WEBVTT 00:00.920 --> 00:01.800 Hello everyone. 00:01.800 --> 00:02.840 I'm Typhoon here. 00:03.400 --> 00:04.200 Welcome back. 00:05.080 --> 00:10.240 Now, at this point you have gained enough confidence to create a GitHub projects, import binaries 00:10.240 --> 00:12.200 and initiate automatic analysis. 00:12.880 --> 00:18.800 Now it's time to take a full control of the code browser, which is your command center for most of 00:18.800 --> 00:22.280 your software engineering tasks. 00:22.720 --> 00:24.920 So we will open the JIRA here again. 00:28.080 --> 00:35.400 And in this lecture we will explore the Code Browser menu system, break down its six default sub windows 00:35.400 --> 00:42.800 and teach you how to organize and manage windows, customize your layout, and use uh ates like entropy 00:42.800 --> 00:48.640 and navigation bars to supercharge your analysis workflow. 00:48.680 --> 00:51.120 Now we will open this hello world Xa. 00:55.920 --> 01:00.560 Now normally the code browser here is crash data? 01:00.600 --> 01:00.960 No. 01:01.840 --> 01:09.440 So normally this code browser will open when you double click a binary file in your project. 01:09.440 --> 01:10.600 This is a code browser. 01:11.560 --> 01:13.160 I will make me smaller now. 01:14.160 --> 01:14.640 Yeah. 01:15.680 --> 01:19.520 So normally code browser opens like we did in. 01:19.560 --> 01:23.400 We double click this hello world, the text that we imported in our previous lecture. 01:25.640 --> 01:27.080 And yeah, it opened. 01:27.080 --> 01:34.520 But you can also open a clean, unpopulated instance of a code browser manually from going to tools. 01:36.800 --> 01:45.120 And here of course in this here tools run and code browser, you can run the code browser from their 01:45.840 --> 01:48.080 debugger, emulator and version tracking. 01:49.280 --> 01:56.360 Now this is helpful when demonstrating features without being influenced by file specific content. 01:56.360 --> 01:59.430 And at the top you will see the main menu bar. 01:59.630 --> 02:06.150 We have explained that in previous lecture, but don't worry, this is some this is a little different. 02:07.070 --> 02:12.950 So you will also see the top bar which provides a quick access to frequent actions like navigating, 02:13.190 --> 02:15.630 saving or configuring views. 02:15.870 --> 02:19.310 Now we will walk you through each major view here. 02:19.510 --> 02:23.150 Now we will first explore the code browser with empty. 02:23.750 --> 02:24.830 Now here we have. 02:24.870 --> 02:32.670 We can see the file which is standard file operations open save import export. 02:32.670 --> 02:33.710 You can see here. 02:35.430 --> 02:40.310 Plus it has some specific options like tool options. 02:40.950 --> 02:43.350 Let me make I will make a little bit higher. 02:43.390 --> 02:47.270 Me I like the tool options. 02:50.110 --> 03:00.790 Here or for layout references configure close tool parse see source Hours, and we can also have parse 03:00.830 --> 03:05.910 the C source to enhance Decompilation results. 03:06.750 --> 03:08.670 We will do that in next lectures. 03:09.350 --> 03:11.550 And we also have the edit here. 03:13.750 --> 03:21.630 Now this includes two options for modifying global behaviors and graphical user interface settings. 03:24.150 --> 03:27.830 Here we have the program options which is grayed out right now. 03:28.750 --> 03:33.990 You will see that in our hello World analysis here options for view. 03:34.030 --> 03:38.190 We will have a added options if you have different some kind of projects. 03:38.710 --> 03:46.230 Um, now uh so we can also use the graphical user interface settings uh from going to tool options. 03:46.590 --> 03:55.310 So we can use the like the editor, um, adjust color schemes, uh, like font size and even key bindings 03:55.310 --> 03:59.750 here, which I don't recommend using that because the Ghidra. 04:00.870 --> 04:03.190 Ghidra cheat sheet will help you a lot. 04:09.910 --> 04:19.270 So the key bindings of this program is carefully designed, so I don't recommend changing it. 04:19.310 --> 04:20.990 Just just get used to it. 04:21.030 --> 04:21.510 Right. 04:21.750 --> 04:26.270 But if you want to change it here here's your option. 04:27.630 --> 04:29.710 And we have the analysis tab here. 04:29.910 --> 04:36.190 Uh now we will go back to Code Browser uh, which we have opened with the Hello World project. 04:36.910 --> 04:38.030 We have you can see. 04:40.230 --> 04:40.670 Yeah. 04:40.670 --> 04:41.910 This is a code browser. 04:42.670 --> 04:50.750 So in analysis page, uh, which lets you run, uh, the rerun the automatic analysis or execute targeted 04:50.750 --> 04:56.500 analysis tasks, which this is useful for refining results if the initial pass didn't catch everything. 04:57.220 --> 05:08.300 So this basically gives you an option to reanalyze, refine and dive deeper with every pass. 05:08.580 --> 05:14.100 So if you click on this auto analyze you will see that if analyze all open. 05:16.260 --> 05:21.060 And one shot we will use that in next lectures. 05:22.100 --> 05:29.660 And here we have the navigation uh which recognizes how essential smooth traversal is when jumping across 05:29.660 --> 05:31.820 a maze of code paths and references. 05:33.020 --> 05:38.860 Basically you can go to specific address label or expression. 05:39.340 --> 05:43.580 We have the option of case sensitive and dynamic labels. 05:44.380 --> 05:46.100 And we have the. 05:48.580 --> 05:52.060 The SIM we can go to the symbol source next function and so on. 05:52.060 --> 05:55.660 So we have we have and we also can clear the history. 05:57.260 --> 05:59.100 We have the search here. 06:00.660 --> 06:10.220 This is a core analytical weapon here which you can locate the strings, instructions, scalars, references 06:10.460 --> 06:14.140 or like patterns at all to tell you a story. 06:15.020 --> 06:21.540 We have the select which supports scoped operations where choosing what to analyze is as important as 06:21.860 --> 06:22.540 is how. 06:23.900 --> 06:34.220 Now we also have the yeah, we also have the tools which brings extra intelligence such as referring 06:34.220 --> 06:38.500 processor manuals or launching advanced utilities. 06:39.020 --> 06:45.340 So if we click on that now the Gator could not find the procedure manual for this. 06:45.540 --> 06:45.980 The. 06:48.540 --> 06:54.900 But of course there's in internet there's everything we can find the processor manual for this, which 06:54.900 --> 06:57.020 is as popular as it gets. 06:59.060 --> 07:02.380 This is just a 32 bit portable executable file here. 07:04.020 --> 07:05.740 And yeah, we have the windows. 07:06.100 --> 07:06.780 Uh, by the way. 07:06.780 --> 07:09.980 You will, uh, we will use the graph in the next lecture. 07:10.260 --> 07:13.900 Uh, this will be very useful and very advanced feature of Ghidra. 07:14.940 --> 07:16.300 So I like that graph. 07:16.700 --> 07:19.100 We will have a separate lecture about the graphs here. 07:19.100 --> 07:22.940 But basically you can graph the block flow. 07:25.700 --> 07:28.060 Here the graph is uploaded right now. 07:28.380 --> 07:28.740 Yeah. 07:28.780 --> 07:29.420 Don't worry. 07:29.820 --> 07:35.780 And we have the windows here which reflects uh your control over workspace ergonomics. 07:35.940 --> 07:38.260 We have pie graph function call graph. 07:38.300 --> 07:40.300 Like we can choose everything here. 07:40.420 --> 07:43.100 And uh the help. 07:43.220 --> 07:45.580 So this is an underappreciated asset. 07:45.620 --> 07:49.580 It is not as useless as Windows Help gets. 07:50.100 --> 07:57.330 Uh, which I haven't seen an instance where Windows Help or Windows Network Help has helped with me 07:57.330 --> 07:57.930 something. 07:58.850 --> 08:03.610 So don't worry, this this will come pretty handy. 08:06.570 --> 08:07.090 Here. 08:10.970 --> 08:17.410 And yeah, that's how Ghidra the main toolbar works. 08:18.410 --> 08:23.770 And understanding Ghidra layout isn't just about knowing where the things are, it's about internalizing 08:23.770 --> 08:24.970 how they work together. 08:25.010 --> 08:32.170 Now each window, each bar, each pop up is a part of a dialog between you and the program you are reversing. 08:32.210 --> 08:38.170 Now it reflects the principle which is reverse engineering is more than decoding. 08:38.610 --> 08:40.610 Now it's about reasoning through complexity. 08:41.130 --> 08:47.610 Now in the next lecture, we will start exploring how to go beyond the manual using scripting and automation 08:47.610 --> 08:51.730 to make it do more more of a heavy lifting for you.