Advertisement · 728 × 90
#
Hashtag
#ghidriff
Advertisement · 728 × 90
buherator
buherator
@buherator.bsky.social
1 year ago

Here’s the #Ghidriff output for CLFS.sys 10.0.20348.3328 vs. 10.0.20348.3453, likely corresponding to the CVE-2025-29824 use-after-free LPE:

gist.github.com ->


Original->

0 1 0 0
buherator
buherator
@buherator.bsky.social
1 year ago

Here are the results of #ghidriff's VersionTrackingDiff ran on the latest patch of afd.sys (likely as the result of CVE-2025-21418):


gist.github.com ->

The change seems to affect a single but significant API (AfdAccept()), my initial
1/2

1 1 1 0
buherator
buherator
@buherator.bsky.social
1 year ago

difficult to judge quality, so the next step is to come up with some metrics that can be checked automatically.

#bindiff #ghidriff
2/2

Original->

0 0 0 0
buherator
buherator
@buherator.bsky.social
1 year ago

You diff binaries and immediately find the single change that adds the overflow check.

I diff mpengine.dll and break all reversing tools out there.

We are not the same.


gist.github.com ->

#bindiff #ghidriff


Original->

0 0 0 0
Baklava Monster, CISSP
Baklava Monster, CISSP
@ant0i.net
2 years ago
Preview
GitHub - clearbluejar/ghidriff: Python Command-Line Ghidra Binary Diffing Engine Python Command-Line Ghidra Binary Diffing Engine. Contribute to clearbluejar/ghidriff development by creating an account on GitHub.

Introducing #ghidriff: a Python Command-Line Ghidra Binary Diffing Engine

#ghidra #patchdiffing #python

github.com/clearbluejar...

1 0 0 0