What do you think?
Rate this book
The Ghidra Book: The Definitive Guide
A guide to using the Ghidra software reverse engineering tool suite.
The result of more than a decade of research and development within the NSA, the Ghidra platform was developed to address some of the agency's most challenging reverse-engineering problems. With the open-source release of this formerly restricted tool suite, one of the world's most capable disassemblers and intuitive decompilers is now in the hands of cybersecurity defenders everywhere -- and The Ghidra Book is the one and only guide you need to master it.
In addition to discussing RE techniques useful in analyzing software and malware of all kinds, the book thoroughly introduces Ghidra's components, features, and unique capacity for group collaboration. You'll learn how to:
• Navigate a disassembly
• Use Ghidra's built-in decompiler to expedite analysis
• Analyze obfuscated binaries
• Extend Ghidra to recognize new data types
• Build new Ghidra analyzers and loaders
• Add support for new processors and instruction sets
• Script Ghidra tasks to automate workflows
• Set up and use a collaborative reverse engineering environment
Designed for beginner and advanced users alike, The Ghidra Book will effectively prepare you to meet the needs and challenges of RE, so you can analyze files like a pro.
The result of more than a decade of research and development within the NSA, the Ghidra platform was developed to address some of the agency's most challenging reverse-engineering problems. With the open-source release of this formerly restricted tool suite, one of the world's most capable disassemblers and intuitive decompilers is now in the hands of cybersecurity defenders everywhere -- and The Ghidra Book is the one and only guide you need to master it.
In addition to discussing RE techniques useful in analyzing software and malware of all kinds, the book thoroughly introduces Ghidra's components, features, and unique capacity for group collaboration. You'll learn how to:
• Navigate a disassembly
• Use Ghidra's built-in decompiler to expedite analysis
• Analyze obfuscated binaries
• Extend Ghidra to recognize new data types
• Build new Ghidra analyzers and loaders
• Add support for new processors and instruction sets
• Script Ghidra tasks to automate workflows
• Set up and use a collaborative reverse engineering environment
Designed for beginner and advanced users alike, The Ghidra Book will effectively prepare you to meet the needs and challenges of RE, so you can analyze files like a pro.
580 pages, Paperback
Published September 1, 2020
55 people are currently reading
215 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 5 of 5 reviews
August 25, 2020
Just finished reading the early access edition of Eagle's / Nance's upcoming Ghidra book. If you even think that you might be using Ghidra soon, you should get it. The content helped me quickly get up to speed on a few Ghidra-related projects I'm throwing cycles at.
The book contains an overview of Ghidra's features, tools, and frameworks. This includes:
- Iteratively improving disasemblies and decompilations (chapter 7)
- Ghidra scripting (chapter 14) for repeated and/or bulk tasks. Also works in headless mode (chapter 16)
- Creating your own binary loaders and CPU processors (to supplement what Ghidra already provides), covered in chapters 17 and 18 respectively
- Disassembly differencing (chapter 23) to see what a binary update changed...
- etc.
However, the authors also spend a lot of pages covering the domain expertise that a newly-minted reverser is going to need, such as:
- The anatomy of stack frames (chapter 6)
- Interpreting binary sections as classes and data structures (chapter 8)
- Compiler output differences (chapter 13 and 20)
- Writing patches for binaries in "code caves" (chapter 22)
I can't tell which author wrote what, but I'm pretty sure chapter 21 was all Eagle, as it shows how to use Ghidra to defeat various anti-static and anti-dynamic analysis techniques found in well-known code obfuscators. These are topics he's previously presented using IDA Pro at conferences over the years.
Anyway, this random guy on the internet that you don't know says you should get this book.
The book contains an overview of Ghidra's features, tools, and frameworks. This includes:
- Iteratively improving disasemblies and decompilations (chapter 7)
- Ghidra scripting (chapter 14) for repeated and/or bulk tasks. Also works in headless mode (chapter 16)
- Creating your own binary loaders and CPU processors (to supplement what Ghidra already provides), covered in chapters 17 and 18 respectively
- Disassembly differencing (chapter 23) to see what a binary update changed...
- etc.
However, the authors also spend a lot of pages covering the domain expertise that a newly-minted reverser is going to need, such as:
- The anatomy of stack frames (chapter 6)
- Interpreting binary sections as classes and data structures (chapter 8)
- Compiler output differences (chapter 13 and 20)
- Writing patches for binaries in "code caves" (chapter 22)
I can't tell which author wrote what, but I'm pretty sure chapter 21 was all Eagle, as it shows how to use Ghidra to defeat various anti-static and anti-dynamic analysis techniques found in well-known code obfuscators. These are topics he's previously presented using IDA Pro at conferences over the years.
Anyway, this random guy on the internet that you don't know says you should get this book.
February 28, 2023
Hodně dobrá kniha o Ghidře, i když ten, kdo se prokousal helpem a tutorialy k Ghidře v ní mnoho nového nenajde. Přesto asi po přečtení knihy začnete díky různým tipům a trikům, které kniha obsahuje, řešit úlohy v reálném světě i hříčky na crackmes.one o něco rychleji. :)
Zkrátil bych jen úvodní kapitoly, kde se kliká v UI (kdo z cílové skupiny tyhle návody pro BFU potřebuje?) a naopak rozšířil poslední kapitoly s pokročilejšími tipy, které se týkají analýzy malwaru, patchování binárek a porovnávání různých verzí binárek.
Kdo používá IDU, ocení kapitolu "Ghidra for IDa users".
V knize není zmíněn integrovaný debugger, protože v době psaní knihy ještě v Ghidře nebyl.
Zkrátil bych jen úvodní kapitoly, kde se kliká v UI (kdo z cílové skupiny tyhle návody pro BFU potřebuje?) a naopak rozšířil poslední kapitoly s pokročilejšími tipy, které se týkají analýzy malwaru, patchování binárek a porovnávání různých verzí binárek.
Kdo používá IDU, ocení kapitolu "Ghidra for IDa users".
V knize není zmíněn integrovaný debugger, protože v době psaní knihy ještě v Ghidře nebyl.
January 8, 2021
Having no experience with reverse engineering I found this book rather interesting. Having a decent but old knowledge of assembler and C, I really enjoyed how the early chapters go over how different compilers do calling conventions. I found the coverage of C++ classes fascinating. Great book if you want to learn how to use Ghidra for reverse engineering.
June 24, 2022
It’s a big, helpful manual, which doesn’t just describe but also walks through some common uses cases.
January 4, 2023
Helpful insight into reverse engineering and using Ghidra. I found some of the first parts of the book regarding the UI to be pretty self-evident and most likely should be only skimmed over.
Displaying 1 - 5 of 5 reviews