Tenable Network Security has released PatchDiff2 for the IDA disassembler. PatchDiff2 can be used to compare the differences in patches provided by vendors in order to understand what has been modified and where previous security holes existed. In some cases, such as the recent MS08-030 release and re-release for Windows XP, a tool like PatchDiff2 can show that a patch update didn't actually modify anything.
PatchDiff2 is provided FREE to the community in the hope that it will help research engineers to better analyze patches.
Tasks performed by PatchDiff2 include:
- Display the list of identical functions
- Display the list of matched functions
- Display the list of unmatched functions (with the CRC)
- Display a flow graph for identical and matched functions
A demonstration video is also available: