SABRE BinDiff is a cool little tool made by
Sabre Security. It works as a plugin for the popular disassembler
IDA Pro and compares two versions of a binary file. After the comparison ended it can show which functions changed between the two versions of the file and which didn't. That alone wouldn't make it noteworthy but thanks to some cool graph-based algorithms BinDiff can even create successful matches when the order of the functions or the code inside the functions changed.
In
this small paper I wrote about my experiences while using BinDiff to compare four different versions of the widespread Trojan horse SDBot.