AntiWPA Forum

Full Version: AntiWPA v3.4.6 [x64 and x86]
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2
Let's activate later...
Version 3.4.6 for x64 and x86

How to use:
Start AntiWPA3.cmd to install/uninstall the patch

What the patch modifies:
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AntiWPA
is added to Registry

* File C:\windows\system32\AntiWPA.dll is added

* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents]
data for "OOBETimer" is changed {=OOBE}

* rundll32 setupapi,InstallHinfSection DEL_OOBE_ACTIVATE 132 syssetup.inf
rundll32 setupapi,InstallHinfSection RESTORE_OOBE_ACTIVATE 132 syssetup.inf
is executed which will remove/restore WPA-links from the startmenu

How it works:

It tricks winlogon.exe to make it believe it was booted in safemode,thus, winlogon skips
the WPA-Check. The trick is done by redirecting(=hooking) the windows function
(user32.dll!GetSystemMetrics(SM_CLEANBOOT{=0x43}) & ntdll.dll!NtLockProductActivation)
in memory to antiwpa.dll so winlogon 'thinks' was booted in safemode.
*Note (...because some ppl were concered about): The patch do not alter any
files on harddisk nor the hooks affects any other exe or dll in memory than

The patch auto-runs on each start before the WPA-check via:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AntiWPA

The hooks are applied when AntiWPA.dll!onLogon is called by winlogon.exe.
The Winlogon.exe file on the harddisk is not altered anymore.
Patching (API-Hooking) is done in memory, so there are no problems with
Windows System File Protection.

Installation is performed via AntiWPA.dll!DllRegisterServer ("regsvr32 AntiWPA.dll").
The file is copied to systemdir and the registrykeys are added.
(Note: AntiWPA.dll is no ActiveX selfregisterdll.)
Uninstallation is done via AntiWPA.dll!DllUnRegisterServer ("regsvr32 -u AntiWPA.dll").

AntiWPA3 Windows Server 2003 Fix

See WPA counterfreezer 1.0 utils (antiwpa3 win2k3 fix).ZiP\Counterfreezer 1.0

The patch will deny permissions of 'system' to write to
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents"
That regkey is used by msoobe and sysinfo and other programs to get
activation status. And if it's read-only the wpa-call inside winlogon
will not be able to set the activation status. But the wpa-call don't
uses the key to get how many days left(it gets that info elsewhere) so
It won't stop the internal activation counter.

Why this patch is is needed? The wpa-function is called from two locations in winlogon the major one is called at login. If antiwpa3 is running winlogon will thinks it's in safe mode and will skip it.
The other from winlogon message loop which will actualise the days counter every 1..8 hours. Normally that timer is not installed if it's in safe mode or if it is already activated. But for some reason in Win2k3 the WPA-function is called from this second location and makes the counter to continue.

just reinstalled XP prof

I have used antiwpa 3.4.6

just to make sure i scanned with superantispyware

it shows Trojan.Agent/Cdesc(generic) in antiwpa.dll

is this a false positive ?

please confirm
Yes. It is a false positive.
It hooks to winlogon.exe so might be why its being detected.
thanks, appreciate your input

i use antiWPA. it's great and amazing. but what about the automatic updates of windows ?. shall i turn it on ?
keep them to notify you before download ;P
i have a doubt. when we try to download updates from microsoft, there is a genuinity checking and after that a message will be displayed in our desktop " you are a victim of software piracy". Now i'm using AntiWPA, so is there any chance for this genuinity checking?
Uninstall AntiWPA, Install AntiWAT.
now i'm using xp home sp3 which activated by AntiWPA. i want to install xp proffessional sp3. can i use the same AntiWPA to activate that xp prof:sp3
Pages: 1 2
Reference URL's