{"id":13705867,"url":"https://github.com/pbatard/winpatch","last_synced_at":"2025-10-26T19:02:17.744Z","repository":{"id":142324666,"uuid":"278897772","full_name":"pbatard/winpatch","owner":"pbatard","description":"Windows system file patcher","archived":false,"fork":false,"pushed_at":"2020-08-14T13:00:03.000Z","size":711,"stargazers_count":77,"open_issues_count":0,"forks_count":8,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-03-17T19:21:21.433Z","etag":null,"topics":["checksum-generation","digital-signature","dlls","drivers","patcher","pe32","pe64","windows"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pbatard.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2020-07-11T16:18:07.000Z","updated_at":"2025-03-17T14:01:59.000Z","dependencies_parsed_at":"2024-01-14T20:17:08.692Z","dependency_job_id":"9a0195ef-6567-48cc-b1f4-ecee70e8ed1d","html_url":"https://github.com/pbatard/winpatch","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pbatard%2Fwinpatch","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pbatard%2Fwinpatch/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pbatard%2Fwinpatch/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pbatard%2Fwinpatch/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pbatard","download_url":"https://codeload.github.com/pbatard/winpatch/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244717391,"owners_count":20498283,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["checksum-generation","digital-signature","dlls","drivers","patcher","pe32","pe64","windows"],"created_at":"2024-08-02T22:00:49.088Z","updated_at":"2025-10-26T19:02:17.667Z","avatar_url":"https://github.com/pbatard.png","language":"C","funding_links":[],"categories":["C"],"sub_categories":[],"readme":"winpatch: Windows system file patcher\n=====================================\n\n[![Build status](https://img.shields.io/appveyor/ci/pbatard/winpatch.svg?style=flat-square)](https://ci.appveyor.com/project/pbatard/winpatch)\n[![Release](https://img.shields.io/github/release-pre/pbatard/winpatch.svg?style=flat-square)](https://github.com/pbatard/winpatch/releases)\n[![Github stats](https://img.shields.io/github/downloads/pbatard/winpatch/total.svg?style=flat-square)](https://github.com/pbatard/winpatch/releases)\n[![Licence](https://img.shields.io/badge/license-GPLv3-blue.svg?style=flat-square)](https://www.gnu.org/licenses/gpl-3.0.en.html)\n\nDescription\n-----------\n\nThis commandline utility is intended to binary patch protected system files, such as drivers or DLLs,\nthat reside in a Windows system directory.\n\nThis is primarily meant to be used to apply necessary fixes to the drivers of a newly created system,\nsuch as a Windows To Go drive or a directory where a Windows 10 image has been applied.\n\nCompatibility\n-------------\n\nWindows 7 or later.\n\nCompilation\n-----------\n\nUse Visual Studio 2019 and invoke the `.sln` to compile.\n\nUsage\n-----\n\n```\nwinpatch [-bhiosvw] FILE [HEXVAL HEXVAL [HEXVAL HEXVAL [...]]\n```\n\nWhere `HEXVAL`s are paired values containing the hexadecimal data to search for,\nfollowed by the data you want to replace it with.\n\n`HEXVAL` can be of any size between 2 and 128 bytes. You can mix and match sizes,\nas long the value sizes in each pair are the same. No specific alignment is required\nfor the `HEXVAL`s, meaning that winpatch can match a word value starting at an odd\naddress. Values should be provided in big-endian mode i.e. in the same byte order as\nthe one they appear with in the hex-dump of the file.\n\nUnless you use option `-w`, winpatch will warn (once) if multiple instances of a\nspecific `HEXVAL` pair are patched.\n\nThe exit code of winpatch is the number of sections that were successfully patched\n(`0` if none) or a negative value on error.\n\nOptions\n-------\n\n* `-h`: Show help\n* `-b`: __DON'T__ create a backup before patching the file (DANGEROUS).\n* `-i`: Ignore patch values. Update the digital signature only.\n* `-o`: Overwrite the source with the backup (if any) before patching.\n* `-s`: Silent mode. No output except for errors.\n* `-v`: Slightly more verbose output.\n* `-w`: Don't warn when multiple instances of a patch are applied.\n\nExample\n-------\n\n![Screenshot](https://raw.githubusercontent.com/pbatard/winpatch/master/pics/Screenshot.png)\n\nLet's say you want to run Windows 10 ARM64 on a system where xHCI registers must be accessed through two\n32-bit accesses (such as the VL805 controller of the Raspberry Pi 4), but the Windows `USBXHCI.SYS` driver\nis enforcing 64-bit accesses, which results in a BSOD when trying to boot from an USB 3.0 drive.\n\nProvided that the driver for the system you want to patch resides in `F:\\Windows\\System32\\drivers\\`, then,\nfrom an elevated command prompt, you can use `winpatch` as follows:\n\n```\nwinpatch F:\\Windows\\System32\\drivers\\USBXHCI.SYS EA000037E8630091 EA000036E8630091 0A010037E8430091 0A010036E8430091\n```\n\nObviously, since you have patched a system file, you also have to disable signature enforcement with\nsomething like (assuming the BCD for that drive resides on an ESP mounted as `S:`):\n\n```\nbcdedit /store S:\\EFI\\Microsoft\\Boot\\BCD /set {default} testsigning on\nbcdedit /store S:\\EFI\\Microsoft\\Boot\\BCD /set {default} nointegritychecks on\n``` \n\nHow it works\n------------\n\nBesides the patching, winpatch performs the following:\n\n1. Take ownership of the system file if needed.\n2. Delete the existing digital signature, if any.\n3. Update the PE32 or PE64 checksum after patching.\n4. Apply a new self-signed digital signature.\n\nEach of these steps is required, because:\n\n1. System files are protected by Windows and you cannot alter them without taking ownership.\n2. If the file was patched, then the existing digital signature has become invalid.\n3. If you don't update the PE checksum, Windows produces BSODs during boot with error `0xc0000221`\n   (`STATUS_IMAGE_CHECKSUM_MISMATCH`) for the modified driver or DLL.\n4. Even with `testsigning` and `nointegritychecks` active, if a modified system file is not digitally\n   signed, Windows boots straight into recovery mode, with error code `0xc000000f` from `winload.exe`.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpbatard%2Fwinpatch","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpbatard%2Fwinpatch","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpbatard%2Fwinpatch/lists"}