The second reason is to discover use patterns in vulnerable software
in order to locate identical patterns that a vendor may have forgotten to patch. In this
second case, you are leveraging the fact that the vendor has pointed out what they were
doing wrong, and all that is left is for you to determine is whether they have found and
fixed all instances of their wrongful behavior.
BinDiff from SABRE Security is a tool that aims to speed up the process of locating
and understanding changes introduced in patched binary files. Rather than scanning
individual binaries for potential vulnerabilities, BinDiff, as its name implies, displays
the differences between two versions of the same binary. You may think to yourself, ???so
what???? Simple tools such as diff or cmp can display the differences between two files as
well. What makes those tools less than useful for comparing two compiled binaries is
that diff is primarily useful for comparing text files, and cmp can provide no contextual
information surrounding any differences. BinDiff, on the other hand, focuses less on
individual byte changes and more on structural or behavioral changes between successive
versions of the same program. BinDiff combines disassembly with graph comparison
algorithms to compare the control flow graphs of successive versions of functions
and highlights the newly introduced code in a display format similar to that of BinNavi.
Pages:
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554