Hacker News new | past | comments | ask | show | jobs | submit login

Few years in with debugger support, how does Ghidra compare to IDA?



I like Ghidra more than IDA. Having "proper" type support is nice - IDA's struct and type annotation support always felt very hacked together and hard to use. Ghidra's typing and decompiler is good enough that I don't even have to look at the disassembly listing for most functions, and struct autogenerating is wonderful.

Unfortunately, Ghidra handles vtables and OOP very poorly still. You have to do a lot of by-hand annotations for virtual calls, even with 3rd party analysis scripts, while IDA's C++ usually Just Works. This is the main pain point, imo. The other main thing is that IDA has been used by the reverse engineering community for so long that there's a massive body of tutorials and StackOverflow answers for it, and a much larger corpus of 3rd party plugins. It's not a big deal for me, personally, but if you already have a good workflow for IDA it's probably not worth it to switch. For beginners I'd recommend Ghidra instead, though, because a free and open source tool with good official documentation and UX is worth its weight in gold (although I've heard BinaryNinja is extremely good nowadays).


Ghidra:

* Affordable for sane people (aka, free)... This of course pushed Hex-Rays to finally make a cheaper version of IDA, but it's massively hobbled and useless for uncommon architectures.

* Almost as good architecture coverage. Missing a few big ones for automotive RE still - SuperH is still hit and miss, and no real C167. But the user-contributed Tricore is really quite impressive.

* Decompiler works across all architectures.

* Debugger is still sketchy, but has progressed extremely quickly.

* Preferable UI (IMO), and better struct handling.

* Decent plugin interfaces but fewer available plugins.

IDA:

* Still slightly better decompilation and disassembly for x86-64. Doesn't get as "lost" in vtables and big switches.

* Much better C++ construct support.

* More plugins and scripts available off the shelf.

* Still a few architectures which Ghidra doesn't have yet.

* Debugger is more stable and works a bit better.

For most architectures I would not start using IDA today as a hobbyist, but if I had a good IDA workflow or was joining a company where it were the gold standard, I wouldn't feel compelled to move over.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: