Tuesday, April 22, 2008

Advapi32 Patch for Windows XP 64-Bit

As usual, here is the patch of advapi32 on Windows XP 64-Bit that enables testing of CSP dlls without Microsoft signature. In this platform, there is two versions of this dll : on in the System32 directory that is the real 64-bit one, and one in the SysWOW64 directory that is the 32-bit one. So, we have to patch the two dlls. You'll find below the usual patch description for each one of them. You may notice that two have an identical version number, 5.2.3790.1830, that is the same for advapi32 on Windows 2003 SP1. This is why the patch for the SysWOW64 copy is identical to the one on Windows 2003 SP1.
  • Advapi32 dll in SysWOW64 directory :
    • At offset 0x68CD : change 0F to EB
    • At offset 0x68CE : change 84 to 42
    • At offset 0x68CF : change 62 to 90
    • At offset 0x68D0 : change 0B to 90
    • At offset 0x68D1 : change 03 to 90
    • At offset 0x68D2 : change 00 to 90
  • Advapi32 dll in System32 directory :
    • At offset 0x11B15 : change 0F to 90
    • At offset 0x11B16 : change 84 to E9
    • At offset 0x4D2AD : change 0F to 90
    • At offset 0x4D2AE : change 85 to 90
    • At offset 0x4D2AF : change 68 to 90
    • At offset 0x4D2B0 : change 48 to 90
    • At offset 0x4D2B1 : change FC to 90
    • At offset 0x4D2B2 : change FF to 90

4 comments:

kert said...

do you happen to have the patch for 64-bit advapi32.dll , 5.2.3790.3959, 1 051 648 bytes long, present on my win2003-64 box for csp development ?

Mounir IDRASSI said...

Unfortunately, I don't have this one but I can work on it next weekend.
I'll keep you informed.

kert said...

thank you, that would be highly appreciated.

Mounir IDRASSI said...

I have posted the patch for the Windows 2003 Server SP2 64Bit. Take a look at the new entry...