Wednesday, August 19, 2009

Advapi32 patch for Windows Vista SP2

Hi, Here is the patch bytes for the advapi32 of Windows Vista SP2 that enable CSP testing without the MS signing process. You'll also find the value of the SHA256 hash of the resulting dll: this value must be updated on the two manifest files associated with advapi32 and which are located under winsxs\Manifests and winsxs\backup. To find them, just do a file name search containing the strings "advapi32" and "6.0.6002.18005". Do the same search to find the other folder besides winsxs\backup and system32 where you must put the patched copy. Patch for advapi32.dll version 6.0.6002.18005 : - At offset 0x2C106 : change 75 to 90 - At offset 0x2C107 : change 0C to 90 - At offset 0x2C10E : change 0F to 90 - At offset 0x2C10F : change 84 to E9 The new SHA256 hash value is : UJ03+cGhkgBS/X7C/YIy+tu0ko+6sgJmmdHUexvsWSk=
Publié par à l'adresse
Libellés : , , ,

1 comment:

Jackie Lee said...

Hi Mounir:
I have 2 questions, one is for vista sp2, another is for win7.
in vista sp2, advapi32.dll version is 18005. I searched the file name with advapi32 & 6.0.6002.18005 and get the results:

winsxs\mainfests:
x86_microsoft-windows-advapi32.resources_31bf3856ad364e35_6.0.6002.18005_en-us_1a74f13fadf6bae3.manifest
x86_microsoft-windows-advapi32_31bf3856ad364e35_6.0.6002.18005_none_e533cab683a383fc.manifest

winsxs\backup:
x86_microsoft-windows-advapi32.resources_31bf3856ad364e35_6.0.6002.18005_en-us_1a74f13fadf6bae3.manifest
x86_microsoft-windows-advapi32.resources_31bf3856ad364e35_6.0.6002.18005_en-us_1a74f13fadf6bae3_advapi32.dll.mui_28c7718f
x86_microsoft-windows-advapi32_31bf3856ad364e35_6.0.6002.18005_none_e533cab683a383fc.manifest
x86_microsoft-windows-advapi32_31bf3856ad364e35_6.0.6002.18005_none_e533cab683a383fc_advapi32.dll_9512793c

winsxs\folder:
x86_microsoft-windows-advapi32.resources_31bf3856ad364e35_6.0.6002.18005_en-us_1a74f13fadf6bae3\
x86_microsoft-windows-advapi32_31bf3856ad364e35_6.0.6002.18005_none_e533cab683a383fc\

Could you tell me which files I should replace the SHA256 value?

and my Windows 7's advapi.dll version is 6.1.7600.16385. do you have a patch for it? and tell me how to implement. thanks.

October 9, 2009 at 4:25 PM

Post a Comment

Subscribe to: Post Comments (Atom)