Book Image

Ghidra Software Reverse Engineering for Beginners

By : A. P. David
Book Image

Ghidra Software Reverse Engineering for Beginners

By: A. P. David

Overview of this book

Ghidra, an open source software reverse engineering (SRE) framework created by the NSA research directorate, enables users to analyze compiled code on any platform, whether Linux, Windows, or macOS. This book is a starting point for developers interested in leveraging Ghidra to create patches and extend tool capabilities to meet their cybersecurity needs. You'll begin by installing Ghidra and exploring its features, and gradually learn how to automate reverse engineering tasks using Ghidra plug-ins. You’ll then see how to set up an environment to perform malware analysis using Ghidra and how to use it in the headless mode. As you progress, you’ll use Ghidra scripting to automate the task of identifying vulnerabilities in executable binaries. The book also covers advanced topics such as developing Ghidra plug-ins, developing your own GUI, incorporating new process architectures if needed, and contributing to the Ghidra project. By the end of this Ghidra book, you’ll have developed the skills you need to harness the power of Ghidra for analyzing and avoiding potential vulnerabilities in code and networks.
Table of Contents (20 chapters)
1
Section 1: Introduction to Ghidra
6
Section 2: Reverse Engineering
12
Section 3: Extending Ghidra

Questions

  1. What is the difference between Ghidra extensions and Ghidra scripts?
  2. If you are analyzing a program developed in C++ (which is an object-oriented programming language), what kind of Ghidra extension can help you to identify classes, methods, and so on?
  3. As you know, Ghidra extensions have access to Ghidra internals, which is really powerful. Is it always better to write a Ghidra extension than to write a Ghidra script?