Since Ghira‘s release by the NSA in March 2019, this open-source malware analysis framework has become a standard set of tools in the belt of nearly any reverse engineer. As with any tool, the deeper one’s understand of said tool is, the more efficient one becomes.
This library, listed below, contains tips and tricks for Ghidra, such as how to best utilise existing features, how to optimise one’s set-up, how to extending the framework, and how to automate tasks. The goal is to empower other Ghidra users to get the most out of the tool.
Ghidra is the tool used in most of the articles in my Binary Analysis Course, allowing those who follow(ed) the course, to use these snippets continue their learning. Note that this series is stand-alone, since there is no connection to the course.
Inspiration
This series is inspired by Hex-Ray‘s Igor Skochinsky‘s Igor’s tip of the week. It is not meant as a Ghidrafied copy of said series. Some overlap is inevitable, given the number of tips already present in Igor’s long running series, and the fact that the two tools overlap in their purpose and capabilities.
Article structure
Each article will contain the what, why, and how of a given topic. Within each tip, Ghidra’s version will be included, as features might be added, removed, or changed over time.
For now, the articles will be listed in the order of their release date, but they will be sorted based on overlapping topics, once there are sufficient articles to do so.
Questions and suggestions
If you have a question about any of these posts, please do not hesitate to reach out. Additionally, if you have suggestions on what I should cover in any upcoming blog, please also do reach out. Suggestions do not have to contain samples or code, it can be a mere suggestion related to a specific type of tip.
To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], or DM me on BlueSky @maxkersten.nl.