BinDiff 1.3

by Alexander Thomas (aka Dr. Lex)
Mail

What is it?

This is a simple program written in C++ that compares two files and reports all regions that differ between them. I wrote it specifically to compare changes in binary files although it could also be used for text files (the standard ‘diff’ tool in UNIX/Linux is much more suited for the latter however). Bindiff is not able (yet) to detect insertions or deletions, it assumes that the byte positions in both files correspond.

Comparison can be done on a byte-per-byte basis, or per block of bytes (e.g. to find modified sectors in a disk image). Instead of comparing two files, a single file can be compared against a fixed byte value. Detected changes can be dumped to files.

Download and Usage

Download the source code (gzip compressed tar archive)

This is raw source code, I assume anyone who sees a use for this program will know how to compile a source file. A simple Makefile that should work on common platforms is included for the lazy people who just want to type “make”. Since this is a single C++ file that only uses standard libraries, it is straightforward to compile it with your method of choice.

Usage is pretty straightforward, this is the built-in help accessible by running with the “-h” switch:

Binary diff 1.3 by Alexander Thomas, 2004-2015.
Compares two similar binary files.
Released under the New BSD License.

Usage:  bindiff [-hcdstxC] [-b B] [-n N] [-f F] [-g G] [-y Y] file1 file2
  -h: show usage information and exit.
  -c: concise output format: "startByte length".
  -d: output byte positions in decimal instead of hex.
  -s: stop after first block of differing bytes.
  -t: print total number of bytes in differing blocks.
  -x: output lengths in hex instead of decimal.
  -C: use capitals for hex values.
  -b B: compare per block of B bytes.
  -n N: treat N identical bytes or blocks in between two differing bytes/blocks
      as different, i.e. treat the whole as the same chunk.
  -f F: dump each differing block to a file with as name byte position prefixed
      with F.
  -g G: dump each original block to a file with as name byte position prefixed
      with G.
  -y Y: compare file1 with a virtual file of same length, filled with bytes Y.
      Y must be an integer between 0 and 255 (hex allowed if prefixed with 0x).

Version History

• 1.0 (2004/10): first basic version
• 1.1 (2010/03): cleaned up my n00b code and added some stuff
• 1.2 (2013/05): file dumping, capital hex, concise output for our robotic overlords. First public release.
• 1.3 (2015/12): ensure binary I/O, allow comparing with fixed byte value, fix bug if final block differs, proper tests

Legalese

BinDiff is released under the New BSD License. This software is provided “as is”, without any implied warranty or claim of fitness for a particular purpose. Use of this software is completely at your own risk.