0

Given a program such as Ghidra, Binary Ninja, etc., is there a way to auto-identify a set of data and assign values a symbol based on the pattern of the data? For example, from this screenshot in Ghidra: Ghidra example

Can I have Ghidra (or another program) automatically identify and "symbolize" a set of data that would fit a user-defined pattern? Note that I'm trying to achieve this for a range of data within the file, as other parts of the file may have different data structures.

I have a programming background, so I am somewhat familiar with symbols, but only know they are used to link source code and compiled data, not specifics. I don't know what I am trying to do is called or the best way to approach the situation. Ideally, I would like to do this so I can better see what the binary data represents.

Improve this question
5
  • Isn't Reverse Engineering Stack Exchange better suited for your question? (The link is already in the Wiki of tag "reverse-engineering" you added.) Commented Aug 26, 2024 at 6:17
  • Looks like it could be, thank you for pointing it out. Is there a way to "move" my question over, or do I close this one out and re-ask on that exchange? Commented Aug 26, 2024 at 13:41
  • I did some research and it looks like only certain people with at least 3000 reputation can migrate questions to other exchanges. If you cannot do it yourself, you can Flag the post requesting this which I have done. Commented Aug 26, 2024 at 13:59
  • While I'm aware of the migration option, I cannot do this. A quick look in the help center seems to say that a site moderator can do this. -- Good luck! As a casual Ghidra user I know that user scripts are possible, but why re-invent the wheel? It's an interesting question. Commented Aug 26, 2024 at 14:07
  • Normally symbols may optionally be present in the file format, but often symbols are specifically stripped. In the case of old or low-level systems like 8-bit microcomputers you will have well-known address in the memory map, hardware registers etc. Sometimes in stripped binaries you might be able to identify what compiler and runtime library was used by seeing common patterns and then you can use symbols from non-stripped binaries made with the same compiler and runtime. There's not a one-size-fits-all solution across different reverse engineering tools. Commented Aug 27, 2024 at 7:06
Related questions
555
Managing large binary files with Git
637
How do I list the symbols in a .so file
442
What is the motivation for bringing Symbols to ES6?
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.