- bsim_ctl start </datadir-path [auth=pki|password|trust] [--noLocalAuth] [cafile=</cacert-path>] [dn=".."]
+ bsim_ctl start </datadir-path> [--auth|-a pki|password|trust] [--noLocalAuth] [--cafile </cacert-path>] [--dn "<distinguished-name>"]
bsim_ctl stop </datadir-path> [--force]
- bsim_ctl adduser </datadir-path> <username> [dn=".."]
+ bsim_ctl adduser </datadir-path> <username> [--dn "<distinguished-name>"]
bsim_ctl dropuser </datadir-path> <username>
bsim_ctl resetpassword <username>
- bsim_ctl changeauth </datadir-path> [auth=pki|password|trust] [--noLocalAuth] [cafile=</cacert-path>] [dn=".."]
+ bsim_ctl changeauth </datadir-path> [--auth|-a pki|password|trust] [--noLocalAuth] [--cafile </cacert-path>] [--dn "<distinguished-name>"]
bsim_ctl changeprivilege <username> admin|user
Global Options:
- port=<portnum>
- user=<username>
- cert=</certfile-path>
+ --port|-p <portnum>
+ --user|-u <username>
+ --cert </certfile-path>
During a restart, any authentication options (with the exception of the global - cert= option) are unnecessary and will + --cert option) are unnecessary and will be ignored. The PostgreSQL server will be restarted with the already established settings. To actually change the settings, use the changeauth command before restarting.
-auth=type - specifies the authentication type (pki | +
--auth|-a <type> - specifies the authentication type (pki | password | trust) for a new database: trust for no authentication, password for password authentication, and pki for authentication using public key certificates. With the pki setting, both the cafile= and the dn= options also need to be provided; additionally - the cert= option must be provided unless + "bold">--cafile and the --dn options also need to be provided; additionally + the --cert option must be provided unless the --noLocalAuth option is also given.
--noLocalAuth - used together with - the auth= option causes + the --auth option causes authentication to not be required for local connections, i.e. localhost.
-cafile=/cafile-path - specifies an absolute path to a +
--cafile </cafile-path> - specifies an absolute path to a certificate authority file and is required for auth=pki. This file should contain the + "command">--auth pki. This file should contain the certificates the PostgreSQL server will use to authenticate in PEM format concatenated together.
-dn=name - specifies the Distinguished Name for the admin - user and is required for auth=pki.
+--dn <distinguished-name> - specifies the Distinguished + Name for the admin user and is required for + --auth pki.
-port=portnum - specifies the port the PostgreSQL server will +
--port|-p <portnum> - specifies the port the PostgreSQL server will listen on. For port numbers other than the default 5432, URLs and other command-lines must explicitly specify the port, when connecting to the server. This option only effects the initial start of a server. For subsequent (re)starts this @@ -143,10 +145,10 @@ (read-only) privileges, unless a subsequent changeprivilege command is used.
-dn=name - specifies the Distinguished Name of the new user, +
--dn <distinguished-name> - specifies the Distinguished Name of the new user, which is required if the database enabled auth=pki. This option can be used to provide a + "command">--auth pki. This option can be used to provide a Distinguished Name to a preexisting user, if the PostgreSQL server's authentication strategy is changed.
@@ -170,23 +172,22 @@ the same meaning as for the start command. -port=portnum - changes the port the PostgreSQL server will +
--port|-p <portnum> - changes the port the PostgreSQL server will listen on. If this option is not present, the server will continue to listen on the same port.
-auth=type - changes the authentication type (pki | +
--auth|-a <type> - changes the authentication type (pki | password | trust) used by the PostgreSQL server. No change is made if the option is not present. If the option is present, omitting the --noLocalAuth causes local connections to require authentication. This command does not affect the presence or absence of passwords or Distinguished Names for existing users.
-dn=name - specifies the Distinguished Name for the admin - user and is required for auth=pki.
+--dn <distinguished-name> - specifies the Distinguished Name for the admin + user and is required for --auth pki.
port=portnum - specifies the port on which to connect with +
--port|-p <portnum> - specifies the port on which to connect with the PostgreSQL server.
-user=username - specifies a user name to use when connecting +
--user|-u <username> - specifies a user name to use when connecting to the PostgreSQL server.
-cert=/certfile-path - provides the absolute file path to the +
--cert </certfile-path> - provides the absolute file path to the user's certificate when connecting to a PostgreSQL server that requires PKI authentication.
@@ -249,31 +250,31 @@
-
- bsim createdatabase <bsimURL> <config_template> [name="<name>"] [owner="<owner>"] [description="<text>"] [--nocallgraph]
- bsim setmetadata <bsimURL> [name="<name>"] [owner="<owner>"] [description="<text>"]\n" +
+
+ bsim createdatabase <bsimURL> <config_template> [--name|-n "<name>"] [--owner|-o "<owner>"] [--description|-d "<text>"] [--nocallgraph]
+ bsim setmetadata <bsimURL> [--name|-n "<name>"] [--owner|-o "<owner>"] [--description|-d "<text>"]\n" +
bsim addexecategory <bsimURL> <category_name> [--date]
bsim addfunctiontag <bsimURL> <tag_name>
bsim dropindex <bsimURL>
bsim rebuildindex <bsimURL>
bsim prewarm <bsimURL>
- bsim generatesigs <ghidraURL> </xmldirectory> config=<config_template> [--overwrite]
- bsim generatesigs <ghidraURL> </xmldirectory> bsim=<bsimURL> [--commit] [--overwrite]
- bsim generatesigs <ghidraURL> bsim=<bsimURL>
- bsim commitsigs <bsimURL> </xmldirectory> [md5=<hash>] [override=<ghidraURL>]
- bsim generateupdates <ghidraURL> </xmldirectory> config=<config_template> [--overwrite]
- bsim generateupdates <ghidraURL> </xmldirectory> bsim=<bsimURL> [--commit] [--overwrite]
- bsim generateupdates <ghidraURL> bsim=<bsimURL>
+ bsim generatesigs <ghidraURL> </xmldirectory> --config|-c <config_template> [--overwrite]
+ bsim generatesigs <ghidraURL> </xmldirectory> --bsim|-b <bsimURL> [--commit] [--overwrite]
+ bsim generatesigs <ghidraURL> --bsim|-b <bsimURL>
+ bsim commitsigs <bsimURL> </xmldirectory> [--md5|-m <hash>] [--override <ghidraURL>]
+ bsim generateupdates <ghidraURL> </xmldirectory> --config|-c <config_template> [--overwrite]
+ bsim generateupdates <ghidraURL> </xmldirectory> --bsim|-b <bsimURL> [--commit] [--overwrite]
+ bsim generateupdates <ghidraURL> --bsim|-b <bsimURL>
bsim commitupdates <bsimURL> </xmldirectory>
- bsim listexes <bsimURL> [md5=<hash>] [name=<exe_name>] [arch=<languageID>] [compiler=<cspecID>] [sortcol=<column_name>] [limit=<exe_count>] [--includelibs]
- bsim getexecount <bsimURL> [md5=<hash>] [name=<exe_name>] [arch=<languageID>] [compiler=<cspecID>] [--includelibs]
- bsim delete <bsimURL> [md5=<hash>] [name=<exe_name> [arch=<languageID>] [compiler=<cspecID>]]
- bsim listfuncs <bsimURL> [md5=<hash>] [name=<exe_name> [arch=<languageID>] [compiler=<cspecID>]] [--printselfsig] [--callgraph] [--printjustexe] [maxfunc=<max_count>]
- bsim dumpsigs <bsimURL> </xmldirectory> [md5=<hash>] [name=<exe_name> [arch=<languageID>] [compiler=<cspecID>]]
+ bsim listexes <bsimURL> [--md5|-m <hash>] [--name|-n <exe_name>] [--arch|-a <languageID>] [--compiler <cspecID>] [--sortcol|-s md5|name] [--limit|-l <exe_count>] [--includelibs]
+ bsim getexecount <bsimURL> [--md5|-m <hash>] [--name|-n <exe_name>] [--arch|-a <languageID>] [--compiler <cspecID>] [--includelibs]
+ bsim delete <bsimURL> [--md5|-m <hash>] [--name|-n <exe_name> [--arch|-a <languageID>] [--compiler <cspecID>]]
+ bsim listfuncs <bsimURL> [--md5|-m <hash>] [--name|-n <exe_name> [--arch|-a <languageID>] [--compiler <cspecID>]] [--printselfsig] [--callgraph] [--printjustexe] [--maxfunc <max_count>]
+ bsim dumpsigs <bsimURL> </xmldirectory> [--md5|-m <hash>] [--name|-n <exe_name> [--arch|-a <languageID>] [--compiler <cspecID>]]
Global options:
- user=<username>
- cert=<certfile-path>
+ --user|-u <username>
+ --cert <certfile-path>
name= - specifies a formal, more +
--name|-n - specifies a formal, more descriptive, name for the repository that can be used for the BSim client display.
-owner= - gives a descriptive name +
--owner|-o - gives a descriptive name for the owner of the repository and/or the data it will contain.
-description= - specifies a short +
--description|-d - specifies a short string describing the intended contents of the new repository.
---nocallgraph=yes/no - disables storing call relationships between - ingested functions. Default is to store call relationships.
+--nocallgraph - disables storing call + relationships between ingested functions. Default is to store call relationships.
name= - specifies a formal, more +
--name|-n - specifies a formal, more descriptive, name for the repository that can be used for the BSim client display.
-owner= - gives a descriptive name +
--owner|-o - gives a descriptive name for the owner of the repository and/or the data it will contain.
-description= - specifies a short +
--description|-d - specifies a short string describing the intended contents of the new repository.
@@ -413,17 +418,16 @@ a Ghidra Server repository or project as specified by a Ghidra URL. The generated signatures may be retained as XML "sigs_" files within a specified XML storage directory and/or committed to a specified BSim database specified with the bsim=bsimURL option. If an XML storage directory is not + class="command">--bsim option. If an XML storage directory is not specified, a BSim URL must be specified to which the data will be committed. -The config=config-template option may be specified when generating +
The --config|-c <config-template> option may be specified when generating XML "sigs_" signature files in the absence of a BSim database (see createdatabase for supported configurations). The generated files will be written to the specified XML storage directory. Creation of the signature - files can also be achieved by specifying the bsim=bsimURL - option instead of the config= option.
+ files can also be achieved by specifying the --bsim + option instead of the --config option.The --overwrite option may be specified when an XML storage directory has also been @@ -444,8 +448,8 @@ repository and a path to a directory containing the "sigs_" XML files to commit are required.
-override=ghidraURL - causes any Ghidra repository/project URL, +
--override <ghidraURL> - causes any Ghidra repository/project URL, describing the storage repository and path of executables that was recorded in the "sigs_" XML files during signature generation, to be overridden during the commit operation with the specified Ghidra URL.
@@ -461,17 +465,16 @@ function tags, categories, etc. are changed. Signatures are not affected. The generated updates may be retained as XML "update_" files within a specified XML storage directory and/or committed to a specified BSim database specified with the - bsim=bsimURL option. If an XML storage directory is not + --bsim option. If an XML storage directory is not specified, a BSim URL must be specified to which the data will be committed. -The config=config-template option may be specified when generating +
The --config|-c <config-template> option may be specified when generating XML "update_" files in the absence of a BSim database (see createdatabase for supported configurations). The generated files will be written to the specified XML storage directory. Creation of the update - files can also be achieved by specifying the bsim=bsimURL - option instead of the config= option.
+ files can also be achieved by specifying the --bsim + option instead of the --config option.The --overwrite option may be specified when an XML storage directory has also been
@@ -499,30 +502,27 @@
List all executable program records within a specified BSim database repository
which satisfy the specified criteria. A BSim URL specifying the repository must be
provided, and one of two options, md5= or name=, that indicate the specific executable must
+ "command">--md5
md5=32-hexdigits - specifies an executable via its MD5 - checksum.
+--md5|-m - specifies an executable via its MD5 + checksum as 32 hexidecimal digits.
-name= - specifies an executable +
--name|-n - specifies an executable name which may match one or more executable records.
-arch= - specifies an architecture +
--arch|-a - specifies an architecture as a Ghidra processor id which will be used to filter executables.
-compiler= - specifies a compiler +
--compiler - specifies a compiler specification id which will be used to filter executables.
-sortcol=column - Indicates which display column should be used - to sort the results (MD5 | NAME; default: - MD5).
+--sortcol|-s - Specifies which display + column should be used to sort the results (md5 | name; default: + md5).
-limit=max_count - specifies the maximum number of executables +
--limit|-l - specifies the maximum number of executables to be listed which match the search criteria (default=20, a value of 0 indicates no limit).
@@ -538,21 +538,20 @@Get the total number of executable program records within a specified BSim database repository which satisfy the specified criteria. A BSim URL specifying the repository must be provided, and one of two options, md5= or name=, that indicate the specific executable must + "command">--md5 or --name, that indicate the specific executable must also be given. All matching executable records will be listed.
-md5=32-hexdigits - specifies an executable via its MD5 - checksum.
+--md5|-m - specifies an executable via its MD5 + checksum as 32 hexidecimal digits.
-name= - specifies an executable +
--name|-n - specifies an executable name which may match one or more executable records.
-arch= - specifies an architecture +
--arch|-a - specifies an architecture as a Ghidra processor id which will be used to filter executables.
-compiler= - specifies a compiler +
--compiler - specifies a compiler specification id which will be used to filter executables.
--includelibs - If specified, executable
@@ -565,26 +564,25 @@
Remove all records associated with a specific executable from a BSim repository.
A BSim URL specifying the repository must be provided, and one of two options,
- md5= or name=, that indicate the specific executable must
+ --md5 or --name, that indicate the specific executable must
also be given. All associated executable and function records are removed.
If an executable cannot be uniquely identified an error will result.
md5=32-hexdigits - specifies the executable via its MD5
- checksum. --md5|-m - specifies an executable via its MD5
+ checksum as 32 hexidecimal digits. name= - specifies an executable
+ --name|-n - specifies an executable
name which may match one or more executable records. arch= - specifies an architecture
+ --arch|-a - specifies an architecture
as a Ghidra processor id, when the name option is not enough to uniquely specify the
+ "command">--name
compiler= - specifies a compiler - id string, when the name option is +
--compiler - specifies a compiler + id string, when the --name option is not enough to uniquely specify the executable.
@@ -594,25 +592,24 @@List all function records associated with a specific executable from a BSim repository. A BSim URL specifying the repository must be provided, and one of two - options, md5= or name=, that indicate the specific executable must + options, --md5 or --name, that indicate the specific executable must also be given. All associated executable and function records are listed. If an executable cannot be uniquely identified an error will result.
-md5=32-hexdigits - specifies the executable via its MD5 - checksum.
+--md5|-m - specifies an executable via its MD5 + checksum as 32 hexidecimal digits.
-name= - specifies an executable +
--name|-n - specifies an executable name which may match one or more executable records.
-arch= - specifies an architecture +
--arch|-a - specifies an architecture as a Ghidra processor id, when the name option is not enough to uniquely specify the + "command">--name option is not enough to uniquely specify the executable.
-compiler= - specifies a compiler - id string, when the name option is +
--compiler - specifies a compiler + id string, when the --name option is not enough to uniquely specify the executable.
--printselfsig - If specified, each @@ -628,8 +625,7 @@ also specified only the called libraries will be listed and not the specified functions.
-maxfunc=max_count - specifies the maximum number of functions to +
--maxfunc - specifies the maximum number of functions to be listed which correspond to the identified executable (default=1000, a value of 0 indicates no limit).
Dump signature and metadata from a BSim repository for a specific executable to a "sigs_" XML file. A BSim server URL and a path to a directory where the new file will be stored must be given. One of two options, md5= or name=, that specify the particular executable + "command">--md5 or --name, that specify the particular executable must also be given. If an executable cannot be uniquely identified an error will result.
-md5=32-hexdigits - specifies an executable via its MD5 - checksum.
+--md5|-m - specifies an executable via its MD5 + checksum as 32 hexidecimal digits.
-name= - specifies an executable +
--name|-n - specifies an executable name which may match one or more executable records.
-arch= - specifies an architecture +
--arch|-a - specifies an architecture as a Ghidra processor id, when the name option is not enough to uniquely specify the + "command">--name option is not enough to uniquely specify the executable.
-compiler= - specifies a compiler +
--compiler - specifies a compiler specification id, when the name option is not enough to uniquely specify the + "command">--name option is not enough to uniquely specify the executable.
@@ -671,12 +666,12 @@These options apply to all bsim commands.
-user=name - specifies a user to masquerade as when connecting +
--user|-u <username> - specifies a user to masquerade as when connecting to the server.
-cert=path - provides a path to the user's certificate when +
--cert <certfile-path> - provides a path to the user's certificate when connecting to a server that requires PKI authentication.
diff --git a/Ghidra/Features/BSim/src/main/help/help/topics/BSim/DatabaseConfiguration.html b/Ghidra/Features/BSim/src/main/help/help/topics/BSim/DatabaseConfiguration.html index a3cb2d7d04..9509130c56 100644 --- a/Ghidra/Features/BSim/src/main/help/help/topics/BSim/DatabaseConfiguration.html +++ b/Ghidra/Features/BSim/src/main/help/help/topics/BSim/DatabaseConfiguration.html @@ -214,7 +214,7 @@$(ROOT)/support/bsim_ctl start /path/to/datadir
- port=8000The start command can take an optional - port= parameter. This can be used to specify + --port parameter. This can be used to specify a non-standard port for the PostgreSQL server to listen on. In this case, any subsequent reference to the BSim server, in the Ghidra client, or with the bsim command described below, must specify the port. @@ -293,7 +293,7 @@
bsim_ctl start /path/to/datadir
- auth=trust
This is currently the default. No authentication is performed and privilege is granted based on the user name presented. Masquerading is possible.
@@ -304,7 +304,7 @@bsim_ctl start /path/to/datadir
- auth=password
Users are authenticated via password. A default password 'changeme' is established when the new user is created. Passwords can be changed by the user @@ -315,12 +315,12 @@
bsim_ctl start /path/to/datadir auth=pki
- ca=/path/to/rootcert
bsim_ctl start /path/to/datadir --auth pki
+ --cafile "/path/to/rootcert"
Users are authenticated by PKI certificates. Upon initialization, the BSim server must be provided (via the ca= option) a file containing the public keys + "command">--cafile option) a file containing the public keys for the certificate authorities used to issue user's certificates. The file consists of the authoritative certificates in PEM format concatenated together.
@@ -338,7 +338,7 @@With PKI authentication enabled, at the time a new user role is established with the server, the X.509 Distinguished Name, as bound to the user's certificate, must be associated with the user name via the dn= option. See --dn option. See “Adding Users to the Database”.
$(ROOT)/support/bsim_ctl changeauth
- /datadir/path auth=password |
+ /datadir/path --auth password
$(ROOT)/support/bsim_ctl adduser username dn="C=US,ST=MD,CN=Firstname User"$(ROOT)/support/bsim setmetadata bsimURL "name=BSim Database" |
+ "emphasis">bsimURL --name "BSim Database"
$(ROOT)/support/bsim setmetadata bsimURL "owner=Administrators" |
+ "emphasis">bsimURL --owner "Administrators"
$(ROOT)/support/bsim setmetadata bsimURL "description=Files of interest" |
+ "emphasis">bsimURL --description "Files of interest"
$(ROOT)/support/bsim generatesigs
- <ghidraURL> </xmldirectory> config=<config_template>
+ <ghidraURL> </xmldirectory> --config <config_template>
[--overwrite] |
+ --bsim <bsimURL>
$(ROOT)/support/bsim generatesigs
ghidra://localhost/repo/folder /xmldirectory
- bsim=postgresql://localhost/repo$(ROOT)/support/bsim generatesigs
- ghidra://localhost/repo/folder /xmldirectory bsim=postgresql://localhost/repo
+ ghidra://localhost/repo/folder /xmldirectory --bsim postgresql://localhost/repo
--commit |
$(ROOT)/support/bsim commitsigs
- postgresql://localhost/repo /xmldirectory [override=ghidraURL] |
+ postgresql://localhost/repo /xmldirectory [--override <ghidraURL>]
The bsim commitsigs command can be @@ -526,21 +526,21 @@ public void adjustTags(Address myaddress) throws Exception {
$(ROOT)/support/bsim delete bsimURL md5=<bsimURL> --md5 7abf... |
$(ROOT)/support/bsim delete bsimURL name=<bsimURL> --name ... |
In the md5 form, you specify the 32 character +
In the --md5 form, you specify the 32 character hex representation of the md5 hash of the executable, which should identify it - uniquely. Using the name form, there is the + uniquely. Using the --name form, there is the possibility that the name is not unique, in which case the command will fail.
If a unique executable is identified, its metadata record will be removed, and the @@ -580,11 +580,11 @@ public void adjustTags(Address myaddress) throws Exception {
$(ROOT)/support/bsim generateupdates
- <ghidraURL> </xmldirectory> config=<config_template>
+ <ghidraURL> </xmldirectory> --config <config_template>
[--overwrite] |
@@ -596,11 +596,13 @@ public void adjustTags(Address myaddress) throws Exception {
stripped down metadata XML files for every executable contained within the repository
folder specified by the ghidraURL. Just like the generatesigs command, it can take an optional config=config_template parameter, which
- allows the command to execute without the BSim server running. It can also take an
+ class="bold">--config <config_template> parameter, which
+ allows the command to execute without the BSim server running, otherwise a --bsim <bsimURL>
+ parameter is required. It can also take an
optional --overwrite parameter, causing it
- to overwrite any previously generated XML files. If a
- bsim=bsimURL is specified with the --commit
+ to overwrite any previously generated XML files. If the
+ --bsim option is specified with the --commit
option updates will be committed directly to the database. A BSim database commit is
always performed using the specified bsimURL if an xmldirectory is
not specified.
@@ -635,7 +637,7 @@ public void adjustTags(Address myaddress) throws Exception {
$(ROOT)/support/bsim dropindex bsimURL |
+ "emphasis"><bsimURL>
$(ROOT)/support/bsim rebuildindex bsimURL |
+ "emphasis"><bsimURL>
cd <ghidra_install_dir>/support
mkdir ~/bsim_sigs
-./bsim generatesigs ghidra:/<ghidra_project_dir>/postgres_object_files bsim=file:/<database_dir>/example ~/bsim_sigs
+./bsim generatesigs ghidra:/<ghidra_project_dir>/postgres_object_files --bsim file:/<database_dir>/example ~/bsim_sigs
ghidra:/ argument is the local project which holds the analyzed binaries.
Note that there is only one forward slash in the URL for a local project.bsim= argument is the URL of the BSim database.
+ --bsim argument is the URL of the BSim database.
This command does not add any signatures to the database, but it does query the database for its settings.