19.3 Diffing code graphs

Each code graph generated by the code analysis engine of radare can be stored in memory or disk using the 'g' (graph) command of radare.

[0xB808F810]> g? Usage: g[?] [argument] g? ; show help g ; list all RDBs loded in memory g [rdb-file] ; load graph rdb file as graph g -[idx] ; removes an rdb indexed ga 0xaddr ; generate graph at address gr[*] ; show basic block information in raw or ra+ gs [rdb-file] ; save graph analysis as rdb gc [num] ; show block disassembles of graph num gg [num] ; graph graph number 'num' gm [range] ; performs a merge between selected rdbs gd [a] [b] ; rdb diff. generates a new rdb NOTE: See 'gu?' to manage user graphs

In the same way it is possible to look for the differences between two different graph analysis of code by using the 'rdb diff' functionality of 'radiff -p' from the shell against two files generated by radare representing the graph structures or internally inside radare with the 'gd' command.

This command will show the differences between these two graphs like new basic blocks, new edges, differences at byte level of the basic blocks to identify modified branches or so.

To generate an rdb file you just have to save the project using the 'Ps' command. This command will store the project file in ~/.radare/rdb/<project-file>. Take it from there to diff the code analysis with radiff.

NOTE: The graph information of a program can be exported from IDA using the ida2rdb.idc IDC script. The script will generate a .txt (or .rdb) file exposing the information of the IDA internals ready to be interpreted by radare.