Sunday, November 15, 2009

UPX 3.04 with patches for MacOSX

The latest version of UPX (3.04) contained a bug that prevented it from handling correctly MacOSX binaries. A correction was committed to the source tree.
I have compiled a version of UPX 3.04 with this correction and you can download the corresponding universal binaries from the following links :

For UPX without LZMA support : click here .
For UPX with LZMA support : click here .

Wednesday, August 19, 2009

Advapi32 patch for Windows Vista SP2

Hi,

Here is the patch bytes for the advapi32 of Windows Vista SP2 that enable CSP testing without the MS signing process.
You'll also find the value of the SHA256 hash of the resulting dll: this value must be updated on the two manifest files associated with advapi32 and which are located under winsxs\Manifests and winsxs\backup. To find them, just do a file name search containing the strings "advapi32" and "6.0.6002.18005".
Do the same search to find the other folder besides winsxs\backup and system32 where you must put the patched copy.

Patch for advapi32.dll version 6.0.6002.18005 :
- At offset 0x2C106 : change 75 to 90
- At offset 0x2C107 : change 0C to 90
- At offset 0x2C10E : change 0F to 90
- At offset 0x2C10F : change 84 to E9

The new SHA256 hash value is :
UJ03+cGhkgBS/X7C/YIy+tu0ko+6sgJmmdHUexvsWSk=

Tuesday, May 26, 2009

Patch for new Advapi32 dll of Windows Server 2003 SP2

As for Windows XP SP3, Microsoft released through Windows Update a new version of Advapi32 for Windows Server 2003 SP2 with version number 5.2.3790.4455. Here is the corresponding patch:
  • Advapi32 dll, version 5.2.3790.4455:
    • At offset 0x11E3F : change 75 to 90
    • At offset 0x11E40 : change 08 to 90
    • At offset 0x11E47 : change 74 to EB

Sunday, May 3, 2009

Advapi32 patch for Windows 7 RC

After the recent release of Windows 7 RC, here is the patch for developing and tesing CSPs under this new platform. Unlike previous Windows versions and because of internal changes on Advapi32, the patch applies this time to cryptsp.dll and not to advapi32.dll...so the title of this post is really just for historical reasons!!
Here is the patch :
  • Cryptsp dll, version 6.1.7100.0 :
    • At offset 0x34CB : change 75 to 90
    • At offset 0x34CC : change 10 to 90
    • At offset 0x34D3 : change 75 to 90
    • At offset 0x34D4 : change 08 to 90

The SHA-256 hash of the patched dll is in BASE64 encoding :
6bzJDA9IknZNgyO8sugtmLZxMfeVvZBToZQ82P8ahFI=
This value is needed in order to update the manifest files associated with cryptsp.dll in the WINSXS directory.

Tuesday, April 28, 2009

Patch for new Advapi32.dll of Windows XP SP3

On February 9th 2009, Microsoft released through Windows Update a new version of Advapi32 for Windows XP SP3 with version number 5.1.2600.5755. Here is the corresponding patch:
  • Advapi32 dll, version 5.1.2600.5755:
    • At offset 0x175C1 : change 75 to 90
    • At offset 0x175C2 : change 0C to 90
    • At offset 0x175C9 : change 0F to 90
    • At offset 0x175CA : change 84 to E9