About
Articles
Book Store
Distributed RCE
Downloads
Event Calendar
Forums
Live Discussion
Reference Library
RSS Feeds
Search
Store
Users
What's New
Customize Theme
bluegrey
blackgreen
metal
simple
Flag:
Tornado!
Hurricane!
Login:
Password:
Remember Me
Register
Blogs
>>
RolfRolles
's Blog
Created: Thursday, June 10 2010 15:17.00 CDT
Printer Friendly ...
PatchDiff2 Analysis and Decompilation
Author:
RolfRolles
# Views:
2436
Now that
PatchDiff2 is open-source
, I release my IDB and the initial decompilation that I did. You can find it
here
.
I met the author, Nicolas Pouvesle, at RECon 2008, who told me of his upcoming plans to release this plugin. He mentioned that the license would be friendly towards reverse engineering, so I asked him if I could decompile the plugin and release the source code. We must have miscommunicated, because I could have sworn he gave me the green light.
When it was released, I spent about three days reverse engineering and decompiling it, resulting in the workproduct linked above. I had intended to spend an extra couple of days on the decompilation to make sure it was functionally equivalent, if not byte-perfect (which is always the ultimate goal).
After I finished the initial phase of the decompilation, I sent it over to Nicolas to solicit his feedback. He informed me that releasing the source code would violate PatchDiff2's EULA. Therefore, I abandoned the project. As it stands, I never even tried to compile the source code, so I'm afraid it's not worth much beyond the mere curiosity. Still, I'm releasing this hoping that somebody might find it interesting. The IDB itself is very thorough, e.g. all structures are recovered.
Enjoy.
Blog Comments
lallous
Posted: Friday, June 11 2010 08:22.50 CDT
Impressive decompilation, thanks for sharing!
Add New Comment
Comment:
There are
22,007
total registered users.
Recently Created Topics
How to call C++ func...
Sep/09
Sep/09
Searching freelist[0...
Sep/05
How to fix this in o...
Sep/03
Trouble linking plug...
Sep/02
PyEmu error when cal...
Sep/02
Restore Themida/Winl...
Sep/02
Anti-olly technique
Aug/30
RAR Password
Aug/29
Heap protection on W...
Aug/23
Recent Forum Posts
Trouble linking plug...
timtoady
reverse engineering ...
Silkut
Trouble linking plug...
jduck
Trouble linking plug...
timtoady
Trouble linking plug...
jduck
Trouble linking plug...
timtoady
Trouble linking plug...
jduck
reverse engineering ...
raiden56
pydbg, memory breakp...
Researc...
RAR Password
Ineedhelp
Recent Blog Entries
waleedassar
Sep/08
svchost from A to zinc part5
waleedassar
Sep/06
svchost from A to zinc part4
waleedassar
Sep/04
svchost from A to Zinc part3
waleedassar
Sep/04
svchost from A to Zinc part2
Mcstyle
Sep/03
Cheap Pegeout Partner Tepee...
More ...
Recent Blog Comments
convik
on:
Sep/04
Is it legal??
djnemo
on:
Sep/04
Gunpack (God's Unpacker) - ...
frozenrain
on:
Sep/02
Restore Themida/Winlicense ...
tosanjay
on:
Sep/02
PyEmu 0.0.2
GynvaelColdwind
on:
Sep/01
Is it legal??
More ...
Imagery
SoySauce Blueprint
Jun 6, 2008
[+] expand
View Gallery
(11) /
Submit