The Ghidra Book Cover

The Ghidra Book

A Definitive Guide
by Chris Eagle and Kara Nance
August 2020, 640 pp.
Use coupon code PREORDER to get 25% off!


The ability to analyze software with a disassembler is a crucial reverse engineering skill and one of the core competencies expected of malware analysts and software security researchers. Ghidra is one of the world's most capable disassemblers, and it's the only one that includes an environment for collaborative reverse engineering. Ghidra is also a comprehensive open source tool suite and a powerful alternative to the commercial competitors that come with a hefty price tag and steep learning curve.

The Ghidra Book is a practical, thorough introduction to Ghidra. It includes instructions on how to use and modify Ghidra to make it meet your needs or those of your organization. The book begins with background on the reverse engineering process. You'll then be introduced to important Ghidra features, together with examples showing how to customize the suite. You'll learn how to:

  • Navigate a disassembly
  • Use Ghidra's built-in decompiler to expedite analysis
  • Analyze obfuscated binaries
  • Extend Ghidra to recognize new data types
  • Build new Ghidra analyzers
  • Build new Ghidra loaders
  • Add support for new processors and instruction sets
  • Script Ghidra tasks to automate workflows
  • Set up and use a collaborative reverse engineering environment

By the end of the book, you will have learned how to use Ghidra efficiently and maximize its effectiveness.

Author Bio 

Chris Eagle has been reverse engineering software for 40 years. He is the author of The IDA Pro Book (No Starch Press) and is a highly sought after provider of reverse engineering training. He has published numerous reverse engineering tools and given numerous talks at conferences such as Blackhat, Defcon, and Shmoocon.

Dr. Kara Nance is a private security consultant. She has been a professor of computer science for many years. She has served on the Honeynet Project Board of Directors and has given numerous talks at conferences around the world. She enjoys building Ghidra extensions and regularly provides Ghidra training.

Table of contents 

View the detailed Table of Contents


Chapter 1: Introduction to Disassembly
Chapter 2: Reversing and Disassembly Tools
Chapter 3: Meet Ghidra
Chapter 4: Getting Started with Ghidra
Chapter 5: Ghidra Data Displays
Chapter 6: Making Sense of a Ghidra Disassembly
Chapter 7: Disassembly Manipulation
Chapter 8: Data Types and Data Structures
Chapter 9: Cross-References
Chapter 10: Graphs
Chapter 11: Collaborative SRE with Ghidra
Chapter 12: Customizing Ghidra
Chapter 13: Extending Ghidra’s Worldview
Chapter 14: Basic Ghidra Scripting
Chapter 15: Eclipse and GhidraDev
Chapter 16: Ghidra in Headless Mode
Chapter 17: Ghidra Loaders
Chapter 18: Ghidra Processors
Chapter 19: The Ghidra Decompiler
Chapter 20: Compiler Variations

Chapter 21: Obfuscated Code Analysis
Chapter 22: Patching Binaries
Chapter 23: Binary Differencing and Version Tracking
Appendix: Ghidra for IDA Users

The chapters in red are included in this Early Access PDF.