The win8 dnsapi.dll, ms domains & hosts file thing...

Discussion in 'Windows 8' started by pjoter, Nov 2, 2014.

  1. ZaForD

    ZaForD MDL Expert

    Jan 26, 2008
    1,212
    200
    60
    I've been using DD-WRT on my routers for years and have followed a number of the threads on their forum for adding a 'hosts' file to those routers.
    Been very handy when setting up routers for family and local community groups. Where you never know what types of devices will be used. :confused:

    Other router firmware should allow you to do it too.
     
  2. Mr Jinje

    Mr Jinje MDL Expert

    Aug 19, 2009
    1,770
    1,101
    60
    #22 Mr Jinje, Nov 3, 2014
    Last edited by a moderator: Apr 20, 2017
    This snip is already multi version aware. For instance, to add w10, we'll just need to get the file length in bytes of each copy for W10 dnsapi.dll (which I don't have ATM) and the correct offsets location from HxD. Then add a separate artoo command for each. It looks more complicated than it is.

    Code:
    switch ($file.length){
    "654112" {artoo -patchfile "$file" -offsets 0xBLAH,0xBLAH -Patches "DO PATCH FOR W10x64"}
    "W10-X86 byte count" {artoo -patchfile "$file" -offsets 0xBLAH,0xBLAH -Patches "DO PATCH FOR W10x86"}
    "655872" {artoo -patchfile "$file" -offsets 0x23AF8,0x23C48 -Patches "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000","0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"}
    }
    Unless you want to include 1.5MB of hacked dll files instead of 3kb of script work.
     
  3. WildByDesign

    WildByDesign MDL Addicted

    Sep 8, 2013
    743
    403
    30
    Confirmed. I run BIND DNS as a local proxy specifically for removing advertisements directly from my web traffic. This does correctly intercept and send the request anywhere you'd like, including localhost of course.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. CODYQX4

    CODYQX4 MDL Developer

    Sep 4, 2009
    4,813
    45,775
    150
    #24 CODYQX4, Nov 4, 2014
    Last edited: Apr 12, 2019
    .
     
  5. Ace2

    Ace2 MDL Expert

    Oct 10, 2014
    1,374
    1,159
    60
    #25 Ace2, Nov 4, 2014
    Last edited by a moderator: Apr 20, 2017
    I have taken these dnsapi.dll and Patched them with Mr Jinje Patch, then checked them with HxD - Hexeditor 1.7.7.0 and the -offsets 0x23AF8,0x23C48 have been replaced with the 0.

    win8.1 x64

    dnsapi.dll build 6.3.9600.17039 size 655360 (System32 folder)

    MD5 b7e51f949ed8c3a75c1d3121af9a4b6c
    SHA1 714448092fdd1c1f55d1070e95b926ee3a7ce9a9
    CRC32 0fd11bd9

    Code:
    Function Artoo($patchfile,$offsets,$patches){$patch = new-object System.IO.FileStream "$patchfile",Open,ReadWrite,None;[int]$i=0;foreach ($position in $offsets){$offset = "{0:d}" -f $position;$hex = ($patches[$i] -split '([a-f0-9]{2})' | foreach-object { if ($_) {[System.Convert]::ToByte($_,16)}});$patch.Position = $offset;$hex | foreach {$patch.WriteByte($_)};$i=$i+1}$patch.Flush();$patch.Close();$patch.Dispose()}
    
    # The file you point at will be hex edited directly.
    # You are responsible for creating your own backup copy of dnsapi.dll before running this script.
    
    $file = "C:\test\dnsapi.dll"
    $file = Get-Item $file
    $file.length
    
    switch ($file.length){
    "655360" {
     
    artoo -patchfile "$file" -offsets 0x23AF8,0x23C48 -Patches "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000","0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
    
    }
    }

    win8.1 x64

    dnsapi.dll build 6.3.9600.17039 size 494592 (SysWOW64 folder)

    MD5 ff0ee1b87e5dd7a82f7bb124d5ca8bb6
    SHA1 84c54155d4221769dc8381c870ccc288303c6b6c
    CRC32 02574ae1

    Code:
    Function Artoo($patchfile,$offsets,$patches){$patch = new-object System.IO.FileStream "$patchfile",Open,ReadWrite,None;[int]$i=0;foreach ($position in $offsets){$offset = "{0:d}" -f $position;$hex = ($patches[$i] -split '([a-f0-9]{2})' | foreach-object { if ($_) {[System.Convert]::ToByte($_,16)}});$patch.Position = $offset;$hex | foreach {$patch.WriteByte($_)};$i=$i+1}$patch.Flush();$patch.Close();$patch.Dispose()}
    
    # The file you point at will be hex edited directly.
    # You are responsible for creating your own backup copy of dnsapi.dll before running this script.
    
    $file = "C:\test\dnsapi.dll"
    $file = Get-Item $file
    $file.length
    
    switch ($file.length){
    "494592" {
     
    artoo -patchfile "$file" -offsets 0x23AF8,0x23C48 -Patches "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000","0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
    
    }
    }
    I have replaced windows 10 TP Build 9860 dnsapi.dll with them, and Internet browsing is working fine, if not faster, updates are working fine.
     
  6. Smorgan

    Smorgan Glitcher

    Mar 25, 2010
    1,855
    1,051
    60
    #26 Smorgan, Nov 4, 2014
    Last edited by a moderator: Apr 20, 2017
  7. Smorgan

    Smorgan Glitcher

    Mar 25, 2010
    1,855
    1,051
    60
    PS MR jinjie can you please clear your inbox :p
     
  8. pjoter

    pjoter MDL Novice

    Nov 2, 2014
    49
    30
    0
    Apparently it is also better to use "0.0.0.0" instead of the usual "127.0.0.1" in the hosts file
    this resolves some slowdown issues due to a changed "TCP loopback interface" in Windows 8.
     
  9. Mr Jinje

    Mr Jinje MDL Expert

    Aug 19, 2009
    1,770
    1,101
    60
    Thanks for confirming.