Python wrapper to manipulate bindiff files
Project description
Python Bindiff
python-bindiff is a python module aiming to give a friendly interface to launch
and manipulate bindiff between two binary iles.
How it works ?
The module relies on python-binexport
to extract programs .BinExport and then directly interact with the binary differ
(of zynamics) to perform the diff. The generated diff file is then correlated
with the two binaries to be able to navigate the changes.
Installation
The python module requires Bindiff. Thus first refers to Zynamics installation directives.
Then the python module can be installed with:
pip install python-bindiff
The python module needs to execute the differ executable. As such it should be available:
- either in the path
- or via the
BINDIFF_PATHenvironment variable
Usage as a python module
The simplest way to get the programs, already exported with BinExport, diffed, is:
from bindiff import BinDiff
diff = BinDiff.from_binary_files("sample1.exe", "sample2.exe", "out.BinDiff")
# or performing the diff on BinExport files
diff = BinDiff.from_binexport_files("sample1.BinExport", "sample2.BinExport", "out.BinDiff")
To load the diffing results of an existing diff.BinDiff file, do:
from bindiff import BinDiff
diff = BinDiff("sample1.BinExport", "sample2.BinExport", "diff.BinDiff")
print(diff.similarity, diff.confidence)
# do whatever you want with diff.primary, diff.secondary which are the
# two Program object
But programs can be instanciated separately:
from binexport import ProgramBinExport
from bindiff import BinDiff
p1 = ProgramBinExport("sample1.BinExport")
p2 = ProgramBinExport("sample2.BinExport")
diff = BinDiff(p1, p2, "diff.BinDiff")
Note that all the diff data are embedded inside program objects thus
after instanciating BinDiff those p1 and p2 are modified.
From the API it is also possible to directly perform the BinExport extraction and the diffing:
Usage as a command line
The bindiffer command line allows to generate a diff file from the two
.BinExport files or directly from the binaries (thanks to python-binexport and
idascript). The help message is the following:
Usage: bindiffer [OPTIONS] <primary file|dir> <secondary file|dir>
bindiffer is a very simple utility to diff two binary files using BinDiff in command line. The two input files can be either binary files (in which
case IDA is used) or directly .BinExport file (solely BinDiff is used). It also accept two directories two diff each files based on their names
Options:
-d, --disassembler [ida|ghidra|binary_ninja]
Disassembler to use
--disass-path TEXT Path of the disassembler (dir or binary for IDA, dir for Ghidra)(if not provided search $PATH or environment
variable IDA_PATH, GHIDRA_PATH)
-t, --threads INTEGER Thread number to use
--timeout INTEGER Per-file export timeout in seconds (if not set, no timeout is enforced)
-b, --bindiff-path PATH BinDiff differ directory
--stop-on-error Stop on error
-o, --output PATH Output BinDiff file, or directory for batch
--override Override existing output files (includes .BinExport files)
-bw, --bindiff-workspace PATH Create a BinDiff Workspace database
-h, --help Show this message and exit.
To work bindiff differ binary should be in the $PATH, given via
the BINDIFF_PATH environment variable or with the -b command option.
Similarly when diff binaries directly the ida64 binary should be available
in the $PATH, given with the IDA_PATH environment variable or via the
-i command option.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file python_bindiff-0.4.1.tar.gz.
File metadata
- Download URL: python_bindiff-0.4.1.tar.gz
- Upload date:
- Size: 22.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
59b6a6c9d589ccddbe35985249bdf82cda16648371fed7beccfd886669ca5b7a
|
|
| MD5 |
e91e05b63376fe96acbddee20f0d2667
|
|
| BLAKE2b-256 |
520eebdb91d658410b2418a6e6cf22d685ee06a7d8c5476db7d85406a5476789
|
Provenance
The following attestation bundles were made for python_bindiff-0.4.1.tar.gz:
Publisher:
release.yml on quarkslab/python-bindiff
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
python_bindiff-0.4.1.tar.gz -
Subject digest:
59b6a6c9d589ccddbe35985249bdf82cda16648371fed7beccfd886669ca5b7a - Sigstore transparency entry: 1997141401
- Sigstore integration time:
-
Permalink:
quarkslab/python-bindiff@7160b3022b6078120fd2e87c7a7f43f872e35d59 -
Branch / Tag:
refs/tags/v0.4.1 - Owner: https://github.com/quarkslab
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@7160b3022b6078120fd2e87c7a7f43f872e35d59 -
Trigger Event:
release
-
Statement type:
File details
Details for the file python_bindiff-0.4.1-py3-none-any.whl.
File metadata
- Download URL: python_bindiff-0.4.1-py3-none-any.whl
- Upload date:
- Size: 23.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ec8fc9d74205b082cc642fa6c470cbd64b63ad28bf8a56999cf2000c51f52645
|
|
| MD5 |
307702d16733b90586f3c9838af6fe6b
|
|
| BLAKE2b-256 |
4a302de820924182dbd6de6616288ecd63834fc11b608f38d7ea3343a2cfaf10
|
Provenance
The following attestation bundles were made for python_bindiff-0.4.1-py3-none-any.whl:
Publisher:
release.yml on quarkslab/python-bindiff
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
python_bindiff-0.4.1-py3-none-any.whl -
Subject digest:
ec8fc9d74205b082cc642fa6c470cbd64b63ad28bf8a56999cf2000c51f52645 - Sigstore transparency entry: 1997141532
- Sigstore integration time:
-
Permalink:
quarkslab/python-bindiff@7160b3022b6078120fd2e87c7a7f43f872e35d59 -
Branch / Tag:
refs/tags/v0.4.1 - Owner: https://github.com/quarkslab
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@7160b3022b6078120fd2e87c7a7f43f872e35d59 -
Trigger Event:
release
-
Statement type: