GP-5078: Improvements to Ghidra Module directory layout

This commit is contained in:
Ryan Kurtz 2024-10-30 11:46:25 -04:00
parent 73224da27b
commit faf55a8de6
243 changed files with 482 additions and 238 deletions

1
GPL/DMG/README.md Normal file
View File

@ -0,0 +1 @@
# DMG

View File

@ -3,6 +3,7 @@
##MODULE IP: LGPL 2.1
##MODULE IP: Public Domain
Module.manifest||Public Domain||||END|
README.md||GHIDRA||||END|
data/lib/csframework.jar||LGPL 2.1||||END|
data/lib/hfsexplorer-0_21-src.zip||GPL 3||||END|
data/lib/hfsx.jar||GPL 3||||END|

View File

@ -0,0 +1 @@
# DemanglerGnu

View File

@ -5,5 +5,5 @@
##MODULE IP: LGPL 3.0
##MODULE IP: Public Domain
Module.manifest||Public Domain||||END|
README.md||GHIDRA||||END|
src/demangler_gnu_v2_24/README.txt||Public Domain||||END|
src/demangler_gnu_v2_33_1/README.txt||Public Domain||||END|

View File

@ -0,0 +1,27 @@
# GnuDisassembler
The GnuDisassembler extension module must be built using gradle prior to its use within Ghidra.
This module provides the ability to leverage the binutils disassembler capabilities
for various processors as a means of verifying Sleigh disassembler output syntax.
To build this extension for Linux or macOS:
1. If building for an installation of Ghidra, copy the appropriate source distribution of binutils
into this module's root directory. If building within a git clone of the full Ghidra source, copy
binutils source distribution file into the `ghidra.bin/GPL/GnuDisassembler` directory.
The supported version and archive format is identified within the build.gradle file. If a
different binutils distribution is used the build.gradle and/or buildGdis.gradle may require
modification.
The build requires the following packages to be installed:
* flex
* bison
* texinfo
* zlib1g-dev
2. Run gradle from the module's root directory (see top of `build.gradle` file for specific
instructions).
This resulting gdis executable will be located in `build/os/<platform>`.

View File

@ -1,26 +0,0 @@
The GnuDisassembler extension module must be built using gradle prior to its' use within Ghidra.
This module provides the ability to leverage the binutils disassembler capabilities
for various processors as a means of verifying Sleigh disassembler output syntax.
To build this extension for Linux or Mac OS X:
1. If building for an installation of Ghidra, copy the appropriate source distribution of
binutils into this module's root directory. If building within a git clone of the full
Ghidra source, copy binutils source distribution file into the ghidra.bin/GPL/GnuDisassembler
directory.
The supported version and archive format is identified within the build.gradle file.
If a different binutils distribution is used the build.gradle and/or buildGdis.gradle
may require modification.
The build requires the following packages to be installed:
* flex
* bison
* texinfo
* zlib1g-dev
2. Run gradle from the module's root directory (see top of build.gradle file for
specific instructions).
This resulting gdis executable will be located in build/os/<platform>.

View File

@ -3,7 +3,7 @@
##MODULE IP: Public Domain
.gitignore||Public Domain||||END|
Module.manifest||Public Domain||||END|
README.txt||Public Domain||||END|
README.md||GHIDRA||||END|
data/arm_test1.s||Public Domain||||END|
data/big.elf||Public Domain||||END|
data/little.elf||Public Domain||||END|

View File

@ -0,0 +1 @@
# Public_Release

View File

@ -1,5 +1,6 @@
##VERSION: 2.0
Module.manifest||GHIDRA||||END|
README.md||GHIDRA||||END|
data/PDB_SYMBOL_SERVER_URLS.pdburl||GHIDRA||||END|
src/global/docs/ChangeHistory.html||GHIDRA||||END|
src/global/docs/UserAgreement.html||GHIDRA||||END|

View File

@ -0,0 +1 @@
# AnnotationValidator

View File

@ -1,3 +1,4 @@
##VERSION: 2.0
Module.manifest||GHIDRA||||END|
README.md||GHIDRA||||END|
src/main/resources/META-INF/services/javax.annotation.processing.Processor||GHIDRA||||END|

View File

@ -0,0 +1 @@
# Debugger-agent-dbgeng

View File

@ -2,6 +2,7 @@
##MODULE IP: Apache License 2.0
##MODULE IP: MIT
Module.manifest||GHIDRA||||END|
README.md||GHIDRA||||END|
data/debugger-launchers/kernel-dbgeng.bat||GHIDRA||||END|
data/debugger-launchers/local-dbgeng-attach.bat||GHIDRA||||END|
data/debugger-launchers/local-dbgeng-ext.bat||GHIDRA||||END|

View File

@ -0,0 +1 @@
# Debugger-agent-dbgmodel-traceloader

View File

@ -1,3 +1,4 @@
##VERSION: 2.0
##MODULE IP: Apache License 2.0
Module.manifest||GHIDRA||||END|
README.md||GHIDRA||||END|

View File

@ -0,0 +1 @@
# Debugger-agent-dbgmodel

View File

@ -1,5 +1,6 @@
##VERSION: 2.0
Module.manifest||GHIDRA||||END|
README.md||GHIDRA||||END|
src/javaprovider/def/javaprovider.def||GHIDRA||||END|
src/javaprovider/rc/javaprovider.rc||GHIDRA||||END|
src/main/resources/agent/dbgmodel/model/impl/dbgmodel_schema.xml||GHIDRA||||END|

View File

@ -1,28 +0,0 @@
Random Notes on the Implementation of Debugger-agent-frida
- Building libfrida-core.so:
You can download libfrida-core.a for Frida by grabbing the latest frida-core-devkit for your OS from
https://github.com/frida/frida/releases
or by downloading the Frida source and running:
python3 devkit.py frida-core linux-x86_64 DEVKIT
from the "releng" directory.
Ghidra needs a dynamically-loadable version of libfrida-core.a which you can generate by something like:
cp ghidra_wrapper.c into the directory with libfrida-core.a and frida-core.h (distro or DEVKIT)
g++ -shared ghidra_wrapper.c ./libfrida-core.a -o libfrida-core.so
Libfrida-core.so should then be added to the jna.library.path or put someplace like /usr/lib/x86_64-linux-gnu, where it will get picked up by Native.load().
- Frida Functionality
The most interesting bits of Frida are available as "methods" from the Objects Tree. For instance, if you select a function and hit "M", you will get a dialog with available methods. Selecting, for example, "intercept" will bring up a second dialog with the relevant parameters. For many of these, you will want to provide your own Javascript "on" functions, e.g. onEnter for the Interceptor. Stalking is available on Threads and the individual thread entries. Scan, protect, and watch functions are available on Memory. You can also redirect the output to GhidraScript, although this relies on a bit of a hack. If your Javascript "Name" parameter is something like "interpreter", prepend "interpreter<=" to the output from your Javascript, and the results will be passed to both the console and the script.
- State in Frida:
Commands in Frida are, generally speaking, not state-dependent, i.e. they do not depend on whether the target is running or not, only on whether the frida-agent thread is running. Many of the gum-based commands do, however, depend on ptrace. If you have a ptrace-based debugger attached to the target, they will time out. You can attach a debugger after Frida, but you will have to detach it to regain the gum-based functionality. "Detach" in most debuggers includes "resume", so it is difficult to get state other than the "initial" state from the frida-agent injection point. It would be nice if "disconnect" worked, but "disconnect" (i.e. detach without resuming) also leaves Frida in a partially disabled state.
- Errors in Frida
The cloaking logic in Frida, e.g. in gum_cloak_add_thread and gum_cloak_index_of_thread, is broken as of the writing of this note. Gum_cloak_add_thread is called for every thread, and gum_cloak_index_of_thread returns a non-negative result for every call but the first. As a result, every thread but one is cloaked, and enumerateThreads returns only a single thread. This is documented in Issue #625 for the frida-gum project. A quick fix is to comment out the cloaking call in frida-gum/gum/gumprocess.c::gum_emit_thread_if_not_cloaked. Obviously, this may have other undesirable effects, but...
The logic in the ordering of exception handlers also appears to be broken (Issue #627). New handlers are appended to the queue, in most cases after gum_exceptor_handle_scope_exception and gum_quick_core_handle_crashed_js. Gum_exceptor_handle_scope_exception almost always returns TRUE, breaking out of the queue and causing any remaining handlers to be ignored. This means any handler added with Process.setExceptionHandler is likely to be ignored. A quick fix is to modify gum_exceptor_add to use g_slist_prepend instead of g_slist_append.
Not really an error, but worth noting: building libfrida-core.so from the source may result in a library with glib2.0 dependencies that are incompatible with the current version of Eclipse. The not-so-simple solution is to build Eclipse on the machine that you used to build libfrida-core.

View File

@ -0,0 +1,58 @@
# Debugger-agent-frida
## Random Notes on the Implementation of Debugger-agent-frida
Building libfrida-core.so:
* You can download libfrida-core.a for Frida by grabbing the latest frida-core-devkit for your OS
from https://github.com/frida/frida/releases or by downloading the Frida source and running:
`python3 devkit.py frida-core linux-x86_64 DEVKIT` from the `releng` directory.
Ghidra needs a dynamically-loadable version of libfrida-core.a which you can generate by something like:
```bash
cp ghidra_wrapper.c into the directory with libfrida-core.a and frida-core.h (distro or DEVKIT)
g++ -shared ghidra_wrapper.c ./libfrida-core.a -o libfrida-core.so
```
Libfrida-core.so should then be added to the `j`na.library.path`or put someplace like
`/usr/lib/x86_64-linux-gnu`, where it will get picked up by `Native.load()`.
### Frida Functionality
The most interesting bits of Frida are available as "methods" from the Objects Tree. For instance,
if you select a function and hit `M`, you will get a dialog with available methods. Selecting,
for example, `intercept` will bring up a second dialog with the relevant parameters. For many of
these, you will want to provide your own Javascript `on` functions, e.g. `onEnter` for the
Interceptor. Stalking is available on Threads and the individual thread entries. Scan, protect, and
watch functions are available on Memory. You can also redirect the output to GhidraScript, although
this relies on a bit of a hack. If your Javascript `Name` parameter is something like
`interpreter`, prepend `interpreter<=` to the output from your Javascript, and the results will be
passed to both the console and the script.
### State in Frida
Commands in Frida are, generally speaking, not state-dependent, i.e. they do not depend on whether
the target is running or not, only on whether the frida-agent thread is running. Many of the
gum-based commands do, however, depend on ptrace. If you have a ptrace-based debugger attached to
the target, they will time out. You can attach a debugger after Frida, but you will have to detach
it to regain the gum-based functionality. "Detach" in most debuggers includes "resume", so it is
difficult to get state other than the "initial" state from the frida-agent injection point. It
would be nice if "disconnect" worked, but "disconnect" (i.e. detach without resuming) also leaves
Frida in a partially disabled state.
### Errors in Frida
The cloaking logic in Frida, e.g. in `gum_cloak_add_thread` and `gum_cloak_index_of_thread`, is
broken as of the writing of this note. `gum_cloak_add_thread` is called for every thread, and
`gum_cloak_index_of_thread` returns a non-negative result for every call but the first. As a
result, every thread but one is cloaked, and `enumerateThreads`returns only a single thread. This is
documented in `Issue #625` for the frida-gum project. A quick fix is to comment out the cloaking
call in `frida-gum/gum/gumprocess.c::gum_emit_thread_if_not_cloaked`. Obviously, this may have
other undesirable effects, but...
The logic in the ordering of exception handlers also appears to be broken (`Issue #627`). New
handlers are appended to the queue, in most cases after `gum_exceptor_handle_scope_exception` and
`gum_quick_core_handle_crashed_js`. `gum_exceptor_handle_scope_exception` almost always returns
`TRUE`, breaking out of the queue and causing any remaining handlers to be ignored. This means any
handler added with `Process.setExceptionHandler` is likely to be ignored. A quick fix is to modify
`gum_exceptor_add` to use `g_slist_prepend instead` of `g_slist_append`.
Not really an error, but worth noting: building `libfrida-core.so` from the source may result in a
library with glib2.0 dependencies that are incompatible with the current version of Eclipse. The
not-so-simple solution is to build Eclipse on the machine that you used to build `libfrida-core`.

View File

@ -1,8 +1,8 @@
##VERSION: 2.0
##MODULE IP: Apache License 2.0
##MODULE IP: Apache License 2.0 with LLVM Exceptions
FridaNotes.txt||GHIDRA||||END|
Module.manifest||GHIDRA||||END|
README.md||GHIDRA||||END|
build.gradle||GHIDRA||||END|
data/scripts/onAccess.js||GHIDRA||||END|
data/scripts/onAccessExt.js||GHIDRA||||END|

View File

@ -0,0 +1 @@
# Debugger-agent-gdb

View File

@ -1,6 +1,7 @@
##VERSION: 2.0
##MODULE IP: JSch License
Module.manifest||GHIDRA||||END|
README.md||GHIDRA||||END|
data/debugger-launchers/local-gdb.bat||GHIDRA||||END|
data/debugger-launchers/qemu-gdb.bat||GHIDRA||||END|
data/debugger-launchers/raw-gdb.bat||GHIDRA||||END|

View File

@ -0,0 +1 @@
# Debugger-agent-lldb

View File

@ -2,6 +2,7 @@
##MODULE IP: Apache License 2.0
##MODULE IP: Apache License 2.0 with LLVM Exceptions
Module.manifest||GHIDRA||||END|
README.md||GHIDRA||||END|
build.gradle||GHIDRA||||END|
data/debugger-launchers/local-lldb.bat||GHIDRA||||END|
src/llvm-project/lldb/bindings/java/java-typemaps.swig||Apache License 2.0 with LLVM Exceptions||||END|

View File

@ -0,0 +1 @@
# Debugger-api

View File

@ -1,2 +1,3 @@
##VERSION: 2.0
Module.manifest||GHIDRA||||END|
README.md||GHIDRA||||END|

View File

@ -0,0 +1 @@
# Debugger-gadp

View File

@ -1,2 +1,3 @@
##VERSION: 2.0
Module.manifest||GHIDRA||||END|
README.md||GHIDRA||||END|

View File

@ -0,0 +1 @@
# Debugger-isf

View File

@ -31,11 +31,3 @@ dependencies {
testImplementation project(path: ':Framework-AsyncComm', configuration: 'testArtifacts')
testImplementation project(path: ':Framework-Debugging', configuration: 'testArtifacts')
}
// Include buildable native source in distribution
rootProject.assembleDistribution {
from (this.project.projectDir.toString()) {
include "runISFServer"
into { getZipPath(this.project) }
}
}

View File

@ -1,3 +1,4 @@
##VERSION: 2.0
Module.manifest||GHIDRA||||END|
runISFServer||GHIDRA||||END|
README.md||GHIDRA||||END|
support/runISFServer||GHIDRA||||END|

View File

@ -26,9 +26,9 @@ VMARG_LIST="-XX:ParallelGCThreads=2 -XX:CICompilerCount=2 "
# fallback, which doesn't attempt to do anything with links.
SCRIPT_FILE="$(readlink -f "$0" 2>/dev/null || readlink "$0" 2>/dev/null || echo "$0")"
SCRIPT_DIR="${SCRIPT_FILE%/*}"
SUPPORT_DIR="${SCRIPT_DIR}/../../../support"
SUPPORT_DIR="${SCRIPT_DIR}/../../../../support"
if ! [ -f "${SUPPORT_DIR}/launch.properties" ]; then
SUPPORT_DIR="${SCRIPT_DIR}/../../RuntimeScripts/Linux/support"
SUPPORT_DIR="${SCRIPT_DIR}/../../../RuntimeScripts/Linux/support"
fi
# Launch ISF Server.

View File

@ -0,0 +1 @@
# Debugger-jpda

View File

@ -1,5 +1,6 @@
##VERSION: 2.0
Module.manifest||GHIDRA||||END|
README.md||GHIDRA||||END|
data/debugger-launchers/attach-java.jsh||GHIDRA||||END|
data/debugger-launchers/bypid-java.jsh||GHIDRA||||END|
data/debugger-launchers/local-java.jsh||GHIDRA||||END|

View File

@ -0,0 +1 @@
# Debugger-rmi-trace

View File

@ -3,6 +3,7 @@
##MODULE IP: BSD-3-PSUTIL
DEVNOTES.txt||GHIDRA||||END|
Module.manifest||GHIDRA||||END|
README.md||GHIDRA||||END|
data/ExtensionPoint.manifest||GHIDRA||||END|
src/main/help/help/TOC_Source.xml||GHIDRA||||END|
src/main/help/help/topics/TraceRmiConnectionManagerPlugin/TraceRmiConnectionManagerPlugin.html||GHIDRA||||END|

View File

@ -0,0 +1 @@
# Debugger-swig-lldb

View File

@ -3,6 +3,7 @@
##MODULE IP: Apache License 2.0 with LLVM Exceptions
InstructionsForBuildingLLDBInterface.txt||GHIDRA||||END|
Module.manifest||GHIDRA||||END|
README.md||GHIDRA||||END|
build.gradle||GHIDRA||||END|
src/llvm-project/lldb/bindings/java/java-typemaps.swig||Apache License 2.0 with LLVM Exceptions||||END|
src/llvm-project/lldb/bindings/java/java.swig||Apache License 2.0 with LLVM Exceptions||||END|

View File

@ -0,0 +1 @@
# Debugger

View File

@ -5,6 +5,7 @@
##MODULE IP: Oxygen Icons - LGPL 3.0
##MODULE IP: Tango Icons - Public Domain
Module.manifest||GHIDRA||||END|
README.md||GHIDRA||||END|
data/ExtensionPoint.manifest||GHIDRA||||END|
data/debugger.theme.properties||GHIDRA||||END|
src/main/help/help/TOC_Source.xml||GHIDRA||||END|

View File

@ -0,0 +1 @@
# Framework-AsyncComm

View File

@ -1,3 +1,4 @@
##VERSION: 2.0
##MODULE IP: BSD-3-GOOGLE
Module.manifest||GHIDRA||||END|
README.md||GHIDRA||||END|

View File

@ -0,0 +1 @@
# Framework-Debugging

View File

@ -1,6 +1,7 @@
##VERSION: 2.0
##MODULE IP: Apache License 2.0
Module.manifest||GHIDRA||||END|
README.md||GHIDRA||||END|
data/ExtensionPoint.manifest||GHIDRA||||END|
src/main/resources/agent.log4j.xml||GHIDRA||||END|
src/main/resources/log4j-appender-console.xml||GHIDRA||||END|

View File

@ -0,0 +1 @@
# Framework-TraceModeling

View File

@ -1,3 +1,4 @@
##VERSION: 2.0
Module.manifest||GHIDRA||||END|
README.md||GHIDRA||||END|
data/tracemodeling.theme.properties||GHIDRA||||END|

View File

@ -0,0 +1 @@
# ProposedUtils

View File

@ -1,4 +1,5 @@
##VERSION: 2.0
Module.manifest||GHIDRA||||END|
README.md||GHIDRA||||END|
build.gradle||GHIDRA||||END|
data/ExtensionPoint.manifest||GHIDRA||||END|

View File

@ -1,99 +0,0 @@
Installation of the Elasticsearch BSim Plug-in:
In order to use Elasticsearch as the back-end database for a BSim instance,
the lsh plug-in, included with this Ghidra extension, must be installed on
the Elasticsearch cluster.
The lsh plug-in is bundled in the standard plug-in format as the file
'lsh.zip'. It must be installed separately on EVERY node of the cluster,
and each node must be restarted after the install in order for the plug-in to
become active.
For a single node, installation is accomplished with the command-line
'elasticsearch-plugin' script that comes with the standard Elasticsearch
distribution. It expects a URL pointing to the plug-in to be installed.
The basic command, executed in the Elasticsearch installation directory
for the node, is
bin/elasticsearch-plugin install file:///path/to/ghidra/Ghidra/Extensions/BSimElasticPlugin/data/lsh.zip
Replace the initial portion of the absolute path in the URL to point to your
particular Ghidra installation.
Deployment:
Follow the Elasticsearch documentation to do any additional configuration,
starting, stopping, and management of your Elasticsearch cluster.
To try BSim with a toy deployment, you can start a single node (as per the
documentation) from the command-line by just running
bin/elasticsearch
This will dump logging messages to the console, and you should see '[lsh]'
listed among the loaded plug-ins as the node starts up.
This will typically start the database with password authentication enabled. An
'elastic' user will be automatically created with a randomly generated password that
gets printed to the console the first time the node is started. To add additional
users, use a curl command like
curl -k -u elastic:XXXXXX -X POST "https://localhost:9200/_security/user/ghidrauser?pretty" -H 'Content-Type: application/json' -d'
{
"password" : "changeme",
"roles" : [ "superuser" ],
"full_name" : "Ghidra User",
"email" : "ghidrauser@example.com"
}
'
Replace XXXXXX with the generated password for the 'elastic' user. This example
creates a user 'ghidrauser', with administrator privileges. The built-in role
'viewer' can be used to create users with read-only access to the database.
Once the Elasticsearch node(s) are running, whether they are a toy or a full
deployment, you can immediately proceed to the BSim 'bsim' command.
The Ghidra/BSim client and 'bsim' command automatically assume an
Elasticsearch server when they see the 'https' protocol in the provided URLs,
although the 'elastic" protocol may also be specified and is equivalent.
The use of the 'http' protocol for Elasticsearch is not supported.
Adjust the hostname, port number, and repository name as appropriate.
Use a command-line similar to the following to create a BSim instance:
bsim createdatabase elastic://1.2.3.4:9200/repo medium_32
This is equivalent to:
bsim createdatabase https://1.2.3.4:9200/repo medium_32
Use a command-line like this to generate and commit signatures from a Ghidra Server
repository to the Elasticsearch database created above:
bsim generatesigs ghidra://1.2.3.4/repo --bsim elastic://1.2.3.4:9200/repo
Within Ghidra's BSim client, enter the same URL into the database connection
panel in order to place queries to your Elasticsearch deployment. See the BSim
documentation included with Ghidra for full details.
Version:
The current BSim plug-in was tested with Elasticsearch version 8.8.1.
A change to the Elasticsearch scripting interface, starting with version 7.15, makes the BSim
plug-in incompatible with previous versions, but the lsh plug-in jars may work without change
across later Elasticsearch versions.
Elasticsearch plug-ins explicitly encode the version of Elasticsearch they work with, and the
plug-in script will refuse to install the lsh plug-in if its version does not match your
particular installation. If your Elasticsearch version is slightly different, you can try
unpacking the zip file, changing the version number to match your software, and then repacking
the zip file. Within the zip archive, the version number is stored in a configuration file
elasticsearch/plugin-descriptor.properties
The file format is fairly simple: edit the line
elasticsearch.version=8.8.1
The plugin may work with other nearby versions, but proceed at your own risk.

View File

@ -0,0 +1,99 @@
# BSimElasticPlugin
## Installation of the Elasticsearch BSim Plug-in
In order to use Elasticsearch as the back-end database for a BSim instance, the lsh plug-in,
included with this Ghidra extension, must be installed on the Elasticsearch cluster.
The lsh plug-in is bundled in the standard plug-in format as the file `lsh.zip`. It must be
installed separately on EVERY node of the cluster, and each node must be restarted after the install
in order for the plug-in to become active.
For a single node, installation is accomplished with the command-line `elasticsearch-plugin` script
that comes with the standard Elasticsearch distribution. It expects a URL pointing to the plug-in to
be installed. The basic command, executed in the Elasticsearch installation directory for the node,
is:
```
bin/elasticsearch-plugin install file:///path/to/ghidra/Ghidra/Extensions/BSimElasticPlugin/data/lsh.zip
```
Replace the initial portion of the absolute path in the URL to point to your particular Ghidra
installation.
## Deployment
Follow the Elasticsearch documentation to do any additional configuration, starting, stopping, and
management of your Elasticsearch cluster.
To try BSim with a toy deployment, you can start a single node (as per the documentation) from the
command-line by just running
```
bin/elasticsearch
```
This will dump logging messages to the console, and you should see `[lsh]` listed among the loaded
plug-ins as the node starts up.
This will typically start the database with password authentication enabled. An `elastic` user will
be automatically created with a randomly generated password that gets printed to the console the
first time the node is started. To add additional users, use a curl command like
```
curl -k -u elastic:XXXXXX -X POST "https://localhost:9200/_security/user/ghidrauser?pretty" -H 'Content-Type: application/json' -d'
{
"password" : "changeme",
"roles" : [ "superuser" ],
"full_name" : "Ghidra User",
"email" : "ghidrauser@example.com"
}
```
Replace `XXXXXX` with the generated password for the `elastic` user. This example creates a user
`ghidrauser`, with administrator privileges. The built-in role `viewer` can be used to create users
with read-only access to the database.
Once the Elasticsearch node(s) are running, whether they are a toy or a full deployment, you can
immediately proceed to the BSim `bsim` command. The Ghidra/BSim client and `bsim` command
automatically assume an Elasticsearch server when they see the __https__ protocol in the provided
URLs, although the __elastic__ protocol may also be specified and is equivalent. The use of the
__http__ protocol for Elasticsearch is not supported. Adjust the hostname, port number, and
repository name as appropriate. Use a command-line similar to the following to create a BSim
instance:
```
bsim createdatabase elastic://1.2.3.4:9200/repo medium_32
```
This is equivalent to:
```
bsim createdatabase https://1.2.3.4:9200/repo medium_32
```
Use a command-line like this to generate and commit signatures from a Ghidra Server repository to
the Elasticsearch database created above:
```
bsim generatesigs ghidra://1.2.3.4/repo --bsim elastic://1.2.3.4:9200/repo
```
Within Ghidra's BSim client, enter the same URL into the database connection panel in order to place
queries to your Elasticsearch deployment. See the BSim documentation included with Ghidra for full
details.
## Version
The current BSim plug-in was tested with Elasticsearch version `8.8.1`. A change to the
Elasticsearch scripting interface, starting with version `7.15`, makes the BSim plug-in incompatible
with previous versions, but the lsh plug-in jars may work without change across later Elasticsearch
versions.
Elasticsearch plug-ins explicitly encode the version of Elasticsearch they work with, and the
plug-in script will refuse to install the lsh plug-in if its version does not match your
particular installation. If your Elasticsearch version is slightly different, you can try
unpacking the zip file, changing the version number to match your software, and then repacking
the zip file. Within the zip archive, the version number is stored in a configuration file
```
elasticsearch/plugin-descriptor.properties
```
The file format is fairly simple: edit the line
```
elasticsearch.version=8.8.1
```
The plugin may work with other nearby versions, but proceed at your own risk.

View File

@ -1,6 +1,6 @@
##VERSION: 2.0
##MODULE IP: Apache License 2.0
INSTALL.txt||GHIDRA||||END|
Module.manifest||GHIDRA||reviewed||END|
README.md||GHIDRA||||END|
contribZipExclude/plugin-descriptor.properties||GHIDRA||||END|
extension.properties||GHIDRA||||END|

View File

@ -0,0 +1 @@
# MachineLearning

View File

@ -3,8 +3,8 @@
##MODULE IP: BSD-2-ORACLE
##MODULE IP: BSD-3-GOOGLE
Module.manifest||GHIDRA||||END|
README.md||GHIDRA||||END|
extension.properties||GHIDRA||||END|
lib/README.txt||GHIDRA||||END|
src/main/help/help/TOC_Source.xml||GHIDRA||||END|
src/main/help/help/topics/RandomForestFunctionFinderPlugin/RandomForestFunctionFinderPlugin.htm||GHIDRA||||END|
src/main/resources/images/README.txt||GHIDRA||||END|

View File

@ -0,0 +1 @@
# SampleTablePlugin

View File

@ -2,6 +2,7 @@
##MODULE IP: FAMFAMFAM Icons - CC 2.5
##MODULE IP: Oxygen Icons - LGPL 3.0
Module.manifest||GHIDRA||reviewed||END|
README.md||GHIDRA||||END|
data/ExtensionPoint.manifest||GHIDRA||||END|
data/sampletableplugin.theme.properties||GHIDRA||||END|
extension.properties||GHIDRA||||END|

View File

@ -0,0 +1 @@
# SleighDevTools

View File

@ -1,5 +1,6 @@
##VERSION: 2.0
Module.manifest||GHIDRA||||END|
README.md||GHIDRA||||END|
data/ExtensionPoint.manifest||GHIDRA||||END|
data/LanguageMap.txt||GHIDRA||||END|
extension.properties||GHIDRA||||END|

View File

@ -0,0 +1 @@
# bundle_examples

View File

@ -1,5 +1,6 @@
##VERSION: 2.0
Module.manifest||GHIDRA||||END|
README.md||GHIDRA||||END|
extension.properties||GHIDRA||||END|
scripts_jar1/META-INF/MANIFEST.MF||GHIDRA||||END|
scripts_jar2/META-INF/MANIFEST.MF||GHIDRA||||END|

View File

@ -0,0 +1 @@
# sample

View File

@ -2,6 +2,7 @@
##MODULE IP: FAMFAMFAM Icons - CC 2.5
##MODULE IP: Oxygen Icons - LGPL 3.0
Module.manifest||GHIDRA||reviewed||END|
README.md||GHIDRA||||END|
data/README.txt||GHIDRA||||END|
data/sample.theme.properties||GHIDRA||||END|
extension.properties||GHIDRA||||END|

View File

@ -0,0 +1 @@
# BSim

View File

@ -44,19 +44,18 @@ dependencies {
// into common zip to allow for a rebuild of the postgres server if needed
rootProject.assembleDistribution {
def p = this.project
def zipPath = getZipPath(p)
String postgresqlDepsFile = "${DEPS_DIR}/BSim/${postgresql_distro}"
String postgresqlBinRepoFile = "${BIN_REPO}/Ghidra/Features/BSim/${postgresql_distro}"
def postgresqlFile = file(postgresqlDepsFile).exists() ? postgresqlDepsFile : postgresqlBinRepoFile
into (getZipPath(this.project)) {
from file("make-postgres.sh")
}
into (getZipPath(this.project)) {
into ("${zipPath}/support") {
from file(postgresqlFile)
}
into (getZipPath(this.project) + "/src/lshvector") {
into ("${zipPath}/src/lshvector") {
from files("src/lshvector")
}
}

View File

@ -11,6 +11,7 @@
##MODULE IP: PostgresqlJDBC License
##MODULE IP: Public Domain
Module.manifest||GHIDRA||||END|
README.md||GHIDRA||||END|
data/bsim.theme.properties||GHIDRA||||END|
data/large_32.xml||GHIDRA||||END|
data/lshweights_32.xml||GHIDRA|||Signature data|END|

View File

@ -104,7 +104,7 @@
extension, provided as part of the Ghidra installation. Prebuilt servers, like those
provided as OS distribution packages, will not work as is with BSim. For users on Linux
and macOS, the Ghidra installation provides a script, <CODE>make-postgres.sh</CODE>,
in the module directory <CODE>Ghidra/Features/BSim</CODE> that builds both the PostgreSQL
in the module directory <CODE>Ghidra/Features/BSim/support</CODE> that builds both the PostgreSQL
server and the BSim extension from source and prepares the installation for use with
Ghidra. If not already included in the Ghidra installation, the source distribution
file, currently <CODE>postgresql-15.3.tar.gz</CODE>, can be obtained from the PostgreSQL
@ -127,7 +127,7 @@
<DIV class="informalexample">
<TABLE border="0" summary="Simple list" class="simplelist">
<TR>
<TD><CODE class="computeroutput">$(ROOT)/Ghidra/Features/BSim/postgresql-15.3.tar.gz
<TD><CODE class="computeroutput">$(ROOT)/Ghidra/Features/BSim/support/postgresql-15.3.tar.gz
</CODE></TD>
</TR>
</TABLE>
@ -138,7 +138,7 @@
<DIV class="informalexample">
<TABLE border="0" summary="Simple list" class="simplelist">
<TR>
<TD><CODE class="computeroutput">cd $(ROOT)/Ghidra/Features/BSim
<TD><CODE class="computeroutput">cd $(ROOT)/Ghidra/Features/BSim/support
</CODE></TD>
</TR>
<TR>

View File

@ -112,7 +112,8 @@ public class BSimControlLaunchable implements GhidraLaunchable {
}
private final static String POSTGRES = "postgresql";
private final static String POSTGRES_BUILD_SCRIPT = "Ghidra/Features/BSim/make-postgres.sh";
private final static String POSTGRES_BUILD_SCRIPT =
"Ghidra/Features/BSim/support/make-postgres.sh";
private final static String POSTGRES_CONFIGFILE = "postgresql.conf";
private final static String POSTGRES_CONNECTFILE = "pg_hba.conf";
private final static String POSTGRES_IDENTFILE = "pg_ident.conf";

View File

@ -50,11 +50,12 @@ POSTGRES=postgresql-15.3
POSTGRES_GZ=${POSTGRES}.tar.gz
POSTGRES_CONFIG_OPTIONS="--disable-rpath --with-openssl"
DIR=$(cd `dirname $0`; pwd)
DIR=$(cd `dirname $0`; pwd)/..
echo $DIR
POSTGRES_GZ_PATH=${DIR}/../../../../ghidra.bin/Ghidra/Features/BSim/${POSTGRES_GZ}
if [ ! -f "${POSTGRES_GZ_PATH}" ]; then
POSTGRES_GZ_PATH=${DIR}/${POSTGRES_GZ}
POSTGRES_GZ_PATH=${DIR}/support/${POSTGRES_GZ}
if [ ! -f "${POSTGRES_GZ_PATH}" ]; then
echo "Postgres source bundle not found: ${POSTGRES_GZ_PATH}"
exit -1

View File

@ -0,0 +1 @@
# BSimFeatureVisualizer

View File

@ -1,5 +1,6 @@
##VERSION: 2.0
Module.manifest||GHIDRA||||END|
README.md||GHIDRA||||END|
data/bsim.theme.properties||GHIDRA||||END|
src/main/help/help/TOC_Source.xml||GHIDRA||||END|
src/main/help/help/topics/BSimFeatureVisualizerPlugin/BSimFeatureVisualizerPlugin.htm||GHIDRA||||END|

View File

@ -0,0 +1 @@
# Base

View File

@ -15,6 +15,7 @@
.launch/Headless.launch||GHIDRA||||END|
.launch/JShell.launch||GHIDRA||||END|
Module.manifest||GHIDRA||||END|
README.md||GHIDRA||||END|
data/ElfFunctionsThatDoNotReturn||GHIDRA||||END|
data/ExtensionPoint.manifest||GHIDRA||||END|
data/GolangFunctionsThatDoNotReturn||GHIDRA||||END|

View File

@ -0,0 +1 @@
# BytePatterns

View File

@ -1,6 +1,7 @@
##VERSION: 2.0
##MODULE IP: Oxygen Icons - LGPL 3.0
Module.manifest||GHIDRA||reviewed||END|
README.md||GHIDRA||||END|
data/bytepatterns.theme.properties||GHIDRA||||END|
data/test/FileBitPatternInfoReaderTestFile1.xml||GHIDRA||||END|
data/test/FileBitPatternInfoReaderTestFile2.xml||GHIDRA||||END|

View File

@ -0,0 +1 @@
# ByteViewer

View File

@ -2,6 +2,7 @@
##MODULE IP: FAMFAMFAM Icons - CC 2.5
##MODULE IP: Oxygen Icons - LGPL 3.0
Module.manifest||GHIDRA||||END|
README.md||GHIDRA||||END|
data/ExtensionPoint.manifest||GHIDRA||reviewed||END|
data/byteviewer.theme.properties||GHIDRA||||END|
src/main/help/help/TOC_Source.xml||GHIDRA||reviewed||END|

View File

@ -0,0 +1 @@
# CodeCompare

View File

@ -1,4 +1,5 @@
##VERSION: 2.0
##MODULE IP: LGPL 3.0
Module.manifest||GHIDRA||||END|
README.md||GHIDRA||||END|
data/codecompare.theme.properties||GHIDRA||||END|

View File

@ -0,0 +1 @@
# DebugUtils

View File

@ -1,2 +1,3 @@
##VERSION: 2.0
Module.manifest||GHIDRA||reviewed||END|
README.md||GHIDRA||||END|

View File

@ -0,0 +1 @@
# Decompiler

View File

@ -6,6 +6,7 @@
##MODULE IP: Tango Icons - Public Domain
##MODULE IP: zlib License
Module.manifest||GHIDRA||||END|
README.md||GHIDRA||||END|
data/decompiler.theme.properties||GHIDRA||||END|
src/decompile/.cproject||GHIDRA||||END|
src/decompile/cpp/.gitignore||GHIDRA||||END|

View File

@ -0,0 +1 @@
# DecompilerDependent

View File

@ -1,5 +1,6 @@
##VERSION: 2.0
Module.manifest||GHIDRA||||END|
README.md||GHIDRA||||END|
data/ExtensionPoint.manifest||GHIDRA||||END|
data/decompiler.dependent.theme.properties||GHIDRA||||END|
src/main/help/help/TOC_Source.xml||GHIDRA||||END|

View File

@ -0,0 +1 @@
# FileFormats

View File

@ -10,6 +10,7 @@
##MODULE IP: LGPL 2.1
##MODULE IP: Public Domain
Module.manifest||GHIDRA||||END|
README.md||GHIDRA||||END|
data/ExtensionPoint.manifest||GHIDRA||||END|
data/android/eclipse-classpath||GHIDRA||reviewed||END|
data/android/eclipse-project||GHIDRA||reviewed||END|

View File

@ -0,0 +1 @@
# FunctionGraph

View File

@ -4,6 +4,7 @@
##MODULE IP: Oxygen Icons - LGPL 3.0
##MODULE IP: Tango Icons - Public Domain
Module.manifest||GHIDRA||||END|
README.md||GHIDRA||||END|
data/ExtensionPoint.manifest||GHIDRA||||END|
data/functiongraph.theme.properties||GHIDRA||||END|
src/main/help/help/TOC_Source.xml||GHIDRA||||END|

View File

@ -0,0 +1 @@
# FunctionGraphDecompilerExtension

View File

@ -1,4 +1,5 @@
##VERSION: 2.0
Module.manifest||GHIDRA||||END|
README.md||GHIDRA||||END|
data/functiongraph.extension.decompiler.theme.properties||GHIDRA||||END|
src/main/resources/images/function_graph_code_flow.png||GHIDRA||reviewed||END|

View File

@ -0,0 +1 @@
# FunctionID

View File

@ -1,6 +1,7 @@
##VERSION: 2.0
##MODULE IP: Nuvola Icons - LGPL 2.1
Module.manifest||GHIDRA||||END|
README.md||GHIDRA||||END|
data/building_fid.txt||GHIDRA||||END|
data/common_symbols_win32.txt||GHIDRA|||Symbols used to generate fiddb files distributed with Ghidra|END|
data/common_symbols_win64.txt||GHIDRA|||Symbols used to generate fiddb files distributed with Ghidra|END|

View File

@ -0,0 +1 @@
# GhidraGo

View File

@ -1,4 +1,5 @@
##VERSION: 2.0
Module.manifest||GHIDRA||||END|
README.md||GHIDRA||||END|
src/main/help/help/TOC_Source.xml||GHIDRA||||END|
src/main/help/help/topics/GhidraGo/GhidraGo.html||GHIDRA||||END|

View File

@ -0,0 +1 @@
# GhidraServer

View File

@ -3,6 +3,7 @@
##MODULE IP: LGPL 2.1
##MODULE IP: Tango Icons - Public Domain
Module.manifest||GHIDRA||||END|
README.md||GHIDRA||||END|
data/serial.filter||GHIDRA||||END|
os/readme.txt||GHIDRA||||END|
src/main/java/ghidra/server/remote/ServerHelp.txt||GHIDRA||||END|

View File

@ -0,0 +1 @@
# GnuDemangler

View File

@ -1,4 +1,5 @@
##VERSION: 2.0
Module.manifest||GHIDRA||||END|
README.md||GHIDRA||||END|
data/default.gnu.demangler.replacements.txt||GHIDRA||||END|
src/test/resources/ghidra/app/util/demangler/gnu_mangled_names.txt||GHIDRA||reviewed||END|

View File

@ -0,0 +1 @@
# GraphFunctionCalls

View File

@ -1,6 +1,7 @@
##VERSION: 2.0
##MODULE IP: Oxygen Icons - LGPL 3.0
Module.manifest||GHIDRA||||END|
README.md||GHIDRA||||END|
data/functioncallgraph.theme.properties||GHIDRA||||END|
src/main/help/help/TOC_Source.xml||GHIDRA||||END|
src/main/help/help/topics/FunctionCallGraphPlugin/Function_Call_Graph.html||GHIDRA||||END|

View File

@ -0,0 +1 @@
# GraphServices

Some files were not shown because too many files have changed in this diff Show More