Bindiff

• Synopsis : bindigg --file1 path1 --file2 path2

The bindiff viewer's purpose is to put in evidence the differences between two binary files.

Start

Bindiff stands for binary diff. To use bindiff there must already be at least two nodes into DFF (as the result a file system analysis for example).

To launch the viewer, you must right click on one of the two binary files on which you want to perform the binary diff and got to the menu Open with -> Viewer -> bindiff. In the Apply diff module dialog-box, you will have to configure the arguments file1 and file2. These are the path to the two nodes on which you want to perform the diff.

Once this is done, you can click the OK button. The dialog box will be closed and and new tab will be opened, displaying the differences ans similarity between the nodes.

For the example, we have chosen two files from the /lib directory of a GNU / Linux operating system.

Results

The results of the bindiff are displayed within two hexadecimal viewers (one for each file). Scrolling will move your cursor in both of them so you will always be at the same offset in the two files.

The differences between the two files appear in red within the hexadecimal and ascii views. The similar parts are in black. The offset is displayed in hexadecimal.