kernelbase.dll) is currently broken due to some bugs with the x86 instruction decoder. ![]() Anecdotally, Ghidra's support for disassembling Windows OS binaries (e.g.IDA historicallly has had problems with this and it can be quite frustrating. ![]() It also doesn't have problems with analysing firmware images that declare large memory regions. Ghidra appears to have better support for very large (1GB+) firmware images with decent performance.Since IDA is a more mature and ubiquitous product, there are a lot of open-source tools built around it.IDA is way more mature and has a lot of little features that have been added over the years that Ghidra cannot (yet) mirror.Ghidra has an undo button! And it works! (IDA doesn't and it's super annoying) As of version 7.3 IDA has an undo feature.Ghidra has collaborative disassembly/decompiler projects built in by design, whereas IDA requires plugins to do collaboration and the IDA database files are not designed to be shared.These features are slightly different implementations of the same concept and both have their uses. IDA has "dumb" text highlighting to show other uses of that register. Ghidra's disassembler has data flow analysis built in, showing you where data can come from when you click a register or variable.This means that you can trace code between an application and its libraries more easily. Ghidra has the ability to load multiple binaries at once into a project, whereas IDA support for this is limited and mostly an ugly hack.IDA has a debugger whereas Ghidra does not.Īs of 2021, the stable branch of Ghidra now incorporates a debugger through gdb or WinDBG. ![]() IDA supports some architectures that Ghidra doesn't, and vice versa.IDA is very expensive, particularly when you start adding the decompiler licenses. Ghidra is free and open-source on GitHub, including the decompiler.
0 Comments
Leave a Reply. |