The National Security Agency (NSA) has released Ghidra 11.3, the latest version of its open-source software reverse engineering (SRE) framework designed to assist cybersecurity professionals in analyzing compiled code. Ghidra supports multiple platforms, including Windows, macOS, and Linux, and offers an array of features such as disassembly, decompilation, debugging, emulation, and scripting capabilities. These capabilities make Ghidra a vital asset for those working on detecting vulnerabilities and analyzing malicious code to strengthen system defenses.
One of the significant updates in Ghidra 11.3 is the enhanced debugging functionality.
The debugger now supports macOS kernel debugging via LLDB and Windows kernel debugging in virtual machines using eXDI. Additionally, deprecated connectors like “IN-VM” have been replaced with the more robust TraceRMI-based implementation. The update also introduces a Just-in-Time (JIT) p-code emulator, which accelerates emulation performance. This emulator is available for scripting and plugin development, though not yet integrated into the user interface.
The release also includes several user-friendly improvements, such as integration with Visual Studio Code. This allows users to create module projects or edit scripts directly in a modern alternative to Eclipse. Another noteworthy update is the improved functionality of the function graph, which now includes new “Flow Chart” layouts for better code block visualization. Additionally, users can toggle between listing and function graph views seamlessly. Ghidra 11.3 also introduces a LibreTranslate plugin for offline string translation and a feature for searching decompiled text across all functions in a binary.
Processor support has been enhanced in this update with better handling of x86 AVX-512 instructions, ARM VFPv2 disassembly, and Golang 1.23 binaries. The PyGhidra library has also been fully integrated, offering native CPython 3 access to the Ghidra API, which expands scripting capabilities. The latest version requires the installation of Java Development Kit (JDK) 21 and Python 3 (versions 3.9–3.13) for debugging or source builds. Ghidra 11.3 continues to evolve as a powerful tool for reverse engineering, offering advanced performance, modern integrations, and broader functionality for cybersecurity professionals.
