Tuesday, February 2, 2010

Advapi32 patch for Windows 7, 32-bit and 64-bit

It has been a log time since my last posting about the release candidate for Windows 7. I was quite busy since then and I couldn't find time to come up with a patch. Luckily, one reader of this blog, Natko Kalisnik, spent time working on this and he contacted me recently to share his findings. Hi approach is different from the one I usually follow (his is more prudent) but it leads to the same result. Without getting into more details, here it is for a 64-bit version of Windows 7. For the 32-bit version, just take the patch for the dll in SysWOW64. cryptsp.dll 32-bit in SysWOW64, version 6.1.7600.16385 : - At offset 0x3CF4 : change 0F to 90 - At offset 0x3CF5 : change 85 to E9 Its new SHA256 hash value is : +0SIH7z7WWOMju2QxD4MuCAdC4nnhijXHr8vCLIJ6HE= cryptsp.dll 64-bit in System32, version 6.1.7600.16385 : - At offset 0x32E3 : change C3 to DB - At offset 0x337D : change C3 to DB - At offset 0x33C4 : change C3 to C4 And its new SHA256 hash value is : 2STx7caFTALkBzuo3qvvdlsBddMCZNmSq/NTqtjK0Y4= Just a last word about the how to apply this patch for new comers. Some manifest files must be updated using the new hash values. They are located under C:\Windows\winsxs\Manifests : For 32-bit : x86_microsoft-windows-cryptsp-dll_31bf3856ad364e35_6.1.7600.16385_none_2933c430682017d9.manifest For 64-bit : amd64_microsoft-windows-cryptsp-dll_31bf3856ad364e35_6.1.7600.16385_none_85525fb4207d890f.manifest The hash value to be modified is in the XML node dsig:DigestValue. Also, you need to replace cryptsp.dll with the patched one in the following folders under C:\Windows\winsxs : For 32-bit : x86_microsoft-windows-cryptsp-dll_31bf3856ad364e35_6.1.7600.16385_none_2933c430682017d9 For 64-bit : amd64_microsoft-windows-cryptsp-dll_31bf3856ad364e35_6.1.7600.16385_none_85525fb4207d890f This is sufficient for having a running patched system. For a more complete patch, you can have a look at the directory C:\Windows\winsxs\Backup : it contains copies of the manifest files and dlls that you can also patch.