About
Articles
Book Store
Distributed RCE
Downloads
Event Calendar
Forums
Live Discussion
Reference Library
RSS Feeds
Search
Users
What's New
Customize Theme
bluegrey
blackgreen
metal
simple
Flag:
Tornado!
Hurricane!
Login:
Password:
Remember Me
Register
Blogs
>>
RolfRolles
's Blog
Created: Thursday, June 10 2010 15:17.00 CDT
Printer Friendly ...
PatchDiff2 Analysis and Decompilation
Author:
RolfRolles
# Views:
6966
Now that
PatchDiff2 is open-source
, I release my IDB and the initial decompilation that I did. You can find it
here
.
I met the author, Nicolas Pouvesle, at RECon 2008, who told me of his upcoming plans to release this plugin. He mentioned that the license would be friendly towards reverse engineering, so I asked him if I could decompile the plugin and release the source code. We must have miscommunicated, because I could have sworn he gave me the green light.
When it was released, I spent about three days reverse engineering and decompiling it, resulting in the workproduct linked above. I had intended to spend an extra couple of days on the decompilation to make sure it was functionally equivalent, if not byte-perfect (which is always the ultimate goal).
After I finished the initial phase of the decompilation, I sent it over to Nicolas to solicit his feedback. He informed me that releasing the source code would violate PatchDiff2's EULA. Therefore, I abandoned the project. As it stands, I never even tried to compile the source code, so I'm afraid it's not worth much beyond the mere curiosity. Still, I'm releasing this hoping that somebody might find it interesting. The IDB itself is very thorough, e.g. all structures are recovered.
Enjoy.
Blog Comments
lallous
Posted: Friday, June 11 2010 08:22.50 CDT
Impressive decompilation, thanks for sharing!
Add New Comment
Comment:
There are
28,220
total registered users.
Recently Created Topics
Reverse Engineering ...
Jan/23
Career: DoD Agency I...
Jan/22
"Disappearing&q...
Jan/17
Career: Software Sec...
Jan/11
Where is the call st...
Jan/07
IDA Pro 6.1 Breakpoi...
Jan/01
How to create data s...
Dec/30
can i search all mod...
Dec/23
IDA symbol table exp...
Dec/20
An anti-attach trick
Dec/17
Recent Forum Posts
Reverse Engineering ...
NirIzr
"Disappearing&q...
NirIzr
Reverse Engineering ...
charlie
"Disappearing&q...
charlie
An anti-attach trick
Bass
An anti-attach trick
waleeda...
An anti-attach trick
Bass
An anti-attach trick
waleeda...
An anti-attach trick
Bass
Looking for value in...
NirIzr
Recent Blog Entries
waleedassar
Feb/06
OllyDbg v1.10 And Hardware ...
waleedassar
Jan/31
Yet Another Anti-Debug Trick
RolfRolles
Jan/22
Finding Bugs in VMs with a ...
waleedassar
Jan/13
An OllyDbg Bug Disables Sof...
waleedassar
Jan/01
Another OllyDbg Anti-Debug ...
More ...
Recent Blog Comments
NirIzr
on:
Feb/05
Yet Another Anti-Debug Trick
trolotou
on:
Feb/05
Doudoune Moncler -Pennies F...
waleedassar
on:
Feb/01
Yet Another Anti-Debug Trick
NirIzr
on:
Jan/31
Yet Another Anti-Debug Trick
jackchen
on:
Jan/10
nike mercurial vapor iii
More ...
Imagery
SoySauce Blueprint
Jun 6, 2008
[+] expand
View Gallery
(11) /
Submit
Printer Friendly ...
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}