(评论)
(comments)

原始链接: https://news.ycombinator.com/item?id=41318133

Ghidra 扩展通过分析机器代码并从选定的列表中生成功能目标文件来解压缩机器代码。 该过程将机器代码与构建块进行比较,允许它们在新的创作中进行拆卸、更改或重用。 该工具支持 Linux、Windows 和 PlayStation 等各种平台上的 COFF 和 ELF 格式(适用于 x86 和 MIPS 系统),允许在保持可执行文件原始功能的同时取消链接和重新链接。 用户示例使用 2009 年商业游戏的 7MB Windows 可执行文件(用 C++ 编写)演示了其有效性,该游戏的运行时库被删除并在备用地址重新链接 - 在使用过程中没有显示明显的变化。 这种多功能解决方案可以促进修改游戏、移植软件、更改可执行格式、生成库以及其他应用程序。 该工具最初是为视频游戏反编译项目开发的,在 2.5 年的时间里获得了流行。

相关文章

原文
This Ghidra extension unrelocates machine code through analysis and then synthesizes a working object file from a listing selection. It effectively turns computer programs into Lego bricks, to be torn down into pieces and reused into something new.

It supports the COFF and ELF object file formats, for the x86 and MIPS architectures. It has been successfully used on Linux, Windows and PlayStation executables. One user report is on a commercial video game from 2009 with a ~7 MiB Windows executable written in C++: it was delinked without its C runtime library and then relinked into a new executable at a different base address, with no visible change in functionality, as a prelude to a decompilation project.

Use-cases I've demonstrated on my blog include modding, making software ports, converting executable file formats, creating libraries... I've originally built this as part of a video game decompilation project ; I've been working on this over the past 2.5 years and recently it has started gaining some users besides me.

联系我们 contact @ memedata.com