Hi Folks,
today (jetlagged and sick to travel 🙂 I want to share the AutoDiff online service available here.
AutoDiff is a project which performs automated binary differential analysis between two executable files. This is especially useful for reverse engineering vulnerability patches and spotting other additional code updates. AutoDiff allows to find executable code similarities and differences among two executable files. Additionally it also includes some heuristics methods for matching variables (objects) between two executable files. AutoDiff is ultra fast, standalone tool. It was especially designed to diff Portable Executable files released by Microsoft every time in the security bulletin.
Lets focalize the output page:
From AutoDiff webpage you may see what files has been modified (in the above picture: Windows 7 dxgkrnl.sys, in date 6 January 2011), what blocks has been updated and the whole detailed page regarding every changed function (see image below).
This post was about remembering the existence of this tool for every time I need to find out the “modified function” during any patch-to-exploit procedure.
Great job. thanks.
Thanks so much for the article, pretty useful data.