6

I have been trying to use IDA Pro (with bindiff) via IDAPython to automate the analysis process of a bios.dump file while outputting the results to a .txt / .asm file. From here I want to use the bindiff functions to compare this database with another database and output any differences to a file. Any recommendations?

NirIzr
  • 11,765
  • 1
  • 37
  • 87
user3119546
  • 495
  • 4
  • 14

2 Answers2

3

With the now free BinDiff 4.2 you can do batch analysis with a bit of work.

In the BinDiff installation directory (zynamics/BinDiff 4.2), you will find bin/differ.exe and bin/differ64.exe. Those are binaries for batch diffing of IDBs and .BinExport files.

The basic usage would be:

differ --primary=<directory-with-IDBs> --output-dir=<output-directory>

Sadly, this does not work (at least on my machine) as differ.exe fails to find IDA's executable and tries to execute the directory instead.

To solve this, we will export IDBs using the following command:

"<path-to-idaq.exe>" -A -OExporterModule:<result-directory> -S"<path-to-export-script>" "<path-to-idb>"

The export-script is an .idc with the following code:

#include <idc.idc>

static main()
{
    Batch(0);
    Wait();
    Exit(1 - RunPlugin("zynamics_binexport_8", 2));
}

Once you have all your .BinExport files in one directory, run the original differ.exe command on that directory (give it the directory with the .BinExport files instead of the .idb files), and you'll get .BinDiff files for all possible diffs. Those can either be opened up in IDA, or manually parsed (they are SQLite databases).

tmr232
  • 1,577
  • 8
  • 19
2

If you're asking about using BinDiff in batch mode: sorry, you can't. It's intentionally restricted.

joxeankoret
  • 4,488
  • 2
  • 21
  • 35