Large enterprise level systems often have their own application software layer wrapped over large software tools or products from commercial vendors. From time to time, vendors release patches which update or enhance the products to meet various requirements. However, applying the patches often introduces risk that the wrapper software layer might behave incorrectly, especially if the customer has little knowledge of the linkage between the application layer and the vendor provided system (for example, because the application itself is a legacy system). So there is always the need for analyzing the impact of patches and reducing the risk in applying them. Impact analysis depends on two sources of knowledge -- the physical modifications made by a patch and a dependency graph of the entities in the system. This thesis provides an empirical approach to finding modifications and generating dependency graphs that can be used for impact analysis.