It’s been a short while since we final reviewed a guide, however a number of my staff has been spending time with Ghidra this yr. Craig Younger taught a course on the topic, and I’ve used it with my college students at Fanshawe Faculty of their Malware Evaluation course. Given our fascination with Ghidra, reviewing The Ghidra Guide: The Definitive Information by Chris Eagle and Kara Nance from No Starch Press made sense. I’ve a number of of Chris’s books on my shelf, and I’ve all the time loved them, so I used to be wanting ahead to digging into this one.
The guide takes you from the start of your Ghidra journey to the tip. From an introduction to disassembly and dealing with the fundamentals of Ghidra to scripting in Ghidra to increase its capabilities, this guide covers all of it. One in all my favourite points of the guide is that it doesn’t learn like a technical handbook. When books are targeted on a particular product, they will develop into very targeted on a bland strategy that may flip off readers. It feels extra like studying the proprietor’s handbook to your automobile than a guide. Fortunately, that didn’t occur with this guide, and it was pleasant. I’ll admit that I didn’t learn this guide sequentially, as a substitute leaping to subjects that had been related to my present work or that me. I believe that’s the signal of a superb technical guide when you may transfer round freely and use it as reference materials.
Right here’s what others needed to say in regards to the guide.
The Ghidra Guide: The Definitive Information by Chris Eagle and Kara Nance is a superb selection for a reference guide. This guide supplies explanations on tips on how to modify the UI and different options that Ghidra supplies. This enables any consumer to customise their structure to swimsuit their particular wants. The authors present an outline of the reverse engineering course of and the points of Ghidra that can be utilized. The authors clarify the method of obfuscation and the strategies that could be used to forestall the reverse engineering course of. They proceed on to elucidate how Ghidra can be utilized in these conditions. This enables readers to know that if any of those strategies are carried out, there are methods that Ghidra can be utilized to proceed the reverse engineering course of. General, it may be tedious to learn via the chapters that designate tips on how to customise the UI.
– Andrew SwobodaSenior Safety ResearcherTripwire
I’d extremely advocate this guide. Somewhat than merely being a Ghidra consumer information, the authors did an distinctive job of laying out most of the elementary ideas concerned in software program reverse engineering. As they stroll via varied points of Ghidra performance, they take the chance to elucidate not solely what Ghidra is displaying with its knowledge shows but additionally offering perception into how Ghidra extracts the data from a program. For instance, nice consideration is paid to creating positive the reader will perceive, at the least at a high-level, how compilers organize stack frames and the way they are often reconstructed via static evaluation. That is crucial information not just for Ghidra customers however extra usually for anybody concerned in software program reversing.
The sections in Chapter eight pertaining to figuring out knowledge constructions was immensely useful for me in one in every of my private analysis tasks. Particularly, this chapter spells out varied patterns of how programmers make use of structured knowledge varieties in addition to how the compiler displays this within the machine code. In my case, this helped me appropriate an incorrect perform prototype which had impeded my understanding of this system I used to be analyzing. One other part of specific curiosity to me is the Ghidra primary scripting information in Chapter 14. From what I used to be capable of finding, this appears to be one of many extra complete and well-documented introductions to the Ghidra scripting API.
The later chapters additionally supply a number of nice materials together with superior subjects like creating loaders, diffing/patching binaries and dealing with obfuscated packages. Though Ghidra just isn’t essentially the perfect fitted to these duties, the guide does a superb job of presenting what is feasible and what limitations exist. For instance, I had beforehand tried to change and patch an ELF binary inside Ghidra solely to seek out that this usually didn’t work the best way I anticipated. Though this was not clear to me from the Ghidra documentation, The Ghidra Guide does enormously make clear how binary loading and export works in Ghidra, which in flip explains why you can’t export a purposeful binary after utilizing the ELF loader. The Ghidra Guide has solutions to this and numerous different questions.
– Craig YoungPrincipal Safety ResearcherTripwire
Having no prior expertise with reverse engineering, I used to be excited to get the chance to dive into The Ghidra Guide. The guide made clear from the very starting that it was not a consumer handbook for Ghidra. As an alternative, it was for use as an enabling device giving sensible examples on tips on how to correctly use Ghidra. Being new to reverse engineering and thus software program reverse engineering suites (SRE’s) the guide did nicely on laying out the what, why, and the way of disassembly and the challenges that come up round them within the first part of the guide. Later, widespread instruments which might be accessible to the general public give an perception on what motived the creation of Ghidra in addition to give the reader a style of what to anticipate from Ghidra’s UI and the totally different knowledge shows. I discovered this part to be important so as to perceive what you’re as you progress additional into the guide.
The second a part of the guide is all about primary utilization in Ghidra. On this part, the reader is launched to many display photographs of the GUI and tips on how to navigate the assorted shows to render knowledge. I discovered Chapter 6 was very useful for understanding the essential navigational strategies and getting used to the disassembly constructs. As you learn additional, the guide discusses tips on how to customise Ghidra to give you the results you want. This part talks about collaboration with others on shared tasks and introducing primary scripting in Ghidra with each Java and Python languages. This part of the guide was essentially the most fascinating to me for causes of automating repetitive duties resembling enumerating capabilities, perform calls, directions and cross-references.
General, I loved The Ghidra Guide, and it was a superb start line for me in getting into the world of reverse engineering and the various totally different instruments which might be accessible because of being open-sourced. I encourage anybody that has an curiosity in reverse engineering or who simply needs to analyze cool open-sourced instruments to provide The Ghidra Guide a learn.
– Matthew Jerzewski Safety ResearcherTripwire
Personally, I’m with Craig on this one. The guide is an ideal 5/5 for me.
General Score: 4.6/5
We don’t have any plans for one more guide for the time being, so if in case you have any ideas, tell us on Twitter!