_____ __ __ __ ____________ _____ ________ / _ \ ____ / |_|__/ \ / \______ \/ _ \ \_____ \ / /_\ \ / \ __| \ \/\/ /| ___/ /_\ \ _(__ <

/ | | | | | | |\ / | | / | \ / \ \____|____|___|__|__| |__| \__/\ / |____| \____|____/ /______ / \/ \/ Let's activate later... Version 3.4.6 for x64 and x86 -------------------------------------------------------------------How to use: Start AntiWPA3.cmd to install/uninstall the patch What the patch modifies: * HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\No tify\AntiWPA is added to Registry * File C:\windows\system32\AntiWPA.dll is added * HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents] data for "OOBETimer" is changed {=OOBE} * rundll32 setupapi,InstallHinfSection DEL_OOBE_ACTIVATE 132 syssetup.inf rundll32 setupapi,InstallHinfSection RESTORE_OOBE_ACTIVATE 132 syssetup.inf is executed which will remove/restore WPA-lin s from the startmenu How it wor s: It tric s winlogon.exe to ma e it believe it was booted in safemode,thus, winlog on s ips the WPA-Chec . The tric is done by redirecting(=hoo ing) the windows function (user32.dll!GetSystemMetrics(SM_CLEANBOOT{=0x43}) & ntdll.dll!NtLoc ProductActiv ation) in memory to antiwpa.dll so winlogon 'thin s' was booted in safemode. *Note (...because some ppl were concered about): The patch do not alter any files on harddis nor the hoo s affects any other exe or dll in memory than winlogon.exe. The patch auto-runs on each start before the WPA-chec via: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AntiWPA The hoo s are applied when AntiWPA.dll!onLogon is called by winlogon.exe. The Winlogon.exe file on the harddis is not altered anymore. Patching (API-Hoo ing) is done in memory, so there are no problems with Windows System File Protection. Installation is performed via AntiWPA.dll!DllRegisterServer ("regsvr32 AntiWPA.d ll"). The file is copied to systemdir and the registry eys are added. (Note: AntiWPA.dll is no ActiveX selfregisterdll.) Uninstallation is done via AntiWPA.dll!DllUnRegisterServer ("regsvr32 -u AntiWPA .dll").

================================================== F A Q - Frequently As ed Questions

================================================== ???????????????????????????????????????????????????????????????????????????????? How to chec if it's really active ???????????????????????????????????????????????????????????????????????????????? chec if antiwpa.dll is loaded enter in console (cmd.exe) TASKLIST /M /FI "MODULES eq antiwpa.dll" Chec and see if you have the Process Winlogon.exe as output Forward date & reboot(or just Re-Login) to be really sure. ???????????????????????????????????????????????????????????????????????????????? Antiwpa.dll is loaded but it's still not wor ing ???????????????????????????????????????????????????????????????????????????????? Don't be too much concered about the activation days counter. If you forwarded date about 1 year & reboot and don't get any bad message on login antiwpa3 is wor ing. Else get the debug version of Antiwpa install it and report about your observation in the forum. It will help to narrow down the problem & fix. You may also prepare some remote des top connection and send me a email so I may debug the problem on your machine. And at last try out antiwpa2. ???????????????????????????????????????????????????????????????????????????????? I get the evaluation period has expired the computer will be shutdown into 1 hour. ???????????????????????????????????????????????????????????????????????????????? That is Windows Trial counter Try NT Twea Downloadable at http://free.pages.at/antiwpa/Other/Twea NT_1.21.zip Try to remove the timebomb, I have used it many times and it wor s great. If you are going to reinstall windows you can also remove evaluation period from the setup-files: 0. copy files to Harddis 1. on some running windows (2 ,XP) start regedit.exe 2. set cursor on HKEY_LOCAL_MACHINE 3. Menu: File\'Load hive' and open [WINsetupdir]\i386\'SETUPREG.HIV' 4. enter 'tmp' as new hive name and navigate to HKEY_LOCAL_MACHINE\tmp\ControlSet001\Services\setupdd clic on (default) and fill/overwrite it with 16 x '00' li e that '00 00 00 00 00 00 00 00' '00 00 00 00 00 00 00 00' 5. navigate to HKEY_LOCAL_MACHINE\tmp and File\'UnLoad hive' All details are there: http://antiwpa.org.ru/forum/viewtopic.php?t=2&highlight=setupdd

???????????????????????????????????????????????????????????????????????????????? Antiwpa3 don't support windows vista - is there a other patch ? ???????????????????????????????????????????????????????????????????????????????? So far i've not created any real good solution: Well there is a patch for slc.dll (Software Licensing Client) antiwpa-vista_v1.2 .zip

but it may cause unwanted sideeffect on other licenselimitation and it's heavily version depending. One way can be to edit the underlaying licensedata: The data of the values slc.dll!SLGetWindowsInformationDWORD querys are stored un der HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions [ProductPolic y=] http://antiwpa.org.ru/forum/viewtopic.php?t=211 which might offer to remove other limitation as well Or just a classic patch of winlogon.exe - as antiwpa2 did. To get rid of the WPA -Chec at logon that will be the best way without any sideeffects. ???????????????????????????????????????????????????????????????????????????????? I have Install AntiWPA 2.00. Should I uninstall it to update? ???????????????????????????????????????????????????????????????????????????????? They both wor well. They both target the same function in Winlogon.exe, so it s running well - don t touch it (Never touch a running system.) ???????????????????????????????????????????????????????????????????????????????? Do I have to reinstall every AntiWPA 3 after I've installed a servicepac ? ???????????????????????????????????????????????????????????????????????????????? No, you don't need to. The patch isn t undone by service pac s anymore. Since it doesn't modify winlogon.exe, it's no problem if winlogon.exe is replaced by a new version. ???????????????????????????????????????????????????????????????????????????????? What is the difference between AntiWPA 2 & AntiWPA 3? ???????????????????????????????????????????????????????????????????????????????? AntiWPA 2 directly modified winlogon.exe (on hard dis ) to ma e it s ip over the product activation chec . AntiWPA 3 intercepts (in memory via API-Import-Hoo ing) winlogon.exe's request t o the OS whether Windows was booted into Safe-Mode or not. It ma es the OS always return "yes", even if Windows is running in 'normal mode' , winlogon is thin ing it's running in safemode and s ips the product activation c hec . I advice to use antiwpa3 because it is easier to use and 'servicepac -resistent' . To be complete there is one thing to mention (please ignore if you understand): Code inside Winlogon: If GetIsInNormalMode() then <-Attac point of AntiWPA3 If DoWPAChec AndReturnIfSucceed() <-Attac point of AntiWPA2 Everythings all right! Go On... else Stop due to WPA-Error EndIf else It's safemode WPAChec ! Go On... EndIf ... as you see AntiWPA3 depends of some specific programming logic. So if there is just 'If DoWPAChec AndReturnIfSucceed()' without

'If GetIsInNormalMode()' in front AntiWPA3 won't avoid activation call.

???????????????????????????????????????????????????????????????????????????????? How do I integrate it into Windows Setup? ???????????????????????????????????????????????????????????????????????????????? That solution was given by [fs]. Than s for sharing it! Original thread: http://antiwpa.org.ru/forum/viewtopic.php?t=116 Open [Setuppath]\I386 (use it in following as wor dir) create a file called "SETTINGS.INF" Put this info in it: >>> [Version] Signature=$CHICAGO$ [AddReg] ; This tells XP setup to process antiwpa.inf at 13min from finishing installatio n HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\Infs",1,,"rundll32 set upapi,InstallHinfSection DefaultInstall 128 ..\Windows\AntiWPA\antiwpa.inf" <<< open TXTSETUP.SIF and add the follow ...text... under the following [section] (if you add the text at the beginning, the middle or at tbe end don't matter as long it stays inside that section) [WinntDirectories] ... ; this creates a temporary folder called antiwpa in %windir% 140 = AntiWPA ... [SourceDis sFiles] enter these lines: ... ; this file gets copied to temp location %windir%\antiwpa antiwpa.dll = 1,,,,,,,140,0,0 ; this file gets copied to temp location %windir%\antiwpa antiwpa.inf = 1,,,,,,,140,0,0 ; this file stays on CDrom, it only used to load antiwpa.inf settings.inf = 1,,,,,,_x,,3,3 ... [HiveInfs.Fresh] ... ; this loads settings.inf at the end of XP setup in DOS mode AddReg = settings.inf,Addreg ... create a file called "ANTIWPA.INF" and put this info in it: >>> [version] signature="$CHICAGO$"

[DefaultInstall] CopyFiles = AntiWPA.Files AddReg = AntiWPA.Reg RegisterDLLs = ANTIWPA.REG.DLL [DestinationDirs] ; 11 = %windir%\system32 AntiWpa.Files.Inf = 11 [AntiWPA.Files] AntiWPA.dll [AntiWPA.Reg] ; This step is optional, when enabled it removes Activation shortcut in startmen u HKLM,"%RunOnceEx%\install01",,,"AntiWPA" HKLM,"%RunOnceEx%\install01",1,,"%11%\regsvr32.exe antiwpa.dll /s" ; This step removes the %windir%\AntiWPA directory and all it's content HKLM,"%RunOnceEx%\Zcleanup",1,,"%11%\cmd.exe /c rd /S /Q %10%\antiwpa" [ANTIWPA.REG.DLL] 11,,antiwpa.dll, 1 [Strings] RunOnceEx = "SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx" <<< Done now chec if the following files are inside the I386 dir ANTIWPA.DLL, ANTIWPA.INF, SETTINGS.INF, TXTSETUP.SIF Now burn your AntiWPA integrated CD. To ma e it bootable extract bootbloc (should be 2KB) from any bootable win(nt,2 ,xp,2 3) setupCD/ISO with isobluster and burn it with bootcd default options (4 Startse ; load at:07C0). Hint: create an iso & mount it in a Virtual PC li e VMWare to test CDBoot --------------------------------------------------And to draw some other solution posted by some guest: 1. Copy CD content to C:\WindowsCD\ 2. Use setupmgr.exe to create an answer file add the following in the "Run Once" section of setup manager: "%SYSTEMDRIVE%\antiwpa.dll" Unattend.txt/winnt.sif should now include the following section: [GuiRunOnce] Command0="regsvr32 /s %SYSTEMDRIVE%\antiwpa.dll" Edit the [Unattended] section, changing OemPreinstall=No to OemPreinstall=Yes copy winnt.sif to the C:\WindowsCD\i386 folder 3. copy antiwpa.dll to C:\WindowsCD\$oem$\$1\ (Create Folder)

Note: All files contained in the "\$oem$\$1" folder will be copied to the C: drive during installation.

Before-WPA-emergency console: ----------------------------This will setup some ind of emerency console. The program specified in CmdLine will be run before the normal logonscreen and before the WPA-Chec . Now you don't need to boot in safemode if something went wrong. REGEDIT4 [HKEY_LOCAL_MACHINE\SYSTEM\Setup] "SetupType"=dword:00000002 "CmdLine"=""C:\Total Commander\TOTALCMD.EXE" Deny the user 'system' writeaccess(Set value) on HKEY_LOCAL_MACHINE\SYSTEM\Setup or the system change SetupType value after each logon. You can use explorer.exe as CmdLine but note it might cause problems later.

Reseting the Activation Trial: -----------------------------Simply execute 'rundll32.exe syssetup,SetupOobeBn '. That is some ind of offical way to rest the Activation Trial. Ta e Care it will wor only wor for about 4 times. A 'total reset' is not very userfriend and described in detail here. http://free.pages.at/antiwpa/src/doc/Details%20about%20the%20WPA.htm Just to draw the picture you will need to export HKLM\System to a tmp reg-hive file. Import that reg-hive(or structure) file to delete HKLM\System\WPA and the Rest HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion "LicenseInfo"="" HKLM\SECURITY\Policy\Secrets\L${6B3E6424-AF3E-4bff-ACB6-DA535F0DDC0A} system32\WPA.DBL shutdown window and copy/overwite the reg-hivefile to system32\config\system from an other OS or the Windows-CD recovery console. ======================================================== A (boring) Step by Step to do a manual Install ======================================================== To do a Clean Uninstall: 1. Clic on Start\Execute [Or press Win ey+R] and Enter regsvr32 antiwpa.dll -u -> you should get DllUnregisterServer succeded 2. Reboot 3. In the Explorer to c:\Windows\system32 and delete antiwpa.dll (Note it's important to use the explorer which is an 64-bit app because 32bi t apps li e the TotalCommander won't see the real system32-folder) Now do an Manuall install: 1. open the Antiwpa-V3.4.3\AMD64 dir 2. run "regsvr32 antiwpa.dll" Step by Step: copy antiwpa.dll to c:\

Start\Execute and enter 'Cmd.exe'enter to open dos-console: c: cd \ regsvr32 antiwpa.dll -> you should get DllregisterServer succeded

Chec the installation 1. Forward your date about 1 year and reboot 2. if you can login there is no doubt that antiwpa is really wor ing else boot in safemode and restore your date and run ("Start"\Execute) rundll32.exe syssetup,SetupOobeBn to reset the trial (but beware the this tric will only wor for about 4 ti mes!) 3. but I hope now everything is wor ing If not setup the windows RemoteDes top connection and mail connectioninfos to cw 2 @gmx.de ===========================================================================

AntiWPA.dll was done by ______ ________ ______ __ __ | | | | |__ | |/ | | ---| | | | __| < & |______|________|______|__|\__| <http://antiwpa0.t > <http://t-line.net.ua/antiwpa> <http://antiwpa.org.ru/forum> crac ware2 @freenet.de cw2 @gmx.de <CW2K>

_______ ____ _______ | | || | |_ _| | || |_ | | |___|___||_______||___|

--------------------------------------------------------------History: 3.4.6 readme.txt updated 'How do I integrate it into Windows Setup?' and 'windows vista not support' section added 3.4.6 updated antiwpa-site-url in readme.txt Changed API-hoo order maybe now it will also wor on vista

3.4.4 Bugfix: Rename 32-bit dir bac Minor: readme updates Added IA64 Version

to x86\

Chec 1. 2. 3.

antiwpa.dll install itself correctly now there should be antiwpa.dll in c:\Windows\system32 reboot run "Start"\Execute 'Cmd.exe' and enter TASKLIST /M /FI "MODULES eq antiwpa.dll" Chec if you get the Process Winlogon.exe as output (to ensure antiwpa.dll is loaded and is really active)

3.4.3 Baseaddress change to 0x5000 0000 to avoid to need to relocating the Dll 3.4.2 Bugfix: Relocating the Dll failed - set writeflag to .text-section to fix 3.4 Now it uses import hoo s (instead of export ones): Disam part is not need anymore - Dll size reduced 3.3 Install/Uninstall routine for OOBE-Fix and remove activate-lin s added to AntiWPA.dll 3.2 Internal version (Not released)

3.1 Install/Uninstall routine via regsvr32 added to AntiWPA.dll Version info added to AntiWPA.dll 3.0 BETA initial Release

====== Outta es (obsulated stuff) =========

???????????????????????????????????????????????????????????????????????????????? How do I integrate it into Windows Setup? ???????????????????????????????????????????????????????????????????????????????? I haven't done/tried this yet. What you would have to do is manage these tas s somehow: 1. Add antiwpa.dll to the installation pac age 2. ma e it execute once "regsvr32 /s antiwpa.dll" (or "rundll32 antiwpa.dll, DllRegisterServer") http://forums.cjb.net/antiwpa3-about47.html for more about Than s to Hac edout for his solution. Let me summarized it: 1. Copy i386 folder from the cd C:\i386 2. Execute "ma ecab.exe antiwpa.dll" Copy compressed file antiwpa.dl_ to C:\i386 3. Edit the following files from i386: DOSNET.INF [Files] ... d1,a_pnt518.ppd d1,antiwpa.dll <-insert that line d1,aaaamon.dll ...

HIVESFT.INF [AddReg] search for 'Winlogon\Notify\cscdll' & insert the lines so it will loo :

li e that

...HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify",,0x000000 12 HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\antiwpa",,0x0 0000012 HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\antiwpa","DLL Name",0x00000002,"antiwpa.dll" HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\antiwpa","Asy nchronous",0x00010003,0 HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\antiwpa","Imp ersonate",0x00010001,0 HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\antiwpa","Log on",0x00000002,"onLogon" ...HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll",,0 x00000012 TXTSETUP.SIF [SourceDis sFiles] search for 'aaaamon.dll' ... ...a_pnt518.ppd = 1,,,,,,,,3,3 antiwpa.dll = 1,,,,,,,2,0,0 ..aaaamon.dll = 1,,,,,,,2,0,0 4. Ma e sure that these files were saved/copied to C:\i386 Antiwpa.dl_ DOSNET.INF HIVESFT.INF TXTSETUP.SIF Done! Some (untested) proposals - if someone confirms that they wor I will finally include them in the instructions * To ma e antiwpa.dll to remove the activationlin s from the start menu add the following line to 'HIVESFT.INF' HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce","antiwpa",0x00000002 ,"regsvr32 antiwpa.dll /s" OR !!! (but this is more experimental) replace the line HKLM,"SYSTEM\Setup","SetupType",0x00010003,1 with HKLM,"SYSTEM\Setup","SetupType",0x00010003,2 HKLM,"SYSTEM\Setup","CmdLine",0x00000002,"regsvr32 antiwpa.dll /s" theoretical it should start antiwpa-install instead of the OOBE-Let's activat e at first start so it wor s you can also leave out the 'HKLM,Winlogon\Notify'-part * leave out the 'DOSNET.INF'-part I seem be unnecessary and to only cause an file not found error in the 'dos' file coping stage

Visit http://www. ammerl.de/ascii/AsciiSignature.php ASCII Text Signature Genera tor.