_____ __ __ __ ____________ _____ ________ / _ \ ____ / |_|__/ \ / \______ \/ _ \ \_____ \ / /_\ \ / \ __| \ \/\/ /| ___/ /_\ \ _(__ <

/ | | | | | | |\ / | | / | \ / \ \____|____|___|__|__| |__| \__/\ / |____| \____|____/ /______ / \/ \/ Let's activate later... Version 3.4.6 for x64 and x86 -------------------------------------------------------------------How to use: Start AntiWPA3.cmd to install/uninstall the patch What the patch modifies: * HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\No tify\AntiWPA is added to Registry * File C:\windows\system32\AntiWPA.dll is added * HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents] data for "OOBETimer" is changed {=OOBE} * rundll32 setupapi,InstallHinfSection DEL_OOBE_ACTIVATE 132 syssetup.inf rundll32 setupapi,InstallHinfSection RESTORE_OOBE_ACTIVATE 132 syssetup.inf is executed which will remove/restore WPA-links from the startmenu How it works: It tricks winlogon.exe to make it believe it was booted in safemode,thus, winlog on skips the WPA-Check. The trick is done by redirecting(=hooking) the windows function (user32.dll!GetSystemMetrics(SM_CLEANBOOT{=0x43}) & ntdll.dll!NtLockProductActiv ation) in memory to antiwpa.dll so winlogon 'thinks' was booted in safemode. *Note (...because some ppl were concered about): The patch do not alter any files on harddisk nor the hooks affects any other exe or dll in memory than winlogon.exe. The patch auto-runs on each start before the WPA-check via: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AntiWPA The hooks are applied when AntiWPA.dll!onLogon is called by winlogon.exe. The Winlogon.exe file on the harddisk is not altered anymore. Patching (API-Hooking) is done in memory, so there are no problems with Windows System File Protection. Installation is performed via AntiWPA.dll!DllRegisterServer ("regsvr32 AntiWPA.d ll"). The file is copied to systemdir and the registrykeys are added. (Note: AntiWPA.dll is no ActiveX selfregisterdll.) Uninstallation is done via AntiWPA.dll!DllUnRegisterServer ("regsvr32 -u AntiWPA .dll").

================================================== F A Q - Frequently Asked Questions

================================================== ???????????????????????????????????????????????????????????????????????????????? How to check if it's really active ???????????????????????????????????????????????????????????????????????????????? check if antiwpa.dll is loaded enter in console (cmd.exe) TASKLIST /M /FI "MODULES eq antiwpa.dll" Check and see if you have the Process Winlogon.exe as output Forward date & reboot(or just Re-Login) to be really sure. ???????????????????????????????????????????????????????????????????????????????? Antiwpa.dll is loaded but it's still not working ???????????????????????????????????????????????????????????????????????????????? Don't be too much concered about the activation days counter. If you forwarded date about 1 year & reboot and don't get any bad message on login antiwpa3 is working. Else get the debug version of Antiwpa install it and report about your observation in the forum. It will help to narrow down the problem & fix. You may also prepare some remote desktop connection and send me a email so I may debug the problem on your machine. And at last try out antiwpa2. ???????????????????????????????????????????????????????????????????????????????? I get the evaluation period has expired the computer will be shutdown into 1 hour. ???????????????????????????????????????????????????????????????????????????????? That is Windows Trial counter Try NT Tweak Downloadable at http://free.pages.at/antiwpa/Other/TweakNT_1.21.zip Try to remove the timebomb, I have used it many times and it works great. If you are going to reinstall windows you can also remove evaluation period from the setup-files: 0. copy files to Harddisk 1. on some running windows (2k,XP) start regedit.exe 2. set cursor on HKEY_LOCAL_MACHINE 3. Menu: File\'Load hive' and open [WINsetupdir]\i386\'SETUPREG.HIV' 4. enter 'tmp' as new hive name and navigate to HKEY_LOCAL_MACHINE\tmp\ControlSet001\Services\setupdd click on (default) and fill/overwrite it with 16 x '00' like that '00 00 00 00 00 00 00 00' '00 00 00 00 00 00 00 00' 5. navigate to HKEY_LOCAL_MACHINE\tmp and File\'UnLoad hive' All details are there: http://antiwpa.org.ru/forum/viewtopic.php?t=2&highlight=setupdd

???????????????????????????????????????????????????????????????????????????????? Antiwpa3 don't support windows vista - is there a other patch ? ???????????????????????????????????????????????????????????????????????????????? So far i've not created any real good solution: Well there is a patch for slc.dll (Software Licensing Client) antiwpa-vista_v1.2 .zip

but it may cause unwanted sideeffect on other licenselimitation and it's heavily version depending. One way can be to edit the underlaying licensedata: The data of the values slc.dll!SLGetWindowsInformationDWORD querys are stored un der HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions [ProductPolic y=] http://antiwpa.org.ru/forum/viewtopic.php?t=211 which might offer to remove other limitation as well Or just a classic patch of winlogon.exe - as antiwpa2 did. To get rid of the WPA -Check at logon that will be the best way without any sideeffects. ???????????????????????????????????????????????????????????????????????????????? I have Install AntiWPA 2.00. Should I uninstall it to update? ???????????????????????????????????????????????????????????????????????????????? They both work well. They both target the same function in Winlogon.exe, so it s running well - don t touch it (Never touch a running system.) ???????????????????????????????????????????????????????????????????????????????? Do I have to reinstall every AntiWPA 3 after I've installed a servicepack ? ???????????????????????????????????????????????????????????????????????????????? No, you don't need to. The patch isn t undone by service packs anymore. Since it doesn't modify winlogon.exe, it's no problem if winlogon.exe is replaced by a new version. ???????????????????????????????????????????????????????????????????????????????? What is the difference between AntiWPA 2 & AntiWPA 3? ???????????????????????????????????????????????????????????????????????????????? AntiWPA 2 directly modified winlogon.exe (on hard disk) to make it skip over the product activation check. AntiWPA 3 intercepts (in memory via API-Import-Hooking) winlogon.exe's request t o the OS whether Windows was booted into Safe-Mode or not. It makes the OS always return "yes", even if Windows is running in 'normal mode' , winlogon is thinking it's running in safemode and skips the product activation c heck. I advice to use antiwpa3 because it is easier to use and 'servicepack-resistent' . To be complete there is one thing to mention (please ignore if you understand): Code inside Winlogon: If GetIsInNormalMode() then <-Attackpoint of AntiWPA3 If DoWPACheckAndReturnIfSucceed() <-Attackpoint of AntiWPA2 Everythings all right! Go On... else Stop due to WPA-Error EndIf else It's safemode WPACheck! Go On... EndIf ... as you see AntiWPA3 depends of some specific programming logic. So if there is just 'If DoWPACheckAndReturnIfSucceed()' without

'If GetIsInNormalMode()' in front AntiWPA3 won't avoid activation call.

???????????????????????????????????????????????????????????????????????????????? How do I integrate it into Windows Setup? ???????????????????????????????????????????????????????????????????????????????? That solution was given by [fs]. Thanks for sharing it! Original thread: http://antiwpa.org.ru/forum/viewtopic.php?t=116 Open [Setuppath]\I386 (use it in following as workdir) create a file called "SETTINGS.INF" Put this info in it: >>> [Version] Signature=$CHICAGO$ [AddReg] ; This tells XP setup to process antiwpa.inf at 13min from finishing installatio n HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\Infs",1,,"rundll32 set upapi,InstallHinfSection DefaultInstall 128 ..\Windows\AntiWPA\antiwpa.inf" <<< open TXTSETUP.SIF and add the follow ...text... under the following [section] (if you add the text at the beginning, the middle or at tbe end don't matter as long it stays inside that section) [WinntDirectories] ... ; this creates a temporary folder called antiwpa in %windir% 140 = AntiWPA ... [SourceDisksFiles] enter these lines: ... ; this file gets copied to temp location %windir%\antiwpa antiwpa.dll = 1,,,,,,,140,0,0 ; this file gets copied to temp location %windir%\antiwpa antiwpa.inf = 1,,,,,,,140,0,0 ; this file stays on CDrom, it only used to load antiwpa.inf settings.inf = 1,,,,,,_x,,3,3 ... [HiveInfs.Fresh] ... ; this loads settings.inf at the end of XP setup in DOS mode AddReg = settings.inf,Addreg ... create a file called "ANTIWPA.INF" and put this info in it: >>> [version] signature="$CHICAGO$"

[DefaultInstall] CopyFiles = AntiWPA.Files AddReg = AntiWPA.Reg RegisterDLLs = ANTIWPA.REG.DLL [DestinationDirs] ; 11 = %windir%\system32 AntiWpa.Files.Inf = 11 [AntiWPA.Files] AntiWPA.dll [AntiWPA.Reg] ; This step is optional, when enabled it removes Activation shortcut in startmen u HKLM,"%RunOnceEx%\install01",,,"AntiWPA" HKLM,"%RunOnceEx%\install01",1,,"%11%\regsvr32.exe antiwpa.dll /s" ; This step removes the %windir%\AntiWPA directory and all it's content HKLM,"%RunOnceEx%\Zcleanup",1,,"%11%\cmd.exe /c rd /S /Q %10%\antiwpa" [ANTIWPA.REG.DLL] 11,,antiwpa.dll, 1 [Strings] RunOnceEx = "SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx" <<< Done now check if the following files are inside the I386 dir ANTIWPA.DLL, ANTIWPA.INF, SETTINGS.INF, TXTSETUP.SIF Now burn your AntiWPA integrated CD. To make it bootable extract bootblock(should be 2KB) from any bootable win(nt,2k,xp,2k3) setupCD/ISO with isobluster and burn it with bootcd default options (4 Startsek; load at:07C0). Hint: create an iso & mount it in a Virtual PC like VMWare to test CDBoot --------------------------------------------------And to draw some other solution posted by some guest: 1. Copy CD content to C:\WindowsCD\ 2. Use setupmgr.exe to create an answer file add the following in the "Run Once" section of setup manager: "%SYSTEMDRIVE%\antiwpa.dll" Unattend.txt/winnt.sif should now include the following section: [GuiRunOnce] Command0="regsvr32 /s %SYSTEMDRIVE%\antiwpa.dll" Edit the [Unattended] section, changing OemPreinstall=No to OemPreinstall=Yes copy winnt.sif to the C:\WindowsCD\i386 folder 3. copy antiwpa.dll to C:\WindowsCD\$oem$\$1\ (Create Folder)

Note: All files contained in the "\$oem$\$1" folder will be copied to the C: drive during installation.

Before-WPA-emergency console: ----------------------------This will setup some kind of emerency console. The program specified in CmdLine will be run before the normal logonscreen and before the WPA-Check. Now you don't need to boot in safemode if something went wrong. REGEDIT4 [HKEY_LOCAL_MACHINE\SYSTEM\Setup] "SetupType"=dword:00000002 "CmdLine"=""C:\Total Commander\TOTALCMD.EXE" Deny the user 'system' writeaccess(Set value) on HKEY_LOCAL_MACHINE\SYSTEM\Setup or the system change SetupType value after each logon. You can use explorer.exe as CmdLine but note it might cause problems later.

Reseting the Activation Trial: -----------------------------Simply execute 'rundll32.exe syssetup,SetupOobeBnk'. That is some kind of offical way to rest the Activation Trial. Take Care it will work only work for about 4 times. A 'total reset' is not very userfriend and described in detail here. http://free.pages.at/antiwpa/src/doc/Details%20about%20the%20WPA.htm Just to draw the picture you will need to export HKLM\System to a tmp reg-hive file. Import that reg-hive(or structure) file to delete HKLM\System\WPA and the Rest HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion "LicenseInfo"="" HKLM\SECURITY\Policy\Secrets\L${6B3E6424-AF3E-4bff-ACB6-DA535F0DDC0A} system32\WPA.DBL shutdown window and copy/overwite the reg-hivefile to system32\config\system from an other OS or the Windows-CD recovery console. ======================================================== A (boring) Step by Step to do a manual Install ======================================================== To do a Clean Uninstall: 1. Click on Start\Execute [Or press Winkey+R] and Enter regsvr32 antiwpa.dll -u -> you should get DllUnregisterServer succeded 2. Reboot 3. In the Explorer to c:\Windows\system32 and delete antiwpa.dll (Note it's important to use the explorer which is an 64-bit app because 32bi t apps like the TotalCommander won't see the real system32-folder) Now do an Manuall install: 1. open the Antiwpa-V3.4.3\AMD64 dir 2. run "regsvr32 antiwpa.dll" Step by Step: copy antiwpa.dll to c:\

Start\Execute and enter 'Cmd.exe'enter to open dos-console: c: cd \ regsvr32 antiwpa.dll -> you should get DllregisterServer succeded Check antiwpa.dll install itself correctly 1. now there should be antiwpa.dll in c:\Windows\system32 2. reboot 3. run "Start"\Execute 'Cmd.exe' and enter TASKLIST /M /FI "MODULES eq antiwpa.dll" Check if you get the Process Winlogon.exe as output (to ensure antiwpa.dll is loaded and is really active) Check the installation 1. Forward your date about 1 year and reboot 2. if you can login there is no doubt that antiwpa is really working else boot in safemode and restore your date and run ("Start"\Execute) rundll32.exe syssetup,SetupOobeBnk to reset the trial (but beware the this trick will only work for about 4 ti mes!) 3. but I hope now everything is working If not setup the windows RemoteDesktop connection and mail connectioninfos to cw 2k@gmx.de ===========================================================================

AntiWPA.dll was done by ______ ________ ______ __ __ | | | | |__ | |/ | | ---| | | | __| < & |______|________|______|__|\__| <http://antiwpa0.tk> <http://t-line.net.ua/antiwpa> <http://antiwpa.org.ru/forum> crackware2k@freenet.de cw2k@gmx.de <CW2K>

_______ ____ _______ | | || | |_ _| | || |_ | | |___|___||_______||___|

--------------------------------------------------------------History: 3.4.6 readme.txt updated 'How do I integrate it into Windows Setup?' and 'windows vista not support' section added 3.4.6 updated antiwpa-site-url in readme.txt Changed API-hook order maybe now it will also work on vista 3.4.4 Bugfix: Rename 32-bit dir back to x86\ Minor: readme updates Added IA64 Version

3.4.3 Baseaddress change to 0x5000 0000 to avoid to need to relocating the Dll 3.4.2 Bugfix: Relocating the Dll failed - set writeflag to .text-section to fix 3.4 Now it uses import hooks (instead of export ones): Disam part is not need anymore - Dll size reduced 3.3 Install/Uninstall routine for OOBE-Fix and remove activate-links added to AntiWPA.dll 3.2 Internal version (Not released)

3.1 Install/Uninstall routine via regsvr32 added to AntiWPA.dll Version info added to AntiWPA.dll 3.0 BETA initial Release

====== Outtakes (obsulated stuff) =========

???????????????????????????????????????????????????????????????????????????????? How do I integrate it into Windows Setup? ???????????????????????????????????????????????????????????????????????????????? I haven't done/tried this yet. What you would have to do is manage these tasks somehow: 1. Add antiwpa.dll to the installation package 2. make it execute once "regsvr32 /s antiwpa.dll" (or "rundll32 antiwpa.dll, DllRegisterServer") http://forums.cjb.net/antiwpa3-about47.html for more about Thanks to Hackedout for his solution. Let me summarized it: 1. Copy i386 folder from the cd C:\i386 2. Execute "makecab.exe antiwpa.dll" Copy compressed file antiwpa.dl_ to C:\i386 3. Edit the following files from i386: DOSNET.INF [Files] ... d1,a_pnt518.ppd d1,antiwpa.dll <-insert that line d1,aaaamon.dll ... HIVESFT.INF [AddReg] search for 'Winlogon\Notify\cscdll' & insert the lines so it will look like that :

...HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify",,0x000000 12 HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\antiwpa",,0x0 0000012 HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\antiwpa","DLL Name",0x00000002,"antiwpa.dll" HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\antiwpa","Asy nchronous",0x00010003,0 HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\antiwpa","Imp ersonate",0x00010001,0 HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\antiwpa","Log on",0x00000002,"onLogon" ...HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll",,0 x00000012 TXTSETUP.SIF [SourceDisksFiles] search for 'aaaamon.dll' ... ...a_pnt518.ppd = 1,,,,,,,,3,3 antiwpa.dll = 1,,,,,,,2,0,0 ..aaaamon.dll = 1,,,,,,,2,0,0 4. Make sure that these files were saved/copied to C:\i386 Antiwpa.dl_ DOSNET.INF HIVESFT.INF TXTSETUP.SIF Done! Some (untested) proposals - if someone confirms that they work I will finally include them in the instructions * To make antiwpa.dll to remove the activationlinks from the start menu add the following line to 'HIVESFT.INF' HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce","antiwpa",0x00000002 ,"regsvr32 antiwpa.dll /s" OR !!! (but this is more experimental) replace the line HKLM,"SYSTEM\Setup","SetupType",0x00010003,1 with HKLM,"SYSTEM\Setup","SetupType",0x00010003,2 HKLM,"SYSTEM\Setup","CmdLine",0x00000002,"regsvr32 antiwpa.dll /s" theoretical it should start antiwpa-install instead of the OOBE-Let's activat e at first start so it works you can also leave out the 'HKLM,Winlogon\Notify'-part * leave out the 'DOSNET.INF'-part I seem be unnecessary and to only cause an file not found error in the 'dos' file coping stage

Visit http://www.kammerl.de/ascii/AsciiSignature.php ASCII Text Signature Genera tor.