Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

compare executable or object file

I have two file that are supposed to be generated from same source version. One of the files is stripped. Is possible to compare the raw executable portion of the files to establish if they are the same? Can be done also on object files (and in particular on .ko linux kernel modules)?

like image 432
mastupristi Avatar asked Mar 02 '15 10:03

mastupristi


4 Answers

I would try using

objdump -d file1>a
objdump -d file2>b
diff a b

or, as F.Hauri suggested,

diff <(objdump -d file1) <(objdump -d file2)

-d option disassembles the executable portions of the files.

However, there is always a possibility that different compilers would generate different byte- and hence, assembly, code. Also, I am not sure of the order of the object files in the executable, if there are more than one. for the object file that is compiled with the same compiler that should work.

like image 102
Maria Samokhina Avatar answered Sep 28 '22 09:09

Maria Samokhina


You can run objdump -x <file> to list the sections of the program, and then objcopy -j <section> <file> <out> to extract those sections and compare them.

You'll want to skip the debugging sections and check the likes of .text, .data...

like image 38
rodrigo Avatar answered Sep 28 '22 10:09

rodrigo


you can use diffoscope to compare two .so files, use html option to view the differences in any browser, after installing diffoscope try this:

diffoscope --html output first_file second_file

an outfile.html file will be created in the current dir u can see the differences in this, section by section.

like image 30
user3530616 Avatar answered Sep 28 '22 09:09

user3530616


elf_diff compares ELF files (object files, shared libraries, archives, ...) and generates html or pdf reports of the differences. Its focus lies on exploring assembly level changes and resource consumption. A similarity detection engine performs fuzzy matches between symbol names and also assembly code and presents pairs of symbols from the compared binaries that are likely being related, e.g. due to having been renamed. elf_diff helps understanding the effects of changes to high level language code, say C or C++ on program storage and static RAM usage. Originaly being geared towards embedded development, the tool may be useful in other environments, too.

Haven't tried elf_diff with kernel module files yet but as those are ELF files as well, I would expect it to work.

like image 37
noseglasses Avatar answered Sep 28 '22 11:09

noseglasses