search

google / bindiff

Quickly find differences and similarities in disassembled code
https://zynamics.com/bindiff.html
Apache License 2.0
2.15k stars 130 forks source link

skip show as difference a basicblock if has only NOP instructions #41

Open marakew opened 5 months ago

marakew commented 5 months ago

look at the pics

many variants

bindiff_skip_nop1

bindiff_skip_nop2

bindiff_skip_nop3

cblichmann commented 5 months ago

BinDiff, just shows whatever is different in the underlying BinExport files. It has no knowledge about the instruction types.

Implementing such a feature would mean that we need to make BinExport aware of the instruction types as well and mark them somehow. \ And then it remains an open question of wether we still want to include the nop-style instructions in the BinDiff similarity score.

There are also use cases where I as an analyst would be legitimately interested in extra nop bytes. If a basic block changes in a way that includes multi-byte nops, then that might be an indicator that something was patched out, or that it should serve as a placeholder for other code/exploits to overwrite it.

marakew commented 5 months ago

compiler can emit nop/s to align the block

as you can see the picture

there no interests to both blocks if sums of instructions whithout nop the same for it

may be this can be under some addition options, "skip check nops"

i see already exist the function

https://github.com/google/binexport/blob/main/x86_nop.cc

so may be with some addition options it can be enable for this for comparing blocks by instructions ?