From Collaborative RCE Tool Library
Executable Diff Tools
| Tool name: | TurboDiff |
| ||
|---|---|---|---|---|
| Author: | Nicolás Economou | |||
| Website: | http://tinyurl.com/turbodiff | |||
| Current version: | 1.01 | |||
| Last updated: | October 14, 2009 | |||
| Direct D/L link: | http://corelabs.coresecurity.com/index.php?module=Wiki&action=attachment&type=tool&page=turbodiff&file=turbodiff_v1.0.1.zip | |||
| License type: | GPLv2 | |||
| Description: | Turbodiff is a binary diffing tool developed as an IDA plugin. It discovers and analyzes differences between the functions of two binaries. | |||
| Also listed in: | IDA Extensions | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | BinDiff |
| ||
|---|---|---|---|---|
| Author: | zynamics GmbH | |||
| Website: | http://www.zynamics.com/bindiff.html | |||
| Current version: | 2.1 | |||
| Last updated: | 2009 | |||
| Direct D/L link: | N/A | |||
| License type: | Commercial (IDA Pro plugin) | |||
| Description: | A very powerful executable file diffing tool, in the form of an IDA Pro plugin. | |||
| Also listed in: | IDA Extensions | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | IDACompare |
| ||
|---|---|---|---|---|
| Author: | David Zimmer | |||
| Website: | http://labs.idefense.com/software/static.php#more_idacompare | |||
| Current version: | 5.4 | |||
| Last updated: | March 5, 2009 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | Free | |||
| Description: | IDACompare is a plugin designed to compare and match up equivalent functions across two IDA databases. IDACompare was primarily designed for analyzing changes across malcode variants, it should also find good use when conducting patch analysis. Once function matches have been made, names can be ported across disassemblies, or sequentially renamed in both. Project also implements a signature scanner, letting you build your own listing of known functions. | |||
| Also listed in: | IDA Extensions | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | DarunGrim |
| ||
|---|---|---|---|---|
| Author: | Matt Oh | |||
| Website: | http://www.darungrim.org | |||
| Current version: | 2.0 | |||
| Last updated: | February 7, 2009 | |||
| Direct D/L link: | N/A | |||
| License type: | Free / Open Source | |||
| Description: | DarunGrim is a binary diffing tool. DarunGrim is a free diffing tool which provides binary diffing functionality. Binary diffing is a powerful technique to reverse-engineer patches released by software vendors like Microsoft. Especially by analyzing security patches you can dig into the details of the vulnerabilities it's fixing. You can use that information to learn what causes software break. Also that information can help you write some protection codes for those specific vulnerabilities. It's also used to write 1-day exploits by malware writers or security researchers. This binary diffing technique is especially useful for Microsoft binaries. Not like other vendors they are releasing patch regularly and the patched vulnerabilities are relatively concentrated in small areas in the code. That makes the patched part more visible and apparent to the patch analyzers. There is a "eEye Binary Diffing Suites" released back in 2006 and it's widely used by security researchers to identify vulnerabilities. Even though it's free and opensource, it's powerful enough to be used for that vulnerabilities hunting purpose. Now I'm releasing DarunGrim2 which is a C++ port of original python codes. DarunGrim2 is way faster than original DarunGrim. | |||
| Also listed in: | (Not listed in any other category) | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | eEye Binary Diffing Suite (EBDS) |
| ||
|---|---|---|---|---|
| Author: | eEye Digital Security | |||
| Website: | http://research.eeye.com/html/tools/RT20060801-1.html | |||
| Current version: | 1.0.5 | |||
| Last updated: | November 3, 2006 | |||
| Direct D/L link: | http://research.eeye.com/html/Tools/download/DiffingSuiteSetup.exe | |||
| License type: | Free / Open Source | |||
| Description: | The eEye Binary Diffing Suite (EBDS) is a free and open source set of utilities for performing automated binary differential analysis. | |||
| Also listed in: | (Not listed in any other category) | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | PatchDiff |
| ||
|---|---|---|---|---|
| Author: | Nicolas Pouvesle | |||
| Website: | http://cgi.tenablesecurity.com/tenable/patchdiff.php | |||
| Current version: | 2.0.5 | |||
| Last updated: | August 19, 2008 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | Free | |||
| Description: | PatchDiff2 is a plugin for the Windows version of the IDA dissassembler that can analyze two IDB files and find the differences between both. PatchDiff2 is free and fully integrates with the latest version of IDA (5.2). The plugin can perform the following tasks : * Display the list of identical functions * Display the list of matched functions * Display the list of unmatched functions (with the CRC) * Display a flow graph for identical and matched functions The main purpose of this plugin is to be fast and give accurate results when working on a security patch or a hotfix. Therefore this tool is not made to find similar functions between two different programs. Patchdiff2 supports all processors that IDA can handle and is available in two versions: 32 bit and a 64 bit. Update: 08/19/2008: PatchDiff 2.0.5 released: * Adds string references to the signature * Fixes IPC close when option is disabled 07/22/2008:PatchDiff 2.0.4 released: * Requires at least IDA 5.2 * Adds save backup results to IDB * Adds Unmatch/Set match/Switch match submenus * Adds "pipe" support to keep second IDA instance open o menu Options/PatchDiff2 to disable/enable it per IDB o registry HKLM\SOFTWARE\Tenable\PatchDiff2 IPC (DWORD) for the default setting * Uses demangled function names * Ignores duplicated names | |||
| Also listed in: | (Not listed in any other category) | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | patchdiff2 |
| ||
|---|---|---|---|---|
| Author: | Nicolas Pouvesle | |||
| Website: | http://code.google.com/p/patchdiff2/ | |||
| Current version: | 2.0.8 | |||
| Last updated: | June 10, 2010 | |||
| Direct D/L link: | http://patchdiff2.googlecode.com/files/patchdiff2_0_8.zip | |||
| License type: | GNU General Public License v2 | |||
| Description: | PatchDiff2 is a plugin for the Windows version of the IDA dissassembler that can analyze two IDB files and find the differences between both. PatchDiff2 is free and fully integrates with the latest version of IDA (5.6). The plugin can perform the following tasks: - Display the list of identical functions - Display the list of matched functions - Display the list of unmatched functions (with the CRC) - Display a flow graph for identical and matched functions The main purpose of this plugin is to be fast and give accurate results when working on a security patch or a hotfix. Therefore this tool is not made to find similar functions between two different programs. Patchdiff2 supports all processors that IDA can handle and is available in two versions: 32 bit and a 64 bit. | |||
| Also listed in: | Diff Tools, IDA Extensions | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | pynary |
| ||
|---|---|---|---|---|
| Author: | c1de0x | |||
| Website: | http://code.google.com/p/openrce-snippets/wiki/pynary | |||
| Current version: | 0.0.1 | |||
| Last updated: | ||||
| Direct D/L link: | N/A | |||
| License type: | Open Source | |||
| Description: | pynary will become a powerful platform independent framework for binary code analysis. The initial goal is to the implementation of function signature matching using graph isomorphism and an extensible 'write-your-own-heuristic' model to allow tweaks for particular targets. It will also identify standard library global constants and structure where possible. Once the initial goal is achieved, a number of cool features are planned: * stack frame analysis * un-inliner * exception handling parsing/analysis * 'functionally equivalent' matching * c++ template function matching * meta-data transfer between IDBs * c++ class reconstruction (with/without RTTI) * ... This project is still in its infancy, and looking for volunteers. | |||
| Also listed in: | Deobfuscation Tools, Reverse Engineering Frameworks, Programming Libraries, Exe Analyzers, Diff Tools | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
Feed containing all updates and additions for this category.
Feed containing all updates and additions for this category, including sub-categories.
