Collaborative RCE Tool Library - Executable Diff Tools (including sub-categories)

Tool Added: Patchdiff2

Thu, 10 Jun 2010 15:58:02 GMT

Listed in categories: Diff Tools, Executable Diff Tools, IDA Extensions

Most recent version:
2.0.8

Most recent release date:
June 10, 2010

Tool Updated: TurboDiff

Thu, 15 Oct 2009 14:25:10 GMT

Listed in categories: Executable Diff Tools, IDA Extensions

Most recent version:
1.01

Most recent release date:
October 14, 2009

Description:
Turbodiff is a binary diffing tool developed as an IDA plugin. It discovers and analyzes differences between the functions of two binaries.

Tool Updated: BinDiff

Sat, 13 Jun 2009 10:14:36 GMT

Listed in categories: Executable Diff Tools, IDA Extensions

Most recent version:
2.1

Most recent release date:
2009

Description:
A very powerful executable file diffing tool, in the form of an IDA Pro plugin.

Tool Updated: IDACompare

Fri, 06 Mar 2009 09:20:11 GMT

Listed in categories: Executable Diff Tools, IDA Extensions

Most recent version:
5.4

Most recent release date:
March 5, 2009

Description:
IDACompare is a plugin designed to compare and match up equivalent functions across two IDA databases. IDACompare was primarily designed for analyzing changes across malcode variants, it should also find good use when conducting patch analysis.

Once function matches have been made, names can be ported across disassemblies, or sequentially renamed in both.

Project also implements a signature scanner, letting you build your own listing of known functions.

Tool Added: DarunGrim

Mon, 09 Feb 2009 12:36:06 GMT

Listed in categories: Executable Diff Tools

Most recent version:
2.0

Most recent release date:
February 7, 2009

Description:
DarunGrim is a binary diffing tool. DarunGrim is a free diffing tool which provides binary diffing functionality.

Binary diffing is a powerful technique to reverse-engineer patches released by software vendors like Microsoft. Especially by analyzing security patches you can dig into the details of the vulnerabilities it's fixing. You can use that information to learn what causes software break. Also that information can help you write some protection codes for those specific vulnerabilities. It's also used to write 1-day exploits by malware writers or security researchers.

This binary diffing technique is especially useful for Microsoft binaries. Not like other vendors they are releasing patch regularly and the patched vulnerabilities are relatively concentrated in small areas in the code. That makes the patched part more visible and apparent to the patch analyzers. There is a "eEye Binary Diffing Suites" released back in 2006 and it's widely used by security researchers to identify vulnerabilities. Even though it's free and opensource, it's powerful enough to be used for that vulnerabilities hunting purpose. Now I'm releasing DarunGrim2 which is a C++ port of original python codes. DarunGrim2 is way faster than original DarunGrim.

Tool Updated: PatchDiff

Mon, 26 Jan 2009 14:28:58 GMT

Listed in categories: Executable Diff Tools

Most recent version:
2.0.5

Most recent release date:
August 19, 2008

Description:
PatchDiff2 is a plugin for the Windows version of the IDA dissassembler that can analyze two IDB files and find the differences between both. PatchDiff2 is free and fully integrates with the latest version of IDA (5.2).
The plugin can perform the following tasks :

* Display the list of identical functions
* Display the list of matched functions
* Display the list of unmatched functions (with the CRC)
* Display a flow graph for identical and matched functions

The main purpose of this plugin is to be fast and give accurate results when working on a security patch or a hotfix. Therefore this tool is not made to find similar functions between two different programs.
Patchdiff2 supports all processors that IDA can handle and is available in two versions: 32 bit and a 64 bit.

Update:

08/19/2008: PatchDiff 2.0.5 released:

* Adds string references to the signature
* Fixes IPC close when option is disabled

07/22/2008:PatchDiff 2.0.4 released:

* Requires at least IDA 5.2
* Adds save backup results to IDB
* Adds Unmatch/Set match/Switch match submenus
* Adds "pipe" support to keep second IDA instance open
o menu Options/PatchDiff2 to disable/enable it per IDB
o registry HKLM\SOFTWARE\Tenable\PatchDiff2 IPC (DWORD) for the default setting
* Uses demangled function names
* Ignores duplicated names

Tool Updated: Pynary

Tue, 15 Jan 2008 07:13:58 GMT

Listed in categories: Deobfuscation Tools, Diff Tools, Exe Analyzers, Executable Diff Tools, Programming Libraries, Reverse Engineering Frameworks

Most recent version:
0.0.1

Most recent release date:

Description:
pynary will become a powerful platform independent framework for binary code analysis.

The initial goal is to the implementation of function signature matching using graph isomorphism and an extensible 'write-your-own-heuristic' model to allow tweaks for particular targets. It will also identify standard library global constants and structure where possible.

Once the initial goal is achieved, a number of cool features are planned:

* stack frame analysis
* un-inliner
* exception handling parsing/analysis
* 'functionally equivalent' matching
* c++ template function matching
* meta-data transfer between IDBs
* c++ class reconstruction (with/without RTTI)
* ...

This project is still in its infancy, and looking for volunteers.

Tool Added: EEye Binary Diffing Suite (EBDS)

Thu, 18 Oct 2007 19:31:33 GMT

Listed in categories: Executable Diff Tools

Most recent version:
1.0.5

Most recent release date:
November 3, 2006

Description:
The eEye Binary Diffing Suite (EBDS) is a free and open source set of utilities for performing automated binary differential analysis.