Ghidra provides to the developer. I’ve learned it, studying sources of ghidra and recommend to do this to everyone who wants to develop his own module. Sources are clean to understanding and easy to read.
-
Writing a wasm loader for Ghidra. Part 1: Problem statement and setting up environment
This week, NSA (National Security Agency) all of a sudden made a gift to humanity, opening sources of their software reverse engineering framework. The reverse engineering community started to explore the new toy with great enthusiasm. According to the feedback, it’s a tool, able to compete with existing solutions, such as IDA Pro, R2 and JEB. The tool is called Ghidra, and professional resources are full of impressions from researchers. Actually, they had a good reason: not everyday government organizations provide access to their internal tools. Myself as a professional reverse engineer and malware analyst couldn’t pass by as well. I decided to spend a weekend or two and get a first impression of the tool. I had played a bit with disassembly and decided to check the extensibility of the tool. In this series of articles, I’ll explain the development of Ghidra add-on, which loads custom format, used to solve the CTF task. As it’s a large framework and I’ve chosen a quite complicated task, I’ll break the article into several parts. By the end of this part, I hope to set up a development environment and build a minimal module, which will be able to recognize the format of the WebAssembly file and will suggest the right disassembler to process it.