Skip to content

Instantly share code, notes, and snippets.

@nelsonjchen

nelsonjchen/driversign.c

Created August 11, 2017 23:21
Show Gist options
  • Save nelsonjchen/ca83303c1ec181ba437d399d69c7d3ff to your computer and use it in GitHub Desktop.
Save nelsonjchen/ca83303c1ec181ba437d399d69c7d3ff to your computer and use it in GitHub Desktop.
Download ZIP
Windows XP Driver signing on and off
Raw
driversign.c
#include <windows.h>
#include <wincrypt.h>
#include <stdio.h>
#define HP_HASHVALUE HP_HASHVAL
/* This program turns the Driver signing Policy On/Off for Windows XP
* Written by Stefan `Sec` Zehl <sec@xxxxxx>, 15.11.2004
*
* Thanks to sysinternals.com for regmon and apispy
* to msdn.microsoft.com for windows reference
* to cygwin for their environment
*/
void MyHandleError(char *s){
printf("Error: %s, number %x\n.",s,(unsigned int)GetLastError());
exit(1);
}
//--------------------------------------------------------------------
int main(int argc, char* argv[])
{
if ((argc < 2) || (argc > 2))
{
printf( "usage: %s [on|off]", argv[0] );
exit(1);
}
//printf("argc = %x\n",argc);
//for(int i = 0; i < argc; i++)
// printf("argv[%x] = %s\n",i,argv[i]);
//return 0;
BYTE ignoreOn;
if (strcmp(argv[1], "on"))
{
ignoreOn=0;
}
else if (strcmp(argv[1], "off"))
{
ignoreOn=1;
}
else
{
printf( "usage: %s [on|off]", argv[0] );
exit(1);
}
printf("yay=%x",ignoreOn);
//exit(1);
HCRYPTPROV hCryptProv;
HCRYPTHASH hHash;
BYTE data[16];
DWORD len;
DWORD seed;
HKEY hkey;
// BYTE ignoreOn=0; // This is the On/Off toggle
char input[4];
int x;
// HKLM\System\WPA\PnP\seed
if(RegOpenKeyEx(
HKEY_LOCAL_MACHINE,
L"System\\WPA\\PnP",
0,
KEY_READ,
&hkey
)==ERROR_SUCCESS){
printf("RegOpenKey sucess\n");
}else{
printf("RegOpenKey failure\n");
};
len=sizeof(seed);
if(RegQueryValueEx(
hkey,
L"seed",
NULL,
NULL,
(BYTE*)&seed,
&len
)==ERROR_SUCCESS){
printf("RegQueryValue sucess\n");
}else{
printf("RegQueryValue failure\n");
};
if(hkey)
RegCloseKey(hkey);
printf("Seed=%x\n",(unsigned int)seed);
if(CryptAcquireContext(
&hCryptProv,
NULL,
NULL,
PROV_RSA_FULL,
0)) // flag values
{
printf("A cryptographic context has been acquired.\n\n");
}
else
{
if (GetLastError() == NTE_BAD_KEYSET)
{
if(CryptAcquireContext(
&hCryptProv,
NULL,
NULL,
PROV_RSA_FULL,
CRYPT_NEWKEYSET))
{
printf("A new key container has been created.\n");
}
else
{
printf("Could not create a new key container.\n");
exit(1);
}
}
else
{
printf("A cryptographic service handle could not be "
"acquired.\n");
exit(1);
}
} // End of else.
//--------------------------------------------------------------------
// Create a hash object.
if(CryptCreateHash(
hCryptProv,
CALG_MD5,
0,
0,
&hHash))
{
printf("An empty hash object has been created. \n");
} else {
MyHandleError("Error during CryptBeginHash!\n");
}
//--------------------------------------------------------------------
// Compute the cryptographic hash on the data.
input[0]=0;
input[1]=ignoreOn; // This is the Value!
input[2]=0;
input[3]=0;
if(CryptHashData(
hHash,
(BYTE*)input,
sizeof(input),
0))
{
printf("The data has been hashed. \n");
} else {
MyHandleError("Error during CPHashData!\n");
}
//--------------------------------------------------------------------
if(CryptHashData(
hHash,
(BYTE*)&seed,
sizeof(seed),
0))
{
printf("The data has been hashed. \n");
} else {
MyHandleError("Error during CPHashData!\n");
}
//--------------------------------------------------------------------
len=sizeof(data);
if( CryptGetHashParam(
hHash,
HP_HASHVALUE,
data,
&len,
0))
{
printf("The hash has been retrieved. \n");
} else {
MyHandleError("Error during CPGetHashParam!\n");
}
//--------------------------------------------------------------------
// Clean up.
// Destroy the hash object.
if(hHash) {
if(!(CryptDestroyHash(hHash)))
MyHandleError("Error during CryptDestroyHash");
}
// Release the CSP.
if(hCryptProv) {
if(!(CryptReleaseContext(hCryptProv,0)))
MyHandleError("Error during CryptReleaseContext");
}
printf("Hash: ");
for(x=0;x<sizeof(data);x++){
printf("%x ",data[x]);
};
printf("\nCreate md5 hash completed without error. \n");
//--------------------------------------------------------------------
// HKLM\Software\Microsoft\Windows\CurrentVersion\Setup\PrivateHash
if(RegOpenKeyEx(
HKEY_LOCAL_MACHINE,
L"Software\\Microsoft\\Windows\\CurrentVersion\\Setup",
0,
KEY_WRITE,
&hkey
)==ERROR_SUCCESS){
printf("RegOpenKey sucess\n");
}else{
printf("RegOpenKey failure\n");
};
len=sizeof(seed);
if(RegSetValueEx(
hkey,
L"PrivateHash",
0,
REG_BINARY,
data,
sizeof(data)
)==ERROR_SUCCESS){
printf("RegSetValueEx sucess\n");
}else{
printf("RegSetValueEx failure\n");
};
if(hkey)
RegCloseKey(hkey);
//--------------------------------------------------------------------
// HKLM\Software\Microsoft\Driver Signing\Policy
if(RegOpenKeyEx(
HKEY_CURRENT_USER,
L"Software\\Microsoft\\Driver Signing",
0,
KEY_WRITE,
&hkey
)==ERROR_SUCCESS){
printf("RegOpenKey sucess\n");
}else{
printf("RegOpenKey failure\n");
};
len=sizeof(seed);
if(RegSetValueEx(
hkey,
L"Policy",
0,
REG_BINARY,
&ignoreOn,
1
)==ERROR_SUCCESS){
printf("RegSetValueEx sucess\n");
}else{
printf("RegSetValueEx failure\n");
};
if(hkey)
RegCloseKey(hkey);
//--------------------------------------------------------------------
// HKLM\Software\Microsoft\Driver Signing\Policy
if(RegOpenKeyEx(
HKEY_LOCAL_MACHINE,
L"Software\\Microsoft\\Driver Signing",
0,
KEY_WRITE,
&hkey
)==ERROR_SUCCESS){
printf("RegOpenKey sucess\n");
}else{
printf("RegOpenKey failure\n");
};
len=sizeof(seed);
if(RegSetValueEx(
hkey,
L"Policy",
0,
REG_BINARY,
&ignoreOn,
1
)==ERROR_SUCCESS){
printf("RegSetValueEx sucess\n");
}else{
printf("RegSetValueEx failure\n");
};
if(hkey)
RegCloseKey(hkey);
exit(0);
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment