In this video we’ll take a look at a couple of different structures in a C program, compile from source and reverse them using Ghidra. Our goals will be to analyze the resulting structures using both the listing view (disassembly) and the decompiler, identify member usage, overall size and element size. We’ll also discuss the different between using the stack and heap for structure memory as well as explore padding and it’s impact on overall structure size. I’ll also discuss some inconsistencies with Ghidra output.
A discussion on reversing arrays can be found at: https://youtu.be/eNxckomOing
The source code for the sample program can be found on my Github:
https://github.com/jstrosch/learning-reverse-engineering/tree/master/Control%20Structures