I have been asked this week by a customer to provide the patch for the advapi32 dll on Windows XP SP2 64-bit, with version number 5.2.3790.4455. For the 32-bit dll that resides in SysWOW64, it is the same as the one I have already published for Windows Server 2003 SP2. So, I had only to come up with the patch for the 64-bit dll. And without waiting, here are the patch bytes :
- Advapi32 dll version 5.2.3790.4455 in SysWOW64 directory :
- At offset 0x11E3F : change 75 to 90
- At offset 0x11E40 : change 08 to 90
- At offset 0x11E47 : change 74 to EB
- Advapi32 dll version 5.2.3790.4455 in System32 directory :
- At offset 0x11B05 : change 0F to 90
- At offset 0x11B06 : change 84 to E9
- At offset 0x4D06F : change 0F to 90
- At offset 0x4D070 : change 85 to 90
- At offset 0x4D071 : change 96 to 90
- At offset 0x4D072 : change 4A to 90
- At offset 0x4D073 : change FC to 90
- At offset 0x4D074 : change FF to 90
1 comment:
Do you know any version of CAPICOM that bypass using ADVAPI32 & directly call CAPI functions from windows crypto library ?
Post a Comment