A forum for reverse engineering, OS internals and malware analysis 

Discussion on reverse-engineering and debugging.
 #18270  by k0ng0
 Wed Feb 20, 2013 4:20 am
Hi all,

First post and hope to not piss off the g0ds ;)

So I was working on something. A couple of ELF binaries and one had a vuln the other didnt. I was able to located to affected code by using, objdump with a bit of linux-bash to remove the RVA's and then using linux's diff command. It wasn't pretty but I found it.

I then I had a friend let me borrow his IDA and bindiff and OMG!! it was so much easier and prettier. :P

Granted IDA is a great tool, I was wondering if you guys had any other techniques or tools for this. That works for ELF and PE files

thanks and great forum

k0ng0
 #19391  by Xylitol
 Thu May 23, 2013 1:40 pm
For compare files under windows i know Ultracompare http://www.ultraedit.com/products/ultracompare.html
WinHex have also a feature to compare if i remember and LordPE have a feature to compare the header of pe, that what i use to identify lamers who stole work by ripping ressource file.
Story related ~ http://rcecafe.net/?p=168
 #21478  by Cch123
 Fri Nov 29, 2013 1:35 am
Given that your purpose is vulnerability research, I can give you some recommendations. Normally for vulnerability researchers, we use TurboDiff (IDA plugin), DarunGrim or Bindiff. Turbodiff and Darun grim are free solutions, but Bindiff is utilized more widely.
 #30182  by ctrl^break
 Tue Mar 28, 2017 3:41 pm
One very powerful differ is Diaphora by Joxean Koret. Diaphora provides great speed and better results than the regular tools.

This tool relies on IDA Pro (it's an IDA Python script) so I'd say is 'with IDA'. You can download the tool from here: http://diaphora.re/

For the non-IDA options, you can use Hexinator (https://hexinator.com) or 010 Editor (https://www.sweetscape.com/010editor/) which also provides fileformat grammar/template-based support.

--
Salu-DoS!

-ctrl^break
http://cubilfelino.net