Aureliax

Aureliax

Aureliax shows differences between decompiled functions. It displays their basic blocks using preattentive attributes to highlight differences in a single graph showing both the original and patched function. Removed things are shown in red, added ones in green and the ones that did not change in grey.

This tool will be presented in Hack.lu 2010.

Usage

This tool piggybacks on turbodiff to match functions and basic blocks. When running turbodiff, select the aureliax radio button. Aside from that, use turbodiff as usual.

When a function is selected to be compared, a browser window opens with the aureliax visualization.

Requirements

  • turbodiff (included in bundle)
  • IDA 4.9 or 5.X
  • SVG enabled browser (defaults to Google Chrome)
  • python 2.X where X >= 4
    • Must be in the PATH

Installation

  1. Download aureliax
  2. Unzip aureliax
  3. Run python install.py install
  4. Enjoy!

Known issues

  • IDA needs to be run as administrator in order to use aureliax with IDA Pro 5.X over Windows 7 because it writes on c:\Program Files\IDA.
  • Zooming out using the browser provided functionallity (ctrl -), instead of the aureliax zoom, sometimes causes the graphic to be truncated. It reappears when the zoom level is restored.

Licensing

This software is provided under the GPLv2 license.

Contact Us

Whether you want to report a bug or give some suggestions on this package, drop us a few lines at oss- at -coresecurity.com or contact Aureliano Calvo (aurelianocalvo@)

Description

Title
aureliax

Authors
Aureliano Calvo, Alberto Pose

Release date
2010-10-27

License type
GPL v2.

Related information

Publications
Showing differences between disassembled functions

Tools
turbodiff

Open Source Project
GPL v2