tag:blogger.com,1999:blog-2170012433200509807.post6934131276025832924..comments2022-04-05T21:32:22.268+01:00Comments on Mounir's Thoughts: Advapi32 patch for new Windows OS versionsMounir IDRASSIhttp://www.blogger.com/profile/05041891014190291121noreply@blogger.comBlogger9125tag:blogger.com,1999:blog-2170012433200509807.post-44798335433223662362008-12-12T09:53:00.000+01:002008-12-12T09:53:00.000+01:00Hi Mounir,Thanks for ur help.I almost done with my...Hi Mounir,<BR/><BR/>Thanks for ur help.<BR/><BR/>I almost done with my code. Thanks a lot.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2170012433200509807.post-90215521678618965482008-11-27T08:03:00.000+01:002008-11-27T08:03:00.000+01:00This comment has been removed by the author.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2170012433200509807.post-25748096898570982722008-11-20T10:55:00.000+01:002008-11-20T10:55:00.000+01:000x2420C is an offset (starting from the begining o...0x2420C is an offset (starting from the begining of the file). It's not a value content on the file.<BR/>An offset is the number of bytes you should skip before finding the right one. The offset is given in hexadecimal format because this is the standard way to do it. You can convert it to decimal: this will give you 147980, which means that you should go to the 147980th byte of the file.Mounir IDRASSIhttps://www.blogger.com/profile/05041891014190291121noreply@blogger.comtag:blogger.com,1999:blog-2170012433200509807.post-72907826321307736902008-11-20T08:21:00.000+01:002008-11-20T08:21:00.000+01:00Hi Mounir,I already try to look for 2420C for Vist...Hi Mounir,<BR/><BR/>I already try to look for 2420C for Vista SP1-32 bit platform, but I couldn't find any. I already emailed to u the advapi32.dll.<BR/><BR/>Thank You.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2170012433200509807.post-89055517550054329742008-11-07T12:34:00.000+01:002008-11-07T12:34:00.000+01:00Hi,Just copy the advapi32 file in System32 to anot...Hi,<BR/><BR/>Just copy the advapi32 file in System32 to another place and then use any hexadecimal editor to change the values at the indicated offsets. For example, you can use HxD for that (<A HREF="http://mh-nexus.de/en/" REL="nofollow">http://mh-nexus.de/en/</A>).<BR/>Once you have the patched copy, you have to boot on another OS that shares that same drive or access directly the hard drive, in any case this must be done outside Vista. Then, replace the advapi32 in System32 by the one you modified following my indications.<BR/>You also must replace the one in the folder <B>x86_microsoft-windows-advapi32_31bf3856ad364e35_<BR/>6.0.6001.18000_none_e34851aa8681b8b0</B> under <B>C:\Windows\winsxs\</B>.<BR/>Last thing to do is to rename the patched advapi32.dll file to <B>x86_microsoft-windows-advapi32_31bf3856ad364e35_<BR/>6.0.6001.18000_none_e34851aa8681b8b0<BR/>_advapi32.dll_9512793c</B> and then put it in <B>"C:\Windows\winsxs\Backup"</B>, thus overwriting the existing one.<BR/><BR/>Once all these actions done, start your Vista. The patched advapi32 should be working now.<BR/>You may also disable automatic Windows Updating because it can detect that the advapi32 has been altered and thus it will block your system.Mounir IDRASSIhttps://www.blogger.com/profile/05041891014190291121noreply@blogger.comtag:blogger.com,1999:blog-2170012433200509807.post-4229572468922370192008-11-07T03:46:00.001+01:002008-11-07T03:46:00.001+01:00Hi,Refer to ur post, you already informed that I n...Hi,<BR/><BR/>Refer to ur post, you already informed that I need to change all the offset value.<BR/>My question is, I didn’t have the source for the advapi32.dll. How can I change the things?<BR/>I really appreciate ur answer coz I'm new with this security things.<BR/><BR/>Thanks.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2170012433200509807.post-82507355136843092872008-11-07T03:46:00.000+01:002008-11-07T03:46:00.000+01:00This comment has been removed by the author.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2170012433200509807.post-48283964825934316812008-06-21T00:30:00.000+01:002008-06-21T00:30:00.000+01:00I didn't have the occasion to install this version...I didn't have the occasion to install this version of Vista and for the time being I don't think I'll have time to do this...Maybe in two weeks time...<BR/>If you are on a harry, you can send me your copy of advapi32 and I'll see if I can find a patch without running the system (possible but not always!!). <BR/>Cheers,Mounir IDRASSIhttps://www.blogger.com/profile/05041891014190291121noreply@blogger.comtag:blogger.com,1999:blog-2170012433200509807.post-75526119698104968332008-06-20T14:15:00.000+01:002008-06-20T14:15:00.000+01:00Hi,Have you maybe found patch for the 64-bit Vista...Hi,<BR/>Have you maybe found patch for the 64-bit Vista SP1 (version 6.0.6001.18000)?<BR/>Thanks in advance!Unknownhttps://www.blogger.com/profile/14798053464314157929noreply@blogger.com