Re: Problems to solve

["Matt Oh" <oh.jeongwook () gmail com>]

1. It contains whole source code, that's why it's huge.
2. And it basically installs almost every needed files except .NET framework.
3. And It doesn't rely too much on string/name matching.
4. It has fingerprinting matching and call/jump tree based matching inside it.
5. The graphs can be zoomed in/out and you can read it.


On 8/12/06, Nicolas RUFF <nruff () security-labs org> wrote:
> > Have any of you looked at the tools released from Eeye (eEye Binary Diffing
> > Suite (EBDS))
> > And if so what do you think about it ?
>
> I did.
>
> Cons (IMHO):
> - It is a very huge package to install, not including dependencies (.NET
> 2.0, Graphviz, IDAPython and/or IDARub, ...).
> - It is not *that* fast.
> - The GUI is poor.
> => It is mainly a text tool. There is only one opportunity to display
> graphs, and they are small and unreadable (e.g. assembly shown *outside*
> the graph).
> => You cannot split "match with no difference" and "match with
> differences" functions (or did I miss it ?).
> => The GUI is counter-intuitive (is there a need to split BinaryDiff and
> DarunGrim software ???).
>
> Pros:
> - It is free.
> - It works (but I did not check on a large corpus, I still have the
> feeling that this tool relies heavily on function names/string refs).
>
> At the end, a ~20MB package does not do better than a ~600KB plugin like
> BinDiff (and I have seen smaller :).
>
> Regards,
> - Nicolas RUFF
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunitysec com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave