Is it possible to run CWE_Checker with an already analyzed binary file?

[jmariasantosdekra]

Hello,

As stated in the question, we have a binary file that was already analyzed using Ghidra and we would like to know if it is possible to run CWE_Checker using a Ghidra Project.

We have identified that CWE_Checker uses the binary to process some data (RuntimeMemoryImage, among other things).

Can this process be bypassed to only check the already generated Ghidra project?

Thanks in advance.

[Enkelmann]

At the moment this is not possible, but this is mostly only an implementation detail.

What the cwe_checker does is to run Ghidra headless with the binary in question and then run a script in Ghidra to extract all necessary information for the analysis. One could also configure the call to Ghidra headless so that it uses an existing project as a basis and run the script for that project. One would have to modify the Ghidra invocation in src/cwe_checker_lib/src/utils/ghidra.rs accordingly (which should be easy).

However, this is only enough as long as you still use the binary as an additional input. Otherwise, you would need to rewrite the logic of parsing the RuntimeMemoryImage, so that it is also generated from the Ghidra project (this is possible, but needs some effort). As far as I remember, this is currently the only part not parsed from Ghidra.

[jmariasantosdekra]

Thank you so much for your response. Reviewing my case, I concluded that I actually need to analyze a bare metal binary. However, in this case, I do not have a config file, which is required for CWE_Checker. Would it be possible to extract all the required data from the generated Ghidra project?

Thanks in advance.

[Enkelmann]

Unfortunately, this is again not possible in general. But this time it is not an implementation detail but a general problem.

• The bare metal config contains information about base addresses and size of flash memory and RAM of the corresponding chip. This information is generally not recoverable through a bare metal binary itself, but only through reading the manual of the chip in question. If this is recoverable through an existing Ghidra project, then only because someone inserted the right values into the project by hand. Although I do not know how one could specify valid RAM addresses inside a Ghidra project...
• The bare metal config also contains the Ghidra processor ID, which Ghidra needs as an input to disassemble a bare metal binary in the first place. But if you already have a Ghidra project, you can at least extract that information from the project.

So if the Ghidra project in question contains the necessary information then you can write the bare metal config file by hand. But we cannot automate the process, because the project might not contain the necessary information.