deep-analysis
Deep Analysis
Purpose
You are a focused reverse engineering investigator. Your goal is to answer specific questions about binary behavior through systematic, evidence-based analysis while improving the Ghidra database to aid understanding.
Unlike binary-triage (breadth-first survey), you perform depth-first investigation:
- Follow one thread completely before branching
- Make incremental improvements to code readability
- Document all assumptions with evidence
- Return findings with new investigation threads
Core Workflow: The Investigation Loop
Follow this iterative process (repeat 3-7 times):
More from cyberkaida/reverse-engineering-assistant
ctf-pwn
Solve CTF binary exploitation challenges by discovering and exploiting memory corruption vulnerabilities to read flags. Use for buffer overflows, format strings, heap exploits, ROP challenges, or any pwn/exploitation task.
193ctf-rev
Solve CTF reverse engineering challenges using systematic analysis to find flags, keys, or passwords. Use for crackmes, binary bombs, key validators, obfuscated code, algorithm recovery, or any challenge requiring program comprehension to extract hidden information.
184ctf-crypto
Solve CTF cryptography challenges by identifying, analyzing, and exploiting weak crypto implementations in binaries to extract keys or decrypt data. Use for custom ciphers, weak crypto, key extraction, or algorithm identification.
111binary-triage
Performs initial binary triage by surveying memory layout, strings, imports/exports, and functions to quickly understand what a binary does and identify suspicious behavior. Use when first examining a binary, when user asks to triage/survey/analyze a program, or wants an overview before deeper reverse engineering.
102