1

How to decompile the following assembly instructions ?

Note: this could be reproduced using /usr/bin/ls binary inside ghidra

ghidra decompilation of ls

Improve this question

2 Answers 2

Reset to default
3

From the decompiler view it cleary states there's no function. Decompiler works when you have one - it shows code of a function.

So, if that's the beginning of a function (it might be) just create it by pressing F (or right click, Create Function) while your cursor is on the line that is the beginning of this function. After that the decompiler view should populate with code.

Improve this answer
8
  • Thanks, now I have this other issue Commented May 16, 2020 at 10:44
  • 1
    It's difficult to understand just from the picture what the issue is. If it's related to this one - update your question. If not - create a new one. Commented May 16, 2020 at 12:45
  • it is unrelated, but the question remains the same on how to decompile /usr/bin/ls Commented May 16, 2020 at 12:54
  • 1
    @kevin like, how did you get to that specific address? In your second image, it doesn't look like you're in a section with actual instructions. Commented May 17, 2020 at 1:16
  • 2
    @kevin: the PLT is a table. What do you exactly expect to get from 'decompiling' it? Commented May 17, 2020 at 10:14
3

Kevin,

ls comes in coreutils. The best way to experiment with these programs is to download and manually build the binaries (in this way you can give your favorite options like -g, -O3 during compilation).

Anyways, coming back to your question, assuming you want to decompile /usr/bin/ls (that's what I get from your comments on Pawel's answer), then open ghidra gui, analyse the binary, click on file -> export program -> and export as a C/C++ file.

Improve this answer
2
  • Why export it when you can view the decompilation within Ghidra? Commented May 17, 2020 at 13:30
  • 1
    yes you can do that. But, it is much easier for a beginner to examine the exported code, as you can get globally defined structures, variables, even type information (ghidra constructs typedefs for custome types like undefined4 -> int), in a single unit. Thus you don't have to jump around and click through the references to check the information. Commented May 17, 2020 at 15:28

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.