Patch by version.dll

dllmain.cpp

#include <windows.h>

#pragma comment (linker, "/export:GetFileVersionInfoA=c:\\windows\\system32\\version.GetFileVersionInfoA,@1")
#pragma comment (linker, "/export:GetFileVersionInfoByHandle=c:\\windows\\system32\\version.GetFileVersionInfoByHandle,@2")
#pragma comment (linker, "/export:GetFileVersionInfoExW=c:\\windows\\system32\\version.GetFileVersionInfoExW,@3")
#pragma comment (linker, "/export:GetFileVersionInfoSizeA=c:\\windows\\system32\\version.GetFileVersionInfoSizeA,@4")
#pragma comment (linker, "/export:GetFileVersionInfoSizeExW=c:\\windows\\system32\\version.GetFileVersionInfoSizeExW,@5")
#pragma comment (linker, "/export:GetFileVersionInfoSizeW=c:\\windows\\system32\\version.GetFileVersionInfoSizeW,@6") 
#pragma comment (linker, "/export:GetFileVersionInfoW=c:\\windows\\system32\\version.GetFileVersionInfoW,@7") 
#pragma comment (linker, "/export:VerFindFileA=c:\\windows\\system32\\version.VerFindFileA,@8")
#pragma comment (linker, "/export:VerFindFileW=c:\\windows\\system32\\version.VerFindFileW,@9")
#pragma comment (linker, "/export:VerInstallFileA=c:\\windows\\system32\\version.VerInstallFileA,@10")
#pragma comment (linker, "/export:VerInstallFileW=c:\\windows\\system32\\version.VerInstallFileW,@11")
#pragma comment (linker, "/export:VerLanguageNameA=c:\\windows\\system32\\version.VerLanguageNameA,@12") 
#pragma comment (linker, "/export:VerLanguageNameW=c:\\windows\\system32\\version.VerLanguageNameW,@13") 
#pragma comment (linker, "/export:VerQueryValueA=c:\\windows\\system32\\version.VerQueryValueA,@14")
#pragma comment (linker, "/export:VerQueryValueW=c:\\windows\\system32\\version.VerQueryValueW,@15")

// 校验证书有效期
VOID WINAPI MyGetSystemTime(LPSYSTEMTIME lpSystemTime) {
	SYSTEMTIME st = { 2012,2,1,1,1,1,1,1 };
	memcpy(lpSystemTime, &st, sizeof(SYSTEMTIME));
}

// 禁止检查更新弹框
int WINAPI MyWSAStartup(WORD wVersionRequired, LPWSADATA lpWSAData) {
	return 0;
}

// 签名校验，直接返回0表示成功
LONG WINAPI MyCertVerifyTimeValidity(
	LPFILETIME pTimeToVerify,
	PCERT_INFO pCertInfo) {
	return 0;
}

VOID Patch() {
	DWORD old;
	BYTE bSet[5] = { 0 };
	bSet[0] = 0xe9; // jmp xxx

	// HOOK GetLocalTime
	LPVOID TrueGetLocalTime = GetProcAddress(GetModuleHandle(L"kernel32"), "GetLocalTime");
	*(DWORD*)(bSet + 1) = (DWORD)MyGetSystemTime - (DWORD)TrueGetLocalTime - 5;
	VirtualProtect(TrueGetLocalTime, 5, PAGE_EXECUTE_READWRITE, &old);
	memcpy(TrueGetLocalTime, bSet, 5);

	// HOOK WSAStartup
	LPVOID TrueWSAStartup = GetProcAddress(LoadLibrary(L"ws2_32.dll"), "WSAStartup");
	*(DWORD*)(bSet + 1) = (DWORD)MyWSAStartup - (DWORD)TrueWSAStartup - 5;
	VirtualProtect(TrueWSAStartup, 5, PAGE_EXECUTE_READWRITE, &old);
	memcpy(TrueWSAStartup, bSet, 5);

	// HOOK CertVerifyTimeValidity
	LPVOID TrueCertVerifyTimeValidity = GetProcAddress(LoadLibrary(L"crypt32.dll"), "CertVerifyTimeValidity");
	*(DWORD*)(bSet + 1) = (DWORD)MyCertVerifyTimeValidity - (DWORD)TrueCertVerifyTimeValidity - 5;
	VirtualProtect(TrueCertVerifyTimeValidity, 5, PAGE_EXECUTE_READWRITE, &old);
	memcpy(TrueCertVerifyTimeValidity, bSet, 5);
}

BOOL APIENTRY DllMain(HMODULE hModule,
	DWORD  ul_reason_for_call,
	LPVOID lpReserved
)
{
	switch (ul_reason_for_call)
	{
	case DLL_PROCESS_ATTACH:
	{
		Patch();
		break;
	}
	case DLL_THREAD_ATTACH:
	case DLL_THREAD_DETACH:
	case DLL_PROCESS_DETACH:
		break;
	}
	return TRUE;
}