Abstract: Comparison of executable objects is widely used for software copyright, malware family, updating pattern of abnormity detection and software patch analysis. The traditional comparison methods can not meet the requirements of these applications in terms of speed and accuracy. A function unary structural signature based on adjacency matrix of a CFG, and an unary instruction signature are designed to consider the instruction on a function; according to instruction code and operand, strong/medium/weak signatures about instruction sequences are designed to make instruction comparison easy, and weak signature can handle instruction reorder outweighing small primes product (SPP); three kinds of properties are appended to partition all objects into more groups. And then, comparison methods for functions and basic code blocks are presented using the above signatures and proproties, and the matching policies using both statistical weights and the largest-exclusive are exploited to decrease the false match. Furthermore，the Hash of signtures and properties is used to speed up the match. Finally, a protocol tool PEDiff is implemented using the above methods. Experimental results demonstrate that the method has better performance in terms of matching speed and rich analysis results.