The Ghidra Book The Definitive Guide

A guide to using the Ghidra software reverse engineering tool suite.

The result of more than a decade of research and development within the NSA, the Ghidra platform was developed to address some of the agency's most challenging reverse-engineering problems. With the open-source release of this formerly restricted tool suite, one of the world's most capable disassemblers and intuitive decompilers is now in the hands of cybersecurity defenders everywhere -- and The Ghidra Book is the one and only guide you need to master it.

In addition to discussing RE techniques useful in analyzing software and malware of all kinds, the book thoroughly introduces Ghidra's components, features, and unique capacity for group collaboration. You'll learn how to:

Navigate a disassembly

Use Ghidra's built-in decompiler to expedite analysis

Analyze obfuscated binaries

Extend Ghidra to recognize new data types

Build new Ghidra analyzers and loaders

Add support for new processors and instruction sets

Script Ghidra tasks to automate workflows

Set up and use a collaborative reverse engineering environment

Designed for beginner and advanced users alike, The Ghidra Book will effectively prepare you to meet the needs and challenges of RE, so you can analyze files like a pro.

Chris Eagle has been reverse engineering software for 40 years. He is the author of The IDA Pro Book (No Starch Press) and is a highly sought-after provider of reverse engineering training. He has published numerous reverse engineering tools and given numerous talks at conferences such as Blackhat, Defcon, and Shmoocon.

Dr. Kara Nance is a private security consultant. She has been a professor of computer science for many years. She has served on the Honeynet Project Board of Directors and has given numerous talks at conferences around the world. She enjoys building Ghidra extensions and regularly provides Ghidra training

Chapter 1: Introduction to Disassembly
Chapter 2: Reversing and Disassembly Tools
Chapter 3: Ghidra Background
Chapter 4: Getting Started with Ghidra
Chapter 5: CodeBrowser and Display Windows
Chapter 6: Disassembly Navigation
Chapter 7: Disassembly Manipulation
Chapter 8: Data Types and Data Structures
Chapter 9: Cross-References
Chapter 10: Graphs
Chapter 11: Collaborative SRE with Ghidra
Chapter 12: Customizing Ghidra
Chapter 13: Extending Ghidra Signatures
Chapter 14: Basic Ghidra Scripting
Chapter 15: Advanced Ghidra Scripting
Chapter 16: Using Ghidra in Headless Mode
Chapter 17:  Unrecognized Binary Files
Chapter 18: Processors
Chapter 19: Compiler Variations
Chapter 20: Obfuscated Code Analysis
Chapter 21: Patching Binaries
Chapter 22: Vulnerability Analysis
Chapter 23: Binar Differencing and Version Tracking
Appendix A: Ghidra for IDA Users
Appendix B: C to assembly correspondence