DarunGrim

Introduction

DarunGrim is a binary diffing tool. DarunGrim is a free diffing tool which provides binary diffing functionality.
Binary diffing is a powerful technique to reverse-engineer patches released by software vendors like Microsoft. Especially by analyzing security patches you can dig into the details of the vulnerabilities it's fixing. You can use that information to learn what causes software break. Also that information can help you write some protection codes for those specific vulnerabilities. It's also used to write 1-day exploits by malware writers or security researchers.

This binary diffing technique is especially useful for Microsoft binaries. Not like other vendors they are releasing patch regularly and the patched vulnerabilities are relatively concentrated in small areas in the code. That makes the patched part more visible and apparent to the patch analyzers. 

* DarunGrim 3:

DarunGrim3 is an advanced version of DarunGrim2 which provides nice file management UI.

Binaries:  http://github.com/ohjeongwook/DarunGrim/downloads

Source: http://github.com/ohjeongwook/DarunGrim

License: New BSD License

Documentation: DarunGrim 3 Installation & Usage Guide


* DarunGrim 2:

DarunGrim2 is a C++ port of original python codes. DarunGrim2 is way faster than DarunGrim 1. 

Source: http://code.google.com/p/darungrim/

License: MIT License

No updates since 2010, DarunGrim3 deprecates DarunGrim2.

 
* DarunGrim 1:
 EBDS(eEye Binary Diffing Suites) was released back in 2006, DarunGrim 1 is a component of EBDS.  

eEye Binary Diffing Suite (EBDS): You can download original EBDS including DarunGrim

http://code.google.com/p/binarydiffer/ is C version of DarunGrim engine(using IDA GUI facility)



* About the author - Jeong Wook Oh (Matt Oh):

 
Other Researches:
 
AVM Inception (Video): This talk is about bytecode instrumentation for vulnerability and malware analysis. This talk was presented at BayThreat 2011 and Shmoocon 2012.
AMF Parser for Fiddler2: This is a visualization module that can parse and show tree view of AMF data structure
AMF Test Plugin for Fiddler2: This is a plugin for blackbox testing AMF2 protocol
Vulnerability analysis, practical data flow analysis and visualization: At CanSecWest 2012, I talked about method of using dynamic binary instrumentation for vulnerability research. (Full PPT)

Comments