How to use headlessAnalyzer with ghidra-bridge about ghidra_bridge HOT 19 CLOSED

Sure, ghidra_bridge absolutely supports being run via the headlessAnalyzer - the command to do so is in the readme, but is basically $ghidraRoot/support/analyzeHeadless ghidra-project -import <file> -scriptPath <install directory for the server scripts> -postscript ghidra_bridge_server.py

I'm not sure how you've got your script set up, but note that this command runs the ghidra_bridge_server - you'd leave that running, and then run your own python3 script in a separate process (that is, not through the headlessAnalyzer) which would connect to that ghidra_bridge_server.

ImportError: No module named ghidra_bridge suggests to me that you might be trying to run the client part of ghidra_bridge in the headlessAnalyzer, instead of the server (the server doesn't import the ghidra_bridge module, that's purely client code).

If that helps, great - otherwise, please comment with your script and the commands you're using to run it and I'll see if I can help.

from ghidra_bridge.

Following up on your separate email, so that the answer can be useful to others:

I’m writing a python script in which I want to start ghidra-bridge directly and then perform some analysis instead of manually starting the ghidra-bridge server.

So, what I can recommend is taking a look at https://github.com/justfoxing/ghidra_bridge/blob/master/ghidra_bridge/server/example_py3_from_ghidra_bridge.py - this is an example script that demonstrates how to, from within the ghidra context, start a ghidra_bridge_server, spin up a separate python3 process to communicate with it, and then shut everything down when it's done. You should also be able to run something like this with the headlessAnalyzer using a command like the one above.

from ghidra_bridge.

@TylerKann - ghidraRoot is how I refer to the directory you unzip when you put Ghidra on your system - this is probably called something like ghidra_9.1.2_PUBLIC and has the ghidraRun script in it. It also has the support/ directory which contains the analyzeHeadless scripts that ship with every Ghidra release - they aren't a separate install.

from ghidra_bridge.

@sajjadirn - oops, yup, totally a bug in the code. I've just released a fix in version 0.2.2 - upgrade with pip install ghidra_bridge --upgrade, then re-install the server scripts with python -m ghidra_bridge.install_server <script location>. Then try rerunning and it should work.

If not, please include your script and the command you're using to run it so I can see if there's another issue.

from ghidra_bridge.

Hi, thank you so much for your reply.
So, I tried running the example using headlessAnalyzer, but I got this error in the cmd line
INFO:jfx_bridge.bridge:serving! Traceback (most recent call last): File "D:\Data_Mining\testt\brij.py", line 44, in <module> ghidra_bridge_server.GhidraBridgeServer.run_script_across_ghidra_bridge(script_file) File "D:\Data_Mining\testt\ghidra_bridge_server.py", line 169, in run_script_across_ghidra_bridge server.bridge.shutdown() AttributeError: 'BridgeServer' object has no attribute 'bridge'

Do I have to make any changes to the example file to be able to run it successfully? I tried substituting my code in that script too but got the same error. Sorry if this question sounds very naive, I'm new to ghidra.

from ghidra_bridge.

How did you all get to this part :
ghidraRoot/support/analyzeHeadless

is that something you need to install? I do not have a ghidraRoot, nonetheless analyzeHeadless. Thanks!

from ghidra_bridge.

Hi, Thank you so much for solving the bug. Yes it works perfectly now. But sometimes i get a timeout error. How do I override it?
Traceback (most recent call last): File "D:\bridge\jfx_bridge\bridge.py", line 460, in get_response data = response.get(timeout)
File "D:\bridge\jfx_bridge\bridge.py", line 424, in get raise Exception() Exception

This is the error.

I think this is the part of code which is causing a timeout error, I am extracting all the assembly code of a binary.
instructionList = [] for instr in currentProgram.getListing().getInstructions(True): instructionList.append(instr)

from ghidra_bridge.

Yeah, I wouldn't be surprised, that can take some time. Your two options are:

1. (Recommended) Use the Remote Eval feature described in the Readme. Not only does this package the operation into one bridge command instead of sending commands for each individual instruction (so it's much much faster overall), it also has a timeout_override argument allowing you to set how long to wait before the timeout. This might (I'm just guessing from a quick look at your code) look something like:
   instructionList = <ghidra_bridge_variable>.bridge.remote_eval("[instr for instr in currentProgram.getListing().getInstructions(True)]", timeout_override=120)

2. Set the response_timeout argument when creating the bridge - this would look something like ghidra_bridge.GhidraBridge(response_timeout=120) to wait two minutes before timing out.

from ghidra_bridge.

@justfoxing can you explain what
<install directory for the server scripts> is? Is that where the bridge folder is? Is that and and <file> all I need to input? Thanks a lot

from ghidra_bridge.

Thank you again for your reply. @justfoxing

from ghidra_bridge.

@TylerKann It is the directory where the ghidra_bridge_server.py script is along with other bridge scripts(basically wherever you installed the bridge files) . Yes <file> is the binary file you want ghidra to analyze

$ghidraRoot/support/analyzeHeadless ghidra-project -import <file> -scriptPath <install directory for the server scripts> -postscript ghidra_bridge_server.py

This command will analyze a file and start a bridge server. Then you can go to your python 3 script and type

import ghidra_bridge
b = ghidra_bridge.GhidraBridge(namespace=globals())

And this will connect your script to the bridge and then you can interact with the analyzed program.

from ghidra_bridge.

sajjadirn i have a binary file called ptest that I moved into my support folder. My ghidra_bridge_server.py is located at home -> ghidra_scripts (I am using ubuntu 18.04) , yet I get an error when I try to do headless analysis:

./analyzeHeadless ghidra-project -import ptest -scriptPath ./home/ghidra_scripts -postscript ghidra_bridge_server.py

Exception in thread "main" ghidra.util.exception.InvalidInputException: Bad argument: ptest at ghidra.app.util.headless.AnalyzeHeadless.parseOptions(AnalyzeHeadless.java:313) at ghidra.app.util.headless.AnalyzeHeadless.launch(AnalyzeHeadless.java:113) at ghidra.GhidraLauncher.main(GhidraLauncher.java:78)
Any thoughts?

from ghidra_bridge.

@TylerKann you need to mention the path for the binary too and I think the extension too, for example

./analyzeHeadless ghidra-project -import ./home/ptest.exe -scriptPath ./home/ghidra_scripts -postscript ghidra_bridge_server.py

Does this solve the error?

from ghidra_bridge.

I moved ptest to ghidraRoot/support though. When I try it with ./ptest it still doesn't work @sajjadirn

from ghidra_bridge.

Did you try giving the extension of ptest? Like ptest.exe
@TylerKann

from ghidra_bridge.

@sajjadirn I am frankly not sure what extension it would be haha.

file ./ptest
./ptest: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=f1ca1bfb6e6096af187bb97e0f2d85ae645cb69e, not stripped

In terminal if I do ./ptest it will work. I tried ./ptest.exe , ./ptest.elf , ./ptest.run, and all of those just said no file found .. so i am not really sure what extension it is. Any thoughts?

from ghidra_bridge.

Did you try analyzing this file from the ghidra GUI? what does it detect it to be? Or can you create a new folder say importfiles and paste the ptest file in it and in your command just give the directory. For example

./analyzeHeadless ghidra-project -import ./home/importfiles -scriptPath ./home/ghidra_scripts -postscript ghidra_bridge_server.py

for now, make sure that the folder only contains the ptest file

from ghidra_bridge.

Exception in thread "main" ghidra.util.exception.InvalidInputException: Bad argument: ./home/importfiles at ghidra.app.util.headless.AnalyzeHeadless.parseOptions(AnalyzeHeadless.java:313) at ghidra.app.util.headless.AnalyzeHeadless.launch(AnalyzeHeadless.java:113) at ghidra.GhidraLauncher.main(GhidraLauncher.java:78)
This makes me feel like I am doing the command wrong or something .. because it just keeps saying bad argument

from ghidra_bridge.

Sorry for the confusion, both of you - my off-the-cuff analyzeHeadless example command wasn't quite right (there's a missing project directory argument, which if not provided will cause the error @TylerKann reported). It should look something more like: $ghidraRoot/support/analyzeHeadless <path to directory to store project> <name of project> -import <path to file> -scriptPath <install directory for the server scripts> -postscript ghidra_bridge_server.py. I've updated this in the README as well.

@sajjadirn - @TylerKann appears to be running his code on a Linux system, while you're running on Windows. As such, his target file most likely does not have an extension. Ghidra only needs the correct file path - if the file has an extension or not doesn't affect it.

@TylerKann - Ghidra ships with a usage guide specifically for the analyzeHeadless command, called analyzeHeadlessREADME.html, located in the support directory where analyzeHeadless is. I'd recommend checking that, and trying to use it without ghidra_bridge to get a sense of how it's meant to work. If you're still having issues getting it to work without ghidra_bridge in the mix, I'd suggest reaching out to the Ghidra project to see if they can help better.

@sajjadirn - it sounds like you may have gotten your problem solved now, so I'm going to close this issue. If not, feel free to reopen with more details.

from ghidra_bridge.