The other fields, the check-boxes, are explained below: If the 2nd field is not empty, it will diff both databases.
If this field is left empty, Diaphora will just export the current database to SQLite format. The 2nd field is the other SQLite format database to diff the current database against. The first field is the path of the SQLite file format database that will be created with all the information extracted from the current database. This dialog, although it can be a bit confusing at first, is used for both exporting the current IDA database to SQLite format as well as for performing diffing against another SQLite exported format database. Once the script diaphora.py is executed, a dialog like the following one will be opened: To run Diaphora, simply, unpack the compressed distribution file wherever you prefer and directly execute “diaphora.py” from the IDA Pro menu File → Script file.
#IDA PRO 6.9 DOWNLOAD CODE#
Pygments/: This directory contains an unmodified distribution of the Python pygments library, a “generic syntax highlighter suitable for use in code hosting, forums, wikis or other applications that need to prettify source code”.Diaphora uses it to compare fuzzy AST hashes and call graph fuzzy hashes based on small-primes-products (an idea coined and implemented by Thomas Dullien and Rolf Rolles first, authors or former authors of the Zynamics BinDiff commercial product, in their “Graph-based comparison of Executable Objects – Zynamics” paper). This library offers the ability to factor numbers quickly in Python and, also, to compare arrays of prime factors. jkutils/factor.py: This is a modified version of a private malware clusterization toolkit based on graphs theory.It’s included because fuzzy hashes of pseudo-codes are used as part of the various heuristics implemented. jkutils/kfuzzy.py: This is an unmodified version of the kfuzzy.py library, part of the DeepToad project, a tool and a library for performing fuzzy hashing of binary files.
It contains all the code of the heuristics, graphs displaying, export interface, etc… diaphora.py: The main IDAPython plugin.The structure is similar to the following one: However, it’s able to perform more actions than any of the previous IDA plugins or projects.ĭiaphora is distributed as a compressed file with various files and folders inside it. It’s similar to other competitor products and open sources projects like Zynamics BinDiff, DarunGrim, or TurboDiff.
Diaphora is a plugin for IDA Pro that aims to help in the typical BinDiffing tasks.
0 kommentar(er)
