Comparison of Binary Files

Binary files can contain countless nested elements, chunks and blocks. This makes it difficult to compare binary files at a level that takes into account the meaning of the properties and values contained in the files. One way to nonetheless do this is to use the FileAnalyzer's compare function, which we will look at in this tutorial and which allows you to perform various types of binary file comparisons.

Invoking the Comparison Function
Comparison of an Element in several Files
Comparison of Elements within a File
Comparison of individual Properties
Save or Copy the Result of Comparisons
Automate Comparisons using Script Control

Important for all comparisons presented in this tutorial is the FileAnalyzer's path concept, which allows you to uniquely address any elements and chunks within the structure of files. If you are not yet familiar with this concept, you should first read the introduction to the path concept of the FileAnalyzer.

Invoking the Comparison Function

You can access the FileAnalyzer's comparison function in various ways. For example, you will find a button with the title "Compare" under the file list in the main window, you can access the comparison dialog via the menu "Tools > Compare" or also via the keyboard shortcut CTRL + Q (comming from "CYU" like "C"-compare, since CTRL + C is already taken).

The easiest way, however, is to start the comparison directly from the file structure or the detail table. To do this, just right-click on the element within the tree structure that you want to compare and select "Compare Path" from the context menu, or do the same with the detail table to the right of the structure to initiate a comparison of the properties selected therein. To compare multiple properties at the same time, you can also select multiple properties at once in the details table.

You will learn more about these different types of comparisons in the next sections.

Comparison of an Element in several Files

If you want to compare across multiple files the same element respectively a chunk that occurs in all these files, you can do this in the FileAnalyzer as follows:

First, add all the files you want to compare to the File List in the FileAnalyzer. To do this, you can, for example, simply drag and drop the files from a folder onto the program.
Then click on any of these files in the file list so that this file is read by the FileAnalyzer and you can see the structure of the file in the area "File Structure" below the file list.
Now, find the element respectively the chunk within the file structure that you want to compare with the other files, right-click on this element and select "Compare Path" from the context menu. If there are several same-named paths within your file, select "Compare Path at this Position" instead (more on this in the next section).

The comparator will then open, in which the result of your comparison will already be displayed. Each row in the results table corresponds to one of your files. In addition to the columns for the file name, the path and the byte offset (byte position) of the element found within the file, the results table contains one column for each individual property of the element, so that you can compare the different values of the same property across the different files (if you only want to list one or a selection of these properties in the table, please see the section on comparing individual properties). The table can be sorted by a column by clicking on the column title.

Alternatively, you can also simply enter the path to be compared in the text field at the top of the comparison dialog in order to then click on the button "Compare" to the right. For example, if you want to compare the font header of some TTF or OTF fonts, simply enter the path to the font header "/head" here and you will receive a comparison table of all the properties of this header, such as the version or the font properties stored in this chunk, like Bold, Italic, Underline or Condensed, prepared in a table. You can of course also compare other paths or files of a different type in the same way.

Comparison of Elements within a File

The comparator of the FileAnalyzer can not only be used to compare multiple files, but also to compare elements within one file. Such a comparison makes sense, for example, if a file contains several elements of the same type, such as MP4 video files with both an audio and a video track header or image files that can contain multiple different images, such as icons (Windows ICO / macOS ICNS) or GIF files.

To start this comparison of similar elements within a file, we can proceed in a similar way like we have seen for comparing an element of multiple files, which we looked at in the last section:

First, again, we drag the file we want to compare from an arbitrary folder onto the FileAnalyzer so that it appears in the program's File List.
Then we right-click in the File Structure of this file on the element respectively the path within the structure that we want to compare.
This time, however, we select "Compare Path at all Positions" in order to then receive our comparison result in a new window.

For the example of a GIF file containing multiple images mentioned at the beginning, this could be the path "/image/imagedescriptor" for the image descriptor, which contains information about the individual images. Using this path, our results table would generate a list of all images contained in the GIF file, which would next to the byte offset of the image additionally list properties such as the width and height of the individual images, for instance.

Compare Path at all versus only at this Position

To compare the elements within a file, it is important to select the function "Compare Path at all Positions". Only this ensures that all paths with the same name within your file are included in the comparison. So, according to the path model, by doing so, the paths are searched independently of their index.

Alternatively, you can also find the function "Compare Path at this Position" in the context menu. This function calls the comparator taking into account the indices of the selected path, which means that only the element that you have clicked on is included in the comparison.

For example, if you click on the third image in your GIF file and start the comparison at "this position", you can compare the third image of several GIF files without considering the other images within the files. The path in this case would be "/image[2]/imagedescriptor" (Image 2 for the third image, since the counting starts at 0), while the path "/image/imagedescriptor" without specifying an index would instead consider all images within the file.

Also the function "Compare Path at all Positions" can be called not only with one file in the file list but also with multiple files. In this case, you get a comparison of all elements with this path not only within one file but also across all files in your file list within one comparison table.

Comparison of individual Properties

So far we have only looked at comparing entire elements or chunks with all of their properties. However, sometimes we are only interested in one specific property or only in a small selection of properties, especially when our elements to be compared contain a lot of properties (such as our previously mentioned font files or also portable executables such as EXE applications or DLL libraries). We want to look at how this works in this section.

We have already mentioned that at the top of the comparison dialog we can enter a path with or without indices into the text field in order to be able to compare all the properties stored in this path. If, however, we only want to limit the comparison to individual properties, we can append them using a colon as separator:

/moov/trak/tkhd:Duration

With this path we can read out the playing time of ISO Base Media File Format files such as M4A audios or MP4 videos, which is stored in the property "Duration" in the path "/moov/trak/tkhd".

Multiple properties can be listed separated with a comma:

/sof0:ImageHeight,ImageWidth

The height and the width of JPG images are stored in the properties ImageHeight and ImageWidth which can be found in the path "/sof0" of JPG files. If we start our comparison with this call, we get a comparison table as a result that contains both the height as well as the width of the images in one column each, but no other properties such as BitsPerPixel, which are also stored in this path. When doing so, please always pay attention to the correct path and the correct names of the properties. For PNG images, for example, the path would be "/ihdr:Width,Height" instead, since - compared to JPEG images - the height and the width are on the one hand stored in the image header (ihdr) instead and on the other hand different names are used for the properties.

Calling the Property Comparison from the Detail Table

Of course, there is also available a quick shortcut way to compare individual properties so that you don't have to enter the path manually:

To do this, first select the element that contains the property you want to compare from the File Structure.
This causes the properties stored in this element to be displayed in the Details Table to the right.
Now right-click on the row of the detail table that contains the property you want to compare and select "Compare Property in selected Path" from the context menu.
This then directly opens the comparison dialog and carries out the comparison for your property in the selected path.

Of course, you can select not only individual properties in this way, but also several at the same time: To do this, just select all rows from the detail table whose properties you want to compare with each other by holding down the Shift key and then select "Compare Properties in selected Path" from the context menu. This then automatically calls up the comparator with all of your selected properties in the necessay comma-separated form just mentioned.

For paths with the same name, as described in the last section, you have the two options "Compare Property in selected Path at this Position" as well as "Compare Property in selected Path at all Positions", which allows you to carry out the comparison either just for this element across multiple files or for all elements with the same name within a file (the latter is of course possible for multiple files, too).

Save or Copy the Result of Comparisons

If you want to use the result of your comparison in other applications or save it as a file, you should have a look at the three buttons "Copy as TSV", "Copy as CSV" as well as "Save as..." that you can find under the comparison table:

Copy as TSV: With this button you copy the result table to your clipboard as Tab Separated Values. This means that the individual values are separated from each other with a tab and can therefore be copied into programs such as Microsoft Excel, LibreOffice or OpenOffice Calc.
Copy as CSV: This function works similarly, but copies the result table to the clipboard as Comma Separated Values. Depending on your language settings, either the comma or the semicolon is used as the field separator, while the system line break is used as the line separator.
Save as File: In addition to copying to the clipboard, this button additionally allows you to save the comparison table as a file. You can specify the format for the storage using the "File Type" selection box in the save dialog. The following formats are available: CSV (Comma Separated Values), TSV (Tab Separated Values), XLSX (Microsoft Excel Spreadsheet), ODS (Open Document Spreadsheet), DIF (Data Interchange Format), HTML (web page) and TXT (Plain Text).

Automate Comparisons using Script Control

Like many other functions of the FileAnalyzer, too, also the comparison function can be automated and controlled via command line parameters. This means that all kind of comparisons presented in this tutorial can be called up and carried out not only via the graphical user interface of the program but also via scripts or invoked from other programs.

The command line parameter for the comparisons is called "compare" and it is introduced together with numerous explanations and examples in the tutorial about the script control of the FileAnalyzer in the sections "Comparison of Chunks of multiple Files", "Comparison of Chunks within one File" as well as "Comparison of individual Properties of multiple Files".