
0patch Blog: No Source Code for a 14-Year Old Vulnerable DLL? No Problem - touristtam
https://blog.0patch.com/2019/02/no-source-code-for-14-year-old.html
======
vardump
Binary patching is something you just have to do sometimes. Done this now
twice for actual production purposes. Sometimes you can't compile without
excessive amount of work even if you have the source code!

A lot more when I was younger for some other purposes, like making some (non-
multiplayer) games behave differently, like never losing lives.

~~~
kuroguro
I've had to do it once in production for an old application without source,
but the changes were substantial enough that I opted to write a wrapper dll
for one of the dependencies. Once in it's easy to hook whatever else is needed
and add major modifications.

~~~
hinkley
This has some potential to be similar in philosophy to the ‘strangling a
service’ process. Use a wrapper and slowly move the functionality away, until
one day you can turn off the old service.

------
aepiepaey
This fixes the specific exploit, which is good.

However, the patched DLL is still be missing ASLR/DEP, which is suboptimal.

~~~
petermcneeley
It would be difficult to add back in ASLR if the exe was not complied with it.
Every absolute address must provide a reloc entry.

