View Single Post
Old 08-01-2021, 06:11 AM   #5
sherman
Guru
sherman ought to be getting tired of karma fortunes by now.sherman ought to be getting tired of karma fortunes by now.sherman ought to be getting tired of karma fortunes by now.sherman ought to be getting tired of karma fortunes by now.sherman ought to be getting tired of karma fortunes by now.sherman ought to be getting tired of karma fortunes by now.sherman ought to be getting tired of karma fortunes by now.sherman ought to be getting tired of karma fortunes by now.sherman ought to be getting tired of karma fortunes by now.sherman ought to be getting tired of karma fortunes by now.sherman ought to be getting tired of karma fortunes by now.
 
Posts: 718
Karma: 1433328
Join Date: Aug 2008
Location: Auckland - NZ
Device: Kobo Aura H2O, Kobo Forma
Quote:
Originally Posted by geek1011 View Post
Ghidra's decompiler is far better than anything but IDA, and it's free. But, I recommend disabling the option which hides namespaces (it's on by default) or you'll have a hard time actually reading the output since the class names will be lost.
Just a quick note that this changed in Ghidra 9.2.x+, although I wouldn't use 9.2 for libnickel, for some reason the decompilation is very abridged compared to 9.1.x. Thankfully, Ghidra 10 resolved that, so is good to use.

As noted, I've found that the Ghidra decompilation sometimes struggles with arguments and returns, and if you're like me who hasn't (yet) managed to understand ARM assembly, you have to make some educated guesses.

I've found that the function call graph can be quite useful to see where and how functions and methods are called.
sherman is offline   Reply With Quote