AntiWPA

AntiWPA v3.4.6 [x64 and x86]

How to use

Start AntiWPA3.cmd to install/uninstall the patch

What the patch modifies

• HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAntiWPA is added to Registry
• File C:windowssystem32AntiWPA.dll is added
• HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWPAEvents] data for « OOBETimer » is changed {=OOBE}
• rundll32 setupapi,InstallHinfSection DEL_OOBE_ACTIVATE 132 syssetup.inf
  rundll32 setupapi,InstallHinfSection RESTORE_OOBE_ACTIVATE 132 syssetup.inf is executed which will remove/restore WPA-links from the startmenu

How it works

It tricks winlogon.exe to make it believe it was booted in safemode,thus, winlogon skips the WPA-Check. The trick is done by redirecting(=hooking) the windows function (user32.dll!GetSystemMetrics(SM_CLEANBOOT{=0x43}) & ntdll.dll!NtLockProductActivation) in memory to antiwpa.dll so winlogon ‘thinks’ was booted in safemode.

*Note (…because some ppl were concered about): The patch do not alter any files on harddisk nor the hooks affects any other exe or dll in memory than winlogon.exe.

The patch auto-runs on each start before the WPA-check via: HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAntiWPA

The hooks are applied when AntiWPA.dll!onLogon is called by winlogon.exe.
The Winlogon.exe file on the harddisk is not altered anymore.
Patching (API-Hooking) is done in memory, so there are no problems with
Windows System File Protection.

Installation is performed via AntiWPA.dll!DllRegisterServer (« regsvr32 AntiWPA.dll »).
The file is copied to systemdir and the registrykeys are added.
(Note: AntiWPA.dll is no ActiveX selfregisterdll.)
Uninstallation is done via AntiWPA.dll!DllUnRegisterServer (« regsvr32 -u AntiWPA.dll »).