How to use:
Start AntiWPA3.cmd to install/uninstall the patch
What is does the patch modifies:
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AntiWPA
is added to Registry
* File C:\windows\system32\AntiWPA.dll is added
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents]
data for "OOBETimer" is changed {=OOBE}
* rundll32 setupapi,InstallHinfSection DEL_OOBE_ACTIVATE 132 syssetup.inf
rundll32 setupapi,InstallHinfSection RESTORE_OOBE_ACTIVATE 132 syssetup.inf
is executed which will remove/restore WPA-links from the startmenu
How does it works:
It cheats (hooks user32.dll! GetSystemMetrics(SM_CLEANBOOT) & ntdll.dll!NtLockProductActivation)
winlogon.exe to make it believe it was booted in safemode and so winlogon skips
the WPA-Check. (Note: Does not affects system calls by other exe or dll.)
The patch is 'autorun' on eachs start before the WPA-check via
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AntiWPA
The hooks are applied when AntiWPA.dll!onLogon was load by winlogon.exe
Winlogon.exe is not altered anymore. Patching (API-Hooking) is done in Memory.
So there are no problems with the windows System File Protection anymore.
Installation is performed via AntiWPA.dll!DllRegisterServer ("regsvr32 AntiWPA.dll").
The file is copied to systemdir and the registrykeys are added.
(Note: AntiWPA.dll is no ActiveX selfregisterdll.)
Uninstallation is done via AntiWPA.dll!DllUnRegisterServer ("regsvr32 -u AntiWPA.dll").
File Size: 42.45 KB
Komentar