[34409] in bugtraq
Paper: Comparing binaries with graph isomorphisms
daemon@ATHENA.MIT.EDU (Todd Sabin)
Tue Apr 6 12:37:23 2004
To: bugtraq@securityfocus.com
From: Todd Sabin <tsabin@razor.bindview.com>
Date: Mon, 05 Apr 2004 20:38:14 -0400
Message-ID: <m3hdvylz49.fsf@jetcar.qnz.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
I'm pleased to announce the availability of a new paper:
Comparing binaries with graph isomorphisms.
http://razor.bindview.com/publish/papers/comparing-binaries.html
The paper presents a method and algorithms for finding differences
between two versions of a binary executable file, based on graph
isomorphisms. One possible application is to discover the differences
in a security patch, and a couple examples in that vein are shown. A
brief comparison is also made to Halvar Flake's function signatures
approach (as I understand it).
The tool implementing the technique is not being made available at
this time, but will likely be released later this year.
--
Todd Sabin <tsabin@optonline.net>
BindView RAZOR Team <tsabin@razor.bindview.com>
