kbsec
June 18th, 2004, 04:48
Hello,
I think that it would be nice to have a feature to compare two executable files looking for changes in assembly instructions (for example in order to find if a program has been infected by a virus). I do not know if there already exists a dedicated software; personally I have to save the disassemblies of the executables to a text file and to compare them using "diff" or similar applications. I would like to find a command in Ollydbg that automates this task and that fills the patch window with the found differences (and let, for instance, to distinguish between changes in operands, in addresses, or both).
Alternatively could this feature be done using scripts or existing plugins?
Thanks.
I think that it would be nice to have a feature to compare two executable files looking for changes in assembly instructions (for example in order to find if a program has been infected by a virus). I do not know if there already exists a dedicated software; personally I have to save the disassemblies of the executables to a text file and to compare them using "diff" or similar applications. I would like to find a command in Ollydbg that automates this task and that fills the patch window with the found differences (and let, for instance, to distinguish between changes in operands, in addresses, or both).
Alternatively could this feature be done using scripts or existing plugins?
Thanks.