feigned

AntiWPA

AntiWPA v3.4.6 [x64 and x86]

How to use

Start AntiWPA3.cmd to install/uninstall the patch

What the patch modifies

  • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAntiWPA is added to Registry
  • File C:windowssystem32AntiWPA.dll is added
  • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWPAEvents] data for « OOBETimer » is changed {=OOBE}
  • rundll32 setupapi,InstallHinfSection DEL_OOBE_ACTIVATE 132 syssetup.inf
    rundll32 setupapi,InstallHinfSection RESTORE_OOBE_ACTIVATE 132 syssetup.inf is executed which will remove/restore WPA-links from the startmenu

How it works

It tricks winlogon.exe to make it believe it was booted in safemode,thus, winlogon skips the WPA-Check. The trick is done by redirecting(=hooking) the windows function (user32.dll!GetSystemMetrics(SM_CLEANBOOT{=0x43}) & ntdll.dll!NtLockProductActivation) in memory to antiwpa.dll so winlogon ‘thinks’ was booted in safemode.

*Note (…because some ppl were concered about): The patch do not alter any files on harddisk nor the hooks affects any other exe or dll in memory than winlogon.exe.

The patch auto-runs on each start before the WPA-check via: HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAntiWPA

The hooks are applied when AntiWPA.dll!onLogon is called by winlogon.exe.
The Winlogon.exe file on the harddisk is not altered anymore.
Patching (API-Hooking) is done in memory, so there are no problems with
Windows System File Protection.

Installation is performed via AntiWPA.dll!DllRegisterServer (« regsvr32 AntiWPA.dll »).
The file is copied to systemdir and the registrykeys are added.
(Note: AntiWPA.dll is no ActiveX selfregisterdll.)
Uninstallation is done via AntiWPA.dll!DllUnRegisterServer (« regsvr32 -u AntiWPA.dll »).

Nom du fichier Antiwpa-V3.4.6 for X64 and X86.7z
Format Archive 7z chiffrée (mot de passe : lecrabeinfo)
Taille 1 Mo
Date de sortie 1 février 2008
Hash (SHA-1) ab70c8b4aacd5ba5b815247c50651d83cc9dffd7
Architecture x86 et x64 (32 et 64 bits)
Langue English
Avis(2 avis)

Télécharger
AntiWPA

606 utilisateurs actifs