Linked by Thom Holwerda on Fri 17th Nov 2017 11:51 UTC
Microsoft

Really, quite literally, some pretty skilled Microsoft employee or contractor reverse engineered our friend EQNEDT32.EXE, located the flawed code, and corrected it by manually overwriting existing instructions with better ones (making sure to only use the space previously occupied by original instructions).

This... This is one hell of a story. The unanswered question is why, exactly, Microsoft felt the need to do this - do they no longer have access to the source code? Has it simply become impossible to set up the correct build environment?

Amazing.

Order by: Score:
Skill, but not enough, apparently
by kwan_e on Fri 17th Nov 2017 12:21 UTC
kwan_e
Member since:
2007-02-18

While Office has had a new Equation Editor integrated since at least version 2007, Microsoft can't simply remove EQNEDT32.EXE (the old Equation Editor) from Office as there are probably tons of old documents out there containing equations in this old format, which would then become un-editable.


If the Microsoft engineers really had skill, they'd write a an equation editor that can read the old format and convert it to the new format and then remove the old equation editor before any other security damage can be done.

Microsoft felt the need to do this - do they no longer have access to the source code? Has it simply become impossible to set up the correct build environment?


It's probably written in a dialect of C so old that even Microsoft doesn't have its old compiler lying around that can correctly parse and compile the thing.

Edited 2017-11-17 12:24 UTC

Reply Score: 1

Ford Prefect Member since:
2006-01-16

The editor comes from a time when Microsoft Office programs would just dump their internal memory structures into the document files.

Writing a parser and converter, where some parts would probably not be convertible 100%, would probably take more time to do this patching.

Now you would say, a sane engineering process with clean interfaces and file format specifications would have saved Microsoft all the trouble. The sad truth is, that their strategy of rushing nasty code to the marked worked quite too well for them.

Reply Score: 2

DefineDecision Member since:
2017-10-09

The old equation editor was a licensed product - a cut down version of MathType.

Of course, the point still stands.

Reply Score: 6

tylerdurden Member since:
2009-03-17

The entire industry has been based of rushing shipments for a long while. Microsoft were not the only ones, alas they were the most successful at pushing rushed code and still have customer bases increasing.

Reply Score: 5

zima Member since:
2005-07-06

Yeah, there's also "release early, release often" maxim of (also) open source...
And I remember in some news, perhaps here, that MS was commended on the pace of development of Win10, ~"almost open source-like" ...so, decide already! ;)

Reply Score: 3

Bill Shooter of Bul Member since:
2006-07-14

Don't confuse skill of engineers with priorities of managers.

There is no real question that Microsoft couldn't have done the proper fix, they just didn't want to devote the necessary resources to do so.

Also, since this was a security matter, it was probably faster and easier to patch the binary. And speed is often the second most important aspect of a security fix.

Reply Score: 4

kwan_e Member since:
2007-02-18

Don't confuse skill of engineers with priorities of managers.


How many years has that program been around? It's been around before the Ribbon interface. They've had all that time to write a converter for just about any format of Office, not as any targeted security effort, but just in the course of events in making general improvements and upgrades.

Reply Score: 1

Bill Shooter of Bul Member since:
2006-07-14

But why would they rewrite an obscure piece of software for a historical format? It works. It doesn't make economical sense to rewrite things just because.

Reply Score: 4

Carewolf Member since:
2005-09-08

They don't own the source code, and probably don't want to renegotiate a new build from the 3rdparty they bought the thing from.

Reply Score: 2

tylerdurden Member since:
2009-03-17

A "dialect of C," huh? You mean like C?

Reply Score: 6

FlyingJester Member since:
2016-05-11

There was a time, not that long ago, when basically every C or C++ compiler was essentially incompatible with each other. It wasn't until GCC, Clang, MSVC, and Intel destroyed all other compilers that there was anything resembling a single "C" language, even between those four.

If a program is written in C, and is only known to compile with a compiler from 20+ years ago, chances are it's not written in standard C. It probably either only compiles with a certain compiler, or has a lot of #ifdefs to handle different compilers.

Reply Score: 3

tylerdurden Member since:
2009-03-17

Most of the incompatibilities I have seen from old C code, and I have had to deal with ancient code bases at some jobs were mainly due to architectural assumptions. Other than that most of the old C code I'be seen it's pretty portable, there was not that much to the language after all.

Reply Score: 4

kwan_e Member since:
2007-02-18

Other than that most of the old C code I'be seen it's pretty portable, there was not that much to the language after all.


Was the old C code you've seen mostly written for Unix like OSes?

Reply Score: 2

Vanders Member since:
2005-07-06

DOS C compilers added all sorts of extensions to cope with things like segmented addressing, and well, DOS. Here's an old Dr. Dobbs article on that very subject: http://www.drdobbs.com/cpp/compiler-specific-c-extensions/184408821)

Reply Score: 4

Carewolf Member since:
2005-09-08

There was a time, not that long ago, when basically every C or C++ compiler was essentially incompatible with each other. It wasn't until GCC, Clang, MSVC, and Intel destroyed all other compilers that there was anything resembling a single "C" language, even between those four.

If a program is written in C, and is only known to compile with a compiler from 20+ years ago, chances are it's not written in standard C. It probably either only compiles with a certain compiler, or has a lot of #ifdefs to handle different compilers.


Actually it was more C99 that fixed it. Most of the compilers had many of the sanity improvements C99 would eventually contain, much earlier.

Reply Score: 2

kwan_e Member since:
2007-02-18

A "dialect of C," huh? You mean like C?


In case you didn't notice, Microsoft C compilers from the 90s weren't exactly standards compliant.

Reply Score: 1

Not their code?
by daveh87333 on Fri 17th Nov 2017 12:47 UTC
daveh87333
Member since:
2005-08-27

From the article it looks like its maybe a third party application so Microsoft may never have had access to the source code.

Reply Score: 5

RE: Not their code?
by jasutton on Fri 17th Nov 2017 15:06 UTC in reply to "Not their code?"
jasutton Member since:
2006-03-28

I remember back in the day, I was a die-hard WordPerfect fan, and the equation editor component was identical to that used in MS Office. I suspect they both licensed this component from a third-party.

EDIT: I'm seeing references on the internet that both products use a "watered down" version of this product:

http://www.mathtype.com/en/products/mathtype/default.htm

Edited 2017-11-17 15:10 UTC

Reply Score: 5

AI?
by modicr on Fri 17th Nov 2017 13:15 UTC
modicr
Member since:
2005-09-20

Maybe they have some sophisticated AI tool that finds and corrects binary code ;)

Reply Score: 2

RE: AI?
by The123king on Fri 17th Nov 2017 15:11 UTC in reply to "AI?"
The123king Member since:
2009-05-28

I think it's more likely to be OI, or Organic Intelligence.

Reply Score: 2

RE: AI?
by Bill Shooter of Bul on Fri 17th Nov 2017 18:55 UTC in reply to "AI?"
Bill Shooter of Bul Member since:
2006-07-14

I'm pretty sure they have tools to look for security vulns in binaries,but patching I'm not sure of.

Reply Score: 3

The author must be pretty young
by HereIsAThought on Fri 17th Nov 2017 14:02 UTC
HereIsAThought
Member since:
2017-09-14

They think 2003 is ancient and 17 years!!! is a long time for code to hang around....

So much to learn....

Edited 2017-11-17 14:17 UTC

Reply Score: 6

Digging in strings...
by Drunkula on Fri 17th Nov 2017 15:05 UTC
Drunkula
Member since:
2009-09-03

It looks like a company called Design Science may have created it. I found that name in the output of strings.

https://www.dessci.com/en/

Reply Score: 3

All you need is a disassembler...
by zzarko on Sat 18th Nov 2017 17:16 UTC
zzarko
Member since:
2011-01-09

As a part of a project I was involved while studying a log time ago, I had to change Borland's C compiler executable to make it work better with hardware we were working with. Not much bytes were changed, but the compiler produced the code we needed.

Reply Score: 2

Stop a buffer overflow bug
by Seeprime on Sat 18th Nov 2017 20:00 UTC
Seeprime
Member since:
2014-05-02

The code was updated to fix third party coding that was flawed from day one. OP link has the details.

Reply Score: 2

That's nothing
by softdrat on Mon 20th Nov 2017 00:42 UTC
softdrat
Member since:
2008-09-17

Back in the days of binary punch cards, I knew someone who would edit binary code by either punching new holes into the card or else putting "chad" back into pre-existing holes.

Reply Score: 2

RE: That's nothing
by Kochise on Mon 20th Nov 2017 05:20 UTC in reply to "That's nothing"
Kochise Member since:
2006-03-03

Yet still remaining in the defined card stream, without inserting a new one. I bet you missed the whole point.

Reply Score: 2

Not that crazy
by Darkmage on Mon 20th Nov 2017 19:19 UTC
Darkmage
Member since:
2006-10-20

This isn't that crazy. If you goto http://hcl.solsector.net you can see Mario Brito's work. He's been patching the Wing Commander games for the last 25 years. He figured out howto insert a dll into the program's initial loading code and can then insert his own code to modify an entire game engine without access to the source. For example: Wing Commander Prophecy shipped with Glide and DirectX support and 16-bit color. Mario has added an entire OpenGL renderer (wine now runs the game perfectly) upped the color depth to 32-bit. Expanded almost every polygon count limit and file limit in the game. Entire custom campaigns have been created based on this such as http://standoff.solsector.net

Edited 2017-11-20 19:23 UTC

Reply Score: 4

RE: Not that crazy
by dungsaga on Tue 21st Nov 2017 04:31 UTC in reply to "Not that crazy"
dungsaga Member since:
2005-07-12

You remind me of another Mario guy ;)

Super Mario World was hacked to run a hex editor and mod loader on a unmodified Super Nintendo.

This game was also modded to have a level editor and replace it with another game while still running in memory (by the famous TASBot).

Yes, the unexpected things people did with their favorite games are crazy.

Reply Score: 1