It’s easy enough to see the differences in two similar code files using diff, but when security researchers want to compare malware samples, they need binary comparison tools such as BinDiff. Google’s latest move making BinDiff available free of charge puts a valuable reverse engineering tool in the hands of more security researchers and engineers.
BinDiff disassembles binaries to identify similarities and differences in the resulting code, much in the same way that diff compares text files. It makes it possible for engineers to see at a glance which code sections have been modified or whether the files share code. Security researchers and engineers typically use BinDiff to analyze malware variants to identify families based on common code.
To read this article in full or to leave a comment, please click here