DarunGrim 4 Pre-Alpha Testing

Recently I have been working on new DarunGrim and I was just cleaning up the old code. The objective of this new version 4 is faster, lighter and simpler DarunGrim. For a week, I cleaned up a lot of code and fixed a lot of issues with many code refactorings. It is still far from the complete, but I thought that I can share the binary from time to time so that I can get some feedback from the users.

 

I just uploaded a developmental snapshot here:

DarunGrim4Setup.exe

 

The following shows the basic steps to follow to test this test release.

 

Generating DGF files

After installation, you need to confirm that DarunGrim plugin is installed under IDA program folder. Then, first open an unpatched and patched binaries and run DarunGrim plugin. (Figure 1)

 

fig

Figure 1 Select DarunGrim Plugin from IDA

 

A dialog box will pop up and it will ask you where to save the analysis file with .dgf extension. (Figure 2) The analysis file is basically in SQLite format and we just use our own extension so that it can register DarunGrim program handler upon .dgf extension.

 

 

 

Figure 2 Choose output DGF filename

 

You also do same thing upon patched file with different name, kernel-post.dgf in this case. (Figure 3)

Figure 3 Choose output DGF filename for the patched binary

Perform Binary Diffing

After saving two unpatched and patched dgf files, open them from DarunGrim main program. Run DarunGrim.exe from the Start menu and choose File -> New Diffing menu item. Select source and target dgf files we created already and set output file to save diffing analysis results. (Figure 4)

Figure 4 File Selections Dialog

 When you press OK button, the analysis will start. (Figure 5)

Figure 5 Start analysis

 It takes some time to complete analysis, the actual timing depends on the binary sizes to analyze. When it is complete, you will see the results will show up on the Functions list. (Figure 6)

 

Figure 6 Analysis complete

 When you double click each function, the Blocks list will be activated and will show the list of blocks inside the function. (Figure 7)

Figure 7 Blocks list

 

Synchronized IDA view

So, now you can now go through functions and check what functions are patched or something. But it might be beneficial to synchronize DarunGrim program with IDA and DarunGrim already supports it.

First choose View -> Connect to IDA menu. (Figure 8)

Figure 8 Connect to IDA

 From the dialog, press “Accept Connection” button from “Source File” line. It will show “Listening…” message. DarunGrim uses TCP port 1216 for the connection between DarunGrim and IDA. This will make DarunGrim to listen on TCP port 1216.

Figure 9 Accept connections

 

At this point, open up original binary and run DarunGrim plugin. (Figure 10) It will first try to connect to port 1216 on localhost first. If it can connect to that port, it will be running in IDA synchronization mode.

 

fig

Figure 10 Run DarunGrim plugin

 When the connection is successful, the dialog box “Listening…” message will turn into a file path from the original filename. (Figure 11)

Figure 11 IDA Plugin connected successfully

 Perform same operations with patched binary. (Figure 12)

Figure 12 Connecting patched binary IDA

 Now if everything worked fine, you will see that IDA will display the position where you click from Blocks list view.

Figure 13 Full synchronized view

Now you can enjoy full power of IDA with DarunGrim.

 

This release is pre-alpha and it might have a lot of issues that are not taken care of yet. I refactored a lot of code and there might be some issues I never tested. If you find any issues or if you have any suggestions form DarunGrim 4, just shoot me a mail at oh.jeongwook@gmail.com or send me a tweet at http://twitter.com/ohjeongwook.

Thanks!

Advertisements

9 Responses to DarunGrim 4 Pre-Alpha Testing

  1. CuriousGuy says:

    Hey, I just wanted to notify you that Google reports that the file is infected with a virus and hence only the owner can download it. If possible can you upload it somewhere else ? Maybe SourceForge or GitHub ?

    Like

  2. ricardo says:

    i am working diffing files of 16m size and darumgrim.exe crash raising exception (bad allocation) 😦

    ricardo

    Like

  3. ricardo says:

    could you put the requirements for the version 4 installation?

    Like

  4. vahagn vardanyan says:

    Hey!
    It seems that google dirve and dropbox now allow to download file.
    Can anyone give another link?

    Thanks

    Like

  5. Carlie says:

    Y como tú dices "y lo que te rondaré moauqr&neot;, sólo hay que esperar unos cuantos meses…Los lobos ya empiezan a olvidarse de su piel de cordero, pero dentro de poco ya no tendrán que utilizarla para nada.Bicos

    Like

  6. Kamryn says:

    Thanks swiftness of the leading info. Truly reachable goods! I heavy-set do not ji-bjrbeabber on these but I motion you did a in truth development size and I’m unequivocal some people reason the to some extent still

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: