pwnfuzz
diff --git a/‎.gitignore‎
Lines changed: 115 additions & 0 deletions b/‎.gitignore‎
Lines changed: 115 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 173 additions & 1 deletion b/‎README.md‎
Lines changed: 173 additions & 1 deletion
diff --git a/‎diffrays/__init__.py‎
Lines changed: 40 additions & 0 deletions b/‎diffrays/__init__.py‎
Lines changed: 40 additions & 0 deletions
@@ -0,0 +1,115 @@
+# ------------------------
+# Python
+# ------------------------
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# Virtual environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# PyInstaller
+#  Usually contains a manifest and spec files
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+*.ipynb
+
+# pyenv
+.python-version
+
+# pipenv
+Pipfile.lock
+
+# poetry
+poetry.lock
+
+# PDM
+__pypackages__/
+
+# Celery
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath
+*.sage.py
+
+# Environments
+.env
+.env.*
+venv/
+.venv/
+
+# VS Code
+.vscode/
+
+# PyCharm
+.idea/
+
+# MacOS
+.DS_Store
+
+# Windows
+Thumbs.db
+ehthumbs.db
+Desktop.ini
+
+# Logs
+*.log
+
+# SQLite databases
+*.sqlite3
+*.db
+
+# Misc
+*.swp
+*.swo
@@ -1 +1,173 @@
-# New Main Branch
+<p align='center'>
+<img src="" width=60% >
+</p>
+
+<!--
+<img align="center" src="https://img.shields.io/github/stars/pwnfuzz/DiffRays?style=for-the-badge">
+<img align="center" src="https://img.shields.io/github/forks/pwnfuzz/DiffRays?style=for-the-badge">
+-->
+
+# DiffRays - IDA Pro Binary Diffing Engine
+
+DiffRays is a research-oriented tool for **binary patch diffing**, designed to aid in **vulnerability research, exploit development, and reverse engineering**. It leverages **IDA Pro** and the **IDA Domain API** to extract pseudocode of functions and perform structured diffing between patched and unpatched binaries.
+
+---
+
+## ✨ Features
+
+- 🔎 **Patch Diffing**: Compare functions across different binary versions to identify code changes.  
+- 🧩 **IDA Pro Integration**: Uses IDA Pro and the IDA Domain API for accurate pseudocode extraction.  
+- 📂 **SQLite Output**: Stores diff results in a SQLite database for easy reuse and analysis.  
+- 🌐 **Web Interface**: Built-in server mode to browse, search, and visualize diff results interactively.  
+- 📊 **Research-Ready**: Designed to support vulnerability research and exploit development workflows.  
+
+---
+
+## 🛠️ Requirements
+
+- [IDA Pro Version](https://hex-rays.com/ida-pro/)  
+    - The IDA Domain library requires IDA Pro 9.1.0 or later.
+- [IDA Domain API](https://github.com/HexRaysSA/ida-domain)  
+- Python 3.8+  
+- Additional Python dependencies 
+
+---
+
+## ⚙️ Setup
+
+1. **Clone the repository**  
+    ```bash
+   git clone https://github.com/pwnfuzz/diffrays
+   cd diffrays
+    ```
+
+2. **Install dependencies**  
+    ```bash
+    pip install .
+    ```
+
+3. **Setup IDADIR environment variable to point to your IDA installation directory:**  
+
+    ```bash
+    Windows:
+        set IDADIR="[IDA Installation Directory]"
+
+    Linux:
+        export IDADIR="[IDA Installation Directory]"
+    ```
+
+---
+
+## 🚀 Usage
+
+Command-Line Help
+
+```bash
+> diffrays --help
+
+______ _  __  ________
+|  _  (_)/ _|/ _| ___ \
+| | | |_| |_| |_| |_/ /__ _ _   _ ___
+| | | | |  _|  _|    // _` | | | / __|
+| |/ /| | | | | | |\ \ (_| | |_| \__ \
+|___/ |_|_| |_| \_| \_\__,_|\__, |___/
+                             __/ |
+                            |___/      v1.0 Kappa
+
+usage: diffrays [-h] {diff,server} ...
+
+Binary Diff Analysis Tool - Decompile, Compare, and Visualize Binary Changes
+
+positional arguments:
+  {diff,server}  Command to execute
+    diff         Analyze two binaries and generate differential database 
+    server       Launch web server to view diff results
+
+options:
+  -h, --help     show this help message and exit
+
+Examples:
+  diffrays diff old_binary.exe new_binary.exe
+  diffrays diff old.so new.so -o custom_name.sqlite --log
+  diffrays server --db-path result_old_new_20231201.sqlite --debug
+
+For more information, visit: https://github.com/pwnfuzz/diffrays
+
+```
+
+1. **Run Patch Diffing in IDA**  
+
+Load your binaries in IDA and run DiffRays to generate diff results:  
+```bash
+python diffrays.py diff <path_to_old_binary> <path_to_new_binary>
+```
+
+2. **Start the DiffRays Server**  
+
+Once you have a .sqlite file, launch the web interface to explore the diffs:  
+```bash
+python diffrays.py server --db-path diff_results.sqlite
+```
+Open your browser at http://localhost:5555 to view results.
+
+---
+
+## 🔬 Example Workflow - Diffing CVE-2025-29824
+
+1. **Collect target binaries**  
+   - CVE-2025-1246 affects the **Common Log File System driver (`Clfs.sys`)**.  
+   - Download the two versions of the driver from Microsoft’s update packages (via WinBIndex or your preferred source):  
+     - Vulnerable build: **Clfs.sys 10.0.22621.5037** → [download here](https://msdl.microsoft.com/download/symbols/clfs.sys/4A2750956f000/clfs.sys)  
+     - Patched build: **Clfs.sys 10.0.22621.5189** → [download here](https://msdl.microsoft.com/download/symbols/clfs.sys/68C175656f000/clfs.sys)  
+   - Save them into a working directory:
+    ```bash
+    curl -L -o clfs_10.0.22621.5037.sys https://msdl.microsoft.com/download/symbols/clfs.sys/4A2750956f000/clfs.sys
+    curl -L -o clfs_10.0.22621.5189.sys https://msdl.microsoft.com/download/symbols/clfs.sys/68C175656f000/clfs.sys
+    ```
+
+2. **Run DiffRays**  
+    ```bash
+    python diffrays.py diff clfs_10.0.22621.5037.sys clfs_10.0.22621.5189.sys
+    ```
+
+3. **Start the web server**
+    ```bash
+    python diffrays.py server --db-path clfs_diff.sqlite
+    ```
+
+4. **Browse interactively**
+Open http://127.0.0.1:5555
+
+<IMG>ADD HERE</IMG>
+
+---
+
+## 📖 Use Cases
+
+- Researching Microsoft Patch Tuesday vulnerabilities
+- Identifying security fixes introduced in new software versions
+- Supporting exploit development by analyzing patched vs. unpatched code paths
+- Reverse engineering software updates
+
+---
+
+## 💡 Inspired By
+
+DiffRays takes inspiration from prior research and tools in the binary diffing space, including:
+
+- [BinDiff](https://github.com/google/bindiff) - Quickly find differences and similarities in disassembled code.
+- [Diaphora](https://github.com/joxeankoret/diaphoraDiaphora) - Diaphora, the most advanced Free and Open Source program diffing tool.
+- [Ghidriff](https://github.com/clearbluejar/ghidriff) - Python Command-Line Ghidra Binary Diffing Engine
+
+---
+
+## ⚠️ Disclaimer
+
+This project is intended for educational and research purposes only.
+The author does not condone or encourage malicious use of this tool.
+
+---
+
+## 📜 License
+
+This project is licensed under the MIT License - see the [LICENSE](https://github.com/pwnfuzz/DiffRays/blob/main/LICENSE) file for details.
@@ -0,0 +1,40 @@
+"""
+DiffRays - Binary Diff Analysis Tool
+Decompile, Compare, and Visualize Binary Changes
+"""
+
+__version__ = "0.1.0"
+__author__ = "PwnFuzz"
+__license__ = "MIT"
+
+from .cli import main
+from .server import run_server
+
+# Don't import analyzer at module level
+run_diff = None
+
+def _get_run_diff():
+    """Helper to get run_diff with proper error handling"""
+    global run_diff
+    if run_diff is None:
+        try:
+            from .analyzer import run_diff as rd
+            run_diff = rd
+        except ImportError as e:
+            # Only show message when actually trying to use it
+            def run_diff_stub(*args, **kwargs):
+                print("\nIDA analysis not available")
+                print("Required: IDA Pro with HexRays Decompiler + ida_domain package")
+                print(f"Error: {e}")
+                raise ImportError("IDA analysis components not available") from e
+            run_diff = run_diff_stub
+    return run_diff
+
+# Override the run_diff name to use our lazy loader
+def run_diff_wrapper(*args, **kwargs):
+    return _get_run_diff()(*args, **kwargs)
+
+# Replace the None with our wrapper
+run_diff = run_diff_wrapper
+
+__all__ = ['main', 'run_diff', 'run_server']