Ghidra
Script error: No such module "about". Template:Short description Script error: No such module "Unsubst".
Script error: No such module "Infobox". Script error: No such module "Check for unknown parameters".Script error: No such module "Check for conflicting parameters".
Ghidra (pronounced GEE-druh;[1] Template:IPAc-en[2]) is a free and open source reverse engineering tool developed by the National Security Agency (NSA) of the United States. The binaries were released at RSA Conference in March 2019; the sources were published one month later on GitHub.[3] Ghidra is seen by many security researchers as a competitor to IDA Pro.[4] The software is written in Java using the Swing framework for the GUI. The decompiler component is written in C++, and is therefore usable in a stand-alone form.[5]
Scripts to perform automated analysis with Ghidra can be written in Java or Python (via Jython),[6][7] though this feature is extensible and support for other programming languages is available via community plugins.[8] Plugins adding new features to Ghidra itself can be developed using a Java-based extension framework.[9]
History
Ghidra's existence was originally revealed to the public via Vault 7 in March 2017,[10] but the software itself remained unavailable until its declassification and official release two years later.[3] Some comments in its source code indicate that it existed as early as 1999.[11]
| Version | Year | Major features |
|---|---|---|
| 1.0 | 2003 | Proof of concept |
| 2.0 | 2004 | Database, docking windows |
| 3.0 | 2006 | SLEIGH, decompiler, version control |
| 4.0 | 2007 | Scripting, version tracking |
| 5.0 | 2010 | File system browser |
| 6.0 | 2014 | First unclassified version |
| 9.0 | 2019 | First public release |
| 9.2 | 2020 | Graph visualization, new PDB parser |
| 10.0 | 2021 | Debugger |
| 11.0 | 2023 | Rust and Go binaries support, BSim |
| 11.1 | 2024 | Swift and DWARF 5 support, Mach-O improvements |
In June 2019, coreboot began to use Ghidra for its reverse engineering efforts on firmware-specific problems following the open source release of the Ghidra software suite.[14]
Ghidra can be used, officially,[15][16] as a debugger since Ghidra 10.0. Ghidra's debugger supports debugging user-mode Windows programs via WinDbg, and Linux programs via GDB.[17]
Supported architectures
The following architectures or binary formats are supported:[18] [19] Template:Div col start
- x86 16, 32 and 64 bit
- ARM and AARCH64
- PowerPC 32/64 and VLE
- MIPS 16/32/64
- MicroMIPS
- 68xxx
- Java and DEX bytecode
- PA-RISC
- RISC-V
- eBPF
- BPF
- Tricore
- PIC 12/16/17/18/24
- SPARC 32/64
- CR16C
- Z80
- 6502
- MC6805/6809, HC05/HC08/HC12
- 8048, 8051, 8085
- CP1600
- MSP430
- AVR8, AVR32
- SuperH
- V850
- LoongArch
- Xtensa
See also
References
<templatestyles src="Reflist/styles.css" />
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".Template:Cbignore
- ↑ a b Script error: No such module "Citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ e. g. as Plugin Script error: No such module "webarchive". for Radare2 oder Rizin.
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "Citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ Script error: No such module "citation/CS1".
- ↑ Template:Cite tweet
- ↑ Script error: No such module "citation/CS1".
Script error: No such module "Check for unknown parameters".