{"id":319,"date":"2009-04-26T22:48:40","date_gmt":"2009-04-26T15:48:40","guid":{"rendered":"http:\/\/tom.ji42.com\/?p=319"},"modified":"2020-11-05T07:51:28","modified_gmt":"2020-11-05T00:51:28","slug":"antiwpa-33-for-x64-and-x86","status":"publish","type":"post","link":"https:\/\/tom.tomwork.net\/?p=319","title":{"rendered":"AntiWPA 3.3 for x64 and x86"},"content":{"rendered":"<p>Support Website:<\/p>\n<p>How to use:<br \/>\n\tStart AntiWPA3.cmd to install\/uninstall the patch<\/p>\n<p>What is does the patch modifies:<br \/>\n\t* HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAntiWPA<br \/>\n\t  is added to Registry<\/p>\n<p>\t* File C:windowssystem32AntiWPA.dll is added<\/p>\n<p> \t* HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWPAEvents]<br \/>\n \t  data for &#8220;OOBETimer&#8221; is changed {=OOBE}<\/p>\n<p> \t* rundll32 setupapi,InstallHinfSection DEL_OOBE_ACTIVATE 132 syssetup.inf<br \/>\n \t  rundll32 setupapi,InstallHinfSection RESTORE_OOBE_ACTIVATE 132 syssetup.inf<br \/>\n \t  is executed which will remove\/restore WPA-links from the startmenu<\/p>\n<p>How it works:<\/p>\n<p>It cheats (hooks user32.dll! GetSystemMetrics(SM_CLEANBOOT) &#038; ntdll.dll!NtLockProductActivation)<br \/>\nwinlogon.exe to make it believe it was booted in safemode and so winlogon skips<br \/>\nthe WPA-Check. (Note:  Does not affects system calls by other exe or dll.)<br \/>\nThe patch is &#8216;autorun&#8217; on eachs start before the WPA-check via<br \/>\nHKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAntiWPA<\/p>\n<p>The hooks are applied when AntiWPA.dll!onLogon was load by winlogon.exe<br \/>\nWinlogon.exe is not altered anymore. Patching (API-Hooking) is done in Memory.<br \/>\nSo there are no problems with the windows System File Protection anymore.<\/p>\n<p>Installation is performed via AntiWPA.dll!DllRegisterServer (&#8220;regsvr32 AntiWPA.dll&#8221;).<br \/>\nThe file is copied to systemdir and the registrykeys are added.<br \/>\n(Note: AntiWPA.dll is no ActiveX selfregisterdll.)<br \/>\nUninstallation is done via AntiWPA.dll!DllUnRegisterServer (&#8220;regsvr32 -u AntiWPA.dll&#8221;).<\/p>\n<p>*FAQ Included*<\/p>\n<p>Anti-Virus software will detect this as a virus, I can assure you its not as im using it now without any problems at all.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Support Website: How to use: Start AntiWPA3.cmd to install\/uninstall the patch What is does the patch modifies: * HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAntiWPA is added to Registry * File C:windowssystem32AntiWPA.dll is added * HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWPAEvents] data for &#8220;OOBETimer&#8221; is changed {=OOBE} * rundll32 setupapi,InstallHinfSection DEL_OOBE_ACTIVATE 132 syssetup.inf rundll32 setupapi,InstallHinfSection RESTORE_OOBE_ACTIVATE 132 syssetup.inf is executed which will remove\/restore WPA-links [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[13],"tags":[],"class_list":["post-319","post","type-post","status-publish","format-standard","hentry","category-13"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6cOVM-59","_links":{"self":[{"href":"https:\/\/tom.tomwork.net\/index.php?rest_route=\/wp\/v2\/posts\/319","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tom.tomwork.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tom.tomwork.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tom.tomwork.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tom.tomwork.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=319"}],"version-history":[{"count":1,"href":"https:\/\/tom.tomwork.net\/index.php?rest_route=\/wp\/v2\/posts\/319\/revisions"}],"predecessor-version":[{"id":24284,"href":"https:\/\/tom.tomwork.net\/index.php?rest_route=\/wp\/v2\/posts\/319\/revisions\/24284"}],"wp:attachment":[{"href":"https:\/\/tom.tomwork.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=319"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tom.tomwork.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=319"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tom.tomwork.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=319"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}