From 4114dcad46efcf12ee4d09f06b715bbc57e80b14 Mon Sep 17 00:00:00 2001
From: Eric Kohl <eric.kohl@reactos.org>
Date: Tue, 18 Sep 2018 23:57:54 +0200
Subject: [PATCH] [ADVAPI32] Implement SystemFunction028 to always return the
 default session key.

---
 dll/win32/advapi32/misc/sysfunc.c | 26 +++++++++++++++++++++++---
 1 file changed, 23 insertions(+), 3 deletions(-)

diff --git a/dll/win32/advapi32/misc/sysfunc.c b/dll/win32/advapi32/misc/sysfunc.c
index b6bee622481..bbb8a69db4a 100644
--- a/dll/win32/advapi32/misc/sysfunc.c
+++ b/dll/win32/advapi32/misc/sysfunc.c
@@ -19,6 +19,8 @@
 
 static const unsigned char CRYPT_LMhash_Magic[8] =
     { 'K', 'G', 'S', '!', '@', '#', '$', '%' };
+static const unsigned char DefaultSessionKey[16] =
+    {'D', 'e', 'f', 'S', 'e', 's', 's', 'i', 'o', 'n', 'K', 'e', 'y', '!', '@', '#'};
 
 /******************************************************************************
  * SystemFunction001  [ADVAPI32.@]
@@ -446,17 +448,35 @@ WINAPI SystemFunction025(const BYTE *in, const BYTE *key, LPBYTE out)
 }
 
 /**********************************************************************
+ * SystemFunction028  [ADVAPI32.@]
+ *
+ * Retrieves an encryption session key...
+ *
+ * PARAMS
+ *   ContextHandle [I] RPC context handle
+ *   SessionKey    [O] buffer to receive the session key (16 bytes)
+ *
+ * RETURNS
+ *  Success: STATUS_LOCAL_USER_SESSION_KEY
  *
  * @unimplemented
  */
-INT
+NTSTATUS
 WINAPI
-SystemFunction028(INT a, INT b)
+SystemFunction028(
+    _In_ PVOID ContextHandle,
+    _Out_ LPBYTE SessionKey)
 {
-    //NDRCContextBinding()
+    /* HACK: Always return the default key */
+    memcpy(SessionKey, DefaultSessionKey, sizeof(DefaultSessionKey));
+    return STATUS_LOCAL_USER_SESSION_KEY;
+
+#if 0
+    //NDRCContextBinding();
     //SystemFunction034()
     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
     return 28;
+#endif
 }