What is the difference between Ghidra and Ida?
This is largely subjective, but:
- Ghidra is free and open-source on GitHub, including the decompiler. IDA is very expensive, particularly when you start adding the decompiler licenses.
- IDA supports some architectures that Ghidra doesn't, and vice versa.
- IDA has a debugger whereas Ghidra does not.
- Ghidra has the ability to load multiple binaries at once into a project, whereas IDA support for this is limited and mostly an ugly hack. This means that you can trace code between an application and its libraries more easily.
- Ghidra's disassembler has data flow analysis built in, showing you where data can come from when you click a register or variable. IDA has "dumb" text highlighting to show other uses of that register. These features are slightly different implementations of the same concept and both have their uses.
- Ghidra has collaborative disassembly/decompiler projects built in by design, whereas IDA requires plugins to do collaboration and the IDA database files are not designed to be shared.
- Ghidra has an undo button! And it works! (IDA doesn't and it's super annoying)
- IDA is way more mature and has a lot of little features that have been added over the years that Ghidra cannot (yet) mirror.
- Since IDA is a more mature and ubiquitous product, there are a lot of open-source tools built around it.
- Ghidra appears to have better support for very large (1GB+) firmware images with decent performance. It also doesn't have problems with analysing firmware images that declare large memory regions. IDA historicallly has had problems with this and it can be quite frustrating.
- Anecdotally, Ghidra's support for disassembling Windows OS binaries (e.g. kernelbase.dll) is currently broken due to some bugs with the x86 instruction decoder. There are issues on GitHub talking about this.
These points are true at time of writing (March 2019) but may change over time.
edit 2020-04-07: The Ghidra Book is scheduled to be released in July 2020. Currently only the first 8 chapters are available in the form of an early access PDF.
This question is better suited for https://reverseengineering.stackexchange.com/questions/.
Is there a comparison between Ghidra and Ida?
Yes there is. One was made by Jeremy Blackthorne and Alexei Bulazel at the Infiltrate security conference 2019.
- video of presentation (1 hr 17 mins)
- slides used in presentation
- github repo with all materials
Are there any specific features and functionality that Ghidra while Ida doesn't?
Here are slides from the presentation that compare Ghidra, IDA and Binary Ninja:
Decompilers: IDA Hex-Rays vs Ghidra
Intermediate Language: Binary Ninja vs Ghidra
Is there a good source (most preferably book) that explain Ghidra in detail?
No book yet.
A couple of important points:
- Ghidra can be extended to support any architecture. Support for an architecture can be added via Sleigh
- IDA has been refactored to include an undo feature in version 7.3