Advapi32 patch for Windows Vista SP1 64-Bit

Following a request by a reader of this blog, here is the patch for the advapi32 (version 6.0.6001.18000) of Windows Vista SP1 64-Bit. It's for the one present on the System32 folder used by native 64-Bit applications. The patch for the SysWow64 copy is the same as for the Windows Vista SP1 32-Bit version.

• Advapi32 dll, version 6.0.6001.18000, 64-Bit :
• At offset 0x27C29 : change 75 to 90
• At offset 0x27C2A : change 0B to 90
• At offset 0x27C30 : change 0F to 90
• At offset 0x27C31 : change 84 to E9

Advapi32 Patch for Windows XP SP3

The SP3 of Windows XP is already here and with its arrival comes the necessity of testing and validating CSP dlls under it. So, as usual, I'm releasing the necessary patch of advapi32 dll to help on this and avoid the signing process. And here we go :

• Advapi32 dll, version 5.1.2600.5512:
• At offset 0x175A1 : change 75 to 90
• At offset 0x175A2 : change 0C to 90
• At offset 0x175A9 : change 0F to 90
• At offset 0x175AA : change 84 to E9

Advapi32 Patch for Windows 2003 SP2 64-Bit

As requested by a reader of this blog, here is the patch for advapi32 dll bundled with Windows 2003 Server SP2 64-Bit (it took me sometime...). This patch is for the copy present in the System32 folder. The one in the SysWOW64 folder is the same as the 32-bit advapi32 dll of Windows 2003 Server SP2 for whom I have already posted a patch before.

• Advapi32 dll in System32 directory, version 5.2.3790.3959:
• At offset 0x11AC5 : change 0F to 90
• At offset 0x11AC6 : change 84 to E9
• At offset 0x4D0C4 : change 0F to 90
• At offset 0x4D0C5 : change 85 to 90
• At offset 0x4D0C6 : change 01 to 90
• At offset 0x4D0C7 : change 4A to 90
• At offset 0x4D0C8 : change FC to 90
• At offset 0x4D0C9 : change FF to 90

UPX 3.03 for MacOSX

The latest version of UPX (3.03) has just arrived and it adds support for the LZMA compression. This can enhance the overall compression ration but it's new and it's less tested. So, I decided to provide two binaries for this version : one with the LZMA support and one without. As for the previous release, these binaries will run under Tiger (10.4) , PPC and Intel alike, and Leopard (10.5). Here we go :

For UPX without LZMA support : click here . For UPX with LZMA support : click here .

Advapi32 Patch for Windows XP 64-Bit

As usual, here is the patch of advapi32 on Windows XP 64-Bit that enables testing of CSP dlls without Microsoft signature. In this platform, there is two versions of this dll : on in the System32 directory that is the real 64-bit one, and one in the SysWOW64 directory that is the 32-bit one. So, we have to patch the two dlls. You'll find below the usual patch description for each one of them. You may notice that two have an identical version number, 5.2.3790.1830, that is the same for advapi32 on Windows 2003 SP1. This is why the patch for the SysWOW64 copy is identical to the one on Windows 2003 SP1.

• Advapi32 dll in SysWOW64 directory :
• At offset 0x68CD : change 0F to EB
• At offset 0x68CE : change 84 to 42
• At offset 0x68CF : change 62 to 90
• At offset 0x68D0 : change 0B to 90
• At offset 0x68D1 : change 03 to 90
• At offset 0x68D2 : change 00 to 90

• Advapi32 dll in System32 directory :
• At offset 0x11B15 : change 0F to 90
• At offset 0x11B16 : change 84 to E9
• At offset 0x4D2AD : change 0F to 90
• At offset 0x4D2AE : change 85 to 90
• At offset 0x4D2AF : change 68 to 90
• At offset 0x4D2B0 : change 48 to 90
• At offset 0x4D2B1 : change FC to 90
• At offset 0x4D2B2 : change FF to 90