Cyber Shelf

// Comparison

Practical Binary Analysis vs The Ghidra Book: Which Should You Read?

Two cybersecurity books on Binary Analysis, compared honestly: who each is for, what each does best, and which to read first.

Advanced
5/52018
Practical Binary Analysis

Build Your Own Linux Tools for Binary Instrumentation, Analysis, and Disassembly

Dennis Andriesse

Dennis Andriesse on the binary toolchain you can actually script: ELF internals, dynamic taint analysis, symbolic execution and instrumentation with concrete code-along examples.

Intermediate
4/52020
The Ghidra Book

The Definitive Guide

Chris Eagle, Kara Nance

The reference manual for the NSA's open-source disassembler, written by the author of The IDA Pro Book. Exhaustive on the tool, thinner on the craft of reversing itself.

Read this if

Reverse engineers ready to stop being IDA clickers and start being programmers who happen to RE. Andriesse covers DBI (Pin), taint analysis (Triton), and symbolic execution (angr) at exactly the level a practitioner needs to weaponize them.
Practitioners switching from IDA or starting on Ghidra who want full coverage of the GUI, the decompiler, scripting, and the extension API.

Skip this if

RE beginners who haven't yet finished Practical Reverse Engineering, or readers without C and Python comfort. The book assumes you can already disassemble; the value is in the automation layer.
Skip this if you want a tutorial on how to actually reverse-engineer malware. It documents the tool deeply but rarely walks you through a real target end to end.

Key takeaways

  • Modern RE is automated RE; the book is the bridge between hand-driven analysis and the toolchain that scales to large binaries.
  • Symbolic execution is finally accessible to working RE engineers thanks to angr, and Andriesse's framing is what makes it click for most practitioners.
  • Custom DBI passes solve a category of problems that no GUI tool can; the book teaches you when to reach for them and how to write them.
  • Ghidra's collaborative project model and headless analyzer are genuine advantages over single-user tools, and the book covers both properly.
  • The decompiler is the reason to use Ghidra, and the chapters on reading and improving its output are the most useful in the book.
  • Real power comes from scripting and writing extensions; budget time for the Java/Python API chapters because that is where the tool stops being just a GUI.

How they compare

We rate Practical Binary Analysis higher (5/5 against 4/5 for The Ghidra Book). For most readers, that means Practical Binary Analysis is the primary pick and The Ghidra Book is a useful follow-up.

Practical Binary Analysis is pitched at advanced level. The Ghidra Book is pitched at intermediate level. Read the easier one first if you're not yet comfortable with the topic.

Practical Binary Analysis and The Ghidra Book both cover Binary Analysis, Reverse Engineering, Tooling, so reading them in sequence reinforces the same material from different angles.

Keep reading

Practical Binary Analysis

Alternatives to Practical Binary AnalysisWhat to read after Practical Binary Analysis

The Ghidra Book

Alternatives to The Ghidra BookWhat to read after The Ghidra Book

Related topics

Binary AnalysisReverse EngineeringTooling