Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

advapi.dll

Status
Not open for further replies.
jjoensuu

jjoensuu

MIS
Oct 22, 2001
45
US
Hi all,

I happened to come by an old article (dated 04.09.1999) about NSA having something to do with an extra set of keys inside the Windows advapi.dll file. According to the article the extra keys are in this dll on every version of Windows between Windows 95 OSR2 and Windows 2000.

Article URL:
Three questions that came to mind:
1. has anything similar been reported about Windows XP?
2. what kind of software would one use to check the dll for keys?
3. if answer to 2 is "hex editor" or other low level editor: how would you know that you have found a key?

cheers,

JJ
 
Sort by date Sort by votes
You shouldn't believe everything you read. The easiest way to debunk this theory would be to 1) install a sniffer on your wire to see what is coming in and out and discern from there. 2) Set up a firewall with logging and log specifically for that. 3) Download ListDLL's ( and see what its calling and why. There are so many others but it would be redundant and worthless to repeat. Don't believe everything you read.
 
Upvote 0 Downvote
ok, I was mainly looking for information on what sort of tools to use to check out a dll for keys (and if a extra key is supposed to exist in XP). I would think that checking the dll would require some sort of hex editor or disassembler, but wasn't sure.
 
Upvote 0 Downvote
Actually got what I was looking for at another discussion group:

> 1. has anything similar been reported about Windows XP?

No. The architecture change removed the need for such a special implementation.

> 2. what kind of software would one use to check the dll
> for keys?

A disassembler with good structure analysis.

> 3. if answer to 2 is "hex editor" or other low level
> editor: how would you know that you have found a key?

If there's some DER or BER encoded structure that looks like an exponent plus a big composite integer of a typical site.

----

Actually that sniffer +firewall logging +ListDLL option would only work if the OS constantly calls home because of these keys. But that was never implied in either the article or in my posting.
 
Upvote 0 Downvote
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top