AntiWPA for Windows XP SP3

Monday, July 1, 2013

AntiWPA for Windows XP SP3

01 May 2009:


This is the latest working AntiWPA crack for the new official Service Pack3 release from microsoft.

The patch was made by CW2K and activates Windows. Readme of the patch states:
"This will really disable the Windows Product Activation.
And not only make the activation dialog say it's activated as most not working patches does...
... and after 30 days surprise, surprise :)

This one will patch the evil at its root.
Also with this version there's no more hassle with the windows system file protection or servicepacks that overwrote the patch...

FAQ: here

How to use:
Start AntiWPA3.cmd to install/uninstall the patch

What the patch modifies:
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AntiWPA
is added to Registry

* File C:\windows\system32\AntiWPA.dll is added

* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents]
data for "OOBETimer" is changed {=OOBE}

* rundll32 setupapi,InstallHinfSection DEL_OOBE_ACTIVATE 132 syssetup.inf
rundll32 setupapi,InstallHinfSection RESTORE_OOBE_ACTIVATE 132 syssetup.inf
is executed which will remove/restore WPA-links from the startmenu

How it works:

It tricks (hooks user32.dll! GetSystemMetrics(SM_CLEANBOOT{=0x43}) & ntdll.dll!NtLockProductActivation)
winlogon.exe to make it believe it was booted in safemode,thus, winlogon skips
the WPA-Check. *Note (...because some ppl were concered about): The hooks *ONLY*
affect winlogon.exe! They *DO NOT* affect any other exe or dll.

The patch auto-runs on each start before the WPA-check via:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AntiWPA

The hooks are applied when AntiWPA.dll!onLogon is called by winlogon.exe.
The Winlogon.exe file on the harddisk is not altered anymore.
Patching (API-Hooking) is done in memory, so there are no problems with
Windows System File Protection.

Installation is performed via AntiWPA.dll!DllRegisterServer ("regsvr32 AntiWPA.dll").
The file is copied to systemdir and the registrykeys are added.
(Note: AntiWPA.dll is no ActiveX selfregisterdll.)
Uninstallation is done via AntiWPA.dll!DllUnRegisterServer ("regsvr32 -u AntiWPA.dll").

Download Archive contains:
Directory of AntiWPA_x64_x86_SP3_may08:
fillspace.5mb //adds 5MB to archive for rapidshare points.

Directory of AntiWPA_x64_x86_SP3_may08\AMD64:

Directory of AntiWPA_x64_x86_SP3_may08\IA64:

Directory of AntiWPA_x64_x86_SP3_may08\X86:


AVG detects antiwpa.dll. Therefore, instruct AVG (or any other protection software) to bypass scanning specifically on antiwpa.dll located in system32 folder. I repeat, enable the filter on the file only and not on the entire folder. Antiviruses detect antiwpa.dll as malware because the dll file hooks to winlogon.exe.