Closed scottcarr closed 5 years ago
cblichmann
commented
6 years ago 4.2 cannot read the current BinExport files. But 4.3 can. You can use the command-line differ and open the files in the BinDiff UI afterwards:
/path/to/differ \
--primary /path/to/first.BinExport \
--secondary /path/to/second.BinExport \
--output_dir /dir/for/results/
scottcarr
commented
6 years ago Awesome! Thanks a lot.
When I try to look at the FlowGraph for a function, I get the following error a lot (but not always):
INFO: - Building combined flow graphs
SEVERE: EXCEPTION: Open flow graph view failed. Couldn't create flowgraph.
java.lang.NullPointerException
at com.google.security.zynamics.bindiff.graph.builders.ViewCodeNodeBuilder.buildOperands(ViewCodeNodeBuilder.java:250)
at com.google.security.zynamics.bindiff.graph.builders.ViewCodeNodeBuilder.buildInstruction(ViewCodeNodeBuilder.java:720)
at com.google.security.zynamics.bindiff.graph.builders.ViewCodeNodeBuilder.buildUnmatchedCodeNodeContent(ViewCodeNodeBuilder.java:462)
at com.google.security.zynamics.bindiff.graph.builders.ViewCodeNodeBuilder.buildSingleCodeNodeContent(ViewCodeNodeBuilder.java:810)
at com.google.security.zynamics.bindiff.graph.builders.ViewFlowGraphBuilder.buildSingleBasicblockLabelContent(ViewFlowGraphBuilder.java:411)
at com.google.security.zynamics.bindiff.graph.builders.ViewFlowGraphBuilder.buildFlowgraphNodeMaps(ViewFlowGraphBuilder.java:330)
at com.google.security.zynamics.bindiff.graph.builders.ViewFlowGraphBuilder.buildViewFlowgraphs(ViewFlowGraphBuilder.java:456)
at com.google.security.zynamics.bindiff.project.diff.FlowGraphViewLoader.loadFlowgraphViewData(FlowGraphViewLoader.java:107)
at com.google.security.zynamics.bindiff.project.diff.FlowGraphViewLoader.runExpensiveCommand(FlowGraphViewLoader.java:165)
at com.google.security.zynamics.zylib.gui.ProgressDialogs.CEndlessHelperThread.run(CEndlessHelperThread.java:65)For some functions, BinDiff creates the FlowGraph without error.
Any idea what the cause could be?
cblichmann
commented
6 years ago Hmm, any chance you can share the .BinExport files and a function address for which this happens?
shooshx
commented
6 years ago Hey, I also just ran into this exact exception trying to do a bindiff between two ARM binaries from IDA. Is there any fix or workaround?
cblichmann
commented
6 years ago @shooshx, are you able to share BinExport files and tell me for which functions this happens?
shooshx
commented
6 years ago No, unfortunately I can't. this is a proprietary binary file
scottcarr
commented
6 years ago @cblichmann Please fine the BinExport files here: https://github.com/scottcarr/scottcarr.github.com/raw/master/images/dot_binexports.zip
Opening function sub_00004390 causes the error message. Thanks.
cblichmann
commented
5 years ago BinDiff 5, which was released yesterday can do it:
$ bindiff --primary bcm_dynamic_memory.BinExport --secondary bcm_running_memory.BinExport
BinDiff 5, (c)2004-2011 zynamics GmbH, (c)2011-2019 Google LLC.
Function 00001F78 is excessively large: 3 basic blocks, 2 edges, 10849 instructions. Discarding.
Function 001E98F8 is excessively large: 6 basic blocks, 5 edges, 14960 instructions. Discarding.
Function 001E997C is excessively large: 5 basic blocks, 4 edges, 14894 instructions. Discarding.
Function 001EAFB0 is excessively large: 4 basic blocks, 3 edges, 12052 instructions. Discarding.
Function 001EAFD4 is excessively large: 3 basic blocks, 2 edges, 12034 instructions. Discarding.
Function 00001F78 is excessively large: 3 basic blocks, 2 edges, 11153 instructions. Discarding.
Function 001E98E8 is excessively large: 7 basic blocks, 6 edges, 15264 instructions. Discarding.
Function 001E996C is excessively large: 6 basic blocks, 5 edges, 15198 instructions. Discarding.
Function 001EAFA0 is excessively large: 4 basic blocks, 3 edges, 12356 instructions. Discarding.
Function 001EAFC4 is excessively large: 3 basic blocks, 2 edges, 12338 instructions. Discarding.
Function 00231B2C is excessively large: 68 basic blocks, 96 edges, 15576 instructions. Discarding.
Setup: 0.68s
primary: bcm_dynamic_memory: 6208 functions, 32088 calls
secondary: bcm_running_memory: 6302 functions, 32540 calls
Matching: 0.55s
matched: 6192 of 6208/6302 (primary/secondary, 6208/6302 non-library)
call graph MD index: primary 326.426
secondary 332.24
Similarity: 98.1827% (Confidence: 99.1751%)
Writing results: 0.57sNote that due to issue 70541404, you will need to re-export.
fbqc
commented
5 years ago @cblichmann have you tried to open the flowgraph of function sub_00004390 in the UI after the diffing process? That's when the error occurs : "Open flow graph view failed. Couldn't create flowgraph" . With latest Bindiff and Binexport versions, I still have the same error as @scottcarr .
cblichmann
commented
5 years ago This is a BinDiff issue, filed issue 143198645 for this.
SEVERE: EXCEPTION: Open flow graph view failed. Couldn't create flowgraph.
com.google.security.zynamics.bindiff.exceptions.GraphCreationException: Primary and secondary flowgraph cannot both be null. Combined flow graphs creation failed.
at com.google.security.zynamics.bindiff.project.builders.RawCombinedFlowGraphBuilder.buildRawCombinedFlowgraph(RawCombinedFlowGraphBuilder.java:239)
at com.google.security.zynamics.bindiff.project.diff.FlowGraphViewLoader.loadFlowgraphViewData(FlowGraphViewLoader.java:102)
at com.google.security.zynamics.bindiff.project.diff.FlowGraphViewLoader.runExpensiveCommand(FlowGraphViewLoader.java:165)
at com.google.security.zynamics.zylib.gui.ProgressDialogs.CEndlessHelperThread.run(CEndlessHelperThread.java:65)@cblichmann Thank you very much !
Is there a version of BinDiff that can read a .BinExport file from the current version of BinExport? I believe BinDiff 4.2 and 4.3 cannot. Thank you.