Copyright 2011-2024 Google LLC.
BinDiff is a leading executable-comparison tool for reverse engineers that need to analyze patches, malware variants, or are generally interested in the differences between two executables.
In order to make best use of BinDiff, it is very helpful to spend a bit of time familiarizing yourself with the concepts and algorithms behind it. For this, we recommend reading Understanding BinDiff, which explains the behind-the-scenes and Core Functionality, which explains the basic elements of the user interface.
Ideally, we would like you to also read Analyzing a Microsoft Patch (a walk-through demonstrating how to analyze a simple security update) and Advanced Usage (porting your symbols and comments from one disassembly to the next).
This documentation is a work in progress and not everything from the original manual has been ported over.