10

I've been trying to learn Ghidra by attempting to reverse the comctl32.dll system library, which has many of its functions documented. I started the de-compilation analysis in it, and after a while it showed this error message:

(I don't know how soon it happened. I had to leave it to do its thing as sadly it was taking too long.)

enter image description here

Then I happened to see that if I go to File -> Download PDB file, then select some folder on my drive and provide Microsoft symbol path https://msdl.microsoft.com/download/symbols and click "Download from URL" it seems to download it.

It then asks if I want to apply it to the project and if I click Yes it shows this warning:

enter image description here

So I'm obviously not doing it right.

Thus I was curious:

A) Is it possible to provide the symbol server path and have it download needed symbol files automatically?

B) If not, what's the sequence to load symbols for a particular binary? It seems like it wants to have symbols up front, but how would I know which files/imports it may need (besides the obvious binary file that I'm opening)?

c00000fd
  • 1,659
  • 3
  • 25
  • 41

2 Answers2

3

One of the possible ways to do this - use radare2 or Cutter with the r2ghidra plugin. It will load the PDB and use Ghidra decompiler to do the actual decompilation.

Anton Kochkov
  • 696
  • 4
  • 10
2

Yea, it's not completely automatic like IDA Pro. Although the NSA dev team is very active on the project. And any US citizen should be able to add such a feature (via Java) and make a pull request to add it.

I found what you do is simply add the module to your Ghidra project. When you click on the module/executable it will ask "...Would you like to analyze it now?". Click "No", load your PDB, and then start the analysis manually via the "Analysis" menu option.

Sirmabus
  • 261
  • 1
  • 4