In a previous post I wrote about patching update.exe to allow installing updates with modified .inf files.

A commenter asked how to do this for another build of update.exe, specifically version as is distributed with Windows 2003 SP2 (now what would he want to do with it?).

This is actually a very easy task with the knowledge of the previous post, so let me explain it here step by step.

First we open the target file in Ida and wait for the Autoanalysis to finish. Then go to the Functions window and look for the function IsInfFileTrusted:


Now doubleclick this function and watch the disassembly in the IDA View-A tab:


In this case we don’t really care what the function actually does, we just want to make it return always True.

In Ida options make it show the opcode bytes:


Make a note or screen dump of the opcode bytes.

Now go to the Edit menu | Patch program | Assemble and make it return True:



We can see the needed changes now:


Now make the changes with your favorite Hex Editor. For the really lazy people I attached the dUP2 file below.

Patch for Update.exe (864)