cblichmann
commented
4 years ago Hi there,
If IDA Pro does not identify any functions, BinExport will not have any entry points to start from and hence will also not find any. That the downstream BinDiff results are not useful in this case is to be expected.
I'm curious though, as to why IDA does not find any functions in a stripped binary. Didn't you complete the auto-analysis using autowait or similar?
If you want to prevent BinDiff from using symbol information, you need to disable the respective algorithm in the bindiff.xml config file. In /etc/opt/bindiff.xml or in your local ~/.bindiff/bindiff.xml, comment out the function: name hash matching step under the function-matching element.
Note that this should rarely be necessary, as BinDiff will only use "real" names, i.e. those that belong to either imported functions (without an actual body in the current binary) or user-supplied ones. It will ignore auto-generated names from the disassemblers ("sub_xxxxx").
YashasAndaluri
Hello I am trying to use BinDiff 5 to match binaries which have been stripped of symbol information using the GNU strip utility.
Strip command:
strip -s <binary>I then run the stripped binary through IDA 7.4 and BinExport 10.:
idat64 -c -A -S"<IDA script>" <stripped binary>idat64 -A -OBinExportModule:<BinExport output path> -OBinExportAutoAction:BinExportBinary <binary database>However, neither IDA or BinExport are able to recognize any functions present in the stripped binary and so BinDiff does not attempt any matching. Is this expected behavior of BinDiff for stripped binaries or am I missing something at the IDA/BinExport step? I don't want BinDiff to match binaries based on symbol information. Is stripping the binaries the right strategy? Can stripped binaries be used with BinDiff? If not, what matching strategy should be used so that BinDiff matches the binaries without using any symbol information present in the binary?