Finding Specific Code in different software version

Finding specific code/address known in specific software version, in different.

Related to: ASR Disable Mod and similar.

Let's assume you want to find 0x000b8b60 from 3R05DC50 software in e.g. 3Sxxxxx software.

Select some larger part of the disassembled binary, e.g:

Screenshot%202025-02-05%20194218

Then in bar, press Search -> For Matching Instruction -> Exclude Operands, as the mnemonic typically don't change, the operands can change every software recompilation, so we want exclude them from searching to have more generic signature.

Screenshot%202025-02-05%20194355

In this case Ghidra generated pattern in bitwise mode:

011111.. ........ .....000 01010000 101100.. ........ ........ ........ 100010.. ........ ........ ........ 011111.. ........ .....001 11010110 000111.. ........ ........ ........ 010101.. ........ ........ .......0 011111.. ........ .....000 01010000 101100.. ........ ........ ........ 100010.. ........ ........ ........ 011111.. ........ .....001 11010110 000111.. ........ ........ ........ 010101.. ........ ........ .......0 011111.. ........ .....000 01010000

Select full pattern and copy it, then in second Ghidra window where you have disassembled e.g. 3S software, Press "S" and paste the pattern then search it.

Screenshot%202025-02-05%20194821

You should get only one result and it should be exactly same code as previous.

Screenshot%202025-02-05%20194851

Screenshot%202025-02-05%20194925

Then do all the rest as ASR Disable example.

Syndicate

Finding Specific Code in different software version

Finding specific code/address known in specific software version, in different.

Tuned by Turbolapaka