Log in

View Full Version : Eeye BinDiffing Trick


evilcry
February 17th, 2008, 07:21
Hi,

Around here exist truly intersting tools for Binary Diffing, useful for Vulnerability Research and or Malware Analysis.

The two most famous tools are:

Sabre Security BinDiffv2
Eeye Binary Diffing Suite (EBDS)

The eEye Binary Diffing Suite (EBDS) is a free and open source set of utilities for performing automated binary differential analysis, but has a little problem, seems to be explicitly developed for IDA 5.0, and no other IDA’s versions are supported.

But there is a trick to avoid that an make it working with all IDA’s Versions.

Open with Regedit the following RegKey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IDA Pro_is1

And change the Key Entry DisplayName with the string IDA Pro Standard v5.0 or IDA Pro Professional v5.0

and..

Happy Diffing

See you to the next post..

Shub-nigurrath
February 17th, 2008, 08:05
this fixes the problem with EBDS, but what other tools are using this same key? Do changing it create problems with other things?

evilcry
February 17th, 2008, 10:40
For what I've seen until this moment, everything works good

dELTA
February 17th, 2008, 17:59
Nice trick evilcry, thanks for sharing.

I've also added a comment containing this info to the CRCETL entry for this tool, to make sure that anyone who needs it will see it:

http://www.woodmann.com/collaborative/tools/EEye_Binary_Diffing_Suite_%28EBDS%29