BSim Tutorial

BSim is a Ghidra plugin for finding structurally similar functions in (potentially large) collections of binaries. It is based on Ghidra’s decompiler and can find matches across compilers, architectures, and/or small changes to source code.

This tutorial demonstrates how create a small BSim database and walks through some typical use cases.

Detailed information about BSim can be found in the “BSim” entry of the Ghidra Help.

1. Introduction to BSim
2. Starting Ghidra and Enabling BSim
3. Creating and Populating a BSim Database from the GUI
4. Basic BSim Queries
5. Ghidra from the Command Line
6. BSim from the Command Line
7. Evaluating Matches
8. From Matching Functions to Matching Executables
9. Overview Queries
10. BSim Filters
11. Scripting and Visualization

Next Section: Introduction to BSim