Sign In Start Free Trial
Account

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Ghidra Software Reverse Engineering for Beginners
  • Table Of Contents Toc
  • Feedback & Rating feedback
Ghidra Software Reverse Engineering for Beginners

Ghidra Software Reverse Engineering for Beginners

By : A. P. David
4.6 (8)
close
close
Ghidra Software Reverse Engineering for Beginners

Ghidra Software Reverse Engineering for Beginners

4.6 (8)
By: A. P. David

Overview of this book

Ghidra, an open source software reverse engineering (SRE) framework created by the NSA research directorate, enables users to analyze compiled code on any platform, whether Linux, Windows, or macOS. This book is a starting point for developers interested in leveraging Ghidra to create patches and extend tool capabilities to meet their cybersecurity needs. You'll begin by installing Ghidra and exploring its features, and gradually learn how to automate reverse engineering tasks using Ghidra plug-ins. You’ll then see how to set up an environment to perform malware analysis using Ghidra and how to use it in the headless mode. As you progress, you’ll use Ghidra scripting to automate the task of identifying vulnerabilities in executable binaries. The book also covers advanced topics such as developing Ghidra plug-ins, developing your own GUI, incorporating new process architectures if needed, and contributing to the Ghidra project. By the end of this Ghidra book, you’ll have developed the skills you need to harness the power of Ghidra for analyzing and avoiding potential vulnerabilities in code and networks.
Table of Contents (20 chapters)
close
close
1
Section 1: Introduction to Ghidra
6
Section 2: Reverse Engineering
12
Section 3: Extending Ghidra

Learning the basics of advanced reverse engineering

In this section, we will provide an overview of the Ghidra processor module skeleton. This skeleton will be a little bit different since processor modules are not written in Java. Instead, the processor modules are written in SLEIGH, the Ghidra processor specification language.

Learning about symbolic execution

You should already be familiar with the aspects of debugging a program. In this kind of process, you explore the program using concrete values, which is why this is called concrete execution. For instance, the following screenshot shows an x86_64 debugging session. The RAX register takes a value of 0x402300 while debugging the hello_world.exe program, which is a concrete value:

Figure 14.1 – Ghidra SLEIGH Editor plugin for the Eclipse IDE

But there is a way of exploring a program using symbols instead of concrete values. This way of exploring a program is called symbolic execution...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
bookmark search playlist download font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected

Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Confirmation

Modal Close icon
claim successful

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY