Tuesday, April 22, 2008

Advapi32 Patch for Windows XP 64-Bit

As usual, here is the patch of advapi32 on Windows XP 64-Bit that enables testing of CSP dlls without Microsoft signature. In this platform, there is two versions of this dll : on in the System32 directory that is the real 64-bit one, and one in the SysWOW64 directory that is the 32-bit one. So, we have to patch the two dlls. You'll find below the usual patch description for each one of them. You may notice that two have an identical version number, 5.2.3790.1830, that is the same for advapi32 on Windows 2003 SP1. This is why the patch for the SysWOW64 copy is identical to the one on Windows 2003 SP1.
  • Advapi32 dll in SysWOW64 directory :
    • At offset 0x68CD : change 0F to EB
    • At offset 0x68CE : change 84 to 42
    • At offset 0x68CF : change 62 to 90
    • At offset 0x68D0 : change 0B to 90
    • At offset 0x68D1 : change 03 to 90
    • At offset 0x68D2 : change 00 to 90
  • Advapi32 dll in System32 directory :
    • At offset 0x11B15 : change 0F to 90
    • At offset 0x11B16 : change 84 to E9
    • At offset 0x4D2AD : change 0F to 90
    • At offset 0x4D2AE : change 85 to 90
    • At offset 0x4D2AF : change 68 to 90
    • At offset 0x4D2B0 : change 48 to 90
    • At offset 0x4D2B1 : change FC to 90
    • At offset 0x4D2B2 : change FF to 90

Monday, April 21, 2008

Advapi32 patch for new Windows OS versions

This is an update of my previous post about the patching of advapi32 dll. You'll find here patches for Windows 2003 Server SP2, Windows Vista, Windows Server 2008 and Windows Vista SP1. The last two platforms share the same version of the advapi32 dll.
  • Windows 2003 SP2: advapi32 version = 5.2.3790.3959
    • At offset 0x11E3F : change 75 to 90
    • At offset 0x11E40 : change 08 to 90
    • At offset 0x11E47 : change 74 to EB
  • Windows Vista : advapi32 version = 6.0.6000.16386
    • At offset 0x37B7D : change 0F to 90
    • At offset 0x37B7E : change 84 to E9
    • At offset 0x4B66D : change 0F to 90
    • At offset 0x4B66E : change 85 to 90
    • At offset 0x4B66F : change 10 to 90
    • At offset 0x4B670 : change C5 to 90
    • At offset 0x4B671 : change FE to 90
    • At offset 0x4B672 : change FF to 90
  • Windows 2008 and Windows Vista SP1 : advapi32 version = 6.0.6001.18000
    • At offset 0x2420C : change 75 to 90
    • At offset 0x2420D : change 0C to 90
    • At offset 0x24214 : change 0F to 90
    • At offset 0x24215 : change 84 to E9

Thursday, April 3, 2008

UPX universal binary for Mac OS X

As the buzz is mounting on the Mac OS X platform these days, I decided to buy one and start hacking. On the Windows and Linux platforms, I'm used to compress all my binaries using UPX, thus saving space and bandwidth. Unfortunately, when I tried to download a version of it for Mac OS X, I couldn't find a single link, even on the official web site. So, I decided to compile a version myself.
The task was not straightforward but I was able to build a universal binary Mac OS X 10.4 and 10.5. It should work on 10.3 but I didn't test it. The result can be downloaded from the link below. I hope this will help.

http://www.idrix.fr/Root/MacOSX/upx-3.02-universal-macosx.tar.gz