Dailydave mailing list archives

Re: Problems to solve

From: Nicolas RUFF <nruff () security-labs org>
Date: Sat, 12 Aug 2006 22:59:31 +0200

Have any of you looked at the tools released from Eeye (eEye Binary Diffing
Suite (EBDS))
And if so what do you think about it ?


I did.

Cons (IMHO):
- It is a very huge package to install, not including dependencies (.NET
2.0, Graphviz, IDAPython and/or IDARub, ...).
- It is not *that* fast.
- The GUI is poor.
=> It is mainly a text tool. There is only one opportunity to display
graphs, and they are small and unreadable (e.g. assembly shown *outside*
the graph).
=> You cannot split "match with no difference" and "match with
differences" functions (or did I miss it ?).
=> The GUI is counter-intuitive (is there a need to split BinaryDiff and
DarunGrim software ???).

Pros:
- It is free.
- It works (but I did not check on a large corpus, I still have the
feeling that this tool relies heavily on function names/string refs).

At the end, a ~20MB package does not do better than a ~600KB plugin like
BinDiff (and I have seen smaller :).

Regards,
- Nicolas RUFF
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Problems to solve Dave Aitel (Aug 10)
- Re: Problems to solve Chris Eagle (Aug 10)
  - Re: Problems to solve CIRT.DK (Aug 10)
    - Re: Problems to solve Nicolas RUFF (Aug 14)
    - Re: Problems to solve Matt Oh (Aug 15)
    - Re: Problems to solve Matt Oh (Aug 15)
    - Re: Problems to solve Nicolas RUFF (Aug 15)
    - Re: Problems to solve Matt Oh (Aug 15)
    - Re: Problems to solve Matt Oh (Aug 15)
  - Re: Problems to solve Halvar Flake (Aug 11)
    - Re: Problems to solve Blue Boar (Aug 14)
- Re: Problems to solve Blue Boar (Aug 10)
- <Possible follow-ups>
- Re: Problems to solve Ferguson, Justin (IARC) (Aug 10)