Dailydave mailing list archives
Re: Problems to solve
From: Nicolas RUFF <nruff () security-labs org>
Date: Tue, 15 Aug 2006 18:46:22 +0200
You definitely need to read the DG tutorial or see the tutorial video first before you use it.
Look, I do not want to argue with you. It is a nice move to provide the community a free, open source binary diffing suite, and I thank you for this. My points were: - I find the GUI a bit messy (especially the output visualization module), - The toolset is big and could be optimized for speed. Let's consider the recent Centrino patch for instance. We are going to compare DarumGrim ("DG") with some IDA plugin called "PD" (no, it is not BinDiff but I think the results should be very close). Here are the figures on my computer. Input file is "w29n51.sys" (2,1 MB). DG PD ------------------------------- Tool directory size 16MB* 90KB (without source) Execution time 5'45" 3'05" ( 5" + 2x 1'30" for disassembly ) Output file size** 33 MB 0 (.DB) (no output file) Results --- same ---- Graphs (big format !) DG: http://nru.free.fr/images/dg.png PD: http://nru.free.fr/images/pd.png * QT-MT334.dll is over 4 MB, LIBMYSQL.dll is over 1 MB ** compressed IDB files are 2x 2,4 MB (not included) So, to answer CIRT.DK's question: now you have my (humble) opinion, with some figures. Feel free to use whatever tool fits your needs. Regards, - Nicolas RUFF Security Researcher @ EADS-CRC _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Problems to solve Dave Aitel (Aug 10)
- Re: Problems to solve Chris Eagle (Aug 10)
- Re: Problems to solve CIRT.DK (Aug 10)
- Re: Problems to solve Nicolas RUFF (Aug 14)
- Re: Problems to solve Matt Oh (Aug 15)
- Re: Problems to solve Matt Oh (Aug 15)
- Re: Problems to solve Nicolas RUFF (Aug 15)
- Re: Problems to solve Matt Oh (Aug 15)
- Re: Problems to solve Matt Oh (Aug 15)
- Re: Problems to solve CIRT.DK (Aug 10)
- Re: Problems to solve Chris Eagle (Aug 10)
- Re: Problems to solve Blue Boar (Aug 14)
- <Possible follow-ups>
- Re: Problems to solve Ferguson, Justin (IARC) (Aug 10)