diff --git a/README.md b/README.md index 0abdb48..145174d 100644 --- a/README.md +++ b/README.md @@ -599,6 +599,7 @@ INFO | ghidriff | Wrote .ghidriffs/json/ntoskrnl.exe.10.0.22621.1344-ntoskrnl.ex #### Analyze the Diff + Results in this beatiful markdown: [ntoskrnl.exe.10.0.22621.1344-ntoskrnl.exe.10.0.22621.1413.diff.md](https://gist.github.com/clearbluejar/b95ae854a92ee917cd0b5c7055b60282) See if you can figure out what function was patched for [CVE-2023-2342](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23420). @@ -607,6 +608,31 @@ See if you can figure out what function was patched for [CVE-2023-2342](https:// Prefer a side by side diff? Try out `ghidriff`'s custom html viewer. https://diffpreview.github.io/?b95ae854a92ee917cd0b5c7055b60282 +##### Results stored in `ghidriffs` folder + +```bash +$ tree ghidriffs +ghidriffs +├── ghidra_projects +│ └── ghidriff-ntoskrnl.exe.10.0.22621.2215-ntoskrnl.exe.10.0.22621.2283 +│ ├── ghidriff-ntoskrnl.exe.10.0.22621.2215-ntoskrnl.exe.10.0.22621.2283.gpr +│ └── ghidriff-ntoskrnl.exe.10.0.22621.2215-ntoskrnl.exe.10.0.22621.2283.rep +│ ├── idata +│ ├── project.prp +│ ├── user +│ └── versioned +├── ghidriff.log +├── json +│ └── ntoskrnl.exe.10.0.22621.2215-ntoskrnl.exe.10.0.22621.2283.ghidriff.json +├── ntoskrnl.exe.10.0.22621.2215-ntoskrnl.exe.10.0.22621.2283.ghidriff.md +└── symbols + ├── ntkrnlmp.pdb + ├── 69071F680ADFE36F178C6EC06E79E09C1 + │ └── ntkrnlmp.pdb + └── 738ED8FF966E8502EFE17095B9F1F5481 + └── ntkrnlmp.pdb +``` + ### Diffing CVE-2023-21768 Details of the CVE-2023-21768 (detailed in this blog [post](https://securityintelligence.com/posts/patch-tuesday-exploit-wednesday-pwning-windows-ancillary-function-driver-winsock/)). What if you wanted to repeat this patch diff with `ghidriff`? diff --git a/ghidriff/__init__.py b/ghidriff/__init__.py index 50c4150..9e58d1a 100644 --- a/ghidriff/__init__.py +++ b/ghidriff/__init__.py @@ -1,4 +1,4 @@ -__version__ = '0.5.0' +__version__ = '0.5.1' __author__ = 'clearbluejar' # Expose API