Detect potentials bugs in your code or program and develop your own tools using the Ghidra reverse engineering framework developed by the NSA project
Key Features
- Make the most of Ghidra on different platforms such as Linux, Windows, and macOS
- Leverage a variety of plug-ins and extensions to perform disassembly, assembly, decompilation, and scripting
- Discover how you can meet your cybersecurity needs by creating custom patches and tools
Book Description
Ghidra, an open source software reverse engineering (SRE) framework created by the NSA research directorate, enables users to analyze compiled code on any platform, whether Linux, Windows, or macOS. This book is a starting point for developers interested in leveraging Ghidra to create patches and extend tool capabilities to meet their cybersecurity needs.
You'll begin by installing Ghidra and exploring its features, and gradually learn how to automate reverse engineering tasks using Ghidra plug-ins. You'll then see how to set up an environment to perform malware analysis using Ghidra and how to use it in the headless mode. As you progress, you'll use Ghidra scripting to automate the task of identifying vulnerabilities in executable binaries. The book also covers advanced topics such as developing Ghidra plug-ins, developing your own GUI, incorporating new process architectures if needed, and contributing to the Ghidra project.
By the end of this Ghidra book, you'll have developed the skills you need to harness the power of Ghidra for analyzing and avoiding potential vulnerabilities in code and networks.
What you will learn
- Get to grips with using Ghidra's features, plug-ins, and extensions
- Understand how you can contribute to Ghidra
- Focus on reverse engineering malware and perform binary auditing
- Automate reverse engineering tasks with Ghidra plug-ins
- Become well-versed with developing your own Ghidra extensions, scripts, and features
- Automate the task of looking for vulnerabilities in executable binaries using Ghidra scripting
- Find out how to use Ghidra in the headless mode
Who this book is for
This SRE book is for developers, software engineers, or any IT professional with some understanding of cybersecurity essentials. Prior knowledge of Java or Python, along with experience in programming or developing applications, is required before getting started with this book.
Table of Contents
- Getting Started with Ghidra
- Automating RE Tasks with Ghidra Scripts
- Ghidra Debug Mode
- Using Ghidra Extensions
- Reversing Malware Using Ghidra
- Scripting Malware Analysis
- Using Ghidra Headless Analyzer
- Auditing Program Binaries
- Scripting Binary Audits
- Developing Ghidra Plugins
- Incorporating New Binary Formats
- Analyzing Processor Modules
- Contributing to the Ghidra Community
- Extending Ghidra for Advanced Reverse Engineering
A. P. David is a senior malware analyst and reverse engineer. He has more than 7 years of experience in IT, having worked on his own antivirus product, and later as a malware analyst and reverse engineer. He started working for a company mostly reverse engineering banking malware and helping to automate the process. After that, he joined the critical malware department of an antivirus company. He is currently working as a security researcher at the Galician Research and Development Center in Advanced Telecommunications (GRADIANT) while doing a malware-related PhD. Apart from that, he has also hunted vulnerabilities for some relevant companies in his free time, including Microsoft's Windows 10 and National Security Agency's Ghidra project.
