Ghidra Reverse Engineering Tool

Ghidra is a free and open-source software reverse engineering (SRE) framework developed by the National Security Agency (NSA) of the United States and released to the public at RSA Conference 2019. Written primarily in Java, Ghidra provides a comprehensive suite of reverse engineering tools for analyzing compiled software when source code is unavailable, comparable in capability to commercial tools like IDA Pro. Key features: disassembler and decompiler: Ghidra includes a built-in decompiler that translates machine code into C-like pseudocode, making it easier to understand program logic. The decompiler supports x86, x86-64, ARM (32/64-bit), PowerPC, MIPS, AArch64, and other architectures. Multi-architecture support: Ghidra's Processor Specification Language (SLEIGH) allows defining processor modules for custom or exotic architectures, with over 50 processor modules included. Program analysis: control flow analysis, data flow analysis, reference tracking, and function identification (including library function signatures via Function ID database). Graph view: control flow graphs, call graphs, and data flow graphs with interactive navigation. Symbolic execution and analysis plugins. Scripting: Ghidra supports scripting via Java and Python (Jython/Python 2.7), enabling automation of analysis tasks. The GhidraScript API provides access to all analysis functions. Version tracking: Ghidra's version control system allows tracking changes to analysis data across sessions, enabling team collaboration. Eclipse-based development environment for custom plugins. Patching: binary patching to modify compiled executables. Byte viewer and memory map. Function graph decompiler view. Emulator: built-in emulator for executing and analyzing code. Collaboration: shared project repositories for team-based analysis (Ghidra Server). BND analyzer for Java class files. Used by security researchers, malware analysts, and vulnerability researchers worldwide. Apache-2.0.