Comparison of executable objects based on block signatures and jump relations

The paper describes graph-based comparison of executable objects based on block signatures and jump relations.This paper describes an algorithm combining basic block signatures and basic block jump relations.The algorithm develops the function control flow graph after disassembly,then matches the block signatures and further matches the blocks using an adjacency matrix.The algorithm finally calculates the function and file similarity using a comparison tool.Tests demonstrate that the algorithm can detect more than 99% of commonly used source code plagiarisms and similarities,better than source code comparison tools and several executable patch comparison tools.The algorithm can also detect cases with the same semantics,but different expressions.Thus,the graph-based comparison algorithm based on the block signatures and jump relations is accurate and effective in comparing executable objects.