Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

compare executable or object file

Tags:

linux

compare

strip

elf

I have two file that are supposed to be generated from same source version. One of the files is stripped. Is possible to compare the raw executable portion of the files to establish if they are the same? Can be done also on object files (and in particular on .ko linux kernel modules)?

like image 432
mastupristi Avatar asked Mar 02 '15 10:03

mastupristi

4 Answers

I would try using 

objdump -d file1>a
objdump -d file2>b
diff a b

or, as F.Hauri suggested,

diff <(objdump -d file1) <(objdump -d file2)

-d option disassembles the executable portions of the files.

However, there is always a possibility that different compilers would generate different byte- and hence, assembly, code. Also, I am not sure of the order of the object files in the executable, if there are more than one. for the object file that is compiled with the same compiler that should work.

like image 102
Maria Samokhina Avatar answered Sep 28 '22 09:09

Maria Samokhina

You can run objdump -x <file> to list the sections of the program, and then objcopy -j <section> <file> <out> to extract those sections and compare them.

You'll want to skip the debugging sections and check the likes of .text, .data...

like image 38
rodrigo Avatar answered Sep 28 '22 10:09

rodrigo

you can use diffoscope to compare two .so files, use html option to view the differences in any browser, after installing diffoscope try this:

diffoscope --html output first_file second_file

an outfile.html file will be created in the current dir u can see the differences in this, section by section.

like image 30
user3530616 Avatar answered Sep 28 '22 09:09

user3530616

elf_diff compares ELF files (object files, shared libraries, archives, ...) and generates html or pdf reports of the differences. Its focus lies on exploring assembly level changes and resource consumption. A similarity detection engine performs fuzzy matches between symbol names and also assembly code and presents pairs of symbols from the compared binaries that are likely being related, e.g. due to having been renamed. elf_diff helps understanding the effects of changes to high level language code, say C or C++ on program storage and static RAM usage. Originaly being geared towards embedded development, the tool may be useful in other environments, too.

Haven't tried elf_diff with kernel module files yet but as those are ELF files as well, I would expect it to work.

like image 37
noseglasses Avatar answered Sep 28 '22 11:09

noseglasses
Sign in to Comment

Related questions

Does anyone know where to define the hardware, revision and serial no. fields of /proc/cpuinfo?
How do I change the order in which grep looks at files/prints results?
Data attached to POST request is gone during redirection to GET with CURL
Why is it necessary to mark interrupt handler functions as static?
Locking C++11 std::unique_lock causes deadlock exception
Shutdown (embedded) linux from kernel-space
Using LDAPSEARCH to return all Groups and OU's in an Active Directory domain
Get the number of days since file is last modified
Download files using Shell script
Differentiate each apache user and give permissions
find: invalid predicate when using -newermt
Openssl shows a different server certificate while browser shows correctly
IPC with imsg? OpenBSD and Linux compatibility?
BindException: Address already in use even with unique port
What does this if-statement from a bash script do?
mv command goes crazy
Cygwin Exception : open stack dump file
bypass dev/urandom|random for testing
Haproxy not logging with rsyslog
Has keytab got a lifetime?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!