In a previous post I wrote about patching update.exe to allow installing updates with modified .inf files.

A commenter asked how to do this for another build of update.exe, specifically version 6.3.4.1 as is distributed with Windows 2003 SP2 (now what would he want to do with it?).

This is actually a very easy task with the knowledge of the previous post, so let me explain it here step by step.

First we open the target file in Ida and wait for the Autoanalysis to finish. Then go to the Functions window and look for the function IsInfFileTrusted:

Ida1

Now doubleclick this function and watch the disassembly in the IDA View-A tab:

Ida2

In this case we don’t really care what the function actually does, we just want to make it return always True.

In Ida options make it show the opcode bytes:

Ida3

Make a note or screen dump of the opcode bytes.

Now go to the Edit menu | Patch program | Assemble and make it return True:

Ida4

Ida5

We can see the needed changes now:

Ida6

Now make the changes with your favorite Hex Editor. For the really lazy people I attached the dUP2 file below.

Patch for Update.exe 6.3.4.1 (874 downloads)