search

joxeankoret / diaphora

Diaphora, the most advanced Free and Open Source program diffing tool.
http://diaphora.re
GNU Affero General Public License v3.0
3.51k stars 370 forks source link

Diaphora handing on 'Related compilation unit' #299

Closed krystalgamer closed 3 months ago

krystalgamer commented 3 months ago

I have two 5Mb EXEs that each generate a 400Mb~ db. (30k functions)

The diffing gets stuck on `Finding with heuristic 'Related compilation unit'

image

Is there a way to get more insights on what's going on?

joxeankoret commented 3 months ago

Uhm... I'm afraid there is little to do here (even when the binaries aren't too big at all). Take a look to this:

https://github.com/joxeankoret/diaphora/blob/a3f9be07978b5261b838934775162ce3e35874db/diaphora.py#L3518

It looks to me that the SQL queries are running for very-very long. So, your options are:

  1. Run the SQL queries outside of Diaphora with a tool like SQLitebrowser or something like this and see how long they take. I can help you with this if you need help.
  2. Disable this specific heuristic by writing a Diaphora script and just returning False when the on_special_heuristic event happens and heur == "Related compilation unit".
  3. Let it run for whatever time it requires.

For option #2, you have an example skeleton script here: https://github.com/joxeankoret/diaphora/blob/master/hooks/hooks_example2.py#L101. Again, if you need help, tell me.

krystalgamer commented 3 months ago

Hey sorry late response. Didn't catch the notification. Will try to update this as soon as I can access my setup!

joxeankoret commented 3 months ago

I have marked this heuristic as slow, as it was causing problems to some reversers. As so, I'm closing this issues, but please reopen it if you think it's required.