Jump to content

UxTheme Signature Bypass


bigmuscle

Recommended Posts

Instead of doing all this typing in to your registry manually which may allow for errors just take the below script and save to notepad with a .bat extension as AG-RegSetup.bat then just run it reboot and see what happens.

~DP

 

Edit: Updated batch script

@Echo Off:: AG-RegSetup.bat:: DosProbie-March 2015:: ADMIN(NET FILE||(Powershell -command Start-Process '%0' -Verb runAs -ArgumentList '%* '&Exit /B))>Nul 2>&1:: AERO GLASS REG SETTINGS FOR WINDOWS 10 Reg Add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows" /F /V "AppInit_DLLs" /T REG_SZ /D "%Systemdrive%\AeroGlass\ModernFrame.dll,%Systemdrive%\AeroGlass\UxThemeSignatureBypass64.dll"Echo.Reg Add "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows" /F /V "AppInit_DLLs" /T REG_SZ /D "%Systemdrive%\AeroGlass\UxThemeSignatureBypass32.dll"Echo.Reg Add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows" /V "LoadAppInit_DLLs" /T REG_DWORD /D 1 /FEcho.Reg Add "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows" /V "LoadAppInit_DLLs" /T REG_DWORD /D 1 /FEcho.Reg Add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows" /V "RequireSignedAppInit_DLLs" /T REG_DWORD /D 0 /FEcho.Reg Add "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows" /V "RequireSignedAppInit_DLLs" /T REG_DWORD /D 0 /FEcho.Timeout /t 3 /nobreak>NulExit
Edited by DosProbie
Link to comment
Share on other sites


 

Instead of doing all this typing in to your registry manually which may allow for errors just take the below script and save to notepad with a .cmd extension as DllAdd.cmd then just run it reboot and see what happens.

~DP

:: DllAdd.cmd@Echo Off(NET FILE||(powershell -command Start-Process '%0' -Verb runAs -ArgumentList '%* '&EXIT /B))>NUL 2>&1Reg Add "Hklm\Software\Microsoft\Windows NT\CurrentVersion\Windows" /F /V "AppInit_DLLs" /T REG_SZ /D "\"%Systemdrive%\AeroGlass\ModernFrame.dll,%Systemdrive%\AeroGlass\UxThemeSignatureBypass64.dll\"echo.pauseexit

Well I removed the quotes and now it's working again. The memory leak seems to have stopped as well. I'll try this method next if something fails

Link to comment
Share on other sites

  • 4 weeks later...

 

Instead of doing all this typing in to your registry manually which may allow for errors just take the below script and save to notepad with a .bat extension as AG-RegSetup.bat then just run it reboot and see what happens.

~DP

 

Edit: Updated batch script

@Echo Off:: AG-RegSetup.bat:: DosProbie-March 2015:: ADMIN(NET FILE||(Powershell -command Start-Process '%0' -Verb runAs -ArgumentList '%* '&Exit /B))>Nul 2>&1:: AERO GLASS REG SETTINGS FOR WINDOWS 10 Reg Add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows" /F /V "AppInit_DLLs" /T REG_SZ /D "%Systemdrive%\AeroGlass\ModernFrame.dll,%Systemdrive%\AeroGlass\UxThemeSignatureBypass64.dll"Echo.Reg Add "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows" /F /V "AppInit_DLLs" /T REG_SZ /D "%Systemdrive%\AeroGlass\UxThemeSignatureBypass32.dll"Echo.Reg Add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows" /V "LoadAppInit_DLLs" /T REG_DWORD /D 1 /FEcho.Reg Add "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows" /V "LoadAppInit_DLLs" /T REG_DWORD /D 1 /FEcho.Reg Add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows" /V "RequireSignedAppInit_DLLs" /T REG_DWORD /D 0 /FEcho.Reg Add "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows" /V "RequireSignedAppInit_DLLs" /T REG_DWORD /D 0 /FEcho.Timeout /t 3 /nobreak>NulExit

 

 

I noticed that the bat file above says "For Windows 10" does it also work on 8.1?

Edited by DarkKnight
Link to comment
Share on other sites

I've got to say that UxThemeBypass is MILES better than UxStyle.

 

I was getting tired of getting a black screen on reboot and having to do a pc refresh or sfc scan every time I had to uninstall UxStyle

Link to comment
Share on other sites

Black screens are not caused by the "hacking-SW" itself. Remember that this kind of software allows you to load unsigned theme.

So what happens when unsigned theme is stored in the registry but no such software is loaded? Theme loading will fail which results in the black screen.

Link to comment
Share on other sites

wasnt UxStyle also said to run in RAM by a service or whatever?

 

 

Yes, it ran from memory which wasn't the problem, when it was running it ran fine but when it came to uninstalling it was when it became a big pain in the a$$, it was a roll of the dice, sometimes it was easy but most times you pulled the hair from your head ....... EVEN if you followed the uninstall directions on their website. I would dread uninstalling it then having to reboot, knowing full well there was a 90% chance of getting a black screen on reboot.

99.9% of the time sfc scans / system restores wouldn't work to recover from the black screens on reboot when trying to uninstall, and when they did the system was too unstable to use so all one was resorted to was either a pc refresh or reset. I'm just so glad to be done with it.

 

 

Yes, it will happen when you normally try to load some unsigned theme manually. The problem can come when DWM wants to load unsigned theme, it will result in neverending crashing loop.

 

 

Doesn't really matter to me, I only run custom themes made by a hand full of people, as long as they run I have no problem with it, it's not like I download themes from all over the place.

Edited by DarkKnight
Link to comment
Share on other sites

 

 

Instead of doing all this typing in to your registry manually which may allow for errors just take the below script and save to notepad with a .bat extension as AG-RegSetup.bat then just run it reboot and see what happens.

~DP

 

Edit: Updated batch script

@Echo Off:: AG-RegSetup.bat:: DosProbie-March 2015:: ADMIN(NET FILE||(Powershell -command Start-Process '%0' -Verb runAs -ArgumentList '%* '&Exit /B))>Nul 2>&1:: AERO GLASS REG SETTINGS FOR WINDOWS 10 Reg Add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows" /F /V "AppInit_DLLs" /T REG_SZ /D "%Systemdrive%\AeroGlass\ModernFrame.dll,%Systemdrive%\AeroGlass\UxThemeSignatureBypass64.dll"Echo.Reg Add "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows" /F /V "AppInit_DLLs" /T REG_SZ /D "%Systemdrive%\AeroGlass\UxThemeSignatureBypass32.dll"Echo.Reg Add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows" /V "LoadAppInit_DLLs" /T REG_DWORD /D 1 /FEcho.Reg Add "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows" /V "LoadAppInit_DLLs" /T REG_DWORD /D 1 /FEcho.Reg Add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows" /V "RequireSignedAppInit_DLLs" /T REG_DWORD /D 0 /FEcho.Reg Add "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows" /V "RequireSignedAppInit_DLLs" /T REG_DWORD /D 0 /FEcho.Timeout /t 3 /nobreak>NulExit

 

 

I noticed that the bat file above says "For Windows 10" does it also work on 8.1?

 

It's Windows 10 because of 'ModernFrame.dll' just remove that section from the reg adds and it will work for 8.1 as well and with a 64-bit OS.

~DP

P.S. And yes the 'UxthemeSignatureBypass' method is a stroke of Genuis by BigMuscle, no need to use theme patchers any more like UltraUX or UxStyle.
Edited by DosProbie
Link to comment
Share on other sites

 

 

 

Instead of doing all this typing in to your registry manually which may allow for errors just take the below script and save to notepad with a .bat extension as AG-RegSetup.bat then just run it reboot and see what happens.

~DP

 

Edit: Updated batch script

@Echo Off:: AG-RegSetup.bat:: DosProbie-March 2015:: ADMIN(NET FILE||(Powershell -command Start-Process '%0' -Verb runAs -ArgumentList '%* '&Exit /B))>Nul 2>&1:: AERO GLASS REG SETTINGS FOR WINDOWS 10 Reg Add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows" /F /V "AppInit_DLLs" /T REG_SZ /D "%Systemdrive%\AeroGlass\ModernFrame.dll,%Systemdrive%\AeroGlass\UxThemeSignatureBypass64.dll"Echo.Reg Add "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows" /F /V "AppInit_DLLs" /T REG_SZ /D "%Systemdrive%\AeroGlass\UxThemeSignatureBypass32.dll"Echo.Reg Add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows" /V "LoadAppInit_DLLs" /T REG_DWORD /D 1 /FEcho.Reg Add "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows" /V "LoadAppInit_DLLs" /T REG_DWORD /D 1 /FEcho.Reg Add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows" /V "RequireSignedAppInit_DLLs" /T REG_DWORD /D 0 /FEcho.Reg Add "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows" /V "RequireSignedAppInit_DLLs" /T REG_DWORD /D 0 /FEcho.Timeout /t 3 /nobreak>NulExit

 

 

I noticed that the bat file above says "For Windows 10" does it also work on 8.1?

 

It's Windows 10 because of 'ModernFrame.dll' just remove that section from the reg adds and it will work for 8.1 as well and with a 64-bit OS.

~DP

P.S. And yes the 'UxthemeSignatureBypass' method is a stroke of Genuis by BigMuscle, no need to use theme patchers any more like UltraUX or UxStyle.

 

 

 

Hmmm ......... in waiting for a response, I have been using the batch file on Windows 8.1 with no adverse affects for about a week now?

 

Everything seems to be running fine, is there a way to undo the changes for Windows 10 if needed?

Edited by DarkKnight
Link to comment
Share on other sites

You should strive to understand what's being done, then it will become more clear how to undo it.

 

Specifically, the script above is adding several registry values in a specific places.  You can just remove them to undo the effect.

 

To disable the effect temporarily, you can change the values of LoadAppInit_DLLs in the two places to 0.  That will avert the loading of the UxThemeSignatureBypass64.dll and UxThemeSignatureBypass32.dll files.

 

-Noel

Edited by NoelC
Link to comment
Share on other sites

You should strive to understand what's being done, then it will become more clear how to undo it.

 

Specifically, the script above is adding several registry values in a specific places.  You can just remove them to undo the effect.

 

To disable the effect temporarily, you can change the values of LoadAppInit_DLLs in the two places to 0.  That will avert the loading of the UxThemeSignatureBypass64.dll and UxThemeSignatureBypass32.dll files.

 

-Noel

 

 

:yes:  Thanks Noel, I strive to learn all I can in most areas of computing but the registry is not one of them :no: , I leave that to others.

Much too complicated to deal with and honestly I don't want to be doing re-installs every time I mess up :realmad:

 

Most other areas of the pc, if you mess up, it's all good and can be fixed, not the registry. :no:

Link to comment
Share on other sites

The registry is essentially just a database, which Windows uses to guide its operations.  Adding and removing entries from that database is pretty straightforward, but you're right in being cautious; the registry editor allows you to do most anything, and you should understand before doing any registry edits yourself.

 

It's possible to craft a .reg file (or another script) that would remove those entries.  But it's really the kind of thing that ought to have a control panel-like applet to manage.  I know Big Muscle has developed one for the Aero Glass tool; perhaps he's working on one for this as well.

 

-Noel

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...