Windows 2000向け MS15-003 解析情報 その2
MS15-003 の解析の続きです ・ω・
最初の2つは似たような処理です
| L7E8E46B9: push SWC7E8D6490_ntuser_dat L7E8E46BE: push eax call edi push [ebp-14h] |
5.1.2600.5512
| L7E8E46E9: push SWC7E8D6750_ntuser_dat L7E8E46EE: push eax call edi mov eax,[ebp+0Ch] push ebx lea ecx,[ebp-34h] mov [ebp-34h],eax call SUB_L7E9108C7 test eax,eax jnz ZL7E8E4714 L7E8E4714: push 00000005h pop eax jmp L7E8E4717 ZL7E8E4714: push ebx push [ebp+08h] push 80000003h call SUB_L7E8D5B15 |
5.1.2600.6689
| L792B8296: push SWC79286688_ntuser_dat L792B829B: push eax call edi lea eax,[ebp-0000023Ch] push eax push [ebp+08h] push 80000003h call SUB_L792B9A86 |
Win2000
| L792B8296: push SWC79286688_ntuser_dat L792B829B: push eax call edi lea eax,[ebp-0000023Ch] push eax mov eax,[ebp+0Ch] lea ecx,[ebp-34h] mov [ebp-34h],eax call SUB_L7E9108C7 test eax,eax jnz ZL7E8E479F xor ebx,ebx jmp L792B885E ZL7E8E479F: lea eax,[ebp-0000023Ch] push eax push [ebp+08h] push 80000003h call SUB_L792B9A86 |
Win2000 修正
| L7E8E494A: push eax call edi push [ebp-14h] |
5.1.2600.5512
| L7E8E4993: push SWC7E8D6750_ntuser_dat L7E8E4998: push eax call edi mov eax,[ebp+0Ch] push ebx lea ecx,[ebp-34h] mov [ebp-34h],eax call SUB_L7E9108C7 test eax,eax jnz ZL7E8E49C0 push 00000005h pop eax jmp L7E8E49C3 ZL7E8E49C0: push ebx push [ebp+08h] push 80000003h call SUB_L7E8D5B15 mov edi,eax : |
5.1.2600.6689
| L792B8296: push SWC79286688_ntuser_dat L792B829B: push eax call edi lea eax,[ebp-0000023Ch] push eax push [ebp+08h] push 80000003h call SUB_L792B9A86 |
Win2000
| L792B8296: push SWC79286688_ntuser_dat L792B829B: push eax call edi lea eax,[ebp-0000023Ch] push eax mov eax,[ebp+0Ch] lea ecx,[ebp-34h] mov [ebp-34h],eax call SUB_L7E9108C7 test eax,eax jnz ZL7E8E49C0 push 00000005h pop edi jmp L792B82B2 ZL7E8E49C0: lea eax,[ebp-0000023Ch] push eax push [ebp+08h] push 80000003h call SUB_L792B9A86 |
Win2000 修正
| push SWC7E90CC20_IssueDefaultProfile__Failed_to_r push eax call SUB_L7E8C1773 pop ecx pop ecx L7E90CAD3: lea eax,[ebp-0000020Ch] |
5.1.2600.5512
| SWC7E913968_IssueDefaultProfile__Does_not_ha: unicode 'IssueDefaultProfile: Does not have sufficient privileges to load the hive',0000h push SWC7E913A00_IssueDefaultProfile__Failed_to_r |
5.1.2600.6689
| push SWC792924CC_IssueDefaultProfile__Failed_to_r push eax call SUB_L792AFF59 pop ecx pop ecx L792BB7FC: lea eax,[ebp-0000020Ch] push eax push [ebp+14h] push 80000003h call SUB_L792B9A86 |
Win2000
| SWC7E913968_IssueDefaultProfile__Does_not_ha: unicode 'IssueDefaultProfile: Does not have sufficient privileges to load the hive',0000h push SWC792924CC_IssueDefaultProfile__Failed_to_r push eax call SUB_L792AFF59 pop ecx pop ecx L792BB7FC: mov edi,[ebp+10h] mov eax,[edi+0Ch] mov [ebp+10h],eax lea eax,[ebp-0000020Ch] push eax lea ecx,[ebp+10h] call SUB_L7E9108C7 test eax,eax jnz L7E913791_ L7E913791: // Windows 2000 は RsopLogging 非対応 /* cmp [L7E9612C8],ebx jz L7E9137A7 push SWC7E913968_IssueDefaultProfile__Does_not_ha push 00000002h call SUB_L7E8C1773 pop ecx pop ecx */ L7E9137A7: push 00000005h pop esi lea eax,[ebp-0000020Ch] |
Win2000 修正
Translate
Comments