SABRE BinDiff v1.6 release

[<halvar.flake () sabre-security com>]

Hey all,

apologies if some of you consider this spam, and let me know if you'd like
me to refrain from posting stuff like this in the future.

Aside from that, SABRE Security announces the release of SABRE BinDiff v1.6,
which has many features that people which spend a lot of time disassembling
code will find useful. The majority of the relevant changes are based on the 
excellent
work that our valuable researcher Rolf Rolles did over the last few months.

> From the "whatsnew.txt":

 -     New initial fixedpoint methods:
       *       String matching.
       *       Recursive functions.
       *       Prime products (new technology).
 -     Initial fixedpoints by name now ignores "unknown_libnames" and
       similar categories of functions.
 -     Massive (O(Exp) -> O(N)) speedup in the fixedpoint propagation code.
 -     New isomorphism algorithm for function-level diffing.
 -     New visualization option for visual diff.
 -     New CPU-independent instruction-level isomorphism algorithm.

 -     New comment porting algorithm based on the above;  currently ports:
       *     Local labels.
       *     Anterior/posterior comments.
       *     Regular and repeatable comments.
       *     Regular and repeatable function comments.
       *     Operand -> standard enum member.
       planned for a later release:
       *      Stack variables.
       *      Global variable names/comments.
       *      Displacement -> standard structure member.
       *      Non-standard enums and structs
 -     Added processor:  SPARC
 -     New fully CPU-independent mode for not-explicitly-supported
       processors (used by default if the CPU is not supported).
       [Customers, please inform Sabre of any processors that you would
       like to have explicit support for, as explicit support produces
       higher-quality matches than CPU-independent mode does.]
 -     Added temp directory for sane storage of all temporary graphs.
 -     Option to color functions identified as changed within the database.
       Functions colored with this option will be colored in any graphs
       created by the user through IDA's graphing facilities.

We're especially proud of the comment porting engine, which has massive 
benefits
for the analysis of multiple strains of malware. For those of us that have 
to look at
a piece of software which we disassembled in an older version a few years 
ago, the
ability to port comments will be really helpful as well.

The highlighting of relevant changes between two functions has been 
massively improved
as well, due to the new isomorphism algorithms for function level diffing in 
combination
with our new "prime product" code comparison algorithms.

A demo of the new version will be made available sometime in January.

Cheers,
Halvar 

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave