From Collaborative RCE Tool Library

Jump to: navigation, search

Diff Tools


Tool name: All-Seeing Eye
Rating: 5.0 (1 vote)
Author: Fortego Security                        
Website: http://www.fortego.com/en/ase.html
Current version: 0.7.1
Last updated: 2007
Direct D/L link: http://www.fortego.com/resources/ase071.zip
License type: Free
Description: Tool for automated diff-style checking of many sensitive system areas that malware and other programs often try to modify silently. Like Tripwire on speed.
Also listed in: File System Diff Tools, Install Monitoring Tools, Registry Monitoring Tools, System Diff Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Buster Sandbox Analyzer
Rating: 5.0 (1 vote)
Author: Buster                        
Website: http://bsa.isoftware.nl/
Current version: 1.81
Last updated: August 22, 2012
Direct D/L link: http://bsa.isoftware.nl/bsa.rar
License type: Free
Description: Buster Sandbox Analyzer is a tool that has been designed to analyze the behaviour of sandboxed processes and the changes made to system and then evaluate if they are malware suspicious.

The changes made to system can be of several types: file system changes, registry changes and port changes.

A file system change happens when a file is created, deleted or modified. Depending of what type of file has been created (executable, library, javascript, batch, etc) and where was created (what folder) we will be able to get valuable information.

Registry changes are those changes made to Windows registry. In this case we will be able to get valuable information from the modified value keys and the new created or deleted registry keys.

Port changes are produced when a connection is done outside, to other computers, or a port is opened locally and this port starts listening for incoming connections.

From all these changes we will obtain necessary information to evaluate the "risk" of some of the actions taken by sandboxed applications.

Watching all these operations in an easy and safe manner is possible thanks to Sandboxie (http://sandboxie.com), an excellent tool created by Ronen Tzur.

Even if Buster Sandbox Analyzer´s main goal is to consider if sandboxed processes have a malware behaviour, the tool can be used also to simply obtain a list of changes made to system, so if you install a software you will know exactly what installs and where.

Additionally apart of system changes we can consider other actions as malware suspicious: keyboard logging, end the Windows session, load a driver, start a service, connect to Internet, etc.

All the above operations can be considered as not malicious but if they are performed when it´s not expected, that´s something we must take in consideration. Therefore it´s not only important to consider what actions are performed. It´s also important to consider if it´s reasonable certain actions are performed.



Program history : http://bsa.isoftware.nl/frame8.htm
Also listed in: File Monitoring Tools, File System Diff Tools, Network Monitoring Tools, Registry Diff Tools, Registry Monitoring Tools, X86 Sandboxes
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: radare
Rating: 5.0 (2 votes)
Author: pancake                        
Website: http://www.radare.org
Current version: 0.9.7
Last updated: March 3, 2014
Direct D/L link: http://www.radare.org/get/radare2-0.9.7.tar.xz
License type: LGPL
Description: The radare project aims to provide a complete unix-like toolchain for working with binary files. It currently provides a set of tools to work with 6502, 8051, arc, arm64, avr, brainfuck, whitespace, malbolge, cr16, dcpu16, ebc, gameboy, h8300, tms320, nios2, x86, x86_64, mips, arm, snes, sparc, csr, m68k, powerpc, dalvik and java.

The main program is 'r2' a commandline hexadecimal editor with support for debugging, disassembling, analyzing structures, searching data, analyzing code and support for scripting with bindings for Python, NodeJS, Perl, Ruby, Go, PHP, Vala, Java, Lua, OCaml.

Radare comes with the unix phylosophy in mind. Each module, plugin, tool performs a specific task and each command can be piped to another to extend its functionality. Also, it treats everything as a file: processes, sockets, files, debugger sessions, libraries, etc.. Everything is mapped on a virtual address space that can be configured to map multiple files on it and segment it.

If you are interested or feel attracted by the project join us in the #radare channel at irc.freenode.net.

See website for more details.
Also listed in: .NET Disassemblers, Assemblers, Binary Diff Tools, Code Injection Tools, Debuggers, Disassemblers, Hex Editors, Java Disassembler Libraries, Linux Debuggers, Linux Disassemblers, Linux Tools, Memory Dumpers, Memory Patchers, Process Dumpers, Reverse Engineering Frameworks, Ring 3 Debuggers, String Finders, Symbol Retrievers, SysCall Monitoring Tools, Tracers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: TurboDiff
Rating: 5.0 (1 vote)
Author: Nicolás Economou                        
Website: http://tinyurl.com/turbodiff
Current version: 1.01
Last updated: October 14, 2009
Direct D/L link: http://corelabs.coresecurity.com/index.php?module=Wiki&action=attachment&type=tool&page=turbodiff&file=turbodiff_v1.0.1.zip
License type: GPLv2
Description: Turbodiff is a binary diffing tool developed as an IDA plugin. It discovers and analyzes differences between the functions of two binaries.
Also listed in: Executable Diff Tools, IDA Extensions
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: patchdiff2
Rating: 4.5 (2 votes)
Author: Nicolas Pouvesle                        
Website: http://code.google.com/p/patchdiff2/
Current version: 2.0.8
Last updated: June 10, 2010
Direct D/L link: http://patchdiff2.googlecode.com/files/patchdiff2_0_8.zip
License type: GNU General Public License v2
Description: PatchDiff2 is a plugin for the Windows version of the IDA dissassembler that can analyze two IDB files and find the differences between both. PatchDiff2 is free and fully integrates with the latest version of IDA (5.6). The plugin can perform the following tasks:

- Display the list of identical functions
- Display the list of matched functions
- Display the list of unmatched functions (with the CRC)
- Display a flow graph for identical and matched functions

The main purpose of this plugin is to be fast and give accurate results when working on a security patch or a hotfix. Therefore this tool is not made to find similar functions between two different programs. Patchdiff2 supports all processors that IDA can handle and is available in two versions: 32 bit and a 64 bit.
Also listed in: Executable Diff Tools, IDA Extensions
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: WinHex
Rating: 4.5 (2 votes)
Author: Stefan Fleischmann                        
Website: http://www.x-ways.net/winhex
Current version: 15.6
Last updated: March 1, 2010
Direct D/L link: http://www.x-ways.net/winhex.zip
License type: Shareware
Description: WinHex is in its core a universal hexadecimal editor, particularly helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security. An advanced tool for everyday and emergency use: inspect and edit all kinds of files, recover deleted files or lost data from hard drives with corrupt file systems or from digital camera cards. Features include (depending on the license type):

* Disk editor for hard disks, floppy disks, CD-ROM & DVD, ZIP, Smart Media, Compact Flash, ...
* Native support for FAT, NTFS, Ext2/3, ReiserFS, Reiser4, UFS, CDFS, UDF
* Built-in interpretation of RAID systems and dynamic disks
* Various data recovery techniques
* RAM editor, providing access to physical RAM and other processes' virtual memory
* Data interpreter, knowing 20 data types
* Editing data structures using templates (e.g. to repair partition table/boot sector)
* Concatenating and splitting files, unifying and dividing odd and even bytes/words
* Analyzing and comparing files
* Particularly flexible search and replace functions
* Disk cloning (under DOS with X-Ways Replica)
* Drive images & backups (optionally compressed or split into 650 MB archives)
* Programming interface (API) and scripting
* 256-bit AES encryption, checksums, CRC32, hashes (MD5, SHA-1, ...)
* Erase (wipe) confidential files securely, hard drive cleansing to protect your privacy
* Import all clipboard formats, incl. ASCII hex values
* Convert between binary, hex ASCII, Intel Hex, and Motorola S
* Character sets: ANSI ASCII, IBM ASCII, EBCDIC, (Unicode)
* Instant window switching. Printing. Random-number generator.
* Supports files >4 GB. Very fast. Easy to use. Extensive online help.
Also listed in: Binary Diff Tools, Hex Editors, Memory Dumpers, Memory Patchers, Memory Search Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Beyond Compare
Rating: 4.0 (1 vote)
Author: Scooter Software                        
Website: http://www.scootersoftware.com
Current version: 2.5.1
Last updated: August 30, 2007
Direct D/L link: N/A
License type: Shareware
Description: A very good text/code diffing tool. Also a good binary diffing tool if using the plugin for this from the author's website.
Also listed in: Binary Diff Tools, File System Diff Tools, Image Diff Tools, Text Diff Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: BinDiff
Rating: 4.0 (1 vote)
Author: zynamics GmbH                        
Website: http://www.zynamics.com/bindiff.html
Current version: 2.1
Last updated: 2009
Direct D/L link: N/A
License type: Commercial (IDA Pro plugin)
Description: A very powerful executable file diffing tool, in the form of an IDA Pro plugin.
Also listed in: Executable Diff Tools, IDA Extensions
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: PatchDiff
Rating: 3.0 (1 vote)
Author: Nicolas Pouvesle                        
Website: http://cgi.tenablesecurity.com/tenable/patchdiff.php
Current version: 2.0.5
Last updated: August 19, 2008
Direct D/L link: Locally archived copy
License type: Free
Description: PatchDiff2 is a plugin for the Windows version of the IDA dissassembler that can analyze two IDB files and find the differences between both. PatchDiff2 is free and fully integrates with the latest version of IDA (5.2).
The plugin can perform the following tasks :

* Display the list of identical functions
* Display the list of matched functions
* Display the list of unmatched functions (with the CRC)
* Display a flow graph for identical and matched functions

The main purpose of this plugin is to be fast and give accurate results when working on a security patch or a hotfix. Therefore this tool is not made to find similar functions between two different programs.
Patchdiff2 supports all processors that IDA can handle and is available in two versions: 32 bit and a 64 bit.

Update:

08/19/2008: PatchDiff 2.0.5 released:

* Adds string references to the signature
* Fixes IPC close when option is disabled

07/22/2008:PatchDiff 2.0.4 released:

* Requires at least IDA 5.2
* Adds save backup results to IDB
* Adds Unmatch/Set match/Switch match submenus
* Adds "pipe" support to keep second IDA instance open
o menu Options/PatchDiff2 to disable/enable it per IDB
o registry HKLM\SOFTWARE\Tenable\PatchDiff2 IPC (DWORD) for the default setting
* Uses demangled function names
* Ignores duplicated names
Also listed in: Executable Diff Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: eEye Binary Diffing Suite (EBDS)
Rating: 2.0 (2 votes)
Author: eEye Digital Security                        
Website: http://research.eeye.com/html/tools/RT20060801-1.html
Current version: 1.0.5
Last updated: November 3, 2006
Direct D/L link: http://research.eeye.com/html/Tools/download/DiffingSuiteSetup.exe
License type: Free / Open Source
Description: The eEye Binary Diffing Suite (EBDS) is a free and open source set of utilities for performing automated binary differential analysis.
Also listed in: Executable Diff Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: IDACompare
Rating: 2.0 (1 vote)
Author: David Zimmer                        
Website: http://sandsprite.com/blogs/index.php?uid=7&pid=185
Current version: 5.4
Last updated: March 5, 2009
Direct D/L link: https://github.com/dzzie/IDACompare/raw/master/IDACompare.exe
License type: Free
Description: Update: This tool is no longer available for download through the iDefense website. An copy of the installer has been made available by the author.

IDACompare is a plugin designed to compare and match up equivalent functions across two IDA databases. IDACompare was primarily designed for analyzing changes across malcode variants, it should also find good use when conducting patch analysis.

Once function matches have been made, names can be ported across disassemblies, or sequentially renamed in both.

Project also implements a signature scanner, letting you build your own listing of known functions.
Also listed in: Executable Diff Tools, IDA Extensions
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: DarunGrim
Rating: 1.0 (1 vote)
Author: Matt Oh                        
Website: http://www.darungrim.org
Current version: 2.0
Last updated: February 7, 2009
Direct D/L link: N/A
License type: Free / Open Source
Description: DarunGrim is a binary diffing tool. DarunGrim is a free diffing tool which provides binary diffing functionality.


Binary diffing is a powerful technique to reverse-engineer patches released by software vendors like Microsoft. Especially by analyzing security patches you can dig into the details of the vulnerabilities it's fixing. You can use that information to learn what causes software break. Also that information can help you write some protection codes for those specific vulnerabilities. It's also used to write 1-day exploits by malware writers or security researchers.


This binary diffing technique is especially useful for Microsoft binaries. Not like other vendors they are releasing patch regularly and the patched vulnerabilities are relatively concentrated in small areas in the code. That makes the patched part more visible and apparent to the patch analyzers. There is a "eEye Binary Diffing Suites" released back in 2006 and it's widely used by security researchers to identify vulnerabilities. Even though it's free and opensource, it's powerful enough to be used for that vulnerabilities hunting purpose. Now I'm releasing DarunGrim2 which is a C++ port of original python codes. DarunGrim2 is way faster than original DarunGrim.
Also listed in: Executable Diff Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: pynary
Rating: 1.0 (1 vote)
Author: c1de0x                        
Website: http://code.google.com/p/openrce-snippets/wiki/pynary
Current version: 0.0.1
Last updated:
Direct D/L link: N/A
License type: Open Source
Description: pynary will become a powerful platform independent framework for binary code analysis.

The initial goal is to the implementation of function signature matching using graph isomorphism and an extensible 'write-your-own-heuristic' model to allow tweaks for particular targets. It will also identify standard library global constants and structure where possible.

Once the initial goal is achieved, a number of cool features are planned:

* stack frame analysis
* un-inliner
* exception handling parsing/analysis
* 'functionally equivalent' matching
* c++ template function matching
* meta-data transfer between IDBs
* c++ class reconstruction (with/without RTTI)
* ...

This project is still in its infancy, and looking for volunteers.
Also listed in: Deobfuscation Tools, Executable Diff Tools, Reverse Engineering Frameworks, Programming Libraries, Exe Analyzers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Androguard
Rating: 0.0 (0 votes)
Author: Anthony Desnos                        
Website: http://code.google.com/p/androguard/
Current version: 0.9
Last updated: September 25, 2011
Direct D/L link: http://androguard.googlecode.com/files/androguard-0.9.tar.gz
License type: LGPL
Description: Androguard (Android Guard) is primarily a tool written in full python to play with :
- .class (JavaVM)
- .dex (DalvikVM)
- APK
- JAR
- Android's binary xml

Androguard has the following features :
- Map and manipulate (read/write) DEX/CLASS/APK/JAR files into full Python objects,
- Native support of DEX code in a c++ library,
- Access to the static analysis of your code (basic blocks, instructions, permissions (with database from http://www.android-permissions.org/) ...) and create your own static analysis tool,
- Check if an android application is present in a database (malwares, goodwares ?),
- Open source database of android malwares,
- Diffing of android applications,
- Measure the efficiency of obfuscators (proguard, ...),
- Determine if your application has been pirated (rip-off indicator),
- Risk indicator of malicious application,
- Reverse engineering of applications (goodwares, malwares),
- Transform Android's binary xml (like AndroidManifest.xml) into classic xml,
- Visualize your application into cytoscape (by using xgmml format), or PNG/DOT output,
- Patch JVM classes, add native library dependencies,
- Dump the jvm process to find classes into memory,
- ...
Also listed in: Android Tools, Binary Diff Tools, Disassembler Libraries, Disassemblers, Entropy Analyzers, Java Disassembler Libraries, Malware Analysis Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Araxis Merge
Rating: 0.0 (0 votes)
Author: Araxis                        
Website: http://www.araxis.com/merge/
Current version:
Last updated: December 6, 2007
Direct D/L link: http://www.araxis.com/merge/Download.html
License type: Commercial, 30 day evaluation
Description: Merge is the visual file comparison (diff), merging and folder synchronization application from Araxis. Use it to compare and merge source code, web pages and other text files with native application performance. Compare images and binary files. Synchronize folders. Perform code reviews and audits. Work with source hierarchies containing thousands of files.

Features include:

- 3 way diff comparison (compare 3 files or data sets at the same time)
- ASCII, MBCS, UNICODE
- Binary and image (jpg, gif etc) comparison (very cool, can easily detect single changed pixels, e.g. in cases of steganography etc!)

Very powerful tool, useful for quickly diff'ing a directory structure of files to check for changes.
Also listed in: Text Diff Tools, Binary Diff Tools, Image Diff Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: asmDIFF
Rating: 0.0 (0 votes)
Author: Michael Willigens, Rene Laemmert                        
Website: http://duschkumpane.org/index.php/asmdiff
Current version: 1.1
Last updated: August 28, 2012
Direct D/L link: N/A
License type:
Description: asmDiff is an binary assembly search, diff and disassembly tool. It supports Windows PE (exe/dll) and Linux ELF binary format compiled for x86 and x68_64 architectures. It is particular useful when searching for asm functions, instructions or memory pointers in a patched, updated or otherwise modified binary.

Features:
- Single search mode, if one needs to test one or several addresses by hand.
- Supports batch mode updates. A header file (containing lots of hardcoded pointers) and two binary files (old, new) is given as input. asmDIFF can then output a "new" header file for the updated binary. Extremely helpful on reverse engineering projects that get updated.
- Can find similar functions in different programs. But this can behave very fuzzy. It was tested on related programs where it workes with moderate success.
- Full diff mode. It prints out the entry points of "new", "modified" and "removed" functions.

Currently a full featured WebBased version is available. asmDIFF is also included in mmBBQ (http://duschkumpane.org/index.php/mmbbq) version 3.X and upwards.
Also listed in: Disassemblers, Executable Diff Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Attack Surface Analyzer
Rating: 0.0 (0 votes)
Author: Microsoft Corporation                        
Website: http://go.microsoft.com/?linkid=9758398
Current version: Beta
Last updated: January 18, 2011
Direct D/L link: http://go.microsoft.com/?linkid=9758398
License type: Freeware
Description: Attack Surface Analyzer is the same tool used by Microsoft's internal product teams to catalogue changes made to the operating system by the installation of new software.

Attack Surface Analyzer takes a snapshot of your system state before and after the installation of product(s) and displays the changes to a number of key elements of the Windows attack surface.

This allows:
- Developers to view changes in the attack surface resulting from the introduction of their code on to the Windows platform
- IT Professionals to assess the aggregate Attack Surface change by the installation of an organization's line of business applications
- IT Security Auditors evaluate the risk of a particular piece of software installed on the Windows platform during threat risk reviews
- IT Security Incident Responders to gain a better understanding of the state of a systems security during investigations (if a baseline scan was taken of the system during the deployment phase)
Also listed in: File System Diff Tools, Install Monitoring Tools, Registry Diff Tools, System Diff Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Compare VMware Snapshots
Rating: 0.0 (0 votes)
Author: ZaiRoN                        
Website: http://zairon.wordpress.com/2007/08/31/find-out-hidden-files-comparing-vmwares-snapshots/
Current version: 1.0
Last updated: September 19, 2007
Direct D/L link: Locally archived copy
License type: Free
Description: Nowadays there’s a big use of virtualization; tools like VMware, VirtualPC and others are daily used. There are some differencies between the original and the virtualized environment, but to study a malware under a protected blackbox it’s very comfortable. You can study their behaviour without any problems.

Just today, while I was running a malware, I got this foolish idea: can I identify hidden files using VMware’s snapshots?

Under VMware you can save the current state of a virtual machine taking a snapshot of the running guest system. The snapshot is stored somewhere in the guest’s OS folder, it simply needs some files. I’m interestered in one file only, the one containing the guest’s memory. The memory is saved inside a file with .vmem extension.

The idea is to take two snapshots (a virgin and an infected system), and then compare the two files. The main problem is that a single snapshot needs a large amounts of bytes, around 260 Mb on my system. Comparing the snapshots using an hex editor is madness. I decided to write a simple application able to compare two files string to string. Why only strings?
Well, how can I identify an hidden file simply looking at a “memory dump”? The answer is simple: the only thing able to reveal a trace is a string containing the name of the hidden file, nothing more. So, I extract all the strings from the virgin snapshot and then I compare them with all the strings from the infected snapshot. Yes, it’s a foolish idea but it helps me to pass a boring afternoon.

The most important part of the program is the internal “search engine”. To speed up the program you have to search for specific strings. To view the results in a quick way I simply search for strings with extension “.sys”, “.dll” or just “.exe”. That’s because these are the file extensions of the files that are always hidden. You can improve the search engine adding some more rules (i.e. string must have “system32″ or “windows” inside) but the result won’t change: you can always see some interesting strings.

I tried the program running two malwares: Lager and Nailuj.
Lager malware hides a file named taskdir.exe and Nailuj hides videoati0.sys/dll/exe.
In both cases, I can see some strings referring to the hidden files.

The string is somewhere in the memory, I’m not interested in its position but in the string itself: it exists!

There are some good tools out there able to show hidden files but sometimes they fail. When they fail you can try with this approach.
Also listed in: File System Diff Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Diff Doc
Rating: 0.0 (0 votes)
Author: SoftInterface, Inc.                        
Website: http://www.softinterface.com/MD/Document-Comparison-Software.htm
Current version: 3.71
Last updated: January 23, 2008
Direct D/L link: N/A
License type: Commercial (with uncrippled trial)
Description: Regardless of the editor you are using (MS Word, Excel, Wordpad, Notepad, etc.), simply load the original and modified files, press the Refresh button Compare Files (or F5), and the document comparison will display promptly. Additionally, you can compare folders to see exactly what files have changed before doing a detailed file comparison.
See an on-line video.

'Diff Doc' can display the file differences in two possible views, 'All In One', or 'Side By Side'. Both views have their advantages, and switching between them is as easy as a mouse click (or F6). Lastly, many reports are available, including HTML, detailing the differences.

Diff Doc Features:

* Compare documents of MS Word, Excel, PDF, Rich Text (RTF), Text, HTML, XML, PowerPoint, or Wordperfect and retain formatting
* Choose any portion of any document (file) and compare it against any portion of the same or different document (file).
* Compare files of any type against any file type (i.e. An MS Word compared against a. Wordperfect document)
* Change the colors and formatting used to highlight the document changes
* Integrated into the Windows Explorer Shell (Windows Explorer, Desktop, Find in Files, etc.) for quick comparisons
* Navigate easily through the file differences with the Next (F7), Previous (Shift+F7) etc. navigation buttons. Or use the drop down list box to jump to a specific difference
* Paragraph differences are highly detailed
* Compares text from any application by cutting and pasting into 'Diff Doc'.
* Both 'Side By Side' and the red-lined 'All In One' difference views are supported
* Save any of the views as DOC, Text, RTF or HTML format
* Detailed HTML Reports now possible allowing of printing and e-mailing results quickly. Both Side By Side and All In One compare reports are supported
* Text and Comma Delimited reports also available
* Compare folders first, then quickly see what files are different and compare with a mouse click
* Can be adapted for all languages
* Compatible with WORLDOX, and any other document management software that supports 3rd party file comparison applications through the command line. Click here for details
* Run it from the Command Line or build your own solutions by using the ActiveX COM interface (available upon request)

See demonstration video here:
http://www.convert-files.com/SII/Diff-Doc/English/SWF/DiffDoc-Quick-Start-Comparing-Files.htm
Also listed in: Document Diff Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: DiffMerge
Rating: 4.0 (1 vote)
Author: SourceGear                        
Website: http://www.sourcegear.com/diffmerge
Current version: 3.1
Last updated: October 10, 2007
Direct D/L link: N/A
License type: Free
Description: DiffMerge is an application to visually compare and merge files for Windows, Mac OS X and Unix.

Product Features:

* Diff. Graphically shows the changes between two files. Includes intra-line highlighting and full support for editing.
* Merge. Graphically shows the changes between 3 files. Allows automatic merging (when safe to do so) and full control over editing the resulting file.
* Folder Diff. Performs a side-by-side comparison of 2 folders, showing which files are only present in one file or the other, as well as file pairs which are identical or different.
* Windows Explorer Integration. Right-click on any two files in Windows Explorer to diff them immediately.
* Configurable. Rulesets and options provide for customized appearance and behavior.
* International. Compatible with 42 different character encodings.
* Cross-platform. Identical feature set on Windows, Mac OS X, and Unix.
Also listed in: Text Diff Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: ExamDiff Pro
Rating: 0.0 (0 votes)
Author: prestoSoft                        
Website: http://www.prestosoft.com/edp_examdiffpro.asp
Current version: 3.5.1.5
Last updated: May 26, 2007
Direct D/L link: http://www.prestosoft.com/download/edpro35_with_plug-ins.exe
License type: Commercial
Description: From the product's website:


ExamDiff Pro is a powerful yet intuitive and easy to use visual file and directory comparison tool for Windows 98/Me/NT/2000/XP/2003/Vista. It features unique functionality that distinguishes ExamDiff Pro from other comparison programs. If you've been frustrated with other comparison utilities, you will find that ExamDiff Pro offers a much more efficient and user-friendly way to compare files and folders.

Also listed in: Binary Diff Tools, Text Diff Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: MALM: Malware Monitor
Rating: 0.0 (0 votes)
Author: Geoff McDonald                        
Website: http://www.split-code.com/
Current version: v1.2
Last updated: December 16, 2012
Direct D/L link: http://www.split-code.com/files/malm-v1_2.zip
License type: Freeware
Description: MALM is a 32 and 64bit Windows OS command-prompt tool for monitoring malware. It monitors:
- New processes
- New modules in existing processes
- New executable heaps in existing processes.

As it notices changes, MALM will output observations to the console. When MALM is terminated by CTRL-C, it will generate a final report of it's findings.

This tool is particularly useful for monitoring where the malware resides after execution, since malware often injects itself into other processes.
Also listed in: Malware Analysis Tools, Memory Data Tracing Tools, Monitoring Tools, Process Monitoring Tools, System Diff Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: RegShot
Rating: 0.0 (0 votes)
Author:                         
Website: http://regshot.sourceforge.net/
Current version: 1.82
Last updated: November 3, 2007
Direct D/L link: http://heanet.dl.sourceforge.net/sourceforge/regshot/regshot_1.8.2_src_bin.zip
License type: Free / Open Source
Description: Regshot is a small,free and open-source(GPL) registry compare utility that allows you to quickly take a snapshot of your registry and then compare it with a second one - done after doing system changes or installing a new software product. The changes report can be produced in text or HTML format and contains a list of all modifications that have taken place between snapshot1 and snapshot2. In addition, you can also specify folders (with sub filders) to be scanned for changes as well.
Also listed in: Registry Diff Tools, Registry Monitoring Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Regshot Unicode
Rating: 0.0 (0 votes)
Author: Handle                        
Website: http://regshot.ru/20/
Current version: 2.0.1.68 Unicode
Last updated: November 9, 2009
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Regshot is a small, free and open source (GPL) registry compare utility that allows you to quickly take a snapshot of your registry and then compare it with a second one - done after doing system changes or installing a new software product. The changes report can be produced in text or HTML format and contains a list of all modifications that have taken place between snapshot1 and snapshot2. In addition, you can also specify folders (with sub filders) to be scanned for changes as well.
Also listed in: Registry Diff Tools, Registry Monitoring Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Relyze
Rating: 0.0 (0 votes)
Author: Relyze Software Limited                        
Website: https://www.relyze.com
Current version: 1.1.0
Last updated: June 17, 2015
Direct D/L link: N/A
License type: Commercial
Description: Relyze is an interactive software analysis application that allows the disassembling and analysis of native x86 and x64 Windows software. It presents the results of the analysis using several different views.

* Overview - The overview presents general information about the file being analysed and includes such things as embedded file version metadata, file hash values as well as information about the analysis such as the duration and the amount of code and data analysed. An interactive entropy graph is displayed to visualize the files data.

* Structure view - The Structure view displays the parsed file format of the executable file being analysed. An interactive hex viewer displays the raw bytes that compose the file format.

* Code view - The Code view displays the disassembly of the executable's files code. The disassembly is viewed through interactive graphs which represent the control flow of the disassembled functions. The user can navigate the code and annotate the results of the analysis by adding comments or renaming variables. Interactive reference graphs can be generated to visualize what code or data references other code or data.

* Diff view - The Diff view displays the results of performing a differential analysis against a second executable file in order to visually observe the changes between the two executable's at a function level. A list of all equal, modified, removed and added functions will be displayed along with a split graph view, allowing the user to see a side by side comparison of two modified functions.

Relyze supports analyzing the Portable Executable (PE) file format for either the x86 or x64 architecture. It can load debug symbol information from PDB, embedded COFF and MAP files. Relyze offers plugin support through an embedded Ruby interpreter which exposes an API allowing a user to interact with the application and access the results of the analysis.
Also listed in: Binary Diff Tools, Disassemblers, Executable Diff Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: SandboxDiff
Rating: 0.0 (0 votes)
Author: majoMo (Rui Morais)                        
Website: N/A
Current version: 2.3
Last updated: January 10, 2011
Direct D/L link: Locally archived copy
License type: Freeware
Description: 'SandboxDiff' allows tracking changes in Registry and Files when using 'Sandboxie' (an amazing application created by Ronen Tzur).

All Registry entries and File system created/modified by a program sandboxed (or any action sandboxed) are monitored and listed with SandboxDiff.

Very useful when users want (before to install an application) to know all changes made by the installer in Registry and File system.
Also listed in: File Monitoring Tools, File System Diff Tools, Install Monitoring Tools, Monitoring Tools, Registry Diff Tools, Registry Monitoring Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Sandboxie
Rating: 0.0 (0 votes)
Author: Ronen Tzur                        
Website: http://www.sandboxie.com
Current version: 3.42
Last updated: December 1, 2009
Direct D/L link: N/A
License type: Shareware
Description: Sandboxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer.

You can also access all the changes that were made during the program execution.
Also listed in: File Monitoring Tools, File System Diff Tools, Network Monitoring Tools, Registry Diff Tools, Registry Monitoring Tools, X86 Sandboxes
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Total Uninstall
Rating: 0.0 (0 votes)
Author: Gavrila Martau                        
Website: http://www.martau.com
Current version: 5.4.2
Last updated: June 15, 2009
Direct D/L link: N/A
License type: Shareware
Description: Total Uninstall is a complete uninstaller which includes two working modes.

Installed Programs module analyze existing installations and create a log with installation changes. It can uninstall programs even without the help of the supplied Add Remove program.
Just select from the list the program that you want to uninstall and in a few seconds Total Uninstall will analyze it and will show in a tree view detected files, folders, registry keys and values of that program. You can review the details and remove some of the detected items. Total Uninstall is ready to uninstall the analyzed program. It will use first the supplied Add Remove program and will continue removing remaining items using the log.

Monitored Programs module helps to monitor any changes made to your system during the installation of a new program. It allows you to perform a complete uninstall without having to rely on the supplied Add Remove program, which can leave files or changes behind.
Total Uninstall creates a snapshot of your system prior to installing a new program. It then takes an additional snapshot after the installation has completed. It then compares the two snapshots and displays all changes in a graphical tree view, marking all registry values and/or files that have been added, changed or deleted. Total Uninstall saves these changes and, if you decide to uninstall the program, it will reverse the changes to the previous state.
Features

* Accurate analyze existing installations and create a log with installation changes.
* Monitor changes from registry and file system for new installations.
* Uninstall completely and thoroughly analyzed or monitored programs.
* List without delay installed or monitored programs and with appropriate icons.
* Organize in groups installed or monitored programs.
* Find the program to uninstall by keyword quickly and easily.
* Summary and detailed information for each installed or monitored program.
* User configurable views of the detected changes.
* It shows a detailed uninstall log.
* Powerful search in detected changes.
* Standalone and low resource usage agent for notification of running installation programs
* Export registry changes for install or uninstall
* Export installed or monitored programs list to file
* Export to file or print detected changes
* View and apply pending file rename operations without restart.
Also listed in: File System Diff Tools, Registry Diff Tools, System Diff Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: WinDiff
Rating: 0.0 (0 votes)
Author: Microsoft                        
Website: N/A
Current version:
Last updated:
Direct D/L link: N/A
License type:
Description: The good old classic source diff tool that comes with (at least earlier versions, including 6.0, of) Microsoft Visual Studio.
Also listed in: Text Diff Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: WinMerge
Rating: 0.0 (0 votes)
Author: Christian List & Dean Grimm                        
Website: http://winmerge.org
Current version: 2.14.0
Last updated: February 2, 2013
Direct D/L link: http://sourceforge.net/projects/winmerge/files/stable/2.14.0
License type: GPLv2 / Open Source (C++)
Description: From the source:

"WinMerge is a Win32 tool for visual difference display and merging, for both files and directories. Unicode support. Flexible syntax coloring editor. Windows Shell integration. Regexp filtering. Side-by-side line diff and highlights diffs inside lines."

Also, it supports plugin system that natively includes 7-Zip as prefilter, useful for huge chunks of junk.
Also listed in: Text Diff Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Winalysis
Rating: 0.0 (0 votes)
Author:                         
Website: http://www.winalysis.com
Current version: 3.1
Last updated: January 13, 2006
Direct D/L link: Locally archived copy
License type: Shareware
Description: Winalysis is a software application that can help you manage change on computers running Windows. The program can:

Make compressed Snapshots of local and remote computer configurations. Test for changes from snapshots at any time.

Monitor for changes to files, the registry, users, groups, security policies, services, shares, scheduled jobs, the system environment and more.

Monitor remote computers from a central location. There is no need to install Winalysis on the remote machines.

Restore files and/or the registry from compressed snapshots with the ability to undo a restore at any time.
Also listed in: Install Monitoring Tools, System Diff Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)


RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.


Subcategories

There are 8 subcategories to this category.





Views
Category Navigation Tree
   Needs New Category  (3)