Abstract: Patches are always used to improve the security of software system or to add functions. Reverse engineering of binary code patches could disclose the programmatic changes between two executable versions, which is very useful in virus analyzing and vulnerability studying. This article gives an effective method using structural function signature to locate the difference between patched version and unpatched version of the same software. The framework to implementing the described methods is also presented. Compiler optimizing sometimes affectes patches comparing greatly, so in this article, some discussion on how to deal with this problem is made.

Key words: Patches analysis, Reverse engineering, Security vulnerability, Compiler optimizing, IDA

摘要： 软件系统通常通过打补丁的方式来完善安全性或者补充功能。如何通过对补丁二进制代码进行逆向分析，揭示补丁前后应用程序间的差异信息，是信息安全领域的一个研究热点，在病毒变种分析、漏洞利用方面有重要意义。该文给出了一种利用结构化函数签名进行二进制补丁分析的方法，描述了其实现框架，并讨论了编译器优化策略对二进制补丁分析的影响及消除的方法。

关键词: 补丁分析, 逆向工程, 安全漏洞, 编译优化, IDA

CLC Number: 

• TP309