Results 1 to 3 of 3

Thread: MS Patch diffing process

  1. #1
    skippyV
    Guest

    MS Patch diffing process

    I'm using Ida with BinDiff to examine MS security patches. I'm starting my education with old Win2000 patches. My Windows 2000 has sp4 and I believe is completely patched. If I want to start diffing a patch that was distributed for 2000w/sp4 but was much older (from a patch perspective) then my current vm - how can I ensure that the targeted dll is at a valid state for the "before" version? For example - I download a patch, install it, copy the targeted dll as the "after" version. Then uninstall the patch and copy the dll for the "before" version. But how do I know that my "before" version is truly the state of what the dll would have been just prior to when MS released that patch? And not some "dirty" older state. Otherwise the diff will show much more stuff that wasn't part of the patch. I believe there is dll version information within the patch itself and I know about the information provided by the MS bulletins (specifically the "Bulletins Replaced by this Update" column. But I'm guessing at this point and need some expertise.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Registered User
    Join Date
    Feb 2004
    Location
    France
    Posts
    99
    Quote Originally Posted by skippyV View Post
    I know about the information provided by the MS bulletins (specifically the "Bulletins Replaced by this Update" column. But I'm guessing at this point and need some expertise.
    You got it right and that's all you need. The "Bulletins Replaced by this Update" column tells you what was the previous patch for the related binaries.

    Aside from that you can extract patches with the /x switch (XP and prior) or Cabextract utility (in system32) for MSU patches (extract MSU and then extract one of the two CABs).
    Omne tulit punctum qui miscuit utile dulci

  3. #3
    skippyV
    Guest
    Cool. Thanks, Neitsa!
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Patch Generator
    By peterg70 in forum Tools of Our Trade (TOT) Messageboard
    Replies: 4
    Last Post: February 17th, 2013, 16:38
  2. Windows 8 Syscall Interface and Export Table diffing fun
    By j00ru vx tech blog in forum Blogs Forum
    Replies: 0
    Last Post: September 21st, 2011, 12:17
  3. Patch...!? Debugger approach...
    By exctlong in forum Mini Project Area
    Replies: 10
    Last Post: October 29th, 2003, 18:21
  4. Code Patch Creators
    By squidge in forum Off Topic
    Replies: 8
    Last Post: February 12th, 2003, 03:56
  5. DS 2.7 Patch correction. Sorry.
    By nikolatesla20 in forum Tools of Our Trade (TOT) Messageboard
    Replies: 5
    Last Post: October 25th, 2002, 16:02

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •