Jevil7452
Regular Member
Posts: 434
OS: Windows 7 Enterprise (6.1.7601)
Theme: Windows Aero by Microsoft Corporation
CPU: Intel Core i7-3770k
RAM: 32GB (4x8GB DDR3)
GPU: NVIDIA GeForce GTX 980 Ti + Intel(R) HD Graphics 4000
Computer Make/Model: OEM0
|
Post by Jevil7452 on Nov 18, 2023 10:43:17 GMT -8
WARNING: There is a chance you could mess up your Windows install by doing this. Also, I'm sure this will trigger every single anticheat on this planet. There is also a chance that unknown issues will occur.
Well, as it turns out, it is possible to modify user32's icons after all... This has been done by modifying the CI.DLL (Code Integrity) file to ignore invalid signatures, like the one you'll get on User32.dll after modifying it. Con: You need to manually select Disable Driver Signature Enforcement on each boot. This could also cause other, unknown issues.
I am also attaching a pre-patched ci.dll for 1803 only.
Attachments:ci.dll (710.31 KB)
|
|
|
|
Post by ephemeralViolette on Nov 18, 2023 16:04:10 GMT -8
Somewhat off-topic, but that BetaWorld tutorial seems quite useful. (While the top of the page is all in Chinese, there is an English translation if you scroll down.) I always wanted to know how to seamlessly nuke Code Integrity.
ALSO THIS MEANS YOU CAN MAKE ANY MODIFICATION TO SYSTEM FILES, NOT JUST CHANGING ICONS!!!!
|
|
Jevil7452
Regular Member
Posts: 434
OS: Windows 7 Enterprise (6.1.7601)
Theme: Windows Aero by Microsoft Corporation
CPU: Intel Core i7-3770k
RAM: 32GB (4x8GB DDR3)
GPU: NVIDIA GeForce GTX 980 Ti + Intel(R) HD Graphics 4000
Computer Make/Model: OEM0
|
Post by Jevil7452 on Nov 18, 2023 16:40:54 GMT -8
When i tried this, modded Explorer still didn't want to open. I'd imagine further modifications to ci.dll are needed for that to work.
|
|
AnyKey
Sophomore Member
Posts: 248
OS: Windows 10 Pro 22H2
Theme: XP Classic Theme
CPU: AMD Ryzen 7 3700X
RAM: 16 GB 1333 MHz DDR4
GPU: Nvidia Geforce RTX 2070 Super
|
Post by AnyKey on Dec 3, 2023 14:41:33 GMT -8
Does anyone know why MUI trick doesn't work for user32.dll?
|
|
|
|
Post by ephemeralViolette on Dec 3, 2023 18:37:58 GMT -8
Does anyone know why MUI trick doesn't work for user32.dll? The few icons that are embedded in user32 are usually displayed in a context where MUI is not used. MUI only performs resource direction if it's initialised within a process, if I understand correctly. |
|
AnyKey
Sophomore Member
Posts: 248
OS: Windows 10 Pro 22H2
Theme: XP Classic Theme
CPU: AMD Ryzen 7 3700X
RAM: 16 GB 1333 MHz DDR4
GPU: Nvidia Geforce RTX 2070 Super
|
Post by AnyKey on Dec 4, 2023 1:17:47 GMT -8
Does anyone know why MUI trick doesn't work for user32.dll? The few icons that are embedded in user32 are usually displayed in a context where MUI is not used. MUI only performs resource direction if it's initialised within a process, if I understand correctly. Thanks for the info. |
|
Jevil7452
Regular Member
Posts: 434
OS: Windows 7 Enterprise (6.1.7601)
Theme: Windows Aero by Microsoft Corporation
CPU: Intel Core i7-3770k
RAM: 32GB (4x8GB DDR3)
GPU: NVIDIA GeForce GTX 980 Ti + Intel(R) HD Graphics 4000
Computer Make/Model: OEM0
|
Post by Jevil7452 on Jun 8, 2024 5:32:26 GMT -8
BUMP: If you use EfiGuard to bypass PatchGuard, you can seamlessly boot into a Windows install with modded ci.dll/user32.dll (so no need to select disable driver signature enforcement), but you still need to mod ci.dll in the first place.
|
|
|
|
Post by Brawllux on Jun 8, 2024 8:27:08 GMT -8
Just a basic question. If we are gonna disable signature checks while booting every time anyway what is the point of editing ci.dll to ignore invalid signatures?
Can't you just edit user32.dll and disable signature checks while booting to achieve the same thing?
|
|
Jevil7452
Regular Member
Posts: 434
OS: Windows 7 Enterprise (6.1.7601)
Theme: Windows Aero by Microsoft Corporation
CPU: Intel Core i7-3770k
RAM: 32GB (4x8GB DDR3)
GPU: NVIDIA GeForce GTX 980 Ti + Intel(R) HD Graphics 4000
Computer Make/Model: OEM0
|
Post by Jevil7452 on Jun 8, 2024 8:35:05 GMT -8
If you don't edit ci.dll, you will get a BSOD on boot with error code 0xc000021a (STATUS_SYSTEM_PROCESS_TERMINATED)
If you edit ci.dll, you'll not get a BSOD, but you need to choose disable driver signature enforcement on every boot
If you use EfiGuard along with that, it'll work. You don't even need Test Signing or NO_INTEGRITY_CHECKS.
|
|
|
|
Post by Brawllux on Jun 8, 2024 8:42:25 GMT -8
If you don't edit ci.dll, you will get a BSOD on boot with error code 0xc000021a (STATUS_SYSTEM_PROCESS_TERMINATED) If you edit ci.dll, you'll not get a BSOD, but you need to choose disable driver signature enforcement on every boot If you use EfiGuard along with that, it'll work. You don't even need Test Signing or NO_INTEGRITY_CHECKS. Oh,i see. Thanks for the explanation. |
|
|
|
Post by The Jackal on Jun 8, 2024 15:18:39 GMT -8
What about using that Resource Redirect windhawk mod?
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Jun 8, 2024 15:46:56 GMT -8
What about using that Resource Redirect windhawk mod? Doesn't work |
|
|
|
Post by The Jackal on Jun 9, 2024 8:59:59 GMT -8
What about using that Resource Redirect windhawk mod? Doesn't work That's a shame. Cheers. |
|
golddl
Freshman Member
Posts: 52
OS: Windows 10, Windows 7
Theme: Toxic (W10), Seven Milestone 2 Aero (Opaque Maximized Windows)(W7)
|
Post by golddl on Jun 9, 2024 13:33:48 GMT -8
Why is the icon censored?
|
|
|
|
Post by Brawllux on Jun 9, 2024 13:54:39 GMT -8
Why is the icon censored? That is the modified icon,painted over with a brush lol. Attachments:
|
|
Jevil7452
Regular Member
Posts: 434
OS: Windows 7 Enterprise (6.1.7601)
Theme: Windows Aero by Microsoft Corporation
CPU: Intel Core i7-3770k
RAM: 32GB (4x8GB DDR3)
GPU: NVIDIA GeForce GTX 980 Ti + Intel(R) HD Graphics 4000
Computer Make/Model: OEM0
|
Post by Jevil7452 on Jun 9, 2024 20:41:25 GMT -8
|
|
malcolm
Freshman Member
Posts: 81
OS: Windows 8.1 Pro
Theme: XP Luna 8.1 (My Own)
CPU: AMD Ryzen 9 5900X
RAM: 32GB
GPU: Nvidia GTX 1080Ti
Computer Make/Model: My Own
|
Post by malcolm on Jul 5, 2024 17:43:57 GMT -8
I remember when I first switched from XP to Windows 8.1 I used something called Resource Hacker or something to change system icons and make it all look more like XP.
When I was doing that and using Resource Hacker to modify a 8.1 theme (I didn't have WSB or msstyles or whatever it's called) I remember painting on the icons and buttons and other image files so I can find out where they are.
Once a big red streak appeared on a Toolbar I realised I found the right one.
:-)
|
|
|
|
Post by cetav13115 on Sept 28, 2024 21:34:45 GMT -8
What about using that Resource Redirect windhawk mod? Doesn't work Semi-related, however. I was interested in loading cursors out of a dll as system cursors. Long story short Windows has a very restricted exclusive call to do that only from user32.dll After modifying user32.dll and using the Windhawk mod, nothing happened closing and re-opening mouse properties didn't work same with restarting. However this AI generated AHK script actually made custom cursors load out of user32.dll
LoadCursorAndSetSystem(100, 32626) ; Alternative (Cross)
; Load user32.dll
hModule := DllCall("GetModuleHandle", "Str", "user32.dll")
if (!hModule) {
MsgBox, Failed to get module handle for user32.dll.
return
}
; Function to load and set a system cursor
LoadCursorAndSetSystem(cursorId, systemCursorId) {
global hModule
hCursor := DllCall("LoadCursor", "UPtr", hModule, "Int", cursorId)
if (!hCursor) {
MsgBox, Failed to load cursor with ID %cursorId%.
return false
}
result := DllCall("SetSystemCursor", "UPtr", hCursor, "Int", systemCursorId)
if (!result) {
MsgBox, Failed to set system cursor with ID %systemCursorId%.
return false
}
return true
}
; Load and set cursors
LoadCursorAndSetSystem(100, 32512) ; Arrow
LoadCursorAndSetSystem(101, 32513) ; I-Beam
LoadCursorAndSetSystem(112, 32651) ; Help
LoadCursorAndSetSystem(111, 32650) ; Work in Background
LoadCursorAndSetSystem(102, 32649) ; Busy
LoadCursorAndSetSystem(103, 32648) ; Precision Select
LoadCursorAndSetSystem(113, 32663) ; Handwriting
LoadCursorAndSetSystem(110, 32642) ; Unavailable
LoadCursorAndSetSystem(108, 32645) ; Vertical Resize
LoadCursorAndSetSystem(107, 32644) ; Horizontal Resize
LoadCursorAndSetSystem(109, 32646) ; Move
LoadCursorAndSetSystem(109, 32516) ; IDC_UPARROW
LoadCursorAndSetSystem(105, 32643) ; Diagonal Resize 1 (NWSizing)
I'm guessing the ahk somehow tells the system to re-check the dll or something.
|
|
tamer
New Member
Posts: 4
|
Post by tamer on Oct 25, 2024 5:43:45 GMT -8
For some reason win10 sometimes keeps resetting the mouse cursors to default ones that appears to be embedded in user32.dll. It doesn't happen too often, and i'm not sure what triggers this (once switched the dark theme in Wing IDE, another time by running some uwp app and yesterday by running the program in Sandboxie, that previously didn't cause such an issue). I thought it would be a simple solution to replace the cursor resources in dll, but it appears not so trivial without patching.
|
|
