Tuesday, February 2, 2010

Advapi32 patch for Windows 7, 32-bit and 64-bit

It has been a log time since my last posting about the release candidate for Windows 7. I was quite busy since then and I couldn't find time to come up with a patch.
Luckily, one reader of this blog, Natko Kalisnik, spent time working on this and he contacted me recently to share his findings. Hi approach is different from the one I usually follow (his is more prudent) but it leads to the same result.
Without getting into more details, here it is for a 64-bit version of Windows 7. For the 32-bit version, just take the patch for the dll in SysWOW64.

cryptsp.dll 32-bit in SysWOW64, version 6.1.7600.16385 :
- At offset 0x3CF4 : change 0F to 90
- At offset 0x3CF5 : change 85 to E9

Its new SHA256 hash value is :
+0SIH7z7WWOMju2QxD4MuCAdC4nnhijXHr8vCLIJ6HE=

cryptsp.dll 64-bit in System32, version 6.1.7600.16385 :
- At offset 0x32E3 : change C3 to DB
- At offset 0x337D : change C3 to DB
- At offset 0x33C4 : change C3 to C4

And its new SHA256 hash value is :
2STx7caFTALkBzuo3qvvdlsBddMCZNmSq/NTqtjK0Y4=



Just a last word about the how to apply this patch for new comers.
Some manifest files must be updated using the new hash values. They are located under C:\Windows\winsxs\Manifests :
For 32-bit : x86_microsoft-windows-cryptsp-dll_31bf3856ad364e35_6.1.7600.16385_none_2933c430682017d9.manifest

For 64-bit : amd64_microsoft-windows-cryptsp-dll_31bf3856ad364e35_6.1.7600.16385_none_85525fb4207d890f.manifest

The hash value to be modified is in the XML node dsig:DigestValue.

Also, you need to replace cryptsp.dll with the patched one in the following folders under C:\Windows\winsxs :
For 32-bit : x86_microsoft-windows-cryptsp-dll_31bf3856ad364e35_6.1.7600.16385_none_2933c430682017d9

For 64-bit : amd64_microsoft-windows-cryptsp-dll_31bf3856ad364e35_6.1.7600.16385_none_85525fb4207d890f

This is sufficient for having a running patched system. For a more complete patch, you can have a look at the directory C:\Windows\winsxs\Backup : it contains copies of the manifest files and dlls that you can also patch.