IDENTIFYING MAIN VIA REFERENCES & CALL TREES

this method requires a program w/ debug symbols

PS C:\sre> ghidra
ghidra > File > Open > programName

ghidra > Program Tree
 Filter: {functionName}
  - clicking on the any function will bring the focus on the "listing workspace" for the specified function
  - this doesn't have to be the "main" function

 * any function can be used to trace the main function
 
ghidra > listing workspace > right-click the function name > References > Show Call Trees
 * expand the calls...
 
ghidra > Function Call Trees
 * click each calls and look for the "int __cdecl _func__cdecl_int(int _Argc, char **Argv, char **...
   in the decompile workspace
    - the most important identifier is the...
       (int _Argc, char **Argv, char **...

PreviousREBASING NextBINARY PATCHING

Last updated 4 months ago