top | item 27981447

(no title)

I recently started analysing a game with Ghidra. I found the plugin mentioned was actually fairly useless in my case (but this was version 9, maybe things have changed), instead I used OOAnalyzer [1] and its associated Ghidra plugin - great for bootstrapping a class hierarchy, which is otherwise extremely tedious to do. It took 24 hours and ~100GB of memory, so I ran it on AWS, splitting the analysis in parts according to [2]. Also I’d recommend looking into scripting, it can save you a lot of time in repetitive scenarios.

[1] https://github.com/cmu-sei/pharos/blob/master/tools/ooanalyz... [2] https://github.com/cmu-sei/pharos/blob/master/share/prolog/o...

discuss

xyzzy_plugh|4 years ago

I've also found Ghidra nearly useless for most things. IDA seems to blow it out of the water.

I've also had significantly more success with OOAnalyzer but as you say, it's dog slow and just consumes an unfathomable amount of memory. I had a few binaries it just completely choked on regardless of part size.

Finally, while Ghidra is pretty cool in theory, in practice it's quite brittle and rough at the edges. I've had projects get corrupted, analysis that always hang indefinitely with no diagnostic information why. And it performs about the same on a 4-core host as a 64-core host, which deeply saddens me, as almost nothing is multithreaded.

attheicearcade|4 years ago

That’s another reason I looked into scripting: fear of losing many hours of work through corruption. My last workflow meant writing scripts to define everything so I _always_ started from a blank slate. Naturally this rots over time as the API changes, but I feel much more confident I won’t lose work completely. Not a glowing review of Ghidra though :)