超緊急のセキュリティホール MS12-004 の解析
オリジナルmciseq.dll
| SUB_L5FAF344D: mov edi,edi push ebp mov ebp,esp xor eax,eax mov ecx,edx and ecx,0000000Fh inc eax shl eax,cl shr edx,04h cmp dword ptr [ebp+08h],00000000h lea ecx,[esi+edx*2] jz L5FAF346D or [ecx],ax jmp L5FAF3472 L5FAF346D: not eax and [ecx],ax L5FAF3472: |
修正後
| SUB_L5FAF344D: mov edi,edi push ebp mov ebp,esp xor eax,eax mov ecx,edx and ecx,0000000Fh inc eax shr edx,04h shl eax,cl cmp edx,00000008h jnc L5FAF3477 cmp dword ptr [ebp+08h],00000000h lea ecx,[esi+edx*2] jz L5FAF3472 or [ecx],ax jmp L5FAF3477 L5FAF3472: not eax and [ecx],ax L5FAF3477: pop ebp retn 0004h |
オリジナルwinmm.dll
| L7753D1A5: push [edi+7Ch] mov [edi+30h],ecx push edi call SUB_L7753CA24 jmp L7753D276 L7753D1B6: cmp [ebp-0Ch],ebx mov esi,[edi+00000084h] jz L7753D276 test cl,cl mov al,cl mov ebx,ecx js L7753D1E3 mov al,[edi+54h] mov [ebp+0Bh],cl movzx edx,al shl ecx,08h shr ebx,08h or ecx,edx mov [ebp-08h],ecx jmp L7753D1F1 L7753D1E3: mov edx,ecx shr edx,08h shr ebx,10h |
修正後
| L7753D1A5: push [edi+7Ch] mov [edi+30h],ecx push edi call SUB_L7753CA24 jmp L7753D27D L7753D1B6: cmp [ebp-0Ch],ebx mov esi,[edi+00000084h] jz L7753D27D test cl,cl mov al,cl mov edx,ecx js L7753D1E8 mov al,[edi+54h] shr edx,08h mov bl,cl mov [ebp+0Bh],dl movzx edx,al shl ecx,08h and bl,7Fh or ecx,edx mov [ebp-08h],ecx jmp L7753D1F9 L7753D1E8: mov ebx,ecx shr ebx,08h and bl,7Fh shr edx,10h &nbs p; mov [edi+54h],cl mov [ebp+0Bh],dl L7753D1F9: mov dl,al and dl,F0h cmp dl,90h mov [ebp-01h],dl jz L7753D20B cmp dl,80h jnz L7753D266 L7753D20B: and eax,0000000Fh shl eax,07h movzx edx,bl add eax,edx cdq sub eax,edx sar eax,1 cmp byte ptr [ebp-01h],80h jz L7753D24C cmp byte ptr [ebp+0Bh],00h jz L7753D24C add esi,eax test bl,01h mov al,[esi] mov dl,al jz L7753D23E and dl,F0h cmp dl,F0h jz L7753D266 add al,10h jmp L7753D248 L7753D23E: and dl,0Fh cmp dl,0Fh jz L7753D266 inc al L7753D248: mov [esi],al jmp L7753D266 L7753D24C: test bl,01h lea edx,[eax+esi] mov al,[edx] jz L7753D25E test al,F0h jz L7753D266 sub al,10h jmp L7753D264 |
これを参考に、Windows 2000版のパッチ作成しました
Translate
おお、いつもながら流石でありまする。
あ、明けましておめでとうございます。
本年もお世話になります^^