Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit ae12449

Browse files
README Updated
1 parent da9a89e commit ae12449

File tree

2 files changed

+71
-17
lines changed

2 files changed

+71
-17
lines changed

‎README.md‎

Lines changed: 71 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@ DiffRays is a research-oriented tool for **binary patch diffing**, designed to a
2323
- 🧩 **IDA Pro Integration**: Uses IDA Pro and the IDA Domain API for accurate pseudocode extraction.
2424
- 📂 **SQLite Output**: Stores results in a SQLite database for easy reuse and analysis.
2525
- 🌐 **Web Interface**: Built-in server mode to browse, search, and visualize diff results interactively.
26+
- 🤖 **AutoDiff**: Automatically fetches vulnerable and patched binaries (via CVE, file, or month) and runs the diff end-to-end.
2627
- 📊 **Research-Ready**: Designed to support vulnerability research and exploit development workflows.
2728

2829
---
@@ -74,21 +75,26 @@ ______ _ __ ________
7475
| |/ /| | | | | | |\ \ (_| | |_| \__ \
7576
|___/ |_|_| |_| \_| \_\__,_|\__, |___/
7677
__/ |
77-
|___/ v1.0 Kappa
78+
|___/ v1.5 Omicron
7879

79-
usage: diffrays [-h] {diff,server} ...
80+
usage: diffrays [-h] {diff,server,autodiff} ...
8081

8182
Binary Diff Analysis Tool - Decompile, Compare, and Visualize Binary Changes
8283

8384
positional arguments:
84-
{diff,server} Command to execute
85-
diff Analyze two binaries and generate differential database
86-
server Launch web server to view diff results
85+
{diff,server,autodiff}
86+
Command to execute
87+
diff Analyze two binaries and generate differential database
88+
server Launch web server to view diff results
89+
autodiff Auto-download binaries (via CVE or manual input) and run diff
8790

8891
options:
89-
-h, --help show this help message and exit
92+
-h, --help show this help message and exit
9093

9194
Examples:
95+
diffrays autodiff --cve CVE-2025-29824
96+
diffrays autodiff -f clfs.sys -m 2025-09
97+
diffrays autodiff -f clfs.sys -m 2025-09 -w 2023-H2
9298
diffrays diff old_binary.exe new_binary.exe
9399
diffrays diff old.so new.so -o custom_name.sqlite --log
94100
diffrays server --db-path result_old_new_20231201.sqlite --debug
@@ -97,22 +103,53 @@ For more information, visit: https://github.com/pwnfuzz/diffrays
97103

98104
```
99105
100-
1. **Run Patch Diffing in IDA**
101-
Load your binaries in IDA and run DiffRays to generate diff results:
102-
```bash
103-
python diffrays.py diff <path_to_old_binary> <path_to_new_binary>
104-
```
106+
### 🔄 AutoDiff – Automatic Binary Collection & Diffing
105107
106-
2. **Start the DiffRays Server**
107-
Once you have a .sqlite file, launch the web interface to explore the diffs:
108-
```bash
108+
The autodiff command streamlines patch analysis by automatically fetching binaries (via CVE or manual parameters) and running a diff without manual downloads.
109+
110+
**Example 1: Run by CVE**
111+
112+
```sh
113+
diffrays autodiff --cve CVE-2025-29824
114+
```
115+
This will:
116+
- Automatically locate vulnerable and patched binaries related to the CVE with the help of [Winbindex](https://winbindex.m417z.com/).
117+
- Run the diff engine.
118+
- Generate a results database.
119+
120+
**Example 2: Run by File + Month**
121+
122+
```sh
123+
diffrays autodiff -f clfs.sys -m 2025-09
124+
```
125+
126+
This will:
127+
- Download `clfs.sys` from the September 2025 update.
128+
- Locate its prior version and run a diff automatically.
129+
- Provide a fallback when `--cve` doesn’t correctly identify the vulnerable component (which can happen if the CVE affects multiple binaries or metadata is incomplete).
130+
131+
132+
### ⚙️ Manual Binary Diffing
133+
134+
1. Run Patch Diffing in IDA
135+
136+
```sh
137+
python diffrays.py diff old_binary.exe new_binary.exe
138+
```
139+
140+
2. Start the DiffRays Server
141+
142+
```sh
109143
python diffrays.py server --db-path diff_results.sqlite
110-
```
111-
Open your browser at http://localhost:5555 to view results.
144+
```
145+
146+
3. Open your browser at http://localhost:5555 to view results.
112147
113148
---
114149
115-
## 🔬 Example Workflow - Diffing CVE-2025-29824
150+
## 🔬 Example Workflows
151+
152+
### Manual Diffing CVE-2025-29824
116153
117154
1. **Collect target binaries**
118155
- CVE-2025-1246 affects the **Common Log File System driver (`Clfs.sys`)**.
@@ -150,6 +187,23 @@ Once you have a .sqlite file, launch the web interface to explore the diffs:
150187
<br>
151188
<img src="/diffrays/static/sample/result.png">
152189
190+
191+
### Automatic Diffing - CVE-2025-53149
192+
193+
1. Run AutoDiff with a CVE ID
194+
195+
```bash
196+
diffrays autodiff --cve CVE-2025-53149
197+
```
198+
199+
2. Automatic Analysis
200+
Diffrays will:
201+
- Identify the affected component.
202+
- Download both vulnerable and patched binaries.
203+
- Perform the diff and generate a results database automatically.
204+
205+
<img src="/diffrays/static/sample/autodiff.png">
206+
153207
---
154208
155209
## 📖 Use Cases

‎diffrays/static/sample/autodiff.png‎

234 KB
Loading[フレーム]

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /