4

I am trying to evaluate a very large amount of binaries (thousands) using BinDiff, and currently I only need some instruction level statistics from BinDiff, which can be acquired from its dumped sqlite file easily.

But my problem is that testing thousands of binaries using the GUI of IDA/BinDiff looks too time consuming..

I am wondering can I invoke plugins of IDA-Pro, in particular, BinDiff, from command line and dump its output out? Is it possible to do so?

I have some experience to use command line ida, but that only limits to execute some IDAPython scripts.

The test is on Windows 7, with IDA-Pro 6.6 and BinDiff 4.1.

NirIzr
  • 11,765
  • 1
  • 37
  • 87
lllllllllllll
  • 2,485
  • 2
  • 32
  • 50
  • Could this be of some help perhaps: http://www.zynamics.com/kb/kb0004.html ? I know i've read about it somewhere. You would still have to start IDA to generate the idb file, but as far as i know that's also possible via the command line. https://www.hex-rays.com/products/ida/support/idadoc/417.shtml seems to cover this, check the -B parameter. – lfxgroove Mar 19 '15 at 07:22

1 Answers1

7

You can try the following steps:

  1. convert binary file to IDB:

    $IDA_PATH\\idaq.exe -B -p+ $FILE_TO_CONVERT

  2. create BinExport from idb

    $IDA_PATH\\idaq.exe -A -SC:\\bindiff_export.idc

    where bindiff_export.idc looks like:

    #include <idc.idc>
static main()
{
    Batch(0);
    Wait();
    Exit( 1 - RunPlugin("zynamics_binexport_5", 2 ));
}

Should you also want to diff files, you can use BinDiff directly on BinExports:

$PATH_TO_BINDIFF\\bin\\BinDiff_Deluxe.exe -i $BIN_EXPORT_A -j $BIN_EXPORT_B -o $OUTPUT
perror
  • 19,083
  • 29
  • 87
  • 150
pnX
  • 416
  • 2
  • 5