Latest available version: IDA and decompilers v8.4.240320 see all releases
Hex-Rays logo State-of-the-art binary code analysis tools
email icon

  Posted on:   03 Jan 2006

  By:   Ilfak Guilfanov

  Categories:  Security

  Tags: 

The new version is suitable for automated setup (for example, in logon scripts).

Due to popular demand the new version of the setup can work in fully silent mode. If run without command line parameters, it will behave normally – display the welcome window, ask for confirmations, etc. To run it silently, use the following command line:

wmffix_hexblog14.exe /VERYSILENT /SUPPRESSMSGBOXES

In the case of a successful install, the computer will reboot. Otherwise the setup will exit with one the following codes:

  • 1 Setup failed to initialize.
  • 3 A fatal error occurred while preparing to move to the next installation phase (for example, from displaying the pre-installation wizard pages to the actual installation process). This should never happen except under the most unusual of circumstances, such as running out of memory or Windows resources.
  • 4 A fatal error occurred during the actual installation process. Note: Errors that cause an Abort-Retry-Ignore box to be displayed are not fatal errors. If the user chooses Abort at such a message box, exit code 5 will be returned.
  • 5 The user chose Abort at an Abort-Retry-Ignore box.
  • 10 The fix is already present on the system
  • 11 The fix can not be installed because the system is not supported

The prevent the computer from rebooting the /NORESTART command line switch can be used. However, full protection is not achieved without a reboot.
If you already have any previous version of the fix installed, there is no need to reinstall. Old hotfixes are as good as the new one in protecting your computer.
Second good news is about the vulnerability checker. It too understands the /SILENT command line switch and in the silent mode it does not display anything on the screen. The errorlevel can be checked from a batch file.
We wish you easy installation of the fix and safe computing!
P.S. I had to turn off the comments to save the bandwidth.
Here is a sample batch file to check the fix:

@echo off
rem Batch for to illustrate how to use wmf_checker in the silent mode
wmf_checker_hexblog /SILENT
if errorlevel 2 goto bad_error
if errorlevel 1 goto vulnerable
echo You system seems to be invulnerable
goto end
:vulnerable
echo You system is VULNERABLE! Please install the fix from http://www.hexblog.com
goto end
:bad_error
echo Something bad happened to the checker
goto end
:end

The files can be downloaded from the following links:
http://www.hexblog.com/security/files/wmffix_hexblog14.exe
(md5: 15f0a36ea33f39c1bcf5a98e51d4f4f6)
http://www.hexblog.com/security/files/wmf_checker_hexblog.exe
(md5: ba65e1954070074ea634308f2bab0f6a)
http://www.hexblog.com/security/files/wmfhotfix.cpp
(source code of the hotfix)
http://www.hexblog.com/security/files/wmf_checker_source.zip
(source code of the checker)