MS14-002 の解析
| L0001307C: mov edi,[ebp+0Ch] push 00000024h pop edx cmp edi,edx jc L00013179 cmp ecx,edx jc L00013179 mov eax,[esi+14h] sub eax,07030101h cmp eax,edx mov [ebp-04h],edx jbe L000130AD mov dword ptr [esi+10h],C001201Dh jmp L00013172 L000130AD: mov ecx,[esi+1Ch] lea eax,[eax+eax*2] shl eax,02h cmp ecx,[eax+L00018184] mov [ebp+0Ch],eax jnc L000130CD |
ndproxy.sys 5.1.2600.6048
| L0001307C: mov edi,[ebp+0Ch] push 00000024h pop edx cmp edi,edx jc L00013180 cmp ecx,edx jc L00013180 mov eax,[esi+14h] sub eax,07030101h mov [ebp-04h],edx mov dword ptr [esi+10h],C001201Dh |
ndproxy.sys 5.1.2600.6484
どうやら条件判定の順番が変わった1箇所だけらしい
| 00010806 L00010806: 00010806 6A24 push 00000024h 00010808 5A pop edx 00010809 3BCA cmp ecx,edx 0001080B 0F82F1000000 jc L00010902 00010811 3BFA cmp edi,edx 00010813 0F82E9000000 jc L00010902 00010819 8B4614 mov eax,[esi+14h] 0001081C 89542410 mov [esp+10h],edx 00010820 2D01010307 sub eax,07030101h 00010825 3BC2 cmp eax,edx 00010827 760C jbe L00010835 00010829 C746101D2001C0 mov dword ptr [esi+10h],C001201Dh 00010830 E9C6000000 jmp L000108FB 00010835 L00010835: 00010835 8D2C40 lea ebp,[eax+eax*2] 00010838 8B461C mov eax,[esi+1Ch] 0001083B C1E502 shl ebp,02h 0001083E 3B85E47E0100 cmp eax,[ebp+L00017EE4] 00010844 7207 jc L 0001084D 00010846 83C1E0 add ecx,FFFFFFE0h 00010849 3BC1 cmp eax,ecx 0001084B 760C jbe L00010859 0001084D L0001084D: |
Windows 2000の場合…おなじですね
| 00010806 L00010806: 00010806 6A24 push 00000024h 00010808 5A pop edx 00010809 3BCA cmp ecx,edx 0001080B 0F82F1000000 jc L00010902 00010811 3BFA cmp edi,edx 00010813 0F82E9000000 jc L00010902 00010819 8B4614 mov eax,[esi+14h] 0001081C 89542410 mov [esp+10h],edx 00010820 2D01010307 sub eax,07030101h 00010825 C746101D2001C0 mov dword ptr [esi+10h],C001201Dh 0001082C 78XX js L00010854 0001082E 3BC2 cmp eax,edx 00010830 73XX jnc L00010854 00010832 0F1F00 NOP DWORD ptr [EAX] 00010835 8D2C40 lea ebp,[eax+eax*2] 00010838 8B461C mov eax,[esi+1Ch] 0001083B C1E502 shl ebp,02h 0001083E 3B85E47E0100 cmp eax,[ebp+L00017EE4] 00010844 7207 jc L0001084D 00010846 83C1E0 add ecx,FFFFFFE0h 00010849 3BC1 cmp eax,ecx 0001084B 760C jbe L00010859 0001084D L0001084D: 0001084D C74610192001C0 mov dword ptr [esi+10h],C0012019h 00010854 E9A2000000 jmp L000108FB |
これでセキュリティの修正終わり・ω・
Microsoft Windows Legacy Update
アップデートはこちら
Translate
Comments