Jump to content

UxTheme Signature Bypass


bigmuscle

Recommended Posts

Tried new 1.5.3 AG version... Neverending loop logon is stays as problem... I use UxTSB from 2016-10-19.

Author in 1.5.3 makes some corrections to boot procedure but it not helps with my problem...

P.S. Is there is any possibility to enable more detailed debug.log? My problem does not give me rest...

Edited by CKyHC
Link to comment
Share on other sites


You can create new DWORD EnableLogging in registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DWM and set it to 1. Although I'm afraid it won't give any more useful info for this scenario, but worth a try I suppose.

Edited by UCyborg
Link to comment
Share on other sites

You could try and see if it works in safe mode. There is a trick to get Aero Glass working in safe mode, first, install it as the service just to get rid of dependency on Task Scheduler (see http://www.msfn.org/board/topic/170945-uxtheme-signature-bypass/?do=findComment&comment=1136296), maybe you could just enable Task Scheduler in safe mode instead (I haven't tried), but this way, you keep things to a minimum, then, you have to add both Aero Glass and Themes services to the list of safe-mode enabled services (see the attachment).

AeroGlassSafeMode.zip

Link to comment
Share on other sites

53 minutes ago, UCyborg said:

You could try and see if it works in safe mode. There is a trick to get Aero Glass working in safe mode, first, install it as the service just to get rid of dependency on Task Scheduler (see http://www.msfn.org/board/topic/170945-uxtheme-signature-bypass/?do=findComment&comment=1136296), maybe you could just enable Task Scheduler in safe mode instead (I haven't tried), but this way, you keep things to a minimum, then, you have to add both Aero Glass and Themes services to the list of safe-mode enabled services (see the attachment).

AeroGlassSafeMode.zip

Thanks. I'll try this when I'll have time.

Link to comment
Share on other sites

  • 1 month later...

I wrote a simple and quick loader DLL for UxTSB DLL. It can be placed in the same folder as UxTSBxx.dll and installed with AppInit_DLLs method. The loader DLL will simply check if the process name is winlogon.exe or explorer.exe and only load the actual UxTSBxx.dll if it is then the loader DLL will be unloaded from memory. So AppInit_DLLs method can be used without breaking the ability to use .deskthemepack files and UxTSB DLL won't hang around in other processes.

UxTSBLoader.zip

Edited by UCyborg
Minor corrections
Link to comment
Share on other sites

On 01/05/2017 at 8:01 AM, UCyborg said:

I wrote a simple and quick loader DLL for UxTSB DLL. It can be placed in the same folder as UxTSBxx.dll and installed with AppInit_DLLs method. The loader DLL will simply check if the process name is winlogon.exe or explorer.exe and only load the actual UxTSBxx.dll if it is then the loader DLL will be unloaded from memory. So AppInit_DLLs method can be used without breaking the ability to use .deskthemepack files and UxTSB DLL won't hang around in other processes.

UxTSBLoader.zip

Nice work, just tested it and works as expected

Link to comment
Share on other sites

On 01.05.2017 at 1:01 AM, UCyborg said:

I wrote a simple and quick loader DLL for UxTSB DLL. It can be placed in the same folder as UxTSBxx.dll and installed with AppInit_DLLs method. The loader DLL will simply check if the process name is winlogon.exe or explorer.exe and only load the actual UxTSBxx.dll if it is then the loader DLL will be unloaded from memory. So AppInit_DLLs method can be used without breaking the ability to use .deskthemepack files and UxTSB DLL won't hang around in other processes.

UxTSBLoader.zip

Please give steps how to apply it to Aero Glass

Link to comment
Share on other sites

I do mess with Windows 8.1 and 10 virtual machines more frequently these days and see the effect of being thrown back to the login screen occasionally with Aero Glass' injection method. This morning, the Windows 10 machine even crashed with KERNEL_MODE_HEAP_CORRUPTION, something I've seen only on that OS when theme fails to load and the system isn't patched to accept them. Windows 8.1 in comparison just loops infinitely with a black screen. As an experiment, I wrote a bare-bones service some time ago that just injects DLL into winlogon.exe the same way as Aero Glass (CreateRemoteThread) and the logon problem can still occur, on Windows 8.1 as well.

When you think about it, it's not that strange. After all, you're at the mercy of how the scheduler schedules threads. With AppInit_DLLs, you get 100% reliability simply because everything is taken care of at the early stage when user32.dll loads. With CreateRemoteThread, you're randomly spawning the thread in the target process in undetermined state to load the library and hoping it'll work.

4 hours ago, neoandersen said:

Please give steps how to apply it to Aero Glass

It's independent of Aero Glass, the only important thing is you put all DLLs in the same folder and the path to that folder doesn't contain spaces. Also, it won't work on systems with secure boot enabled and future updates to Windows 10 may throw out AppInit_DLLs mechanism entirely.

The UxTSB DLLs are in here: http://glass8.eu/out/UxTSB-2016-10-19.7z

Then get my ZIP file and put the appropriate DLL in the same folder as UxTSBxx.dll. For both archives, you pick the DLL with the number 64 in the name assuming you have 64-bit  Windows.

Then install with the correct registry file I'm attaching below. It assumes you've put the DLLs in C:\AeroGlass, which can be corrected with Notepad if needed.

UxTSB64Loader.reg

UxTSB32Loader.reg

Link to comment
Share on other sites

On 07.05.2017 at 7:10 PM, UCyborg said:

I do mess with Windows 8.1 and 10 virtual machines more frequently these days and see the effect of being thrown back to the login screen occasionally with Aero Glass' injection method. This morning, the Windows 10 machine even crashed with KERNEL_MODE_HEAP_CORRUPTION, something I've seen only on that OS when theme fails to load and the system isn't patched to accept them. Windows 8.1 in comparison just loops infinitely with a black screen. As an experiment, I wrote a bare-bones service some time ago that just injects DLL into winlogon.exe the same way as Aero Glass (CreateRemoteThread) and the logon problem can still occur, on Windows 8.1 as well.

When you think about it, it's not that strange. After all, you're at the mercy of how the scheduler schedules threads. With AppInit_DLLs, you get 100% reliability simply because everything is taken care of at the early stage when user32.dll loads. With CreateRemoteThread, you're randomly spawning the thread in the target process in undetermined state to load the library and hoping it'll work.

It's independent of Aero Glass, the only important thing is you put all DLLs in the same folder and the path to that folder doesn't contain spaces. Also, it won't work on systems with secure boot enabled and future updates to Windows 10 may throw out AppInit_DLLs mechanism entirely.

The UxTSB DLLs are in here: http://glass8.eu/out/UxTSB-2016-10-19.7z

Then get my ZIP file and put the appropriate DLL in the same folder as UxTSBxx.dll. For both archives, you pick the DLL with the number 64 in the name assuming you have 64-bit  Windows.

Then install with the correct registry file I'm attaching below. It assumes you've put the DLLs in C:\AeroGlass, which can be corrected with Notepad if needed.

UxTSB64Loader.reg

UxTSB32Loader.reg

thank you. but still does not work properly.

Link to comment
Share on other sites

The only issue I've encountered so far is inability to set the theme with Settings app on Win10 Creators Update. The workarounds are described some posts back. Obviously the easiest solution might be waiting for new Aero Glass build and use its method for UxTSB.dll injection which should take care of these things automatically. If there are reliability issues with said method, the workaround is to have it sit on login screen for few seconds. Multiple user accounts or one password-protected account without enabling auto-login feature accomplishes that and allows things to settle.

Link to comment
Share on other sites

  • 3 months later...

Aero Glass 1.5.4 (12.8.2017), 1.5.5 (20.8.2017) and now(!) 1.5.6 (10.9.2017) not inject UxTSB.dll in SystemSettings.exe.

Windows RS2 new Personalization Panel can't apply unsigned themes.

No bugfix after month.

Link to comment
Share on other sites

  • 1 month later...
  • 9 months later...

UxTSB stops to work on build 17134.191

3rd party visual styles didn't work. On applying screen is goes black and my integrated Intel HD 530 driver stops to work!

In log all right, UxTSB injects into all processes normal without errors.

I tried to add visual style to registry manually and reboot, but it leads to neverending logon with black screen.

On 17134.165 all works fine, 3rd party visual styles works.

Looks like it's need to update UxTSB.dll

Edited by CKyHC
Link to comment
Share on other sites

I really liked being able to re-theme the controls, but I abandoned trying to do so a while ago.  There are just too many gotchas, for example a system that just black screens after an in-place upgrade because you forgot to disable the 3rd party theme.

Microsoft is going to have their way, and there's really nothing we can do about it.

-Noel

Link to comment
Share on other sites

6 minutes ago, NoelC said:

I really liked being able to re-theme the controls, but I abandoned trying to do so a while ago.  There are just too many gotchas, for example a system that just black screens after an in-place upgrade because you forgot to disable the 3rd party theme.

Microsoft is going to have their way, and there's really nothing we can do about it.

-Noel

But many time up to 17134.165 UxTSB works fine... Only on 17134.191 stop to work... Maybe MS changed something in signing visual styles?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...