Open Ghidra from your applications menu or terminal. Use the command:
./ghidraRunThis will start the Ghidra interface.
Select File > New Project. Choose between a Non-Shared Project (local) or a Shared Project (collaborative). Name your project and specify a directory to store it.
Right-click on the project window and select Import File. Browse to the binary executable you want to analyze and click Open. Ghidra will prompt you to configure the import settings; proceed with the defaults or adjust as necessary.
Once imported, double-click the file in your project. Ghidra will open the CodeBrowser. Click Analysis > Analyze Program to start the analysis process. Choose analysis options and click OK.
Use the CodeBrowser to navigate through the disassembled code. The left pane shows the listing, while the right pane displays detailed information about the selected instruction. Use the Function Graph to visualize function calls and control flow.
Select a function and click on the Decompile button (or press F decompile). The decompiler will generate a high-level representation of the function, making it easier to understand.
Use the Search menu to find specific functions, strings, or patterns within the binary. This can help identify key areas of interest or vulnerabilities.
Right-click on instructions or variables to add comments and labels. This helps document your analysis for future reference.
To save your findings, select File > Export. Choose the format (e.g., text, CSV) and specify the destination.
Ghidra supports scripting in Java and Python. Use the Script Manager to run or create custom scripts.