A guide to using the Ghidra software reverse engineering tool suite.
The result of more than a decade of research and development within the NSA, the Ghidra platform was developed to address some of the agency’s most challenging reverse-engineering problems. With the open-source release of this formerly restricted tool suite, one of the world’s most capable disassemblers and intuitive decompilers is now in the hands of cybersecurity defenders everywhere — and The Ghidra Book is the one and only guide you need to master it.
In addition to discussing RE techniques useful in analyzing software and malware of all kinds, the book thoroughly introduces Ghidra’s components, features, and unique capacity for group collaboration. You’ll learn how to:
Navigate a disassembly Use Ghidra’s built-in decompiler to expedite analysisAnalyze obfuscated binariesExtend Ghidra to recognize new data typesBuild new Ghidra analyzers and loadersAdd support for new processors and instruction setsScript Ghidra tasks to automate workflowsSet up and use a collaborative reverse engineering environment
Designed for beginner and advanced users alike, The Ghidra Book will effectively prepare you to meet the needs and challenges of RE, so you can analyze files like a pro.
From the Publisher
About the Authors
Kara Nance is a private security consultant. She has been a professor of computer science for many years. She has served on the Honeynet Project Board of Directors and given numerous talks at conferences around the world. She enjoys building Ghidra extensions and regularly provides Ghidra training. Chris Eagle has been reverse engineering software for 40 years. He is the author of The IDA Pro Book (No Starch Press) and is a highly sought-after provider of reverse engineering training. He has published numerous reverse engineering tools and given talks at conferences such as Blackhat, Defcon, and Shmoocon.
About the Publisher
No Starch Press has published the finest in geek entertainment since 1994, creating both timely and timeless titles like Python Crash Course, Python for Kids, How Linux Works, and Hacking: The Art of Exploitation. An independent, San Francisco-based publishing company, No Starch Press focuses on a curated list of well-crafted books that make a difference. They publish on many topics, including computer programming, cybersecurity, operating systems, and LEGO. The titles have personality, the authors are passionate experts, and all the content goes through extensive editorial and technical reviews. Long known for its fun, fearless approach to technology, No Starch Press has earned wide support from STEM enthusiasts worldwide.
Publisher : No Starch Press
Publication date : September 1, 2020
Language : English
Print length : 608 pages
ISBN-10 : 1718501021
ISBN-13 : 978-1718501027
Item Weight : 2.48 pounds
Dimensions : 7.13 x 1.38 x 9.25 inches
Best Sellers Rank: #396,959 in Books (See Top 100 in Books) #19 in Assembly Language Programming #182 in Computer Hacking #376 in Software Development (Books)
Customer Reviews: 4.8 4.8 out of 5 stars (206) var dpAcrHasRegisteredArcLinkClickAction; P.when(‘A’, ‘ready’).execute(function(A) { if (dpAcrHasRegisteredArcLinkClickAction !== true) { dpAcrHasRegisteredArcLinkClickAction = true; A.declarative( ‘acrLink-click-metrics’, ‘click’, { “allowLinkDefault”: true }, function (event) { if (window.ue) { ue.count(“acrLinkClickCount”, (ue.count(“acrLinkClickCount”) || 0) + 1); } } ); } }); P.when(‘A’, ‘cf’).execute(function(A) { A.declarative(‘acrStarsLink-click-metrics’, ‘click’, { “allowLinkDefault” : true }, function(event){ if(window.ue) { ue.count(“acrStarsLinkWithPopoverClickCount”, (ue.count(“acrStarsLinkWithPopoverClickCount”) || 0) + 1); } }); });
A customer –
Great for Getting Started on a Firmware Reversing Project
I found this book great for getting started on an effort to reverse engineer embedded camera firmware. The authors go over the basics of Ghidra in good detail, and provide many examples from which to learn. Having had no experience with any (or other) SRE tools, I really leaned on the author’s expertise in the early days. Several hundred pages in, however, the book does peter out just as it gets to the really interesting stuff. In particular, the versioning tools and use of Java-based “scripts” to develop new capabilities is covered at a very cursory level. In any case, these topics would likely require a book of their own — possibly as a volume 2 companion to this worthy tome.
Zach –
Incredible Book
Wonderful book, featuring loads of helpful tips, a comprehensive general overview of reverse engineering, and a thorough breakdown of every Ghidra tool one could possibly hope for.Note that while the Ghidra/RE advice is universal, the examples assume x86 architecture. This wasn’t an issue for me, but RE work involving another architecture may benefit from supplementary material.
Sgkmp –
Pretty good book
I’m really surprised at how good this book is. Real nice step by step walkthrow. It describes all the different features available and it does a very nice job of explaining how the disassembler and decompiler work. Has been very useful. I have some assembly background so the explanations make it very clear in my mind. Im enjoying this book.
a –
Very in depth
This book goes in-depth on almost every aspect of Ghidra. I say almost because the second to last chapter is only a few chapters long, simply introduces the concept of version tracking, and then tells you to look it up yourself so that drops a rating level for me.
John Prefect –
Pretty good
Great information
H. Young –
Very well written
Very well written and useful info that one would miss initially.
Danny –
Ghidra can be infuriating, this book makes it better
Chris Eagle and Kara Nonce’s new book on Ghidra, an open source NSA made reverse engineering tool, is the definitive guide for reverse engineering and Ghidra. After reading this book, you will understand the love-hate relationship with the tool. Once again, NoStarch, Eagle, and Nance deliver an extremely readable, high-quality, and authoritative text.After its release in the Spring of 2019, Ghidra became an integral part of my malware analysis toolset. In exchange for overlooking Ghidra’s origins from the US National Security Agency, you get free, vendor-drama-free licensing, and one of the best decompilers available (IDA is still better).Ghidra was developed back when Java was still a good idea, so it suffers from common pitfalls: it’s slow and the UI requires patience and tolerance. The development environment is strange, especially for someone who has avoided Java like the plague.The Ghidra Book adeptly walks you through the byzantine maze of non-sensical usage of the tool. It explains the underlying mechanics of what you’re doing and why you are doing it. The pro-tips from a Master Reverse Engineer can help any level of experience, from pro to aspiring. The second half of the book provides the real meat if you are coming with experience.Part I and II are a gentle introduction to reverse engineering using Ghidra, written for noob. Part III is where the magic happens, from setting up a ghidra server, to nuances with the Ghidra scripting and plugin framework. Part IV goes into the guts of how Ghidra works, thankfully enabled by open source code. Part V is my favorite, as a connosieur of malware obfuscation techniques.This book is worth the money.
Mason –
Outstanding Resource
This is the definitive reference for Ghidra at any skill level. Checkout the table of contents to get an idea of all the things this book unlocks for you!
abhijit mohanta –
bought the Kindle edition and was going through it. I would consider it as another great work from Chris Eagle, the first book covering Ghidra.
pat Ford –
I have Chris’s IDA pro book, this on (Ghidra Handbook) is the same quality.
HeinzK –
Useful for using Ghidras most powerful C decompiler.
Amsta –
Poor quality
Peter Guthseel –
Sehr gute Einführung in Ghidra. Endlich ein Ersatz für das in den letzten Jahren teure gewordene IDA Pro.