{"id":31483,"date":"2023-12-07T09:41:27","date_gmt":"2023-12-07T09:41:27","guid":{"rendered":"https:\/\/kalilinuxtutorials.com\/?p=31483"},"modified":"2023-12-07T09:41:27","modified_gmt":"2023-12-07T09:41:27","slug":"windiff","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/windiff\/","title":{"rendered":"WinDiff: A Comprehensive Tool for Windows Binary Comparison and Analysis"},"content":{"rendered":"\n

WinDiff is an open-source web-based tool that allows browsing and comparing symbol, type and syscall information of Microsoft Windows binaries across different versions of the operating system. The binary database is automatically updated to include information from the latest Windows updates (including Insider Preview).<\/p>\n\n\n\n

It was inspired by\u00a0ntdiff<\/a>\u00a0and made possible with the help of\u00a0Winbindex<\/a>.<\/p>\n\n\n\n

How It Works<\/strong><\/h2>\n\n\n\n

WinDiff is made of two parts: a CLI tool written in Rust and a web frontend written in TypeScript using the Next.js framework.<\/p>\n\n\n\n

The CLI tool is used to generate compressed JSON databases out of a configuration file and relies on Winbindex<\/code> to find and download the required PEs (and PDBs). Types are reconstructed using resym<\/code>. The idea behind the CLI tool is to be able to easily update and regenerate databases as new versions of Windows are released. The CLI tool’s code is in the windiff_cli<\/code> directory.<\/p>\n\n\n\n

The frontend is used to visualize the data generated by the CLI tool, in a user-friendly way. The frontend follows the same principle as ntdiff<\/code>, as it allows browsing information extracted from official Microsoft PEs and PDBs for certain versions of Microsoft Windows and also allows comparing this information between versions. The frontend’s code is in the windiff_frontend<\/code> directory.<\/p>\n\n\n\n

A scheduled GitHub action fetches new updates from Winbindex<\/code> every day and updates the configuration file used to generate the live version of WinDiff. Currently, because of (free plans) storage and compute limitations, only KB<\/strong> and Insider Preview updates less than one year old are kept<\/strong> for the live version. You can of course rebuild a local version of WinDiff yourself, without those limitations if you need to. See the next section for that.<\/p>\n\n\n\n

Note: Winbindex<\/code> doesn’t provide unique download links for 100% of the indexed files, so it might happen that some PEs’ information are unavailable in WinDiff because of that. However, as soon as these PEs are on VirusTotal, Winbindex<\/code> will be able to provide unique download links for them and they will then be integrated into WinDiff automatically.<\/p>\n\n\n\n

<\/a>How to Build<\/strong><\/h2>\n\n\n\n

<\/a>Prerequisites<\/strong><\/h3>\n\n\n\n