أمس, 03:06 PM
The Ghidra Book, 2nd Edition
The Definitive Guide
by Kara Nance and Chris Eagle
March 2026, 632 pp.
ISBN-13:
9781718504684
Download link attached: EPUB and PDF
“A must-read for any reverse engineer.”
—Max “Libra” Kersten
Developed through more than a decade of research within the NSA, Ghidra was created to address some of the most challenging reverse engineering problems faced by the US government. With its open source release, this formerly restricted tool suite is now freely available to cybersecurity practitioners, researchers, and students worldwide. The Ghidra Book provides a clear, practical guide to understanding and using this powerful platform.
In addition to introducing core reverse engineering techniques for software and malware analysis, the book explains Ghidra’s key components, features, and support for extensibility and collaborative analysis. Beginning with the fundamentals and progressing to more advanced workflows, you’ll learn how to use Ghidra effectively and adapt it to new challenges.
You’ll learn how to:
Navigate and interpret a disassembly
Use Ghidra’s built-in decompiler to expedite analysis
Analyze unfamiliar and obfuscated binaries
Extend Ghidra to recognize new data types
Build custom analyzers, loaders, and processor support modules
Script Ghidra tasks to automate analysis tasks
Set up a collaborative reverse engineering environment
This fully revised second edition reflects the modern Ghidra platform as it is used in practice, with updated tooling, improved workflows, and hands-on real-world examples. Designed for beginners and experienced users alike, The Ghidra Book prepares you to tackle real reverse engineering problems with confidence.
New to this edition:
Behavioral analysis with BSim
Full Python 3 support via PyGhidra
Enhanced debugging and graphing tools
Modern container-based deployment
Author Bio
Dr. Kara Nance is a private security consultant and has been a professor of computer science for many years. She regularly speaks at conferences around the world and enjoys building Ghidra extensions as well as providing Ghidra training.
Chris Eagle has been reverse engineering software for 45 years. He is the author of The IDA Pro Book (No Starch Press) and is a highly sought-after provider of reverse engineering training.
Table of contents
Acknowledgments
Introduction
Part I: Getting Started
Chapter 1: Introduction to Disassembly
Chapter 2: Reversing and Disassembly Tools
Chapter 3: Meet Ghidra
Part II: Basic Ghidra Usage
Chapter 4: Beginning Your Analysis
Chapter 5: Exploring Ghidra's Data Displays
Chapter 6: Making Sense of a Disassembly
Chapter 7: Refining a Disassembly
Chapter 8: Working with Data Types and Data Structures
Chapter 9: Understanding Cross-References
Chapter 10: Using Graph Views
Part III: Customizing and Extending Ghidra
Chapter 11: Using Ghidra Collaboratively
Chapter 12: Customizing Ghidra
Chapter 13: Extending Ghidra’s Worldview
Chapter 14: Basic Scripting with Ghidra and PyGhidra
Chapter 15: Integrated Scripting with Eclipse and GhidraDev
Chapter 16: Running Ghidra in Headless Mode
Part IV: A Deeper Dive
Chapter 17: Loaders
Chapter 18: Processors
Chapter 19: The Decompiler
Chapter 20: Compiler Variations
Part V: Real-World Applications
Chapter 21: Obfuscation and Emulation
Chapter 22: Patching Binaries
Chapter 23: BSim and Other Comparison Tools
Appendix: Ghidra for IDA Users
The Definitive Guide
by Kara Nance and Chris Eagle
March 2026, 632 pp.
ISBN-13:
9781718504684
Download link attached: EPUB and PDF
“A must-read for any reverse engineer.”
—Max “Libra” Kersten
Developed through more than a decade of research within the NSA, Ghidra was created to address some of the most challenging reverse engineering problems faced by the US government. With its open source release, this formerly restricted tool suite is now freely available to cybersecurity practitioners, researchers, and students worldwide. The Ghidra Book provides a clear, practical guide to understanding and using this powerful platform.
In addition to introducing core reverse engineering techniques for software and malware analysis, the book explains Ghidra’s key components, features, and support for extensibility and collaborative analysis. Beginning with the fundamentals and progressing to more advanced workflows, you’ll learn how to use Ghidra effectively and adapt it to new challenges.
You’ll learn how to:
Navigate and interpret a disassembly
Use Ghidra’s built-in decompiler to expedite analysis
Analyze unfamiliar and obfuscated binaries
Extend Ghidra to recognize new data types
Build custom analyzers, loaders, and processor support modules
Script Ghidra tasks to automate analysis tasks
Set up a collaborative reverse engineering environment
This fully revised second edition reflects the modern Ghidra platform as it is used in practice, with updated tooling, improved workflows, and hands-on real-world examples. Designed for beginners and experienced users alike, The Ghidra Book prepares you to tackle real reverse engineering problems with confidence.
New to this edition:
Behavioral analysis with BSim
Full Python 3 support via PyGhidra
Enhanced debugging and graphing tools
Modern container-based deployment
Author Bio
Dr. Kara Nance is a private security consultant and has been a professor of computer science for many years. She regularly speaks at conferences around the world and enjoys building Ghidra extensions as well as providing Ghidra training.
Chris Eagle has been reverse engineering software for 45 years. He is the author of The IDA Pro Book (No Starch Press) and is a highly sought-after provider of reverse engineering training.
Table of contents
Acknowledgments
Introduction
Part I: Getting Started
Chapter 1: Introduction to Disassembly
Chapter 2: Reversing and Disassembly Tools
Chapter 3: Meet Ghidra
Part II: Basic Ghidra Usage
Chapter 4: Beginning Your Analysis
Chapter 5: Exploring Ghidra's Data Displays
Chapter 6: Making Sense of a Disassembly
Chapter 7: Refining a Disassembly
Chapter 8: Working with Data Types and Data Structures
Chapter 9: Understanding Cross-References
Chapter 10: Using Graph Views
Part III: Customizing and Extending Ghidra
Chapter 11: Using Ghidra Collaboratively
Chapter 12: Customizing Ghidra
Chapter 13: Extending Ghidra’s Worldview
Chapter 14: Basic Scripting with Ghidra and PyGhidra
Chapter 15: Integrated Scripting with Eclipse and GhidraDev
Chapter 16: Running Ghidra in Headless Mode
Part IV: A Deeper Dive
Chapter 17: Loaders
Chapter 18: Processors
Chapter 19: The Decompiler
Chapter 20: Compiler Variations
Part V: Real-World Applications
Chapter 21: Obfuscation and Emulation
Chapter 22: Patching Binaries
Chapter 23: BSim and Other Comparison Tools
Appendix: Ghidra for IDA Users