About
Articles
Book Store
Distributed RCE
Downloads
Event Calendar
Forums
Live Discussion
Reference Library
RSS Feeds
Search
Users
What's New
Customize Theme
bluegrey
blackgreen
metal
simple
Flag:
Tornado!
Hurricane!
Login:
Password:
Remember Me
Register
Blogs
>>
RolfRolles
's Blog
Created: Thursday, June 10 2010 15:17.00 CDT
Printer Friendly ...
PatchDiff2 Analysis and Decompilation
Author:
RolfRolles
# Views:
9323
Now that
PatchDiff2 is open-source
, I release my IDB and the initial decompilation that I did. You can find it
here
.
I met the author, Nicolas Pouvesle, at RECon 2008, who told me of his upcoming plans to release this plugin. He mentioned that the license would be friendly towards reverse engineering, so I asked him if I could decompile the plugin and release the source code. We must have miscommunicated, because I could have sworn he gave me the green light.
When it was released, I spent about three days reverse engineering and decompiling it, resulting in the workproduct linked above. I had intended to spend an extra couple of days on the decompilation to make sure it was functionally equivalent, if not byte-perfect (which is always the ultimate goal).
After I finished the initial phase of the decompilation, I sent it over to Nicolas to solicit his feedback. He informed me that releasing the source code would violate PatchDiff2's EULA. Therefore, I abandoned the project. As it stands, I never even tried to compile the source code, so I'm afraid it's not worth much beyond the mere curiosity. Still, I'm releasing this hoping that somebody might find it interesting. The IDB itself is very thorough, e.g. all structures are recovered.
Enjoy.
Blog Comments
lallous
Posted: Friday, June 11 2010 08:22.50 CDT
Impressive decompilation, thanks for sharing!
Add New Comment
Comment:
There are
29,878
total registered users.
Recently Created Topics
PaiMei stalker modul...
May/19
Attach to program us...
May/13
IDA PRO how to make ...
May/12
FACT: OpenRCE is dead.
May/08
Int 3 anti debug?
May/05
help needed - Beginn...
May/03
Attaching IDA Pro to...
Apr/27
File type
Apr/21
Debugging iphone app...
Apr/15
Attaching
Apr/12
Recent Forum Posts
Ollydbg 2.0 - Plugin...
openrce...
IDA PRO how to make ...
codeinject
FACT: OpenRCE is dead.
codeinject
IDA Resource Viewer ...
r2x64
FACT: OpenRCE is dead.
djnemo
FACT: OpenRCE is dead.
codeinject
FACT: OpenRCE is dead.
pedram
help needed - Beginn...
araujo
Attaching IDA Pro to...
codeinject
Int 3 anti debug?
codeinject
Recent Blog Entries
sweetyss
May/18
Adam Wainwright continues t...
lowpriority
Apr/13
OllyMigrate Plugin for Olly...
everdox
Mar/08
2 anti-trace mechanisms spe...
everdox
Mar/07
Advanced debugging techniques
everdox
Mar/06
Branch tracing and LBR acce...
More ...
Recent Blog Comments
clarisonic
on:
Apr/03
New version of Ollydbg!
clarisonic
on:
Apr/03
New version of Ollydbg!
trackerx90
on:
Mar/04
SuppressDebugMsg As Anti-De...
coachfactory
on:
Feb/25
Portable Executable Format ...
coachfactory
on:
Feb/25
A new Anti-Olly trick.
More ...
Imagery
SoySauce Blueprint
Jun 6, 2008
[+] expand
View Gallery
(11) /
Submit
Printer Friendly ...
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}