XCEBypass

 avatar
unknown
c_cpp
a year ago
3.8 kB
12
Indexable
#include <windows.h>
#include <string>

int main(void)
{
    std::string f_path("System\\CurrentControlSet\\Enum\\PCI");

    HKEY hkResult;
    DWORD errcode1 = RegOpenKeyEx(HKEY_LOCAL_MACHINE, (LPCSTR)f_path.c_str(), 0, KEY_ALL_ACCESS, &hkResult);
    if (ERROR_SUCCESS != errcode1) {
        printf("Unable to open registry key. Error code = %d\n", errcode1);
        exit(1);
    }

    TCHAR achKey[256];
    TCHAR nchKey[256];
    DWORD cbName;
    DWORD cSubKeys = 0;
    int MAX_KEY_LENGTH = 1024;

    RegQueryInfoKey(hkResult, NULL, NULL, NULL, &cSubKeys, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
    if (cSubKeys > 0){
        for (int a = 0; a < cSubKeys; a++){
            cbName = MAX_KEY_LENGTH;
            DWORD errcode2 = RegEnumKeyEx(hkResult, a, achKey, &cbName, NULL, NULL, NULL, NULL);
            if (errcode2 == ERROR_SUCCESS){
                std::string s_path = f_path + "\\" + achKey;
                HKEY sub_hkResult;
                DWORD errcode3 = RegOpenKeyEx(HKEY_LOCAL_MACHINE, (LPCSTR)s_path.data(), 0, KEY_ALL_ACCESS, &sub_hkResult);
                if (ERROR_SUCCESS == errcode3) {
                    DWORD nSubKeys = 0;
                    RegQueryInfoKey(sub_hkResult, NULL, NULL, NULL, &nSubKeys, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
                    if (nSubKeys > 0){
                        for (int b = 0; b < nSubKeys; b++){
                            DWORD errcode4 = RegEnumKeyEx(sub_hkResult, b, nchKey, &cbName, NULL, NULL, NULL, NULL);
                            if (errcode2 == ERROR_SUCCESS){
                                std::string t_path = s_path + "\\" + nchKey;
                                HKEY f_hkResult;
                                DWORD errcode4 = RegOpenKeyEx(HKEY_LOCAL_MACHINE, (LPCSTR)t_path.data(), 0, KEY_ALL_ACCESS, &f_hkResult);
                                if (ERROR_SUCCESS == errcode4) {
                                    DWORD bufsize = 0;
                                    if (ERROR_SUCCESS != RegQueryInfoKey(f_hkResult, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, &bufsize, NULL, NULL)) {
                                        continue;
                                    }
                                    LPBYTE buf = new BYTE[bufsize];
                                    DWORD query_errcode = RegQueryValueEx(f_hkResult, TEXT("ClassGUID"), NULL, NULL, buf, &bufsize);
                                    if (ERROR_SUCCESS == query_errcode) {
                                        if (strcmp((char*)buf, "{4d36e972-e325-11ce-bfc1-08002be10318}") == 0) {
                                            std::string new_friendly_name = "BypassXCError###390023";// change this to random value
                                            DWORD set_errcode = RegSetValueEx(f_hkResult, TEXT("FriendlyName"), 0, REG_SZ, (LPBYTE)new_friendly_name.data(), new_friendly_name.size());
                                            if (ERROR_SUCCESS == set_errcode) {
                                                printf("Bypass Success :)\n\n");
                                            }
                                            else {
                                                printf("Bypass Error :(\n\n");
                                            }
                                            break;
                                        }
                                    }
                                }
                                RegCloseKey(f_hkResult);
                            }
                        }
                    }
                }
                RegCloseKey(sub_hkResult);
            }
        }
    }
    RegCloseKey(hkResult);
    getchar();
    return 0;
}
Editor is loading...
Leave a Comment