Summary

WinDiff is an open-source web-based tool designed for comparing symbol, type, and syscall information across different versions of Microsoft Windows binaries. It targets security researchers, engineers, and power users, offering an automated approach to track operating system evolution and identify critical changes through a user-friendly web interface and LLM integration.

How It Works

The project consists of two main components: a Rust-based Command-Line Interface (CLI) tool and a TypeScript/Next.js web frontend. The CLI tool leverages Winbindex to download necessary Portable Executables (PEs) and Program Database (PDB) files, reconstructs types using resym, and generates compressed JSON databases. These databases are then visualized and compared by the web frontend, which mirrors the functionality of ntdiff. A scheduled GitHub Action automatically updates the live version with new data from Winbindex daily, though it retains only recent updates due to resource constraints. Local builds can be performed without these limitations.

Quick Start & Requirements

• Prerequisites: Rust 1.85 or superior, Node.js 20.9 or superior.
• Build: The process involves generating databases using cargo run --release with a specified configuration file and then building the frontend via npm ci and npm run build within the windiff_frontend directory.
• Configuration: The ci/db_configuration.json file can be customized, and Pull Requests to add new binaries to track are welcomed.

Highlighted Details

• Automated Security Research: Features an agent skill for Claude Code that allows users to query changes between Windows versions using natural language. It drives the windiff_cli to generate diffs and produces detailed reports interpreting new syscalls, mitigations, telemetry, and components for security audiences.
• Standalone Diff Utility: Includes a dependency-free Python script (windiff_diff.py) that can be used independently to compare databases generated by windiff_cli, outputting both human-readable summaries and structured JSON data.

Maintenance & Community

Daily updates to the live version are managed via a scheduled GitHub Action. The project actively welcomes contributions, particularly Pull Requests aimed at adding new binaries to track. No specific community channels such as Discord or Slack are listed in the README.

Licensing & Compatibility

The license for this repository is not explicitly stated in the provided README. This omission is a significant factor for due diligence regarding adoption. Compatibility notes for commercial use or integration with closed-source projects are also absent.

Limitations & Caveats

The live WinDiff instance is limited to displaying Windows updates less than one year old due to free-tier storage and compute constraints. The availability of specific binary information is dependent on Winbindex's ability to provide download links; data may be missing if not indexed or available on VirusTotal. Local builds require managing Rust and Node.js toolchains.