Structural Comparison of Executable Objects

Опубликовано 6 сентября 2016, 5:08

Comparing two executable objects has many different and interesting applications, ranging from offensive security (such as attacking systems) and defensive security (analyzing malware) to legal questions such as detecting code theft without access to source code of either party. The actual process of comparing executables is complicated by different optimization settings on different executables, or even different compilers. It is oftentimes beneficial to treat the executable not as computer code but as a directed graph, and to apply graph-theoretical algorithms on the graph without taking the actual instructions into account. The talk will explain the concepts behind SABRE BinDiff, a tool that uses a graph-theoretical approach to compare two executable objects. Different applications for such a comparison technique will be discussed, ranging from the analysis of security patches over the porting of debug information from one executable to the other to identifying highly similar code in two different executables.