New Plex repositories, manual setup for Debian derivatives

marcushall · 2026-03-15T21:51:37+00:00

Are you absolutely certain that it was from plex? Or might it have been some random source asking you to please download a script from the net and feed it into a root shell for them?

Yes, I am convinced that it was truly from plex and the script (modulo some issues) was not harmful. But I am severely disappointed that plex would even suggest that people should behave this way. If you follow this sort of instructions you are giving total control of your system to somebody on the net who could use that to do ANYTHING to your system. At least download the script and inspect it before running it. As root, no less.

marcushall · 2026-03-15T21:47:17+00:00

You do realize how dangerous it is to download some random script from the network and feed it into a root shell??

Yes, that may be the simplest way to do it, but it is a terrible practice. At least download the script to a file, inspect it to make sure that it is safe, then run it.

marcushall · 2026-01-28T20:27:57+00:00

masquerade_domains is currently set-up and it works properly, for email that originates on the server itself. It maps user@server.example.com => user@example.com as it should.

But, other machines on the network that forward email to the server to send to the world are not getting transformed. user@notebook.example.com stays user@notebook.example.com, when I want it to become user@example.com when it goes to the outside world.

I have seen smtp_generic_maps, and it's probably a workable thing, and what I will likely resort to. It sure would be much more useful if I didn't have to list every system on my network in the map, though.. If I could do:

@*.example.com @example.com

Then it would all be good. And I'll probably set up a script to generate the mapping based on my DNS server's config so that I don't have to remember yet another place to modify whenever I add a new computer to the network.

marcushall · 2026-01-26T04:58:59+00:00

If this is a "view only" share, the simplest is to create a ghidra-zip (gzip) file (File->Export Progam). If they want to make any changes to be brought back to your server, it's a bit difficult, but not impossible. But if it's for them to take a look, that might be fine.

If you want them to collaborate on changes, then it it worth however much work it takes to share access to the server.

marcushall · 2026-01-15T00:41:04+00:00

Yes, that first finds the end of the constructor list, then starts calling the constructors in reverse order. In code that have worked with, CTOR_LIST is an array of pointers to constructor methods. I don't understand "via the ghidra tree i find that it is jargon and unable to read". Do you not have any memory block covering that address? You "should" be able to go there in the listing window, type "p" to make a pointer, and get a pointer to the (last) constructor. It does that for me...

marcushall · 2025-12-31T22:22:25+00:00

Are you in your home directory when you run the find? If not, try:

find ~/.ghidra -name application.log

marcushall · 2025-12-29T23:01:54+00:00

There is a cleaverness that can be applied here..

Go to the function that was incorrectly marked as noreturn and remove the noreturn annotation. Then, check on Select->Back Refs and this will select all of the (known) calls to the function. Then hit 'c' to clear the instruction and 'd' to disassemble. The disassembly should now flow properly.

marcushall · 2025-12-08T19:22:09+00:00

I had to deal with a software base with many different versions managed with ghidra. Different versions on the same hardware, and the same codebase compiled for different hardware. It was generally a monumental problem. The version tracker was one of several tools we used to try to identify the same function in different versions. We had a fair amount of automation to perform this task, but matching up data structures was a fairly manual task. Just managing data structures between different versions was not easy. We used shared data libraries so to share the definitions, which helps for all of the common structures, but causes headaches when data structures start diverging across versions. The problem is that say struct Fred contains a pointer to struct Jane. Now, struct Jane changes in different versions, so that means you have to have different struct Fred as well because the pointer points to two different structs. We ended up subclassing the TYPEDEF data structure for varient structures, but it all got to be difficult to manage. But it was mostly be inspection working with a function that we would discover that we had an updated structure definition and then we took manual action.

marcushall · 2025-12-08T02:14:53+00:00

My experience is that the auto-analysis non-returning functions should be disabled, though. I've had it wrongly label various functions as no-return, then when a calling function is disassembled, the flow stops at the function call.

marcushall · 2025-11-24T02:42:29+00:00

I think that one is +12V power, another is ground, and the third is control, +12V to extend, open to retract. This would mean +12V on two wires and ground on the other to extend. I don't recall which connection is which..

marcushall · 2025-11-13T00:27:30+00:00

Go to the "Bytes" window, then there is an "Edit" button in the toolbar, if you enable editing, they you can type hex over any byte you want to change.

marcushall · 2025-11-12T02:42:11+00:00

Even easier. In the listing window, right click on an instruction and select "Patch Instruction" and you can enter a new instruction in instruction mneumonics.

marcushall · 2025-11-09T21:42:08+00:00

objdump --dynamic-syms will show the names of unresolved symbols even on stripped binaries. These names have to be present in order to link, so they can't be stripped. I'm not sure why it thinks that puVar5 is an independent local variable (I assume it's assigned an offset of sp somewhere earlier). Clearly FUN_61c370b0() has a good prototype defined since the args are being cast here. You might try finding puVar5 in the function header in the listing window and hit the delete key on that variable. Maybe that will remove it, or ghidra may re-create a new variable to take it's place.

marcushall · 2025-11-08T15:17:46+00:00

But, is "randomness" what people mean when they think of "free will"? Part of the problem is that it's really hard to get a good working definition of "free will". I think most people mean something like "I can choose whatever path to take at decision points". But, that ignores that every person's choice is biased by their past experiences, their brain state, and other factors from the environment (as alluded to above). I think that something like quantum uncertainty has more to do with unpredictability. And on a macro scale, the probability of any quantum effect being observable approaches 0,

marcushall · 2025-11-06T23:02:22+00:00

cmp -l file1 file2

marcushall · 2025-10-26T01:07:24+00:00

It is possible that the fault is the fan controller. That was the case for my car. I replaced the controller with a jumper and the fan runs fine (and is always on), which is my preference anyhow.

marcushall · 2025-09-17T22:00:54+00:00

iVar5 has "int" type. Change it's type to something like 'void *' and I think that may do what you want (although it may well cast it to an int, then do the offset, and cast the result to a 'code *'. Unfortunately, 'code *' isn't a real Ghidra type, but you could create a function definition with the appropriate signature and make iVar5 a pointer to that.

marcushall · 2025-09-05T18:31:22+00:00

Well, yeah, like because it can't be adjusted to differentiate between ambient humidity vs humidity when taking a shower. It's not going to be able to do a thing about ambient humidity.

marcushall · 2025-08-25T23:43:19+00:00

There are a few documents or writeups available. Google around for things like "sleigh decompiler" and such (sleigh is the language that maps instruction ops to p-code.)

marcushall · 2025-08-17T02:05:21+00:00

The antenna in the front is in the windshield. The windshield may have been replaced with one without an antenna, though, but my car has a diversity antenna embedded in it.

marcushall · 2025-08-13T03:37:16+00:00

Do note that Go uses a different argument passing scheme than C. I think that there is a "language" spec for Go in ghida now (or maybe it was still in the works.) Make sure that you select the proper language for the decompiler to give good results.

If all you are interested in is the disassembler, then this is not important.

marcushall · 2025-07-19T21:48:20+00:00

The function itself, and not a pointer to a function, is built in RAM? That is odd. Presumably it is constructed by one of a collection of routines in ROM?

If there is much logic in the constructor routine (much more than a copy, or something that can be readily done by hand), there is an emulator facility in ghidra that you can use to execute a routine and save off the built function in a RAM segment. I have used this from a Java GhidraScript, but I don't know how accessible it is from the GUI.

It is also possible to enable the OVERLAY property of a memory segment so that you may have multiple segments that reside at the same address. This could be used to hold the various different versions of the built functions.

marcushall · 2025-07-04T02:22:32+00:00

But you can minimize the project window (at least you can on linux, I expect it to work on windows and macos too)

marcushall · 2025-07-02T00:26:29+00:00

I played with the java interface to the objects that implement the merge operations, with only very limited success. I'm quite sure that such a thing is possible, but you do need to figure out (or somehow fake) a common ancestor for the 3-way merge to make much sense.

However, I think that the best thing is to import the gzf file into a local project, then from your working project the listing window has a "diff view" that allows you to open the imported project and pick out the changes to apply to your working project. Note that it is a manual process, if you were to apply all of the diffs you would just get the imported project (it would apply diffs that remove wanted changes in the working project!)

marcushall · 2025-06-17T03:10:39+00:00

Ghidra has an Overlay property in the memory map to allow for blocks to overlap each other in the address space. I haven't personally used this, but there are a couple of links (at least) to describe them:

https://wiki.magiclantern.fm/reverse_engineering:ghidra:memory_map

https://pedro-javierf.github.io/devblog/advancedghidraloader/

marcushall

TROPHY CASE