Post Reply 
 
Thread Rating:
  • 3 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
AntiWPA v3.4.6 [x64 and x86]
10-24-2010, 08:49 PM (This post was last modified: 11-01-2016 07:10 PM by NewEraCracker.)
Post: #1
AntiWPA v3.4.6 [x64 and x86]
Let's activate later...
Version 3.4.6 for x64 and x86
--------------------------------------------------------------------

How to use:
Start AntiWPA3.cmd to install/uninstall the patch

What the patch modifies:
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AntiWPA
is added to Registry

* File C:\windows\system32\AntiWPA.dll is added


* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents]
data for "OOBETimer" is changed {=OOBE}

* rundll32 setupapi,InstallHinfSection DEL_OOBE_ACTIVATE 132 syssetup.inf
rundll32 setupapi,InstallHinfSection RESTORE_OOBE_ACTIVATE 132 syssetup.inf
is executed which will remove/restore WPA-links from the startmenu

How it works:

It tricks winlogon.exe to make it believe it was booted in safemode,thus, winlogon skips
the WPA-Check. The trick is done by redirecting(=hooking) the windows function
(user32.dll!GetSystemMetrics(SM_CLEANBOOT{=0x43}) & ntdll.dll!NtLockProductActivation)
in memory to antiwpa.dll so winlogon 'thinks' was booted in safemode.
*Note (...because some ppl were concered about): The patch do not alter any
files on harddisk nor the hooks affects any other exe or dll in memory than
winlogon.exe.

The patch auto-runs on each start before the WPA-check via:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AntiWPA

The hooks are applied when AntiWPA.dll!onLogon is called by winlogon.exe.
The Winlogon.exe file on the harddisk is not altered anymore.
Patching (API-Hooking) is done in memory, so there are no problems with
Windows System File Protection.

Installation is performed via AntiWPA.dll!DllRegisterServer ("regsvr32 AntiWPA.dll").
The file is copied to systemdir and the registrykeys are added.
(Note: AntiWPA.dll is no ActiveX selfregisterdll.)
Uninstallation is done via AntiWPA.dll!DllUnRegisterServer ("regsvr32 -u AntiWPA.dll").


.zip  Antiwpa-V3.4.6 for X64 and X86.ZiP (Size: 22.38 KB / Downloads: 72551)

Regards,
NewEraCracker
Find all posts by this user
Quote this message in a reply
11-04-2010, 11:54 AM (This post was last modified: 11-04-2010 12:15 PM by NewEraCracker.)
Post: #2
RE: Antiwpa v3.4.6 [x64 and x86]
AntiWPA3 Windows Server 2003 Fix

See WPA counterfreezer 1.0 utils (antiwpa3 win2k3 fix).ZiP\Counterfreezer 1.0

Quote:Explanation:
The patch will deny permissions of 'system' to write to
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents"
That regkey is used by msoobe and sysinfo and other programs to get
activation status. And if it's read-only the wpa-call inside winlogon
will not be able to set the activation status. But the wpa-call don't
uses the key to get how many days left(it gets that info elsewhere) so
It won't stop the internal activation counter.

Why this patch is is needed? The wpa-function is called from two locations in winlogon the major one is called at login. If antiwpa3 is running winlogon will thinks it's in safe mode and will skip it.
The other from winlogon message loop which will actualise the days counter every 1..8 hours. Normally that timer is not installed if it's in safe mode or if it is already activated. But for some reason in Win2k3 the WPA-function is called from this second location and makes the counter to continue.


Attached File(s)
.zip  WPA counterfreezer 1.0 utils (antiwpa3 win2k3 fix).ZiP (Size: 4.96 KB / Downloads: 3394)

Regards,
NewEraCracker
Find all posts by this user
Quote this message in a reply
02-22-2011, 10:02 PM
Post: #3
RE: Antiwpa v3.4.6 [x64 and x86]
hi,

just reinstalled XP prof

I have used antiwpa 3.4.6

just to make sure i scanned with superantispyware

it shows Trojan.Agent/Cdesc(generic) in antiwpa.dll

is this a false positive ?

please confirm
Jimmy
Find all posts by this user
Quote this message in a reply
02-22-2011, 10:13 PM
Post: #4
RE: Antiwpa v3.4.6 [x64 and x86]
Yes. It is a false positive.
It hooks to winlogon.exe so might be why its being detected.

Regards,
NewEraCracker
Find all posts by this user
Quote this message in a reply
02-24-2011, 08:37 PM
Post: #5
RE: Antiwpa v3.4.6 [x64 and x86]
thanks, appreciate your input

Jimmy
Find all posts by this user
Quote this message in a reply
03-08-2011, 03:51 PM
Post: #6
RE: Antiwpa v3.4.6 [x64 and x86]
i use antiWPA. it's great and amazing. but what about the automatic updates of windows ?. shall i turn it on ?
Find all posts by this user
Quote this message in a reply
03-09-2011, 01:31 AM
Post: #7
RE: Antiwpa v3.4.6 [x64 and x86]
keep them to notify you before download ;P

Regards,
NewEraCracker
Find all posts by this user
Quote this message in a reply
03-09-2011, 12:39 PM
Post: #8
RE: Antiwpa v3.4.6 [x64 and x86]
i have a doubt. when we try to download updates from microsoft, there is a genuinity checking and after that a message will be displayed in our desktop " you are a victim of software piracy". Now i'm using AntiWPA, so is there any chance for this genuinity checking?
Find all posts by this user
Quote this message in a reply
03-09-2011, 02:05 PM
Post: #9
RE: Antiwpa v3.4.6 [x64 and x86]
Uninstall AntiWPA, Install AntiWAT.

Regards,
NewEraCracker
Find all posts by this user
Quote this message in a reply
04-06-2011, 04:13 AM
Post: #10
RE: Antiwpa v3.4.6 [x64 and x86]
now i'm using xp home sp3 which activated by AntiWPA. i want to install xp proffessional sp3. can i use the same AntiWPA to activate that xp prof:sp3
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us | Homepage | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication