Yep! But before doing all of this, check if any .so/.dll for emulating the raw piece of code you are studying is available, so you can do this:
1. check if in the .so/.dll you can spot any function referring to any recognizable (occurring only once) kind of binary blob - like images, or strings too
2. find the same function in the raw image, Ghidra's decompiler helps so much in this
3. find the address supposed to be pointing to the same binary blob (assuming that this blob is the same in the emulated and the real version)
4. scan the raw image for that same blob you have in the emulated version
5. do the maths to find the base address of the raw image.
Obviously all of this works if the raw binary image you have all refers to the same flat memory space and there's no partial relocation by the bootloader/program accepting this image going on.
Don't ask me about that time I painfully spent so much time without knowing I had one file with the odd name of "emulator.dll" staring at me all that time...
1. check if in the .so/.dll you can spot any function referring to any recognizable (occurring only once) kind of binary blob - like images, or strings too
2. find the same function in the raw image, Ghidra's decompiler helps so much in this
3. find the address supposed to be pointing to the same binary blob (assuming that this blob is the same in the emulated and the real version)
4. scan the raw image for that same blob you have in the emulated version
5. do the maths to find the base address of the raw image.
Obviously all of this works if the raw binary image you have all refers to the same flat memory space and there's no partial relocation by the bootloader/program accepting this image going on.
Don't ask me about that time I painfully spent so much time without knowing I had one file with the odd name of "emulator.dll" staring at me all that time...