Dailydave mailing list archives
Re: Investing WINS from patch MS04-006
From: Halvar Flake <halvar () gmx de>
Date: Fri, 18 Jun 2004 12:25:47 +0200
Hey Nicolas, NR> I had a look at Windows 2000 patch for WINS, and I found the new WINS.EXE in the ".CAB" file. NR> I had a look at Windows 2003 patch for WINS, and I found nothing known. It looks like Microsoft is NR> using the new "Windows Installer 3.0" differential patch format. File header is "PA19". NR> So, since all master reversers known seem to monitor this list, I might hazard a few questions : NR> - Will differential patches make binary analysis much easier ? It depends. Differential patches can (if they patch only a very small part of a binary) be a substantial aid in pinpointing the location of a problem; Chances are though that differential patches will change bytes in a large number of places (if for example a structure member is added) and thus leaving you with very little information about the actual change. To be honest, I don't think the switch to differential patches changes a thing _except_ smaller download sizes and the (annoying) fact that we can assume hotfixes will be fragmented in the same way as regular executables now. Anyone care for a binary diff of the two executables ? Cheers, Halvar _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Investing WINS from patch MS04-006 Nicolas RUFF (Jun 18)
- Re: Investing WINS from patch MS04-006 Halvar Flake (Jun 18)
- Re: Investing WINS from patch MS04-006 Florian Weimer (Jun 19)