Ghidra: overhead of recompile

Created on 5 Apr 2019  路  5Comments  路  Source: NationalSecurityAgency/ghidra

I wonder if I can see some info about overhead of ghidra
I mean is there any difference of the overhead between the original binary and the binary decompiled by ghidra and exported by ghidra

Question
Source
picture weiwang999

Most helpful comment

It sounds like you aren't interested in exporting the bytes of the binary that was imported and having it run. Instead, it seems like you are asking about recompiling the decompiler's code back into an executable and running it. For anything but the simplest of binaries, the effort to do this correctly will most likely not be worth the effort, especially if your motivation is to optimize the binary. That is not a goal of Ghidra.

picture ryanmkurtz on 5 Apr 2019
👍2

All 5 comments

If you're talking about the binary export functionality (which due to #19 only works after importing as "Raw Binary") - then the output should be the exactly same binary.

As for compiling the decompiled output (which will most likely _not_ work) - that can differ vastly from the original source code of the application and I have not seen anyone (nor do I think it's possible) to recompile full executables.

Ristovski picture Ristovski on 5 Apr 2019
👍1

I don't understand what the raw binary is .is there any difference between raw binary and ELF?
why it will most likely not work as for compiling the decompiled output?

I want to test the overhead of ghidra so that's why I recompile the output decompiled by ghidra to get the binary. if the overhead of the binary obtained from ghidra is higher than the original binary, it doesn't work for me

weiwang999 picture weiwang999 on 5 Apr 2019

It sounds like you aren't interested in exporting the bytes of the binary that was imported and having it run. Instead, it seems like you are asking about recompiling the decompiler's code back into an executable and running it. For anything but the simplest of binaries, the effort to do this correctly will most likely not be worth the effort, especially if your motivation is to optimize the binary. That is not a goal of Ghidra.

ryanmkurtz picture ryanmkurtz on 5 Apr 2019
👍2

Indeed, ever since van Emmerik invented the proof of SSA over 15 years ago this question comes up every now and then.

The thing is for a small binary of 10k WITH debuginfo it might be possible to recompile output from a decompiler (been there done that), however for every instruction it adds to the Shannon entropy which makes it more difficult for the decompiler to predict the correct statement even with debuginfo.

nihilus picture nihilus on 5 Apr 2019

@ryanmkurtz @weiwang999 one must understand that this is partly the goal of a decompiler however the way as weiwang seem to want to do it is not even a way forward. This can however be achieved by understanding and reimplemtning the code in a DSO and overload the original code, at least given how ELF loaders works; How they work and everything about it is left for the reader as an exercise.

nihilus picture nihilus on 5 Apr 2019
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

chibicitiberiu picture chibicitiberiu  路  3Comments
tambry picture tambry  路  3Comments
forkoz picture forkoz  路  3Comments
CalcProgrammer1 picture CalcProgrammer1  路  3Comments
toor-de-force picture toor-de-force  路  3Comments