advapi32.dll patch for Win2003 SP1
From: lelteto (lelteto_at_discussions.microsoft.com)
Date: 05/26/05
- Next message: lelteto: "RE: EFS &custom CSP"
- Previous message: Ryan Menezes [MSFT]: "Re: Decrypting on different platforms"
- Next in thread: Wan-Teh Chang: "Re: advapi32.dll patch for Win2003 SP1"
- Reply: Wan-Teh Chang: "Re: advapi32.dll patch for Win2003 SP1"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 26 May 2005 09:00:04 -0700
I did it for a private request but for the benefit of all CSP developers who
don't want to load kernel debuggers I post it here the patch to allow testing
unsigned CSPs.
Here is the patch information for the Win2003 SP1 advapi32.dll (version
5.2.3790.1830, size 620,032 bytes):
change the following bytes at offset 68CD:
0F -> EB
84 -> 42
62 -> 90
0B -> 90
03 -> 90
00 -> 90
ie. at 77F574CD change instruction "jz 77F88035" to "jmp short 77F57511".
Note that since I don't have Windows Server 2003 installed I could not test
it - but based on my prior patches this should work (ie. disable the
signature check on CSPs).
The usual gotcha for replacing the dll is that you cannot overwrite it while
the system is running, so the steps:
1. in Windows\System32 copy advapi32.dll to advapi32.new
2. patch advapi32.new
3. re-boot into another OS (if multi-boot) or into Recovery Console (from
install CD)
4. rename advapi32.dll to advapi32.old
5. rename advapi32.new to advapi32.dll
6. reboot
If may be necessary to disable system file protection in case the OS tries
to restore the original system dll.
Hope this helps...
Laszlo Elteto
SafeNet, Inc.
- Next message: lelteto: "RE: EFS &custom CSP"
- Previous message: Ryan Menezes [MSFT]: "Re: Decrypting on different platforms"
- Next in thread: Wan-Teh Chang: "Re: advapi32.dll patch for Win2003 SP1"
- Reply: Wan-Teh Chang: "Re: advapi32.dll patch for Win2003 SP1"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
