Welcome! Today we’ll be reviewing Ghidra Software Reverse Engineering for Beginners by A.P. David.
Review Summary
- Length: 14 chapters, 303 pages
- Cover Type: Soft
- Personal Completion Time: One Month
- TL;DR Summary: A relatively short book covering both simple and advanced topics within Ghidra; excels in some areas and falls flat in others, but overall a good read.
- Book Link: Amazon
- Final Rating: 3.5 / 5 Stars
“Ghidra SRE for Beginners” is one complex, interesting read of a book. One one hand, this book excels phenomenally – it skillfully summarizes some of the more complex topics within Ghidra into a readable 300 pages. On the other hand, this book makes some interesting (and often confusing) decisions about what topics to cover. A little over a year into my SRE journey, while technically a beginner, I do know my way around the major SRE tools – IDA, Ghidra, x86/x64 and the like – so my initial thoughts about this book were “This book will be a nice, simple refresher after coming off the back of a thoroughly technical book like ‘The Ghidra Book!'” and (unfortunately) I was proven incorrect. Let’s break out some pro’s and con’s to better explain what I mean:
Pro’s
- Simple, easily understandable explanations for many Ghidra concepts
- Detailed explanations for setting up plugins like PyDev and GhidraDev including images and download links
- Touches on complex subjects like Ghidra scripting, extension, and module development
Con’s
- For a book marketed “… for Beginners” this book focuses heavily on complex topics like scripting and extending Ghidra instead of “How to effectively use Ghidra’s core features for SRE”
- No exercises provided by the author
For the shrewd-eyed reader, some of you may have read that chart and picked up on a discrepancy – how can the book covering topics like scripting, extending and module development be both a “Pro” and a “Con”? Let me explain. The author (A.P. David) does do a good job at covering advanced topics. If you read this book cover-to-cover you will learn about topics like,
- How to install and configure development plugins (PyDev, GhidraDev)
- Where to find and use skeleton files for creating new modules or extensions
- A summary of types of things you can do while scripting in Ghidra along with a helpful list of different Ghidra API functions to execute them
- What the different Ghidra-specific files are (.ldefs, .opinion, .pspec, and .slaspec) and how they’re used by Ghidra
And much, much more. The main problem I have with this book isn’t that these topics are covered, it’s that they’re covered in a book marketed towards beginners! The most surprising thing about this book is the insistence and heavy focus on the scripting and development features of Ghidra and (seemingly) a vague hand-wave to the bulk of Ghidra’s other core features (and how to use them to examine a binary). If this book were instead retitled to something like “How to script and extend Ghidra” I would have given this book a much different review, but things being as they are I can’t recommend this book if you’re just getting into Ghidra since I think other books (even The Ghidra Book) do a better job at explaining the bulk of Ghidra’s features and how to effectively use them.
With all of that being said, I think this book does do a great job at explaining the in’s and out’s of Ghidra, how it works, and how you (as a potential developer/reverse engineer) can harness the Ghidra API and make full use of its features. The TL;DR? Buy this book if you want to want an excellent introduction into how to script, automate, and extend Ghidra but look elsewhere if you’re new to the field and need a different explanation of Ghidra’s features.