Tag Archive for deeper

A few Ghidra tips for IDA users, part 4 – function call graphs, (Fri, Jun 14th)

One of the features of IDA that we use in FOR610 that can be helpful for detecting malicious patterns of API calls is the feature for creating a graph of all function calls called from the current function and any functions that it calls. The graph itself isn&#;x26;#;39;t all that pretty to look at, but it allows us to see if all the APIs in a particular pattern (code injection, for example) are made in the proper order. We do this by choosing View > Graphs > &#;x26;#;39;Xrefs from&#;x26;#;39; in the menus. In IDA, it looks like the following.