MS12-038 and IKDASM

Past patch Tuesday Microsoft released MS12-038 that updated System.Windows.Forms.dll. It fixes a vulnerability in clipboard handling.

To compare the unpatched and patched versions of the assembly, I added an option to ikdasm to supress some of the irrelevant differences. For example, it replaces all uses of the '<PrivateImplementationDetails>{nnnnnnnn-nnnn-nnnn-nnnn-nnnnnnnnnnnn}' class (that the C# compiler generates) where nnnnnnnn-nnnn-nnnn-nnnn-nnnnnnnnnnnn is the module version GUID with the literal string (i.e. it replaces the GUID digits with n-characters). Another change is that some metadata items are sorted by name. Specifically, property and event accessors and custom attributes tend to be ordered differently between different builds.

It's likely that I'll add more in the future.

The option is named -diffmode. Usage is straight forward:

    ikdasm -diffmode -out:System.Windows.Forms.il System.Windows.Forms.dll

Updated ikdasm sources are available here: ikdasm-v0.2.zip

