MS SharePoint patch diffing is a procedure of these works:
- Get the patch
- Decompile the patch
- Diffing the patch
Then, from the differences, we can guess the reason for those and trace back the bug …
For the patch, we can download it from here: https://msrc.microsoft.com/update-guide/
If everything is fine, MS will release security patch for products every 2nd Tuesday of month,
For Sharepoint patch, you will get a file “sts2019-kb500xxxx-fullfile-x64-glb.exe”,
You can open this file with some compression tool like 7zip, there will be a file named “sts-x-none.msp” inside:
From “sts-x-none.msp” file, we can also extract the PATCH_CAB file from that using 7zip:
This (PATCH_CAB) file can also be opened by 7zip (thanks 7z team alot), it includes all of the changes will be made by this patch:
From there, we can use dnSpy to open all of the dll files inside PATCH_CAB file and decompile ALL of it to “.cs” source files.
Then, we continue to follow above steps with the old patch to get source code for both patch file.
And finally, use some code diffing tool like WinMerge to diff the source code …
It’s easy, right??
.
.
.
But not today!
After loading to diffing tool, you may notice there are a lot of differences between two patch, which are 90% false positive:
I think, MS has done some little tricks with their cs compiler, so when the csharp file is compiled, the attributes order between two version will not be the same.
This will prevent the patch diffing a lot, it will take a lot of works to refine the decompiled source code to reduce the false positive diffs!
Not until few days, I take a look at the current actively developed dnSpy repo and quickly realize that ILSpy — the heart of dnSpy is outdated.
Current ILSpy mainstream is 9.0, and dnSpy still uses ILSpy 2.x, which has been released 10 years ago, many things has changed in the csharp compiler! 🤷♀️
Also luckily, while searching for attributes sorting order problem in ILSpy issues, I’ve found some Chinese guy has also encountered this and fixed it by just a small change:
By applying this patch with some minor changes, the attributes order problem has been fixed
Here is the code i used:
After this change, there is no false positive diff anymore,
And for dnSpy, you can use a WIP version here: feature/new-ilspy.
The author of dnSpyEx is currently trying to upgrade ILSpy to v7, some feature may not work properly, but it may fix lot of decompiler bug, for example, you might have seen this code before:
Because old ILSpy hasn’t support the CSharp string switch case yet,
This is the result when you use new dnSpy:
That’s all for now,
Hope this minor changes can help everyone working in this field!
Thanks for reading!