The Ghidra Book

The Ghidra Book

The Definitive Guide
by Chris Eagle and Kara Nance
September 2020, 608 pp.


Click here to access the code listings contained in this book (author site). 

Look Inside!

The Ghidra BookThe Ghidra Book Page 3The Ghidra Book Page 43The Ghidra Book Page 63The Ghidra Book Page 212The Ghidra Book Image


The result of more than a decade of research and development within the NSA, the Ghidra platform was developed to address some of the agency’s most challenging reverse-engineering problems. With the open-source release of this formerly restricted tool suite, one of the world’s most capable disassemblers and intuitive decompilers is now in the hands of cybersecurity defenders everywhere — and The Ghidra Book is the one and only guide you need to master it.

In addition to discussing RE techniques useful in analyzing software and malware of all kinds, the book thoroughly introduces Ghidra’s components, features, and unique capacity for group collaboration. You’ll learn how to:

  • Navigate a disassembly
  • Use Ghidra’s built-in decompiler to expedite analysis
  • Analyze obfuscated binaries
  • Extend Ghidra to recognize new data types
  • Build new Ghidra analyzers and loaders
  • Add support for new processors and instruction sets
  • Script Ghidra tasks to automate workflows
  • Set up and use a collaborative reverse engineering environment

Designed for beginner and advanced users alike, The Ghidra Book will effectively prepare you to meet the needs and challenges of RE, so you can analyze files like a pro.

Author Bio 

Chris Eagle has been reverse engineering software for 40 years. He is the author of The IDA Pro Book (No Starch Press) and is a highly sought after provider of reverse engineering training.

Dr. Kara Nance is a private security consultant and has been a professor of computer science for many years. She has given numerous talks at conferences around the world and enjoys building Ghidra extensions as well as providing Ghidra training.

Table of contents 

View the detailed Table of Contents


Chapter 1: Introduction to Disassembly
Chapter 2: Reversing and Disassembly Tools
Chapter 3: Meet Ghidra
Chapter 4: Getting Started with Ghidra
Chapter 5: Ghidra Data Displays
Chapter 6: Making Sense of a Ghidra Disassembly
Chapter 7: Disassembly Manipulation
Chapter 8: Data Types and Data Structures
Chapter 9: Cross-References
Chapter 10: Graphs
Chapter 11: Collaborative SRE with Ghidra
Chapter 12: Customizing Ghidra
Chapter 13: Extending Ghidra’s Worldview
Chapter 14: Basic Ghidra Scripting
Chapter 15: Eclipse and GhidraDev
Chapter 16: Ghidra in Headless Mode
Chapter 17: Ghidra Loaders
Chapter 18: Ghidra Processors
Chapter 19: The Ghidra Decompiler
Chapter 20: Compiler Variations
Chapter 21: Obfuscated Code Analysis
Chapter 22: Patching Binaries
Chapter 23: Binary Differencing and Version Tracking
Appendix: Ghidra for IDA Users


"The Ghidra Book provides a thorough introduction for new users, using clear examples with plenty of background information . . . a valuable addition to the skill set of a malware analyst."
Max Kersten

"The book takes you from the beginning of your Ghidra journey to the end. From an introduction to disassembly and working with the basics of Ghidra to scripting in Ghidra to extend its capabilities, this book covers it all. . . . a perfect 5/5 for me."
Tyler Reguly, Tripwire Book Club

"I would highly recommend this book. Rather than simply being a Ghidra user guide, the authors did an exceptional job of laying out many of the fundamental concepts involved in software reverse engineering."
Craig Young, Principal Security Researcher, Tripwire

"I enjoyed The Ghidra Book, and it was a good starting point for me in entering the world of reverse engineering and the many different tools that are accessible due to being open-sourced. I encourage anyone that has an interest in reverse engineering or who just wants to investigate cool open-sourced tools to give The Ghidra Book a read."
Matthew Jerzewski, Security Researcher, Tripwire

"A solid book."

Check out this Search Security interview with co-author Kara Nance


View the latest errata.