Hi
I just came across a slashdot-article[1], in which Halvar Flake
presents how a comparison of unpatched vs patched libraries[2]
can reveal easily all information needed to develop an exploit.
In particular he applies ida and sabre (... ).
Watch this movie[3] in order to understand what I am talking about.
Cheers
[1] http://it.slashdot.org/article.pl?sid=08/01/09/0241209
[2] http://www.microsoft.com/technet/sec.../ms08-001.mspx
[3] http://www.zynamics.com/files/ms08001.swf