|
|
|
|
#1
04-26-2004, 19:20
|
|||
|
|||
|
Write a program in Assembly, the ARTeam has there own private patcher written in ASM that compares files (smallest patcher compared to the publicly available ones). Unfortunately ARTeam member Enforcer cannot help you as Aaron is not planning to enable new registration this year (not having a 'dig', just stating the facts).
|
|
#2
04-26-2004, 22:18
|
|||
|
|||
|
hmmm compare two files on assembly level - sounds good
but i prefer the old way FC /B [file1] [file2] > [log_file] and then trace this log and in IDA see what's different  (maybe it's slow) and some good DIFF viewer on low assembly level would be great as some CVS version diff in ECLIPSE
|
|
#4
04-28-2004, 08:06
|
|||
|
|||
|
In the security world, there has been a bunch of discussion about this. The need is because alot of times MS releases patches to vulns without disclosing details.
There have been a few different approaches published. Some a simple hash values for functions, others use logical flow to check for differences. For looking at what a crack changes the simple hash functions should be fine because it is the same executable with changes. Security patches usually replace the binary and the compiler may have rearanged functions around making detecting the true changes difficult. Some info on this is available at: Comparing binaries with graph isomorphisms by Todd Sabin razor.bindview.com/publish/papers/comparing-binaries.html and Halvar's paper from cansecwest is included in the iso image www.cansecwest.com/resources.html
|
|
#5
04-30-2004, 18:38
|
|||
|
|||
|
Thnx for your replies.
it seems that the only way to do this is manuall with the steps some of you described earlier. But i dont know if it should be hard to write a plugin for it or a tool, since the procedure it does is pretty simple. ps. Nilrem you got pm
|
|
#6
05-02-2004, 12:03
|
|||
|
|||
Quote:
Cheers, neogen
|
 |
| Tags |
| exe compare |
| Thread Tools | |
| Display Modes | |
|
|
Hybrid Mode
