Running BSim Search and retrieving the results headlessly.

[MohamedTalaatAfify]

BSim command line docs only shows how to create a database and sigs and committing the sigs but I can't seem to find a way to run the BSim search itself. So I was wondering if anyone knows a way to do it. I want to automate the search process and exporting the results.

[ghidracadabra]

There's a BSim tutorial you might want to check out, as well as a BSim entry in the Ghidra help. The BSim tutorial briefly mentions scripting BSim and shows where to find example scripts.

[MohamedTalaatAfify]

Thank you so much for the reply!
I went through the tutorial but I can't find a way to get results from BSim using scripts or commands. I even tried to use scripts from the command line using the headless analyzer for example: "LocalBSimQueryScript.java" and it returned that the script cannot run headlessly. There's only one page that talks about using BSim from the command line and it only mentions generating a database and populating it but not running BSim (the actual comparison) and getting results.

[ghidracadabra]

LocalBSimQueryScript.java essentially does a BSim comparison between the functions in two user-selected programs without connecting to a BSim server - it just generates the vectors and does everything in memory. I admit that the name is slightly confusing. Since it requires user interaction it can't be run with the headless analyzer.

That said, the headless analyzer is the most convenient way to automate querying BSim. The script ExampleOverviewQueryScript.java is a good example. Note that when run headlessly, the ask* methods in a ghidra script read command-line arguments and so don't require user interaction.

[MohamedTalaatAfify]

Thank you so much for the support! One last question please, can the script "ExampleOverviewQueryScript.java" run with an H2 BSim database? And what does "overview" mean? does it mean that the return is just the number of matching functions without any details like the functions names or the files containing the matching functions?

[ghidracadabra]

Yes, that script can run with an H2 BSim database. Assuming you want to run it over a non-shared Ghidra project that already has analyzed files in it, the command would be:

./analyzeHeadless [path_to_ghidra_project_dir] [ghidra_project_name] -process -noAnalysis -readOnly 
 -postScript ExampleOverviewQueryScript.java file:/[path_to_h2_db_file]

Your understanding of an overview query is correct. If you want to do a regular query you'll have to modify the script accordingly. One change is that you'll have to specify which functions you want to query (that step isn't needed for an overview query since it always queries all functions in a program).

[MohamedTalaatAfify]

Any idea why I get the error "Exception in thread "main" ghidra.util.exception.InvalidInputException: Bad argument: ExampleOverviewQueryScript.java
at ghidra.app.util.headless.AnalyzeHeadless.parseOptions(AnalyzeHeadless.java:341)
at ghidra.app.util.headless.AnalyzeHeadless.launch(AnalyzeHeadless.java:119)
at ghidra.GhidraLauncher.launch(GhidraLauncher.java:78)
at ghidra.Ghidra.main(Ghidra.java:54)"?
Also from the gui I get "Bad database URL: Unknown protocol: c
ghidra.features.bsim.query.facade.QueryDatabaseException: Bad database URL: Unknown protocol: c
at ghidra.features.bsim.query.facade.SimilarFunctionQueryService.initializeDatabase(SimilarFunctionQueryService.java:439)
at ExampleOverviewQueryScript.run(ExampleOverviewQueryScript.java:48)
at ghidra.app.script.GhidraScript.executeNormal(GhidraScript.java:403)
at ghidra.app.script.GhidraScript.doExecute(GhidraScript.java:258)
at ghidra.app.script.GhidraScript.execute(GhidraScript.java:236)
at ghidra.app.plugin.core.script.RunScriptTask.run(RunScriptTask.java:47)
at ghidra.util.task.Task.monitoredRun(Task.java:134)
at ghidra.util.task.TaskRunner.lambda$startTaskThread$0(TaskRunner.java:106)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:842)"

[ghidracadabra]

The URL for the h2 database must begin with "file:/". Perhaps you are just entering the path and that "c" is from "C:"?

[MohamedTalaatAfify]

analyzeHeadless "../../ghidra project" analyzed -process -noAnalysis -readOnly ExampleOverviewQueryScript.java file:../../bsimdb3

This is the command I use. I'm not sure what I'm doing wrong tbh.

[ghidracadabra]

Ah, my mistake - in my example above I forgot to put a -postScript before ExampleOverviewQueryScript.java. I'll fix it.

[MohamedTalaatAfify]

It works now! Thank you soooooo much! I really appreciate the help. ❤️