BinDiff

import subprocess
import sys
import os

BINDIFF_PATH = "C:\\Program Files\\zynamics\\BinDiff 4.2\\bin\\differ.exe"
IDAQ_PATH = "C:\\Program Files\\IDA 6.9\\idaq.exe"

if len(sys.argv) < 3:
	print "Usage: python diff_binaries.py $bin1 $bin2"
	sys.exit(1)

bindiff_script_path = os.getcwd() + os.sep + "bindiff_export.idc"

dir_path = os.getcwd() + os.sep

name_one = dir_path + sys.argv[1].split('.')[0]
name_two = dir_path + sys.argv[2].split('.')[0]


subprocess.call([IDAQ_PATH,"-B","-P+",sys.argv[1]])
subprocess.call([IDAQ_PATH,"-OExporterModule:" + name_one,"-S\"" + bindiff_script_path +"\"", name_one + ".idb"])
subprocess.call([IDAQ_PATH,"-B","-P+",sys.argv[2]])
subprocess.call([IDAQ_PATH,"-OExporterModule:" + name_two,"-S\"" + bindiff_script_path +"\"", name_two + ".idb"])

subprocess.call([BINDIFF_PATH,"-log_format", "--primary", name_one + ".BinExport", "--secondary", name_two + ".BinExport"])

-log_format加上的话输出.txt格式，不加输出.BInDiff格式。后者实质是一个sqlite3数据库。

BinExport可以在IDA中通过插件获取，也可以在IDA的Output window中输入load_and_run_plugin("binexport10", 1)

获取bindiff比较结果

sqllink = sqlite3.connect(bindiff_path)
#获取数据库中的表
table=sqllink.execute("select name from sqlite_master where type='table' order by name")
print table.fetchall()
algorithm=sqllink.execute("PRAGMA table_info(functionalgorithm)")

print algorithm.fetchall()
functioninfo = sqllink.execute('select address1,address2,similarity,confidence,algorithm from function')
#获取函数匹配使用的匹配算法类型
algorithm=sqllink.execute('select * from functionalgorithm')
function_algorithm=[]
for alg in algorithm:
    item_list_buf = list(alg)
    function_algorithm.append(item_list_buf[1])
#获取函数匹配信息，函数1，函数2，相似度，置信度，算法类型
for each_item in functioninfo:
    item_list_buf = list(each_item)
    similarity = "%.2f" % item_list_buf[2]
    confidence= "%.2f" % item_list_buf[3]
    algorithm=function_algorithm[int(item_list_buf[4])-1]#算法从下标1开始
    item_list = [hex(item_list_buf[0]),hex(item_list_buf[1]),similarity,confidence,str(algorithm)]
    result_list.append(item_list)