Friday, July 29, 2011

Advapi32 patch for 64-bit Windows XP SP2

I have been asked this week by a customer to provide the patch for the advapi32 dll on Windows XP SP2 64-bit, with version number 5.2.3790.4455. For the 32-bit dll that resides in SysWOW64, it is the same as the one I have already published for Windows Server 2003 SP2. So, I had only to come up with the patch for the 64-bit dll. And without waiting, here are the patch bytes :
  • Advapi32 dll version 5.2.3790.4455 in SysWOW64 directory :
    • At offset 0x11E3F : change 75 to 90
    • At offset 0x11E40 : change 08 to 90
    • At offset 0x11E47 : change 74 to EB
  • Advapi32 dll version 5.2.3790.4455 in System32 directory :
    • At offset 0x11B05 : change 0F to 90
    • At offset 0x11B06 : change 84 to E9
    • At offset 0x4D06F : change 0F to 90
    • At offset 0x4D070 : change 85 to 90
    • At offset 0x4D071 : change 96 to 90
    • At offset 0x4D072 : change 4A to 90
    • At offset 0x4D073 : change FC to 90
    • At offset 0x4D074 : change FF to 90

2 comments:

Ehsan said...

Do you know any version of CAPICOM that bypass using ADVAPI32 & directly call CAPI functions from windows crypto library ?

Orewon said...

it is good to readaybabg