doc updates

clearbluejar · Dec 20, 2023 · ff0bd71 · ff0bd71
1 parent 5f78f4c
commit ff0bd71
Show file tree

Hide file tree

Showing 10 changed files with 507 additions and 467 deletions.
diff --git a/.gitignore b/.gitignore
@@ -137,27 +137,4 @@ ghidriffs/
 # pytest data (pulled from https://github.com/clearbluejar/ghidriff-test-data)
 tests/data
 
-.DS_Store
-
-
-# docusaurus .gitignore
-# Dependencies
-/node_modules
-
-# Production
-/build
-
-# Generated files
-.docusaurus
-.cache-loader
-
-# Misc
-.DS_Store
-.env.local
-.env.development.local
-.env.test.local
-.env.production.local
-
-npm-debug.log*
-yarn-debug.log*
-yarn-error.log*
+.DS_Store
diff --git a/www/docs/README/Ghidriff vs Bindiff.md b/www/docs/README/Ghidriff vs Bindiff.md
@@ -0,0 +1,6 @@
+
+
+
+[![ghidriff vs bindiff](../../static/img/ghidriff-v-bindiff.png)](https://twitter.com/clearbluejar/status/1712093656708976868)
+
+> 😆 In all seriousness, #bindiff is amazing. I use it alongside #ghidriff for really complicated diffs. (ie bindiff matching > ghidriff matching).  Currently, I see ghidriff offering an edge for automation (via command-line diffing) and output (markdown). As the tools are both now open source, it will be fun to see how they evolve for the benefit of the community.  - [Tweet](https://twitter.com/clearbluejar/status/1712095731924779370)
diff --git a/www/docs/README/Use Cases.md b/www/docs/README/Use Cases.md
diff --git a/www/docs/README/_category_.json b/www/docs/README/_category_.json
@@ -5,5 +5,5 @@
         "type": "generated-index",
         "description": "README Sections"
     },
-    "collapsed": false
+    "collapsed": true
 }
diff --git a/www/docs/Social Diffing/Social Diffing.md b/www/docs/Social Diffing/Social Diffing.md
@@ -0,0 +1,53 @@
+---
+description: Sharing diff results
+img: /static/img/social-diffing.png
+---
+
+![Alt text](../../static/img/social-diffing.png)
+As the diff output of `ghidriff` is markdown, it can be shared almost anywhere.
+
+### Sample Diffs
+
+<div>
+    <a href="https://gist.github.com/clearbluejar/b95ae854a92ee917cd0b5c7055b60282"><img width="30%" align=top alt="image" src="https://github.com/clearbluejar/ghidriff/assets/3752074/d53b681f-8cc9-479c-af4c-5ec697cf4989"></a>
+    <a href="https://gist.github.com/clearbluejar/b95ae854a92ee917cd0b5c7055b60282#visual-chart-diff"><img width="30%" align=top alt="image" src="https://github.com/clearbluejar/ghidriff/assets/3752074/16d7ae4c-4df9-4bcd-b4af-0ce576d49ad1"></a>
+<div>
+
+
+## Github
+
+### Gists
+
+- Host your recent diff in a GitHub gist: [https://gist.github.com/clearbluejar/b95ae854a92ee917cd0b5c7055b60282](https://gist.github.com/clearbluejar/b95ae854a92ee917cd0b5c7055b60282)
+- Deep link to interesting 
+  - functions
+    - [CnRenameKey](https://gist.github.com/clearbluejar/b95ae854a92ee917cd0b5c7055b60282#cmrenamekey)
+  - command-line
+    - [ghidriff command line](https://gist.github.com/clearbluejar/b95ae854a92ee917cd0b5c7055b60282#command-line)
+
+
+### READMEs
+
+## Posting to a Github Gist
+
+After you create you diff it will be located in `ghidriffs/diff.md`.
+
+### Option 1: Post using `gh` client
+
+`cat` to `stdin`:
+
+```bash
+cat ghidriff.md | gh gist create -f ghidriff.gist.filename.md -
+```
+
+### Option 2: Copy/Paste Markdown to new gist
+
+Just copy paste to new file and make sure to set the filetype to `md`.
+
+## Publishing on a blog
+
+See some of the samples posted in the diffs(/diffs). If the blog enginer can render markdown, it should work.
+
+
+## Tweet with deep links
+
diff --git a/www/docs/guides/Diffing afd.sys - CVE-2023-21768.md b/www/docs/guides/Diffing afd.sys - CVE-2023-21768.md
@@ -0,0 +1,26 @@
+---
+description: Diffing CVE-2023-21768 - The perfect diff (one line change only)
+---
+
+
+Details of the CVE-2023-21768 (detailed in this blog [post](https://securityintelligence.com/posts/patch-tuesday-exploit-wednesday-pwning-windows-ancillary-function-driver-winsock/)). What if you wanted to repeat this patch diff with `ghidriff`?
+
+1. Download two versions of `AFD.sys` (vulnerable and patched):
+
+```bash
+wget https://msdl.microsoft.com/download/symbols/afd.sys/0C5C6994A8000/afd.sys -O afd.sys.x64.10.0.22621.1028
+wget https://msdl.microsoft.com/download/symbols/afd.sys/50989142A9000/afd.sys -O afd.sys.x64.10.0.22621.1415
+```
+
+2.  Run `ghidriff`:
+
+```bash
+ghidriff afd.sys.x64.10.0.22621.1028 afd.sys.x64.10.0.22621.1415
+```
+
+3. Review results
+
+The diff results are posted in this GitHub [gist](https://gist.github.com/clearbluejar/f6fecbc507a9f1a92c9231e3db7ef40d). The vulnerable function  `AfdNotifyRemoveIoCompletion` was identified here with a [single line change](https://gist.github.com/clearbluejar/f6fecbc507a9f1a92c9231e3db7ef40d#afdnotifyremoveiocompletion-diff).
+
+Want to see the entire diff in a side by side? https://diffpreview.github.io/?f6fecbc507a9f1a92c9231e3db7ef40d or jump to the [single line change](https://diffpreview.github.io/?f6fecbc507a9f1a92c9231e3db7ef40d#d2h-703858:~:text=ProbeForWrite(*(PVOID%20*)(param_3%20%2B%200x18)%2C4%2C4)%3B)
+
diff --git a/www/docs/guides/Diffing the Windows Kernel.md b/www/docs/guides/Diffing the Windows Kernel.md
diff --git a/www/docs/guides/Getting Started.md b/www/docs/guides/Getting Started.md
diff --git a/www/static/img/ghidriff-v-bindiff.png b/www/static/img/ghidriff-v-bindiff.png
diff --git a/www/static/img/social-diffing.png b/www/static/img/social-diffing.png
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,6 @@



		[![ghidriff vs bindiff](../../static/img/ghidriff-v-bindiff.png)](https://twitter.com/clearbluejar/status/1712093656708976868)

		> 😆 In all seriousness, #bindiff is amazing. I use it alongside #ghidriff for really complicated diffs. (ie bindiff matching > ghidriff matching). Currently, I see ghidriff offering an edge for automation (via command-line diffing) and output (markdown). As the tools are both now open source, it will be fun to see how they evolve for the benefit of the community. - [Tweet](https://twitter.com/clearbluejar/status/1712095731924779370)