Headless Analyzer

How to Run the Headless Analyzer

<project_location>


<project_name>[/<folder_path>]


In the normal case, if you don't have an existing project of the name "project_name", then one will be created by the Headless Analyzer.

In the server case, a project must already exist.

ghidra://<server>[:<port>]/
<repository_name>[/<folder_path>]

In the normal case, if you don't have an existing project of the name "project_name", then one will be created by the Headless Analyzer.

In the server case, a project must already exist.

-import [<directory>|<file>]+

-process [<project_file>]

-preScript <ScriptName.ext> [<arg>]*


Headless Analyzer will look for script in default script directories and those specified by -scriptPath

-postScript <ScriptName> [<arg>]*


Headless Analyzer will look for script in default script directories and those specified by -scriptPath

-scriptPath "<path1>[;<path2>...]"

Specifies script paths for all these types of scripts: Pre, post, primary, and secondary

-propertiesPath "<path1>[;<path2>...]"

More detail in later slide and analyzeHeadlessREADME.html file.

-log <path to log file>


Captures general-purpose logging for Ghidra. Script outputs can be redirected using the "-scriptlog" parameter.

-scriptlog <path to script log file>


Captures script logging for Ghidra.

-overwrite


Allows an existing project file to be overwritten if it shares the same name as the imported binary.

-recursive [<depth>]


Affects -import or -process modes – used for determining whether to process files in current directory or files in current directory + all its subfolders.

-readOnly


For now, -readOnly must be used with -process when operating on a shared project.

-deleteProject


-noanalysis



-processor <languageID>

If Ghidra recognizes processor it uses the recognized one, if no processor recognized it uses the one specified by -processor option.

-processor <languageID>


Or, in Help -> About <name of program>

-cspec <compilerSpecID>


If Ghidra recognizes processor it uses the preferred or default cspec for the recognized processor spec, if no processor recognized it uses the one specified by combination –processor and –spec options

-cspec <compilerSpecID>


-analysisTimeoutPerFile
<timeout in seconds>
-keystore <KeystorePath>


Better if you do it in the tool first to get it set up.

-connect [<userID>]


You can configure the Ghidra server to specify a different user ID. Ex: people who log in locally as root – wanted way to specify different users on Ghidra server

If you use the URL project path this option is implied – you don’t need to use this option unless you want to change the user name

-p


Used when connecting to a server that needs a password.

This method of authentication is normally discouraged – but if not used, the server connection will likely fail authentication if a password is required.

In some cases, password text will be echoed back (NOT masked) when the user is typing (there will be a warning). Password masking seems to work when using the Ghidra jarFile, but not when using analyzeHeadless.bat/sh or eclipse launcher.

-commit ["<comment>"]


If you use the URL project path, this option is implied – you don’t need to use this option unless you want to commit a comment when you commit.

Commits are currently not allowed for -process mode on shared projects (which must run in -readOnly mode).

-okToDelete


-max-cpu <max cpu cores to use>



-loader <desired loader name>



General Notes

Shared Project Notes

Exercise 1
Headless Scripting Capabilities

When running scripts without -import or -process, only the specified pre/post-scripts will be executed. In this case, all scripts must execute in a program-independent manner, or errors will occur. Use -process for scripts that are program-dependent.

Headless Scripting Capabilities

Why setTemporary() is useful: if you are using scripts to determine which binaries are interesting, you can save the interesting ones in your project and ditch the others.

Headless Scripting Capabilities

Making a Script behave in
GUI and Headless environments


Calling a Script from a Script


Get Analyzer Information

Set Analysis Options

Note that option names and values must be strings (code will attempt to convert the value to the correct type).

Reset Analysis Options

Create a Selection

Control Follow-On Program
Processing from Scripts
Control Follow-On Program
Processing from Scripts

More specifics on usage in analyzeHeadlessREADME.html

How to write a Headless Script

There are two ways to install the GhidraDev plugin into your Eclipse:
  • Link Ghidra with an Eclipse in Front-End tool options and edit a script from the Ghidra script manager. Ghidra will offer to install GhidraDev for you if not present.
  • Install directly into Eclipse using the file found at ghidra_<version>/Extensions/Eclipse/GhidraDev/GhidraDev-x.x.x.zip
  • See the GhidraDev_README.html for pros and cons of each.
    (Optional) Exercise 2

    More Headless Information