Aureliax shows differences between decompiled functions. It displays their basic blocks using preattentive attributes to highlight differences in a single graph showing both the original and patched function. Removed things are shown in red, added ones in green and the ones that did not change in grey.
This tool will be presented in Hack.lu 2010.
This tool piggybacks on turbodiff to match functions and basic blocks. When running turbodiff, select the aureliax radio button. Aside from that, use turbodiff as usual.
When a function is selected to be compared, a browser window opens with the aureliax visualization.
- turbodiff (included in bundle)
- IDA 4.9 or 5.X
- SVG enabled browser (defaults to Google Chrome)
- python 2.X where X >= 4
- Must be in the PATH
- Download aureliax
- Unzip aureliax
- Run python install.py install
- IDA needs to be run as administrator in order to use aureliax with IDA Pro 5.X over Windows 7 because it writes on c:\Program Files\IDA.
- Zooming out using the browser provided functionallity (ctrl -), instead of the aureliax zoom, sometimes causes the graphic to be truncated. It reappears when the zoom level is restored.
This software is provided under the GPLv2 license.
Whether you want to report a bug or give some suggestions on this package, drop us a few lines at oss- at -coresecurity.com or contact Aureliano Calvo (aurelianocalvo@)
Aureliano Calvo, Alberto Pose