The Ghidra Book
The Definitive Guide
The reference manual for the NSA's open-source disassembler, written by the author of The IDA Pro Book. Exhaustive on the tool, thinner on the craft of reversing itself.
As an Amazon Associate we earn from qualifying purchases. The link above is sponsored.
- Authors
- Chris Eagle,Kara Nance
- Published
- 2020
- Publisher
- No Starch Press
- Pages
- 608
- Language
- English
Prerequisites
Comfort reading assembly and a working mental model of how compiled binaries are laid out. This teaches Ghidra, not reverse engineering from zero.
Read this if
Practitioners switching from IDA or starting on Ghidra who want full coverage of the GUI, the decompiler, scripting, and the extension API.
Skip this if
Skip this if you want a tutorial on how to actually reverse-engineer malware. It documents the tool deeply but rarely walks you through a real target end to end.
Key takeaways
- Ghidra's collaborative project model and headless analyzer are genuine advantages over single-user tools, and the book covers both properly.
- The decompiler is the reason to use Ghidra, and the chapters on reading and improving its output are the most useful in the book.
- Real power comes from scripting and writing extensions; budget time for the Java/Python API chapters because that is where the tool stops being just a GUI.
Notes
The closest thing to an official Ghidra manual, and Eagle's IDA Pro Book pedigree shows in how methodically it maps every menu, panel, and API surface. The flip side is that it reads like a manual: thorough and a little dry, strongest as a reference you reach for rather than a book you read front to back.
What to read before
What to read before The Ghidra Book →Intermediate · 2011
The IDA Pro Book
Chris Eagle's deep manual on IDA Pro, the disassembler that defined a generation of reverse engineering. Useful even with Ghidra in the picture, since most malware-analysis literature still assumes IDA.
Advanced · 2018
Practical Binary Analysis
Dennis Andriesse on the binary toolchain you can actually script: ELF internals, dynamic taint analysis, symbolic execution and instrumentation with concrete code-along examples.
Beginner · 2009
Nmap Network Scanning
Written by Nmap's own author, this is both a gentle introduction to port scanning and the definitive reference for every flag, timing knob, and NSE script the tool ships with.
What to read next
What to read after The Ghidra Book →Advanced · 2018
Practical Binary Analysis
Dennis Andriesse on the binary toolchain you can actually script: ELF internals, dynamic taint analysis, symbolic execution and instrumentation with concrete code-along examples.
Intermediate · 2011
The IDA Pro Book
Chris Eagle's deep manual on IDA Pro, the disassembler that defined a generation of reverse engineering. Useful even with Ghidra in the picture, since most malware-analysis literature still assumes IDA.
Advanced · 2021
The Hardware Hacking Handbook
Jasper van Woudenberg and Colin O'Flynn (NewAE / ChipWhisperer) on real hardware attacks: bus sniffing, fault injection, side-channel power analysis, and the lab work that turns a black box into a known target.
Explore similar books
Alternatives to The Ghidra Book →Intermediate · 2011
The IDA Pro Book
Chris Eagle's deep manual on IDA Pro, the disassembler that defined a generation of reverse engineering. Useful even with Ghidra in the picture, since most malware-analysis literature still assumes IDA.
Advanced · 2018
Practical Binary Analysis
Dennis Andriesse on the binary toolchain you can actually script: ELF internals, dynamic taint analysis, symbolic execution and instrumentation with concrete code-along examples.
Intermediate · 2005
Reversing
The book that taught a generation how software actually looks once you strip away the source. Still the clearest on-ramp to thinking in assembly, even with dated tools.