GithubHelp home page GithubHelp logo

fcccode / winpatch Goto Github PK

View Code? Open in Web Editor NEW

This project forked from pbatard/winpatch

0.0 0.0 0.0 182 KB

Windows system file patcher

License: GNU General Public License v3.0

Shell 1.07% C 98.93%

winpatch's Introduction

winpatch: Windows system file patcher

Build status Release Github stats Licence

Description

This commandline utility is intended to binary patch protected system files, such as drivers or DLLs, that reside in a Windows system directory.

This is primarily meant to be used to apply necessary fixes to the drivers of a newly created system, such as a Windows To Go drive or a directory where a Windows 10 image has been applied.

Compatibility

Windows 7 or later.

Compilation

Use Visual Studio 2019 and invoke the .sln to compile.

Example

Screenshot

Let's say you want to run Windows 10 ARM64 on a system where xHCI registers must be accessed through two 32-bit accesses (such as the VL805 controller of the Raspberry Pi 4), but the Windows USBXHCI.SYS driver is enforcing 64-bit accesses, which results in a BSOD when trying to boot from an USB 3.0 drive.

Provided that the driver for the system you want to patch resides in F:\Windows\System32\drivers\, then, from an elevated command prompt, you can use winpatch as follows:

winpatch F:\Windows\System32\drivers\USBXHCI.SYS 910063E8370000EA 910063E8360000EA 3700010AD5033F9F 3600010AD5033F9F

Obviously, since you have patched a system file, you also have to disable signature enforcement with something like (assuming the BCD for that drive resides on an ESP mounted as S:):

bcdedit /store S:\EFI\Microsoft\Boot\BCD /set {default} testsigning on
bcdedit /store S:\EFI\Microsoft\Boot\BCD /set {default} nointegritychecks on

How it works

Besides the patching (which currently must be aligned to 64-bit, i.e. winpatch does match with QWORDs that start at a 32-bit offset in the file), winpatch performs the following:

  1. Take ownership of the system file if needed.
  2. Delete the existing digital signature, if any.
  3. Update the PE32 or PE64 checksum after patching.
  4. Apply a new self-signed digital signature.

Each of these steps is required, because:

  1. System files are protected by Windows and you cannot alter them without taking ownership.
  2. If the file was patched, then the existing digital signature has become invalid.
  3. If you don't update the PE checksum, Windows produces BSODs during boot with error 0xc0000221 (STATUS_IMAGE_CHECKSUM_MISMATCH) for the modified driver or DLL.
  4. Even with testsigning and nointegritychecks active, if a modified system file is not digitally signed, Windows boots straight into recovery mode, with error code 0xc000000f from winload.exe.

winpatch's People

Contributors

imgbotapp avatar pbatard avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.