Book Image

Ghidra Software Reverse Engineering for Beginners

By : A. P. David
Book Image

Ghidra Software Reverse Engineering for Beginners

By: A. P. David

Overview of this book

Ghidra, an open source software reverse engineering (SRE) framework created by the NSA research directorate, enables users to analyze compiled code on any platform, whether Linux, Windows, or macOS. This book is a starting point for developers interested in leveraging Ghidra to create patches and extend tool capabilities to meet their cybersecurity needs. You'll begin by installing Ghidra and exploring its features, and gradually learn how to automate reverse engineering tasks using Ghidra plug-ins. You’ll then see how to set up an environment to perform malware analysis using Ghidra and how to use it in the headless mode. As you progress, you’ll use Ghidra scripting to automate the task of identifying vulnerabilities in executable binaries. The book also covers advanced topics such as developing Ghidra plug-ins, developing your own GUI, incorporating new process architectures if needed, and contributing to the Ghidra project. By the end of this Ghidra book, you’ll have developed the skills you need to harness the power of Ghidra for analyzing and avoiding potential vulnerabilities in code and networks.
Table of Contents (20 chapters)
1
Section 1: Introduction to Ghidra
6
Section 2: Reverse Engineering
12
Section 3: Extending Ghidra

Chapter 14

  1. Concrete execution means running a program using concrete values (for example, the eax register takes the value 5) while symbolic execution runs the program using symbolic values that can be expressed using Satisfiability Modulo Theories (SMT) formulas (for example, the eax register is a vector of 32 bits whose value, at this moment, is less than 5).
  2. No, it can't. It is not possible to perform symbolic execution in an efficient way for general cases.
  3. Yes. You can extend Ghidra to apply symbolic and/or concolic execution to binary files.