Ghidra is a lifesaver for legacy systems that have a bunch of home-spun executables that make bespoke things function and rotate out random technicians over the years, when they fail it is a pain to figure out what they explicitly do, so reverse engineering them is sometimes the only option when a new tool needs to be built that does the same thing but without the parts that are deprecated. I hadn't seen this class before so I look forward to filling in my knowledge gaps around this software, thank you.
I'd recommend binary ninja if you're serious about reversing. Not that expensive for a personal license.
Ghidra is nice, but being FOSS it will always be slightly worse then paid. It's fantastic for free, but not perfect. If reversing is part time/once a month/once every few months then its probably the best choice. Used it for a few years professionally.
binja is my favorite and been using it for the last year or so. just an absolute pleasure to use and collaborate with. IMO the best of all these tools. vector35 are great to work with as well. plugin development is real nice too
IDA pro is the worst. hexrays are plain awful to work with and its so overpriced.
hopper haven't tried, but seems good. mac only though
r2 is interesting. great if you only have a headless connection, but difficult. Learning curve is tough, and payoff isn't necessarily there. an alternative to ghidra if you want free but want to feel more l33t
This is a strange take for me to see, maybe OP doesn't have the context that the US government has been funding Ghidra development for years now (before ultimately open sourcing it), and will no doubt continue to do so for years to come.
This is the software used by NSA and contractors to analyze malware. From a UI perspective I get that it's clunky, but from a capabilities perspective I doubt there is much lacking.
Oh it's "class" as in "lesson", not OOP. Since it's a link to GitHub, somehow I expected the latter (a plugin in some NSA tool?), but this is much more interesting.
I have a good experience with Cutter (Rizin's official GUI).
Anyone can comment on the functionality difference between the two? Any advantages to using Ghidra directly?
I must confess that when starting out I opted for Cutter just because of Ghidra's JVM dependency. But this is only due to old scars and my aversion to installing Java is probably outdated now. (I am not the only one though: Cutter can also use Ghidra's decompiler component, and its website proudly adds "no Java involved".)
There are many different technical differences that accumulated over time - we save projects as a state snapshot, not a sequence of commands[1], we save types as semantically connected structures in a database that is guaranteed to be consistent[2], use better stack tracking for arguments and variables[3], not SP/BP/whatever, slowly migrate to a new generation of IL - RzIL instead of ESIL[4], provide standard libraries signatures out of the box in the FLIRT format[5], switched to a new way of parsing and processing commands[6], provide basefind, and many other small differences.
Yes. Actually, the OP is all about driving gdb from Ghidra. It is only one part of the larger "Ghidra Class" (see repo's parent folder). The parts are:
From the title I was first expecting some kind of educational material, but then I saw the link and knowing that Ghidra itself is for the most part written in Java I thought then that it would be about Java internals used by the debugger portion of Ghidra. Happy to learn that it is indeed educational material as I have only scratched the surface of Ghidra myself and have a lot to learn about it.
