Results 1 to 1 of 1

Thread: Reversing Ms13-057

  1. #1

    Reversing Ms13-057

    Hi,

    Its my first post in this forum, i wish i can learn many things here .

    As i write in Title i got interested in Microsoft patch ms13-057 which is a patch in wmv file format, Anyone here worked on this ?

    **Im really dont want to write exploit for it im not sure if i can or not just a POC for triggering this bug and find answer of my question is enough.

    So, I have downloaded the patch extract the patched module(WMVDECOD.dll on Windows XP with Media Player 11)then i diff it against the .dll that i got from my windows xp system(using IDA Pro and TurboDiff), i got 3 function changed after a quick review of those functions i guess i have found the vulnerable function. (You can find both patched and unpatched dll in attachement)

    Then i did a xref to from that vulnerable function, i got list on functions that calling to this function!
    I start Media player with a simple wmv file fortunalty it Hit my breakpoint on that vulnerable function.

    So i start from tracing the function that i guessed it is vulnerable, i set a breakpoint on first instruction(Using Ollydbg) and i start checking all Registers(Follow in Dump) and Stack to find a value of my wmv file. I dump registers and seach random values from Dump panel of olly in a Hex Editor to see if i can find a value from my file in Media Player but FAILED!!! Never find any value from program memory in the file.

    Im not even sure that is this the right way to do it !?(i have read something about taint analysis but never find a good tools).

    What is the Next Step for me to do?
    How can i Trace values in memory in my file ?
    How can i Find which value from which part of the file is comming to my Vulnerable function ?


    Finally, Is Anyone interested in reversing this patch with me ?


    I tried to explain exact thing that i have done in detail
    Thank you very much
    Attached Files Attached Files
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Reversing SHR EAX,1F
    By captcpsc in forum The Newbie Forum
    Replies: 16
    Last Post: May 19th, 2012, 23:14
  2. DOS/4GW , DOS/16M Reversing Help !
    By visions_of_eden in forum The Newbie Forum
    Replies: 6
    Last Post: December 1st, 2010, 07:49
  3. Reversing C++
    By Vuurvlieg in forum Advanced Reversing and Programming
    Replies: 3
    Last Post: January 16th, 2008, 21:09
  4. InTether Protection System Reversing...Reversing Kernel Code
    By tHE mUTABLE in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: December 20th, 2007, 10:48
  5. Reversing
    By A_m_A in forum Advanced Reversing and Programming
    Replies: 11
    Last Post: May 3rd, 2001, 14:43

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •