Re: Looking for smarter tools to compare the similarity between software

On 2006-03-12, gpsabove@xxxxxxxxx <gpsabove@xxxxxxxxx> wrote:
I know those kind of software that compare the software based on "codes
similarity", such as Windiff or comp. It is pretty easy to fool these
kind of tools, since if we change the variable names, or repelace while
with do, if with switch, or similar tricks to an existing software, the
tools will tell us the existing software is different from its
variants, since it compare the software based on characters and
strings.

I am looking for a smarter tools, which can do the job in a better
ways. For example, compare the memory usage and allocation of two piece
of software. So if you only do some superficial changes or facelift
works to an existing software, the tools will report the new software
is very similar to its precedent, and better to give a number to
represent the similarity. Anybody heard of this kind of tools?

Creative use of binutils? In particular GNU objdump can tell you all
manner of things. Another way to compare what's really going on might be
to compare traces of the programs using gprof, or to get more detailed
information, check out valgrind.

For example, if you suspected the source code had only undergone
whitespace and variable name changes, you could try disassembling and
then using windiff on the disassemblies instead of on the sources. If
they'd changed a bit more than that, you could use nm, or objdump to
compare the numbers and sizes of each symbol in the two programs.
Plotting this kind of information on scatter graphs and comparing those
visually might work well. You could use this data for a kind of
"frequency analysis" to decode any obfuscation of symbol names.
.

Relevant Pages