_____ __ __ __ ____________ _____ ________ / _ \ ____ / |_|__/ \ / \______ \/ _ \ \_____ \ / /_\ \ / \ __| \ \/\/ /| ___/ /_\ \ _(__ < / | | | | | | |\ / | | / | \ / \ \____|____|___|__|__| |__| \__/\ / |____| \____|____/ /______ / \/ \/ Let's activate later... Version 3.4.6 for x64 and x86 -------------------------------------------------------------------- How to use: Start AntiWPA3.cmd to install/uninstall the patch What the patch modifies: * HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AntiWPA is added to Registry * File C:\windows\system32\AntiWPA.dll is added * HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents] data for "OOBETimer" is changed {=OOBE} * rundll32 setupapi,InstallHinfSection DEL_OOBE_ACTIVATE 132 syssetup.inf rundll32 setupapi,InstallHinfSection RESTORE_OOBE_ACTIVATE 132 syssetup.inf is executed which will remove/restore WPA-links from the startmenu How it works: It tricks (hooks user32.dll! GetSystemMetrics(SM_CLEANBOOT{=0x43}) & ntdll.dll!NtLockProductActivation) winlogon.exe to make it believe it was booted in safemode,thus, winlogon skips the WPA-Check. *Note (...because some ppl were concered about): The hooks *ONLY* affect winlogon.exe! They *DO NOT* affect any other exe or dll. The patch auto-runs on each start before the WPA-check via: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AntiWPA The hooks are applied when AntiWPA.dll!onLogon is called by winlogon.exe. The Winlogon.exe file on the harddisk is not altered anymore. Patching (API-Hooking) is done in memory, so there are no problems with Windows System File Protection. Installation is performed via AntiWPA.dll!DllRegisterServer ("regsvr32 AntiWPA.dll"). The file is copied to systemdir and the registrykeys are added. (Note: AntiWPA.dll is no ActiveX selfregisterdll.) Uninstallation is done via AntiWPA.dll!DllUnRegisterServer ("regsvr32 -u AntiWPA.dll"). ================================================== F A Q - Frequently Asked Questions ================================================== ???????????????????????????????????????????????????????????????????????????????? How to check if it's really active ???????????????????????????????????????????????????????????????????????????????? check if antiwpa.dll is loaded enter in console (cmd.exe) TASKLIST /M /FI "MODULES eq antiwpa.dll" Check and see if you have the Process Winlogon.exe as output ???????????????????????????????????????????????????????????????????????????????? I have Install AntiWPA 2.00. Should I uninstall it to update? ???????????????????????????????????????????????????????????????????????????????? They both work well. They both ‘target’ the same function in Winlogon.exe, so it’s running well - don’t touch it (Never touch a running system.) ???????????????????????????????????????????????????????????????????????????????? Do I have to reinstall every AntiWPA 3 after I've installed a servicepack ? ???????????????????????????????????????????????????????????????????????????????? No, you don't need to. The patch isn’t undone by service packs anymore. Since it doesn't modify winlogon.exe, it's no problem if winlogon.exe is replaced by a new version. ???????????????????????????????????????????????????????????????????????????????? What is the difference between AntiWPA 2 & AntiWPA 3? ???????????????????????????????????????????????????????????????????????????????? AntiWPA 2 directly modified winlogon.exe (on hard disk) to make it skip over the product activation check. AntiWPA 3 intercepts (in memory via API-Import-Hooking) winlogon.exe's request to the OS whether Windows was booted into Safe-Mode or not. It makes the OS always return "yes", even if Windows is running in 'normal mode', winlogon is thinking it's running in safemode and skips the product activation check. ???????????????????????????????????????????????????????????????????????????????? How do I integrate it into Windows Setup? ???????????????????????????????????????????????????????????????????????????????? I haven't done/tried this yet. What you would have to do is manage these tasks somehow: 1. Add antiwpa.dll to the installation package 2. make it execute once "regsvr32 /s antiwpa.dll" (or "rundll32 antiwpa.dll, DllRegisterServer") http://forums.cjb.net/antiwpa3-about47.html for more about Thanks to Hackedout for his solution. Let me summarized it: 1. Copy i386 folder from the cd C:\i386 2. Execute "makecab.exe antiwpa.dll" Copy compressed file antiwpa.dl_ to C:\i386 3. Edit the following files from i386: DOSNET.INF [Files] ... d1,a_pnt518.ppd d1,antiwpa.dll <-insert that line d1,aaaamon.dll ... HIVESFT.INF [AddReg] search for 'Winlogon\Notify\cscdll' & insert the lines so it will look like that: ...HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify",,0x00000012 HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\antiwpa",,0x00000012 HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\antiwpa","DLLName",0x00000002,"antiwpa.dll" HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\antiwpa","Asynchronous",0x00010003,0 HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\antiwpa","Impersonate",0x00010001,0 HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\antiwpa","Logon",0x00000002,"onLogon" ...HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll",,0x00000012 TXTSETUP.SIF [SourceDisksFiles] search for 'aaaamon.dll' ... ...a_pnt518.ppd = 1,,,,,,,,3,3 antiwpa.dll = 1,,,,,,,2,0,0 ..aaaamon.dll = 1,,,,,,,2,0,0 4. Make sure that these files were saved/copied to C:\i386 Antiwpa.dl_ DOSNET.INF HIVESFT.INF TXTSETUP.SIF Done! Some (untested) proposals - if someone confirms that they work I will finally include them in the instructions * To make antiwpa.dll to remove the activationlinks from the start menu add the following line to 'HIVESFT.INF' HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce","antiwpa",0x00000002,"regsvr32 antiwpa.dll /s" OR !!! (but this is more experimental) replace the line HKLM,"SYSTEM\Setup","SetupType",0x00010003,1 with HKLM,"SYSTEM\Setup","SetupType",0x00010003,2 HKLM,"SYSTEM\Setup","CmdLine",0x00000002,"regsvr32 antiwpa.dll /s" theoretical it should start antiwpa-install instead of the OOBE-Let's activate at first start so it works you can also leave out the 'HKLM,Winlogon\Notify'-part * leave out the 'DOSNET.INF'-part I seem be unnecessary and to only cause an file not found error in the 'dos' file coping stage --------------------------------------------------- And to draw some other solution posted by some guest: 1. Copy CD content to C:\WindowsCD\ 2. Use setupmgr.exe to create an answer file add the following in the "Run Once" section of setup manager: "%SYSTEMDRIVE%\antiwpa.dll" Unattend.txt/winnt.sif should now include the following section: [GuiRunOnce] Command0="regsvr32 /s %SYSTEMDRIVE%\antiwpa.dll" Edit the [Unattended] section, changing OemPreinstall=No to OemPreinstall=Yes copy winnt.sif to the C:\WindowsCD\i386 folder 3. copy antiwpa.dll to C:\WindowsCD\$oem$\$1\ (Create Folder) Note: All files contained in the "\$oem$\$1" folder will be copied to the C: drive during installation. Before-WPA-emergency console: ----------------------------- This will setup some kind of emerency console. The program specified in CmdLine will be run before the normal logonscreen and before the WPA-Check. Now you don't need to boot in safemode if something went wrong. REGEDIT4 [HKEY_LOCAL_MACHINE\SYSTEM\Setup] "SetupType"=dword:00000002 "CmdLine"=""C:\Total Commander\TOTALCMD.EXE" Deny the user 'system' writeaccess(Set value) on HKEY_LOCAL_MACHINE\SYSTEM\Setup or the system change SetupType value after each logon. You can use explorer.exe as CmdLine but note it might cause problems later. Reseting the Activation Trial: ------------------------------ Simply execute 'rundll32.exe syssetup,SetupOobeBnk'. That is some kind of offical way to rest the Activation Trial. Take Care it will work only work for about 4 times. A 'total reset' is not very userfriend and described in detail here. http://free.pages.at/cw2k/src/doc/Details%20about%20the%20WPA.htm Just to draw the picture you will need to export HKLM\System to a tmp reg-hive file. Import that reg-hive(or structure) file to delete HKLM\System\WPA and the Rest HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion "LicenseInfo"="" HKLM\SECURITY\Policy\Secrets\L${6B3E6424-AF3E-4bff-ACB6-DA535F0DDC0A} system32\WPA.DBL shutdown window and copy/overwite the reg-hivefile to system32\config\system from an other OS or the Windows-CD recovery console. ======================================================== A (boring) Step by Step to do a manual Install ======================================================== To do a Clean Uninstall: 1. Click on Start\Execute [Or press Winkey+R] and Enter regsvr32 antiwpa.dll -u -> you should get DllUnregisterServer succeded 2. Reboot 3. In the Explorer to c:\Windows\system32 and delete antiwpa.dll (Note it's important to use the explorer which is an 64-bit app because 32bit apps like the TotalCommander won't see the real system32-folder) Now do an Manuall install: 1. open the Antiwpa-V3.4.3\AMD64 dir 2. run regsvr32 antiwpa.dll well one way to do this is to copy antiwpa.dll to c:\ then click on Start\Execute and enter 'Cmd.exe' ein dos-console enter c: cd \ regsvr32 antiwpa.dll -> you should get DllregisterServer succeded Check the installation 1. now go c:\Windows\system32 and check if antiwpa.dll was successfully copied. 2. reboot 3. run "Start"\Execute 'Cmd.exe' and enter TASKLIST /M /FI "MODULES eq antiwpa.dll" Check if you get the Process Winlogon.exe as output (this will ensure that antiwpa.dll is loaded and is really active) Check the installation 1. Forward your date about 1 year and reboot 2. if you can login there is no doubt that antiwpa is really working if not boot in safemode restore your date and run ("Start"\Execute) rundll32.exe syssetup,SetupOobeBnk to reset the trial (but beware the this trick will only work for about 4 times!) 3. but I hope now everything is working If not setup the windows RemoteDesktop connection and mail connectioninfos to cw2k ät gmx.de ======================================================== AntiWPA.dll was done by ______ ________ ______ __ __ _______ ____ _______ | | | | |__ | |/ | | | || | |_ _| | ---| | | | __| < & | || |_ | | |______|________|______|__|\__| |___|___||_______||___| crackware2k@freenet.de --------------------------------------------------------------- History: 3.4.6 updated antiwpa-site-url in readme.txt Changed API-hook order maybe now it will also work on vista 3.4.4 Bugfix: Rename 32-bit dir back to x86\ Minor: readme updates Added IA64 Version 3.4.3 Baseaddress change to 0x5000 0000 to avoid to need to relocating the Dll 3.4.2 Bugfix: Relocating the Dll failed - set writeflag to .text-section to fix 3.4 Now it uses import hooks (instead of export ones): Disam part is not need anymore - Dll size reduced 3.3 Install/Uninstall routine for OOBE-Fix and remove activate-links added to AntiWPA.dll 3.2 Internal version (Not released) 3.1 Install/Uninstall routine via regsvr32 added to AntiWPA.dll Version info added to AntiWPA.dll 3.0 BETA initial Release Visit http://www.kammerl.de/ascii/AsciiSignature.php ASCII Text Signature Generator.