10-24-2010, 08:49 PM
Let's activate later...
Version 3.4.6 for x64 and x86
--------------------------------------------------------------------
How to use:
Start AntiWPA3.cmd to install/uninstall the patch
What the patch modifies:
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AntiWPA
is added to Registry
* File C:\windows\system32\AntiWPA.dll is added
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents]
data for "OOBETimer" is changed {=OOBE}
* rundll32 setupapi,InstallHinfSection DEL_OOBE_ACTIVATE 132 syssetup.inf
rundll32 setupapi,InstallHinfSection RESTORE_OOBE_ACTIVATE 132 syssetup.inf
is executed which will remove/restore WPA-links from the startmenu
How it works:
It tricks winlogon.exe to make it believe it was booted in safemode,thus, winlogon skips
the WPA-Check. The trick is done by redirecting(=hooking) the windows function
(user32.dll!GetSystemMetrics(SM_CLEANBOOT{=0x43}) & ntdll.dll!NtLockProductActivation)
in memory to antiwpa.dll so winlogon 'thinks' was booted in safemode.
*Note (...because some ppl were concered about): The patch do not alter any
files on harddisk nor the hooks affects any other exe or dll in memory than
winlogon.exe.
The patch auto-runs on each start before the WPA-check via:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AntiWPA
The hooks are applied when AntiWPA.dll!onLogon is called by winlogon.exe.
The Winlogon.exe file on the harddisk is not altered anymore.
Patching (API-Hooking) is done in memory, so there are no problems with
Windows System File Protection.
Installation is performed via AntiWPA.dll!DllRegisterServer ("regsvr32 AntiWPA.dll").
The file is copied to systemdir and the registrykeys are added.
(Note: AntiWPA.dll is no ActiveX selfregisterdll.)
Uninstallation is done via AntiWPA.dll!DllUnRegisterServer ("regsvr32 -u AntiWPA.dll").
[attachment=2]
Version 3.4.6 for x64 and x86
--------------------------------------------------------------------
How to use:
Start AntiWPA3.cmd to install/uninstall the patch
What the patch modifies:
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AntiWPA
is added to Registry
* File C:\windows\system32\AntiWPA.dll is added
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents]
data for "OOBETimer" is changed {=OOBE}
* rundll32 setupapi,InstallHinfSection DEL_OOBE_ACTIVATE 132 syssetup.inf
rundll32 setupapi,InstallHinfSection RESTORE_OOBE_ACTIVATE 132 syssetup.inf
is executed which will remove/restore WPA-links from the startmenu
How it works:
It tricks winlogon.exe to make it believe it was booted in safemode,thus, winlogon skips
the WPA-Check. The trick is done by redirecting(=hooking) the windows function
(user32.dll!GetSystemMetrics(SM_CLEANBOOT{=0x43}) & ntdll.dll!NtLockProductActivation)
in memory to antiwpa.dll so winlogon 'thinks' was booted in safemode.
*Note (...because some ppl were concered about): The patch do not alter any
files on harddisk nor the hooks affects any other exe or dll in memory than
winlogon.exe.
The patch auto-runs on each start before the WPA-check via:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AntiWPA
The hooks are applied when AntiWPA.dll!onLogon is called by winlogon.exe.
The Winlogon.exe file on the harddisk is not altered anymore.
Patching (API-Hooking) is done in memory, so there are no problems with
Windows System File Protection.
Installation is performed via AntiWPA.dll!DllRegisterServer ("regsvr32 AntiWPA.dll").
The file is copied to systemdir and the registrykeys are added.
(Note: AntiWPA.dll is no ActiveX selfregisterdll.)
Uninstallation is done via AntiWPA.dll!DllUnRegisterServer ("regsvr32 -u AntiWPA.dll").
[attachment=2]