Bugtraq mailing list archives
Paper: Comparing binaries with graph isomorphisms
From: Todd Sabin <tsabin () razor bindview com>
Date: Mon, 05 Apr 2004 20:38:14 -0400
I'm pleased to announce the availability of a new paper: Comparing binaries with graph isomorphisms. http://razor.bindview.com/publish/papers/comparing-binaries.html The paper presents a method and algorithms for finding differences between two versions of a binary executable file, based on graph isomorphisms. One possible application is to discover the differences in a security patch, and a couple examples in that vein are shown. A brief comparison is also made to Halvar Flake's function signatures approach (as I understand it). The tool implementing the technique is not being made available at this time, but will likely be released later this year. -- Todd Sabin <tsabin () optonline net> BindView RAZOR Team <tsabin () razor bindview com>
Current thread:
- Paper: Comparing binaries with graph isomorphisms Todd Sabin (Apr 06)