flowchart LR
subgraph new_srv2.sys
end
subgraph old_srv2.sys
end
pie showData
title Function Matches - 100.0000%
"unmatched_funcs_len" : 0
"matched_funcs_len" : 3098
pie showData
title Matched Function Similarity - 100.0000%
"matched_funcs_with_code_changes_len" : 0
"matched_funcs_with_non_code_changes_len" : 0
"matched_funcs_no_changes_len" : 3098
ghidriff --project-location ghidra_projects --project-name ghidriff --symbols-path symbols --threaded --log-level INFO --file-log-level INFO --log-path ghidriff.log --min-func-len 10 --gdt [] --bsim --max-ram-percent 60.0 --max-section-funcs 200 old_srv2.sys new_srv2.sys
--old ['old_srv2.sys'] --new [['new_srv2.sys']] --engine VersionTrackingDiff --output-path ghidriffs --summary False --project-location ghidra_projects --project-name ghidriff --symbols-path symbols --threaded True --force-analysis False --force-diff False --no-symbols False --log-level INFO --file-log-level INFO --log-path ghidriff.log --va False --min-func-len 10 --use-calling-counts False --gdt [] --bsim True --bsim-full False --max-ram-percent 60.0 --print-flags False --jvm-args None --side-by-side False --max-section-funcs 200 --md-title None
wget https://msdl.microsoft.com/download/symbols/SRV2.SYS/55D7E375C7000/SRV2.SYS -O srv2.sys.x64.10.0.19041.5856
wget https://msdl.microsoft.com/download/symbols/SRV2.SYS/74B4EEEDC7000/SRV2.SYS -O srv2.sys.x64.10.0.19041.5915
--- old_srv2.sys Meta
+++ new_srv2.sys Meta
@@ -1,44 +1,44 @@
-Program Name: old_srv2.sys
+Program Name: new_srv2.sys
Language ID: x86:LE:64:default (4.1)
Compiler ID: windows
Processor: x86
Endian: Little
Address Size: 64
Minimum Address: 1c0000000
Maximum Address: ff0000184f
# of Bytes: 795924
# of Memory Blocks: 13
# of Instructions: 100547
-# of Defined Data: 7124
+# of Defined Data: 7213
# of Functions: 1549
# of Symbols: 15515
# of Data Types: 201
# of Data Type Categories: 16
Analyzed: true
Compiler: visualstudio:unknown
Created With Ghidra Version: 11.2
-Date Created: Tue Jun 10 21:51:02 EDT 2025
+Date Created: Tue Jun 10 21:51:05 EDT 2025
Executable Format: Portable Executable (PE)
-Executable Location: /home/remy/srv2/old_srv2.sys
-Executable MD5: 6959ac94a68b9949746e30af9ba662ad
-Executable SHA256: 93eceba0cf8737f5bc5ea17a58ea7436de718c7c929764899a1e8839da012c23
-FSRL: file:///home/remy/srv2/old_srv2.sys?MD5=6959ac94a68b9949746e30af9ba662ad
+Executable Location: /home/remy/srv2/new_srv2.sys
+Executable MD5: c4b27c2efd949c240df3b395e08f271b
+Executable SHA256: 041fdf547c9cd1fea3ffd0b4bbdfb813111a898a82193084c3aab978ac43ceec
+FSRL: file:///home/remy/srv2/new_srv2.sys?MD5=c4b27c2efd949c240df3b395e08f271b
PDB Age: 1
PDB File: srv2.pdb
-PDB GUID: 92037ee6-c8be-470c-adf0-9d7d7233a7f4
+PDB GUID: 556123f7-ed74-dcbd-927c-caadadc948c6
PDB Loaded: true
PDB Version: RSDS
PE Property[CompanyName]: Microsoft Corporation
PE Property[FileDescription]: Smb 2.0 Server driver
-PE Property[FileVersion]: 10.0.19041.5856 (WinBuild.160101.0800)
+PE Property[FileVersion]: 10.0.19041.5915 (WinBuild.160101.0800)
PE Property[InternalName]: SRV2.SYS
PE Property[LegalCopyright]: © Microsoft Corporation. All rights reserved.
PE Property[OriginalFilename]: SRV2.SYS
PE Property[ProductName]: Microsoft® Windows® Operating System
-PE Property[ProductVersion]: 10.0.19041.5856
+PE Property[ProductVersion]: 10.0.19041.5915
PE Property[Translation]: 4b00409
Preferred Root Namespace Category:
RTTI Found: false
Relocatable: true
SectionAlignment: 4096
Should Ask To Analyze: false
Ghidra old_srv2.sys Decompiler Options
| Decompiler Option | Value |
|---|---|
| Prototype Evaluation | __fastcall |
Ghidra old_srv2.sys Specification extensions Options
| Specification extensions Option | Value |
|---|---|
| FormatVersion | 0 |
| VersionCounter | 0 |
Ghidra old_srv2.sys Analyzers Options
| Analyzers Option | Value |
|---|---|
| ASCII Strings | true |
| ASCII Strings.Create Strings Containing Existing Strings | true |
| ASCII Strings.Create Strings Containing References | true |
| ASCII Strings.Force Model Reload | false |
| ASCII Strings.Minimum String Length | LEN_5 |
| ASCII Strings.Model File | StringModel.sng |
| ASCII Strings.Require Null Termination for String | true |
| ASCII Strings.Search Only in Accessible Memory Blocks | true |
| ASCII Strings.String Start Alignment | ALIGN_1 |
| ASCII Strings.String end alignment | 4 |
| Aggressive Instruction Finder | false |
| Aggressive Instruction Finder.Create Analysis Bookmarks | true |
| Apply Data Archives | true |
| Apply Data Archives.Archive Chooser | [Auto-Detect] |
| Apply Data Archives.Create Analysis Bookmarks | true |
| Apply Data Archives.GDT User File Archive Path | None |
| Apply Data Archives.User Project Archive Path | None |
| Call Convention ID | true |
| Call Convention ID.Analysis Decompiler Timeout (sec) | 60 |
| Call-Fixup Installer | true |
| Condense Filler Bytes | false |
| Condense Filler Bytes.Filler Value | Auto |
| Condense Filler Bytes.Minimum number of sequential bytes | 1 |
| Create Address Tables | true |
| Create Address Tables.Allow Offcut References | false |
| Create Address Tables.Auto Label Table | false |
| Create Address Tables.Create Analysis Bookmarks | true |
| Create Address Tables.Maxmimum Pointer Distance | 16777215 |
| Create Address Tables.Minimum Pointer Address | 4132 |
| Create Address Tables.Minimum Table Size | 2 |
| Create Address Tables.Pointer Alignment | 1 |
| Create Address Tables.Relocation Table Guide | true |
| Create Address Tables.Table Alignment | 4 |
| Data Reference | true |
| Data Reference.Address Table Alignment | 1 |
| Data Reference.Address Table Minimum Size | 2 |
| Data Reference.Align End of Strings | false |
| Data Reference.Ascii String References | true |
| Data Reference.Create Address Tables | true |
| Data Reference.Minimum String Length | 5 |
| Data Reference.References to Pointers | true |
| Data Reference.Relocation Table Guide | true |
| Data Reference.Respect Execute Flag | true |
| Data Reference.Subroutine References | true |
| Data Reference.Switch Table References | false |
| Data Reference.Unicode String References | true |
| Decompiler Parameter ID | true |
| Decompiler Parameter ID.Analysis Clear Level | ANALYSIS |
| Decompiler Parameter ID.Analysis Decompiler Timeout (sec) | 60 |
| Decompiler Parameter ID.Commit Data Types | true |
| Decompiler Parameter ID.Commit Void Return Values | false |
| Decompiler Parameter ID.Prototype Evaluation | __fastcall |
| Decompiler Switch Analysis | true |
| Decompiler Switch Analysis.Analysis Decompiler Timeout (sec) | 60 |
| Demangler Microsoft | true |
| Demangler Microsoft.Apply Function Calling Conventions | true |
| Demangler Microsoft.Apply Function Signatures | true |
| Disassemble Entry Points | true |
| Disassemble Entry Points.Respect Execute Flag | true |
| Embedded Media | true |
| Embedded Media.Create Analysis Bookmarks | true |
| External Entry References | true |
| Function ID | true |
| Function ID.Always Apply FID Labels | false |
| Function ID.Create Analysis Bookmarks | true |
| Function ID.Instruction Count Threshold | 14.6 |
| Function ID.Multiple Match Threshold | 30.0 |
| Function Start Search | true |
| Function Start Search.Bookmark Functions | false |
| Function Start Search.Search Data Blocks | false |
| Non-Returning Functions - Discovered | true |
| Non-Returning Functions - Discovered.Create Analysis Bookmarks | true |
| Non-Returning Functions - Discovered.Function Non-return Threshold | 3 |
| Non-Returning Functions - Discovered.Repair Flow Damage | true |
| Non-Returning Functions - Known | true |
| Non-Returning Functions - Known.Create Analysis Bookmarks | true |
| PDB MSDIA | false |
| PDB MSDIA.Search untrusted symbol servers | false |
| PDB Universal | true |
| PDB Universal.Search untrusted symbol servers | false |
| Reference | true |
| Reference.Address Table Alignment | 1 |
| Reference.Address Table Minimum Size | 2 |
| Reference.Align End of Strings | false |
| Reference.Ascii String References | true |
| Reference.Create Address Tables | true |
| Reference.Minimum String Length | 5 |
| Reference.References to Pointers | true |
| Reference.Relocation Table Guide | true |
| Reference.Respect Execute Flag | true |
| Reference.Subroutine References | true |
| Reference.Switch Table References | false |
| Reference.Unicode String References | true |
| Scalar Operand References | true |
| Scalar Operand References.Relocation Table Guide | true |
| Shared Return Calls | true |
| Shared Return Calls.Allow Conditional Jumps | false |
| Shared Return Calls.Assume Contiguous Functions Only | true |
| Stack | true |
| Stack.Create Local Variables | true |
| Stack.Create Param Variables | true |
| Stack.useNewFunctionStackAnalysis | true |
| Subroutine References | true |
| Subroutine References.Create Thunks Early | true |
| Variadic Function Signature Override | false |
| Variadic Function Signature Override.Create Analysis Bookmarks | false |
| Windows x86 PE Exception Handling | true |
| Windows x86 PE RTTI Analyzer | true |
| Windows x86 Thread Environment Block (TEB) Analyzer | true |
| Windows x86 Thread Environment Block (TEB) Analyzer.Starting Address of the TEB | |
| Windows x86 Thread Environment Block (TEB) Analyzer.Windows OS Version | Windows 7 |
| WindowsPE x86 Propagate External Parameters | false |
| WindowsResourceReference | true |
| WindowsResourceReference.Create Analysis Bookmarks | true |
| x86 Constant Reference Analyzer | true |
| x86 Constant Reference Analyzer.Create Data from pointer | false |
| x86 Constant Reference Analyzer.Function parameter/return Pointer analysis | true |
| x86 Constant Reference Analyzer.Max Threads | 2 |
| x86 Constant Reference Analyzer.Min absolute reference | 4 |
| x86 Constant Reference Analyzer.Require pointer param data type | false |
| x86 Constant Reference Analyzer.Speculative reference max | 256 |
| x86 Constant Reference Analyzer.Speculative reference min | 1024 |
| x86 Constant Reference Analyzer.Stored Value Pointer analysis | true |
| x86 Constant Reference Analyzer.Trust values read from writable memory | true |
Ghidra new_srv2.sys Decompiler Options
| Decompiler Option | Value |
|---|---|
| Prototype Evaluation | __fastcall |
Ghidra new_srv2.sys Specification extensions Options
| Specification extensions Option | Value |
|---|---|
| FormatVersion | 0 |
| VersionCounter | 0 |
Ghidra new_srv2.sys Analyzers Options
| Analyzers Option | Value |
|---|---|
| ASCII Strings | true |
| ASCII Strings.Create Strings Containing Existing Strings | true |
| ASCII Strings.Create Strings Containing References | true |
| ASCII Strings.Force Model Reload | false |
| ASCII Strings.Minimum String Length | LEN_5 |
| ASCII Strings.Model File | StringModel.sng |
| ASCII Strings.Require Null Termination for String | true |
| ASCII Strings.Search Only in Accessible Memory Blocks | true |
| ASCII Strings.String Start Alignment | ALIGN_1 |
| ASCII Strings.String end alignment | 4 |
| Aggressive Instruction Finder | false |
| Aggressive Instruction Finder.Create Analysis Bookmarks | true |
| Apply Data Archives | true |
| Apply Data Archives.Archive Chooser | [Auto-Detect] |
| Apply Data Archives.Create Analysis Bookmarks | true |
| Apply Data Archives.GDT User File Archive Path | None |
| Apply Data Archives.User Project Archive Path | None |
| Call Convention ID | true |
| Call Convention ID.Analysis Decompiler Timeout (sec) | 60 |
| Call-Fixup Installer | true |
| Condense Filler Bytes | false |
| Condense Filler Bytes.Filler Value | Auto |
| Condense Filler Bytes.Minimum number of sequential bytes | 1 |
| Create Address Tables | true |
| Create Address Tables.Allow Offcut References | false |
| Create Address Tables.Auto Label Table | false |
| Create Address Tables.Create Analysis Bookmarks | true |
| Create Address Tables.Maxmimum Pointer Distance | 16777215 |
| Create Address Tables.Minimum Pointer Address | 4132 |
| Create Address Tables.Minimum Table Size | 2 |
| Create Address Tables.Pointer Alignment | 1 |
| Create Address Tables.Relocation Table Guide | true |
| Create Address Tables.Table Alignment | 4 |
| Data Reference | true |
| Data Reference.Address Table Alignment | 1 |
| Data Reference.Address Table Minimum Size | 2 |
| Data Reference.Align End of Strings | false |
| Data Reference.Ascii String References | true |
| Data Reference.Create Address Tables | true |
| Data Reference.Minimum String Length | 5 |
| Data Reference.References to Pointers | true |
| Data Reference.Relocation Table Guide | true |
| Data Reference.Respect Execute Flag | true |
| Data Reference.Subroutine References | true |
| Data Reference.Switch Table References | false |
| Data Reference.Unicode String References | true |
| Decompiler Parameter ID | true |
| Decompiler Parameter ID.Analysis Clear Level | ANALYSIS |
| Decompiler Parameter ID.Analysis Decompiler Timeout (sec) | 60 |
| Decompiler Parameter ID.Commit Data Types | true |
| Decompiler Parameter ID.Commit Void Return Values | false |
| Decompiler Parameter ID.Prototype Evaluation | __fastcall |
| Decompiler Switch Analysis | true |
| Decompiler Switch Analysis.Analysis Decompiler Timeout (sec) | 60 |
| Demangler Microsoft | true |
| Demangler Microsoft.Apply Function Calling Conventions | true |
| Demangler Microsoft.Apply Function Signatures | true |
| Disassemble Entry Points | true |
| Disassemble Entry Points.Respect Execute Flag | true |
| Embedded Media | true |
| Embedded Media.Create Analysis Bookmarks | true |
| External Entry References | true |
| Function ID | true |
| Function ID.Always Apply FID Labels | false |
| Function ID.Create Analysis Bookmarks | true |
| Function ID.Instruction Count Threshold | 14.6 |
| Function ID.Multiple Match Threshold | 30.0 |
| Function Start Search | true |
| Function Start Search.Bookmark Functions | false |
| Function Start Search.Search Data Blocks | false |
| Non-Returning Functions - Discovered | true |
| Non-Returning Functions - Discovered.Create Analysis Bookmarks | true |
| Non-Returning Functions - Discovered.Function Non-return Threshold | 3 |
| Non-Returning Functions - Discovered.Repair Flow Damage | true |
| Non-Returning Functions - Known | true |
| Non-Returning Functions - Known.Create Analysis Bookmarks | true |
| PDB MSDIA | false |
| PDB MSDIA.Search untrusted symbol servers | false |
| PDB Universal | true |
| PDB Universal.Search untrusted symbol servers | false |
| Reference | true |
| Reference.Address Table Alignment | 1 |
| Reference.Address Table Minimum Size | 2 |
| Reference.Align End of Strings | false |
| Reference.Ascii String References | true |
| Reference.Create Address Tables | true |
| Reference.Minimum String Length | 5 |
| Reference.References to Pointers | true |
| Reference.Relocation Table Guide | true |
| Reference.Respect Execute Flag | true |
| Reference.Subroutine References | true |
| Reference.Switch Table References | false |
| Reference.Unicode String References | true |
| Scalar Operand References | true |
| Scalar Operand References.Relocation Table Guide | true |
| Shared Return Calls | true |
| Shared Return Calls.Allow Conditional Jumps | false |
| Shared Return Calls.Assume Contiguous Functions Only | true |
| Stack | true |
| Stack.Create Local Variables | true |
| Stack.Create Param Variables | true |
| Stack.useNewFunctionStackAnalysis | true |
| Subroutine References | true |
| Subroutine References.Create Thunks Early | true |
| Variadic Function Signature Override | false |
| Variadic Function Signature Override.Create Analysis Bookmarks | false |
| Windows x86 PE Exception Handling | true |
| Windows x86 PE RTTI Analyzer | true |
| Windows x86 Thread Environment Block (TEB) Analyzer | true |
| Windows x86 Thread Environment Block (TEB) Analyzer.Starting Address of the TEB | |
| Windows x86 Thread Environment Block (TEB) Analyzer.Windows OS Version | Windows 7 |
| WindowsPE x86 Propagate External Parameters | false |
| WindowsResourceReference | true |
| WindowsResourceReference.Create Analysis Bookmarks | true |
| x86 Constant Reference Analyzer | true |
| x86 Constant Reference Analyzer.Create Data from pointer | false |
| x86 Constant Reference Analyzer.Function parameter/return Pointer analysis | true |
| x86 Constant Reference Analyzer.Max Threads | 2 |
| x86 Constant Reference Analyzer.Min absolute reference | 4 |
| x86 Constant Reference Analyzer.Require pointer param data type | false |
| x86 Constant Reference Analyzer.Speculative reference max | 256 |
| x86 Constant Reference Analyzer.Speculative reference min | 1024 |
| x86 Constant Reference Analyzer.Stored Value Pointer analysis | true |
| x86 Constant Reference Analyzer.Trust values read from writable memory | true |
| Stat | Value |
|---|---|
| added_funcs_len | 0 |
| deleted_funcs_len | 0 |
| modified_funcs_len | 0 |
| added_symbols_len | 0 |
| deleted_symbols_len | 0 |
| diff_time | 12.595270872116089 |
| deleted_strings_len | 0 |
| added_strings_len | 0 |
| match_types | Counter({'SymbolsHash': 1434, 'ExternalsName': 393, 'ExactBytesFunctionHasher': 102, 'BSIM': 4, 'ExactInstructionsFunctionHasher': 1}) |
| items_to_process | 0 |
| diff_types | Counter() |
| unmatched_funcs_len | 0 |
| total_funcs_len | 3098 |
| matched_funcs_len | 3098 |
| matched_funcs_with_code_changes_len | 0 |
| matched_funcs_with_non_code_changes_len | 0 |
| matched_funcs_no_changes_len | 3098 |
| match_func_similarity_percent | 100.0000% |
| func_match_overall_percent | 100.0000% |
| first_matches | Counter({'SymbolsHash': 1434, 'ExactBytesFunctionHasher': 102, 'BSIM': 4, 'ExactInstructionsFunctionHasher': 1}) |
pie showData
title All Matches
"SymbolsHash" : 1434
"ExternalsName" : 393
"ExactBytesFunctionHasher" : 102
"ExactInstructionsFunctionHasher" : 1
"BSIM" : 4
pie showData
title First Matches
"SymbolsHash" : 1434
"ExactBytesFunctionHasher" : 102
"ExactInstructionsFunctionHasher" : 1
"BSIM" : 4
pie showData
title Diff Stats
"added_funcs_len" : 0
"deleted_funcs_len" : 0
"modified_funcs_len" : 0
pie showData
title Symbols
"added_symbols_len" : 0
"deleted_symbols_len" : 0
No string differences found
Modified functions contain code changes
Slightly modified functions have no code changes, rather differnces in:
- refcount
- length
- called
- calling
- name
- fullname
Generated with ghidriff version: 0.7.3 on 2025-06-10T21:52:24