Ghidra
   HOME

TheInfoList



Click Here for Items Related To - Ghidra
OR:
Ghidra on:   [Wikipedia]   [Google]   [Amazon]

Ghidra (pronounced GEE-druh; ) is a
free and open source Free and open-source software (FOSS) is software available under a license that grants users the right to use, modify, and distribute the software modified or not to everyone free of charge. FOSS is an inclusive umbrella term encompassing free ...
reverse engineering Reverse engineering (also known as backwards engineering or back engineering) is a process or method through which one attempts to understand through deductive reasoning how a previously made device, process, system, or piece of software accompl ...
tool developed by the
National Security Agency The National Security Agency (NSA) is an intelligence agency of the United States Department of Defense, under the authority of the director of national intelligence (DNI). The NSA is responsible for global monitoring, collection, and proces ...
(NSA) of the United States. The binaries were released at
RSA Conference The RSA Conference is a series of IT security conferences. Approximately 45,000 people attend one of the conferences each year. It was founded in 1991 as a small cryptography conference. RSA conferences take place in the United States, Europe, Asia ...
in March 2019; the sources were published one month later on
GitHub GitHub () is a Proprietary software, proprietary developer platform that allows developers to create, store, manage, and share their code. It uses Git to provide distributed version control and GitHub itself provides access control, bug trackin ...
. Ghidra is seen by many security researchers as a competitor to
IDA Pro The Interactive Disassembler (IDA) is a disassembler for computer software which generates assembly language source code from machine-executable code. It supports a variety of executable formats for different processors and operating systems. ...
. The software is written in
Java Java is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea (a part of Pacific Ocean) to the north. With a population of 156.9 million people (including Madura) in mid 2024, proje ...
using the Swing framework for the
GUI Gui or GUI may refer to: People Surname * Gui (surname), an ancient Chinese surname, ''xing'' * Bernard Gui (1261 or 1262–1331), inquisitor of the Dominican Order * Luigi Gui (1914–2010), Italian politician * Gui Minhai (born 1964), Ch ...
. The
decompiler A decompiler is a computer program that translates an executable file back into high-level source code. Unlike a compiler, which converts high-level code into machine code, a decompiler performs the reverse process. While disassemblers translate e ...
component is written in C++, and is therefore usable in a stand-alone form. Scripts to perform automated analysis with Ghidra can be written in Java or
Python Python may refer to: Snakes * Pythonidae, a family of nonvenomous snakes found in Africa, Asia, and Australia ** ''Python'' (genus), a genus of Pythonidae found in Africa and Asia * Python (mythology), a mythical serpent Computing * Python (prog ...
(via
Jython Jython is an implementation of the Python (programming language), Python programming language designed to run on the Java (programming language), Java platform. It was known as JPython until 1999. Overview Jython programs can import and use any ...
), though this feature is extensible and support for other programming languages is available via community plugins. Plugins adding new features to Ghidra itself can be developed using a Java-based extension framework.


History

Ghidra's existence was originally revealed to the public via
Vault 7 Vault 7 is a series of documents that WikiLeaks began to publish on 7 March 2017, detailing the activities and capabilities of the United States Central Intelligence Agency (CIA) to perform electronic surveillance and cyber warfare. The files, dati ...
in March 2017, but the software itself remained unavailable until its declassification and official release two years later. Some comments in its source code indicate that it existed as early as 1999. In June 2019,
coreboot coreboot, formerly known as LinuxBIOS, is a software project aimed at replacing proprietary firmware (BIOS or UEFI) found in most computers with a lightweight firmware designed to perform only the minimum number of tasks necessary to load and r ...
began to use Ghidra for its
reverse engineering Reverse engineering (also known as backwards engineering or back engineering) is a process or method through which one attempts to understand through deductive reasoning how a previously made device, process, system, or piece of software accompl ...
efforts on firmware-specific problems following the open source release of the Ghidra software suite. Ghidra can be used, officially, as a
debugger A debugger is a computer program used to test and debug other programs (the "target" programs). Common features of debuggers include the ability to run or halt the target program using breakpoints, step through code line by line, and display ...
since Ghidra 10.0. Ghidra's debugger supports debugging user-mode Windows programs via
WinDbg WinDbg is a multipurpose debugger for the Microsoft Windows computer operating system, distributed by Microsoft. It can be used to debug user mode applications, device drivers, and the operating system itself in kernel mode. Overview Like the ...
, and Linux programs via
GDB The GNU Debugger (GDB) is a portable debugger that runs on many Unix-like systems and works for many programming languages, including Ada, Assembly, C, C++, D, Fortran, Haskell, Go, Objective-C, OpenCL C, Modula-2, Pascal, Rust, and par ...
.


Supported architectures

The following architectures or binary formats are supported: * x86 16, 32 and
64 bit In computer architecture, 64-bit integers, memory addresses, or other data units are those that are 64 bits wide. Also, 64-bit central processing units (CPU) and arithmetic logic units (ALU) are those that are based on processor registers, ad ...
*
ARM In human anatomy, the arm refers to the upper limb in common usage, although academically the term specifically means the upper arm between the glenohumeral joint (shoulder joint) and the elbow joint. The distal part of the upper limb between ...
and
AARCH64 AArch64, also known as ARM64, is a 64-bit version of the ARM architecture family, a widely used set of computer processor designs. It was introduced in 2011 with the ARMv8 architecture and later became part of the ARMv9 series. AArch64 allows ...
* PowerPC 32/64 and VLE * MIPS 16/32/64 * MicroMIPS * 68xxx *
Java Java is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea (a part of Pacific Ocean) to the north. With a population of 156.9 million people (including Madura) in mid 2024, proje ...
and DEX bytecode *
PA-RISC Precision Architecture reduced instruction set computer, RISC (PA-RISC) or Hewlett Packard Precision Architecture (HP/PA or simply HPPA), is a computer, general purpose computer instruction set architecture (ISA) developed by Hewlett-Packard f ...
*
RISC-V RISC-V (pronounced "risk-five") is an open standard instruction set architecture (ISA) based on established reduced instruction set computer (RISC) principles. The project commenced in 2010 at the University of California, Berkeley. It transfer ...
*
eBPF eBPF is a technology that can run programs in a privileged context such as the operating system kernel. It is the successor to the Berkeley Packet Filter (BPF, with the "e" originally meaning "extended") filtering mechanism in Linux and is al ...
* BPF * Tricore * PIC 12/16/17/18/24 * SPARC 32/64 * CR16C *
Z80 The Zilog Z80 is an 8-bit microprocessor designed by Zilog that played an important role in the evolution of early personal computing. Launched in 1976, it was designed to be software-compatible with the Intel 8080, offering a compelling altern ...
*
6502 The MOS Technology 6502 (typically pronounced "sixty-five-oh-two" or "six-five-oh-two") William Mensch and the moderator both pronounce the 6502 microprocessor as ''"sixty-five-oh-two"''. is an 8-bit microprocessor that was designed by a small ...
* MC6805/6809, HC05/ HC08/ HC12 *
8048 The MCS-48 microcontroller series, Intel's first microcontroller, was originally released in 1976. Its first members were 8048, 8035 and 8748. The 8048 is arguably the most prominent member of the family. Initially, this family was produced ...
,
8051 The Intel MCS-51 (commonly termed 8051) is a single-chip microcontroller (MCU) series developed by Intel in 1980 for use in embedded systems. The architect of the Intel MCS-51 instruction set was John H. Wharton.. Intel's original versions w ...
, 8085 * CP1600 *
MSP430 The MSP430 is a mixed-signal microcontroller family from Texas Instruments, first introduced on 14 February 1992. Built around a CPU, the MSP430 was designed for low power consumption, embedded applications and low cost. Features The f ...
*
AVR8 AVR is a family of microcontrollers developed since 1996 by Atmel, acquired by Microchip Technology in 2016. They are 8-bit RISC single-chip microcontrollers based on a modified Harvard architecture. AVR was one of the first microcontroller ...
,
AVR32 AVR32 is a 32-bit RISC microcontroller architecture produced by Atmel. The microcontroller architecture was designed by a handful of people educated at the Norwegian University of Science and Technology, including lead designer Øyvind Strøm ...
*
SuperH SuperH (or SH) is a 32-bit reduced instruction set computing (RISC) instruction set architecture (ISA) developed by Hitachi and currently produced by Renesas. It is implemented by microcontrollers and microprocessors for embedded systems. At the ...
*
V850 V850 is a 32-bit RISC CPU architecture produced by Renesas Electronics for embedded microcontrollers. It was designed by NEC as a replacement for their earlier NEC V60 family, and was introduced shortly before NEC sold their designs to Renesas ...
*
LoongArch Loongson () is the name of a family of general-purpose, MIPS architecture-compatible, later in-house LoongArch architecture microprocessors, as well as the name of the Chinese fabless company (Loongson Technology) that develops them. The proces ...
*
Xtensa Tensilica Inc. was a company based in Silicon Valley that developed semiconductor intellectual property (SIP) cores. Tensilica was founded in 1997 by Chris Rowen. In April 2013, the company was acquired by Cadence Design Systems for approximately ...


See also

*
IDA Pro The Interactive Disassembler (IDA) is a disassembler for computer software which generates assembly language source code from machine-executable code. It supports a variety of executable formats for different processors and operating systems. ...
*
JEB decompiler JEB is a disassembler and decompiler software for Android applications and native machine code. It decompiles Dalvik bytecode to Java source code, and x86, ARM, MIPS, RISC-V machine code to C source code. The assembly and source outputs are ...
*
radare2 Radare2 (also known as r2) is a complete framework for reverse-engineering and analyzing binaries; composed of a set of small utilities that can be used together or independently from the command line. Built around a disassembler for computer s ...
*
Binary Ninja Binary Ninja is a reverse-engineering platform developed by Vector 35 Inc. It allows users to disassemble a binary file and visualize the disassembly in both linear and graph-based views. The software performs automated, in-depth code analysis, g ...


References


External links

* * Disassemblers National Security Agency Free software programmed in C++ Free software programmed in Java (programming language) Software using the Apache license Long stubs with short prose {{Free-software-stub