BinExport is the exporter component of BinDiff. This subdirectory contains an experimental version for the open source software reverse engineering suite Ghidra.
In order to build, the following software needs to be installed on the development machine:
- OpenJDK 11 or later
- Ghidra 9.2.3 (https://ghidra-sre.org/releaseNotes_9.2.3.html)
- Gradle 5.6 or later (https://services.gradle.org/distributions/gradle-5.6.3-all.zip)
The Gradle build tool will addtionally download these dependencies:
- Gradle plugin for protobuf
- Protobuf 3.13.0 for Java
For development, a recent version of Eclipse and the Ghidra development plugin are recommended (see below)
From the command-line, start the build with
gradle
After downloading the addtional dependencies and compiling the Java sources, the
extension is available as a .zip file under
dist/ghidra_9.2.3_PUBLIC_YYYYMMDD_BinExport.zip
, where YYYYMMDD
stands for
the current date.
For development Eclipse 2020-12 or higher is recommended (https://www.eclipse.org/downloads/packages/release/2020-12/r/eclipse-ide-java-developers).
The Gradle build tool can automatically create an Eclipse project. From the command-line, run
gradle build eclipse
Then import the project in Eclipse using File
|Open Projects from File System...
. To enable build and debug configurations for Ghidra, follow the
Installation Guide
Using GhidraDev, link the project to your local Ghidra installation via
GhidraDev
|Link Ghidra...
.
Note: Due to the way Gradle project generation works, you may need to
manually clean up the build class path in .classpath
before linking to your
local Ghidra installation.
After a successful dist
-build the BinExport extension can be installed like
any other extension:
- Start Ghidra, then select
File
|Install Extensions...
. - Click the
+
button toAdd extension
. - In the
Select Extension
dialog, navigate to your source directory and open thedist
folder. - Select the .zip file you created and click
OK
- Click
OK
to confirm and again to dismiss the restart message. Then restart Ghidra.
This version of the Java based exporter for Ghidra has the following features compared to the native C++ version for IDA Pro:
Ghidra Extension | IDA Pro plugin | |
---|---|---|
Protocol Buffer based full export | ✓¹ | ✓ |
Statistics text file | - | ✓ |
Text format for debugging | - | ✓ |
¹ No operand trees
- In Ghidra, select
File
|Install Extensions...
. - Verify that
BinExport
is listed and has the correctInstall Path
- In Ghidra, open a project or create a new one.
- If not already done, open the binary to export in the Code Browser tool and run Ghidra's initial analysis. You may want to enable the "aggressive instruction finder" option to get better coverage in the export.
- In the project view, right-click the binary to export and select
Export...
- From the drop-down list, select
Binary BinExport (v2) for BinDiff
- Select a path for the output file. This can be the original filename, as
.BinExport
will be appended. - Click
OK
.
If you have BinDiff installed (available from https://www.zynamics.com/software.html), exported files can be diffed and the results displayed in its UI:
-
Export two binaries following the instructions above. The following steps assume
primary.BinExport
andsecondary.BinExport
. -
From the command-line, run the BinDiff engine with
bindiff primary.BinExport secondary.BinExport
This will create a file
primary_vs_secondary.BinDiff
in the current directory. -
Launch the BinDiff UI, either via
bindiff --ui
or using the launcher for your operating system. -
Create a new workspace or open an existing one.
-
Select
Diffs
|Add Existing Diff...
. -
Under
Choose Diff
, select theprimary_vs_secondary.BinDiff
created in step 2. -
Click
OK
, followed byAdd
. The diff is now shown in the tree view on the left and can be opened by double-clicking it. -
Use BinDiff normally to display the call graph or flow graphs of matched functions.