Friday, July 29, 2011

Advapi32 patch for 64-bit Windows XP SP2

I have been asked this week by a customer to provide the patch for the advapi32 dll on Windows XP SP2 64-bit, with version number 5.2.3790.4455. For the 32-bit dll that resides in SysWOW64, it is the same as the one I have already published for Windows Server 2003 SP2. So, I had only to come up with the patch for the 64-bit dll. And without waiting, here are the patch bytes :
  • Advapi32 dll version 5.2.3790.4455 in SysWOW64 directory :
    • At offset 0x11E3F : change 75 to 90
    • At offset 0x11E40 : change 08 to 90
    • At offset 0x11E47 : change 74 to EB
  • Advapi32 dll version 5.2.3790.4455 in System32 directory :
    • At offset 0x11B05 : change 0F to 90
    • At offset 0x11B06 : change 84 to E9
    • At offset 0x4D06F : change 0F to 90
    • At offset 0x4D070 : change 85 to 90
    • At offset 0x4D071 : change 96 to 90
    • At offset 0x4D072 : change 4A to 90
    • At offset 0x4D073 : change FC to 90
    • At offset 0x4D074 : change FF to 90

Thursday, May 5, 2011

Alternative method to disable Certificate Propagation service

Apart from disabling the Certificate Propagation service under Vista/7 using the Services MMC, you can do the same by modifying the registry: under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CertProp, set the REG_DWORD value CertPropEnabled to 0.This will forbid the service from starting until you set it again to 1.

Sunday, February 20, 2011

Advapi32 patch for 64-bit Vista SP2 and Windows 2008 SP2

Recently, a reader of this blog asked for the patch of the 64-bit advapi32 dll of Windows Server 2008 SP2 64-bit (version 6.0.6002.18005). So, here it is (it also applies to Vista SP2 64-bit).
For the 32-bit advapi32 dll on these systems, I have already published the corresponding patch in the following post about Vista SP2 :

  • Advapi32 dll in System32 directory, version 6.0.6002.18005:
    • At offset 0x2BC9D : change 75 to 90
    • At offset 0x2BC9E : change 0B to 90
    • At offset 0x2BCA4 : change 0F to 90
    • At offset 0x2BCA5 : change 84 to E9
Its new SHA-256 hash value that should be put in the manifest files is :