Re: Investing WINS from patch MS04-006

[Halvar Flake <halvar () gmx de>]

Hey Nicolas,

NR> I had a look at Windows 2000 patch for WINS, and I found the new WINS.EXE in the ".CAB" file.
NR> I had a look at Windows 2003 patch for WINS, and I found nothing known. It looks like Microsoft is
NR> using the new "Windows Installer 3.0" differential patch format. File header is "PA19".
NR> So, since all master reversers known seem to monitor this list, I might hazard a few questions :
NR> - Will differential patches make binary analysis much easier ?

It depends. Differential patches can (if they patch only a very small
part of a binary) be a substantial aid in pinpointing the location of
a problem; Chances are though that differential patches will change
bytes in a large number of places (if for example a structure member
is added) and thus leaving you with very little information about the
actual change. To be honest, I don't think the switch to differential
patches changes a thing _except_ smaller download sizes and the
(annoying) fact that we can assume hotfixes will be fragmented in the
same way as regular executables now.

Anyone care for a binary diff of the two executables ?

Cheers,
Halvar

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave