Ghidriff

Discover ghidriff, a new open-source Python package for command line binary diffing, in this 42-minute conference talk from the 44CON Information Security Conference. Learn how this tool leverages Ghidra's power to offer a fresh approach to patch diffing workflows. Explore ghidriff's capabilities in identifying added, deleted, and modified functions between binaries, essential for reverse engineering, vulnerability research, and malware analysis. Understand how it addresses the challenges of function matching across binaries with advanced heuristics and customizable function correlation classes. Compare ghidriff to other binary diffing solutions, noting its unique command line experience that simplifies the patch diffing process to a single step. Discover how the tool generates shareable markdown files for easy result sharing. Gain insights from security researcher John McIntosh on how ghidriff can expedite understanding of patched vulnerabilities and facilitate vulnerability writeups for the security community.

John McIntosh - ghidriff