Beruflich Dokumente
Kultur Dokumente
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEve
nts]
data for "OOBETimer" is changed {=OOBE}
* rundll32 setupapi,InstallHinfSection DEL_OOBE_ACTIVATE 132 syssetup.in
f
rundll32 setupapi,InstallHinfSection RESTORE_OOBE_ACTIVATE 132 syssetu
p.inf
is executed which will remove/restore WPA-links from the startmenu
How it works:
It tricks (hooks user32.dll! GetSystemMetrics(SM_CLEANBOOT{=0x43}) & ntdll.dll!N
tLockProductActivation)
winlogon.exe to make it believe it was booted in safemode,thus, winlogon skips
the WPA-Check. *Note (...because some ppl were concered about): The hooks *ONLY*
affect winlogon.exe! They *DO NOT* affect any other exe or dll.
The patch auto-runs on each start before the WPA-check via:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AntiWPA
The hooks are applied when AntiWPA.dll!onLogon is called by winlogon.exe.
The Winlogon.exe file on the harddisk is not altered anymore.
Patching (API-Hooking) is done in memory, so there are no problems with
Windows System File Protection.
Installation is performed via AntiWPA.dll!DllRegisterServer ("regsvr32 AntiWPA.d
ll").
The file is copied to systemdir and the registrykeys are added.
(Note: AntiWPA.dll is no ActiveX selfregisterdll.)
Uninstallation is done via AntiWPA.dll!DllUnRegisterServer ("regsvr32 -u AntiWPA
.dll").
==================================================
F A Q - Frequently Asked Questions
==================================================
????????????????????????????????????????????????????????????????????????????????
How to check if it's really active
????????????????????????????????????????????????????????????????????????????????
check if antiwpa.dll is loaded
enter in console (cmd.exe)
TASKLIST /M /FI "MODULES eq antiwpa.dll"
Check and see if you have the Process Winlogon.exe as output
????????????????????????????????????????????????????????????????????????????????
I have Install AntiWPA 2.00. Should I uninstall it to update?
????????????????????????????????????????????????????????????????????????????????
They both work well. They both target the same function in
Winlogon.exe, so it s running well - don t touch it (Never touch a running system.)
????????????????????????????????????????????????????????????????????????????????
Do I have to reinstall every AntiWPA 3 after I've installed a servicepac
k ?
????????????????????????????????????????????????????????????????????????????????
No, you don't need to. The patch isn t undone by service packs anymore.
Since it doesn't modify winlogon.exe, it's no problem if winlogon.exe is
replaced by a new version.
????????????????????????????????????????????????????????????????????????????????
What is the difference between AntiWPA 2 & AntiWPA 3?
????????????????????????????????????????????????????????????????????????????????
AntiWPA 2 directly modified winlogon.exe (on hard disk) to make it skip
over the product activation check.
AntiWPA 3 intercepts (in memory via API-Import-Hooking) winlogon.exe's request t
o
the OS whether Windows was booted into Safe-Mode or not.
It makes the OS always return "yes", even if Windows is running in 'normal mode'
,
winlogon is thinking it's running in safemode and skips the product activation c
heck.
????????????????????????????????????????????????????????????????????????????????
How do I integrate it into Windows Setup?
????????????????????????????????????????????????????????????????????????????????
I haven't done/tried this yet.
What you would have to do is manage these tasks somehow:
1. Add antiwpa.dll to the installation package
2. make it execute once "regsvr32 /s antiwpa.dll"
(or "rundll32 antiwpa.dll, DllRegisterServer")
http://forums.cjb.net/antiwpa3-about47.html for more about
Thanks to Hackedout for his solution. Let me summarized it:
TXTSETUP.SIF [SourceDisksFiles]
search for 'aaaamon.dll' ...
...a_pnt518.ppd = 1,,,,,,,,3,3
antiwpa.dll = 1,,,,,,,2,0,0
..aaaamon.dll = 1,,,,,,,2,0,0
---------------------------------------------------
And to draw some other solution posted by some guest:
1. Copy CD content to C:\WindowsCD\
2. Use setupmgr.exe to create an answer file
add the following in the "Run Once" section of setup manager:
"%SYSTEMDRIVE%\antiwpa.dll"
Unattend.txt/winnt.sif should now include the following section:
[GuiRunOnce]
Command0="regsvr32 /s %SYSTEMDRIVE%\antiwpa.dll"
Edit the [Unattended] section, changing OemPreinstall=No to
OemPreinstall=Yes
copy winnt.sif to the C:\WindowsCD\i386 folder
3. copy antiwpa.dll to C:\WindowsCD\$oem$\$1\ (Create Folder)
Note: All files contained in the "\$oem$\$1" folder will be
copied to the C: drive during installation.
Before-WPA-emergency console:
-----------------------------
This will setup some kind of emerency console. The program specified in
CmdLine will be run before the normal logonscreen and before the WPA-Check.
Now you don't need to boot in safemode if something went wrong.
REGEDIT4
[HKEY_LOCAL_MACHINE\SYSTEM\Setup]
"SetupType"=dword:00000002
"CmdLine"=""C:\Total Commander\TOTALCMD.EXE"
Deny the user 'system' writeaccess(Set value) on HKEY_LOCAL_MACHINE\SYSTEM\Setup
or the system change SetupType value after each logon.
You can use explorer.exe as CmdLine but note it might cause problems later.