P2Plife Forums: Guide On How To Circumvent WGA, WPA, WGN and WGV - P2Plife Forums

Welcome!

This guide uses section-titles, with different colours, according to relevance:

Purple means that you MUST read this section
Blue means that you SHOULD read this, in order to improve the understanding of something else in this guide
The read text, is something you should be aware of
Green means that this is not very important

Disclaimer:
You should make this clear, before you proceed:

• I have never seen a system crash, using these methods - But proceed at your OWN risk!
  
• I have never experienced that these methods does not work as intended
  
• During this guide, important system files WILL be changed
  
• Using this guide is only allowed as long as you own a paid Windows-license.

About this guide
I have chosen to update this guide, so that new methods are described. Furthermore, I have extended this guide with relevant description and an example of the technique spoken about. Many people write me, to ask questions about this guide, and to avoid that, I keep in mind, while writing this guide, that it must be easy to follow, and understand. That its easy to follow and understand, does not mean that the explanation of a subject is simple. Sometimes the explanation is a bit long, but the end result should be satisfying. To make this as easy as possible, all explanation and steps you make in this guide, is supported by pictures.

This guide have two main purposes:

• To make sure that you are able to activate your Windows XP
  
• To make sure that you are able to update your Windows XP

Abbreviations used in this guide

As I type many words in this guide, I have chosen to shorten the most used words.
You may recognize some of these acronyms

• WinXP = Windows XP (Uhh.... Hard one!)
  
• WinXP Home = Windows XP Home Edition
  
• WinXP Pro = Windows XP Professional Edition
  
• WinXP Corp = Windows XP Corporate Edition
  
• WPA = Windows Product Activation
  
• WGA = Windows Genuine Advantage
  
• WGN = Windows Genuine Notification
  
• WGV = Windows Genuine Validation
  
• MB = MuBlinder

About the techniques we work with

Microsoft have, in order to limit the number of illegal copies of Windows, enforced series of techniques, to inform the users of Windows, if their Windows is installed with an illegal key.
Those techniques are:

• A: Windows Product Activation (WPA)
  
• B: Windows Genuine Advantage (WGA)

WGA represent two techniques:

• B1: Windows Genuine Notification (WGN)
  
• B2: Windows Genuine Validation (WGV)

A little about WPA

The idea of WPA, is to enforce the user to activate their Windows, within 30 days. If not activated, the system will stop working (denial of logon). The activation-process verifies the productID of Windows, online. The productID is generated from the serial number used during installation, and two machines cannot have the same productID registered online (unless the license allows it. Then its called a Corporate license or “VLK” – Volume License Key).

A little about WGA

WGA is not an application, like WPA for example. WGA is more like a path Microsoft have chosen, in the fight against piracy and cheating with the Windows License.

The WGA-path introduced two technique against piracy, the WGN, and the WGV!

A little about WGN

The purpose of WGN, is to tell you, that your Windows is a pirated version, and, that if you have paid your license, you have been a victim of cheating. If WGN is installed, and your version of Windows is pirated, it will be end with this message. Also, you may receive this popup, within Windows. If you do not react to this message, Windows will refuse to log you on.

A little about WGV

WGV started by checking the license key of Windows, when Microsoft Update was visited. At first, this check was voluntarily, but starting from June 2005, it became obligatory. Shortly after WGV became obligatory, it was also enforced at the Microsoft Download Center. This meant that downloads, as for example Windows Bit defender, became impossible, unless the Windows license passed the “Windows Genuine Validation"-test, and thereby proved itself “Genuine”. The WGV-check look like this when you see it. The latest addition to WGV means that the file Legitcheckcontrol.dll cannot be patched anymore. This is because the file is checked when you update online. Is it patched, you will fail the validation. The file is now patched within the memory by MB. Therefore you MUST open Microsoft Update (and Download Center) from within MB.

How To Circumvent WPA:

You need a tool called WPA Kill. There is to versions of this tool, the new version, and the old version. The new version, can patch both XP and Vista not tested with SP1, but you cannot choose the file to patch. The old version only works with XP, but you can use it if you want to patch other systems than then one you booted from (usefull if you are locked out of the XP installation, due to missing activation)

Both files are attatched to this guide, see in the bottom of this guide!

If you go with the old patch, just run the exe-file, and choose PATCH. If you wish to patch some other system than the one you booted from, you need to rightclick "patch/browse" - and find the file called winlogon.exe on the harddisk where the inaccessible XP installation is located. The file is located at windows\system32\winlogon.exe.

If you go with the new patch, you will have a folder (after extraction of the archive you downloaded) called "Anti WPA [XP & Vista]". Inside the folder, you will find two other folders. If your operating system is Vista, choose vista, ELSE (no exception), choose XP. Within every folder there is a detailed explenation of the process starting, when you run the patch. These documents are NOT written by me, and I can therefore NOT guarentee the content. When you open the file, you will see something like this. All you have to do now, is to press "any key", and the activation in your system is gone! If the activation is already removed, you will see this.
In that case, you do NOT need to do anything!

NOTE: You can restore the activation within your system. To do this, start the patch again, make sure it shows this, and then press "any key". This patch DOES NOT activate windows, it just disable the activation-check during logon, and tell the system that its activated. Also, you have made it impossible for the system to ever check this online.

Introduction To MuBlinder

MuBlinder is a shortening for "Microsoft Update Blinder", and can be downloaded from the official site. To overcome WGV & WGN, we must use MB. Before you open MB, you must ensure that you have Microsoft .NET 2 Framework installed on your system. You can download the 32bit version here or the 64bit version here. If .NET 2 Framework is NOT installed, you will se an error like this one (or this). To install .Net Framework, you need Windows Installer 3.1 installed.

When MB is downloaded and extracted, I strongly recommend, that you – before you launch the program the first time – place it in it’s own folder, next to all your other installed applications (C:\program files\). The reason why I recommend this, is simple. When MB starts the first time, it creates one dll, and some folders, which will mess up your desktop (if extracted there). Moreover, MB have a build in feature, allowing it to check whether there is a new version of the program itself, available. This feature is the main reason why keeping MB on your system is a wise decision.

The first time MB is opened, you will see this message. This is an agreement you must accept, in order to use MB. It binds you, to ONLY using MB for legit purposes. Choose “I Accept", and press OK. When the message disappears, MB itself will load. It will look like this. The seven sections within MB, have different functions. We will NOT be using the sections called "Create", "About" and "Credits" in this guide. The section called Validation is used to fix WGV, the section called Notification is used to fix WGN, and the section “Blinders”, offers different “Blind-Patches" for different Windows-products, that checks your windows-key upon installation. These installations can be patched so that they DO NOT check your key. More about this later. Last but not least, there is a section called Settings, used to change the MB-settings (Simple enough).

How To Circumvent WGV

Open MB, and enter the section labeled Validation. This page will look like one of the three following pictures. If it looks like this or this, it means that you have a problem with your version of LegitCheckControl.dll, and cannot continue yet. To fix the problem, you must visit this
page, and perform a manual validation, so that the latest version of the file legitcheckcontrol.dll is obtained. If you succeed, you should see this. When you see it, you can proceed. Now you simply need to click either “Go To Microsoft Update” or "Go To Download Center”, in order to recieve updates or other downloads from Microsoft.
NOTE: Remember that you MUST open Download Center and Microsoft Update from within MB, in order to allow MB to blind LegitCheckControl.dll in memory!

How To Circumvent WGN

Open MB, and enter the section labeled Validation. This page should look like this. There are two ways to fix WGN, and I will explain them below.

Method #1:
Using this method, will cause MB to DEACTIVATE the files, used by WGN. So WGN is NOT removed from your system. If you use this method, you won’t see the WGN-update in action again. Also, it WON’T appear when you list the latest updates online. This is due to the fact that the necessary files, used by WGN, still remain on your system, but they are deactivated (useless). Windows update will find the files when checking your system, and will not offer them to you again.

Method #2:
Using this method will cause MB to REMOVE values in your registry database, so that the system think WGN is not installed anymore. When it’s “not installed”, it can’t be started – and therefore the patch works. The disadvantage about this method is that when you visit Windows Update the next time, you will be offered WGN AGAIN – and must say no. If you use this method, and install WGN through Windows Update again, you must patch it with MB once again.

Personally, I prefer #1, as this method does not mess with my registry database. Also, when using this method, I won’t see WGN at Windows Update.

How To Use “Blinders”

You can see a FAQ on creating blinders here.
Windows Download Center offers products produced by Microsoft. In order to download these products, you MUST validate your key during the installation. Using blinders, you are able to remove the key check during installation, so that your key does not need to be genuine. Blinders can be downloaded via MB, under the section called "Blinders". The blinder is downloaded by pressing the red arrow next to the name of the program. When you click the arrow, a dialog will spawn. You must press “Save” or “Save As”, and save the blinder in the folder called ”Blinders”. The folder Blinders, is a subdirectory of the MB-folder. So if MB is installed at C:\Program Files\MuBlinder, then the blinder MUST be placed in the folder, with the path C:\Program Files\MuBlinder\data\blinders. If the blinder-patch is placed correct, it will be listed within MB. Now you must start the blinder, by pressing “Run”. When you press run, a window will show, and in that window, there are some things you should be aware of. The description that comes with the blinder is important, and I strongly recommend that you read it, and follow it. If you fail to do so, you may experience problems using the blinder. Also, you are able to create a backup of the files patched by the blinder, which sometimes is a comfortable option. In the box you will also find a button called start. You must press this button to start the patch-process itself. When you start the process, you will have to chose the file that needs to be patched, using the dialog that shows. The file that needs to be patched on the picture, is the file called "iecustom.dll". This is due to the fact that the picture is taken from the blinder for the new IE7 Final. When the file is chosen, it will be patched by the blinder. When this is done, you can install the program as usual, with no validation-check!.

MuBlinder Settings

Navigating to the section called “Settings”, will give you a picture almost like this one. You may set them as you like. The picture in this guide, shows MY personal settings, and you may want to copy those. I have MB running when the computer start, checking WGN and WGV. If MB finds something that is not okay, MB will fix it, without noticing me.

THAT’S IT FOKES! I hope you enjoyed reading this guide, as much as I enjoyed writing it. MB is updated frequently, and I will keep the guide up to date, as MB expands. The links to the pictures and the program will remain the same.

Best Regards
Spiziuz

[size=1]Changelog:

• 17/10/2006 - The guide is translated to english
  
• 18/10/2006 - The guide is posted on P2Plife
  
• 20/10/2006 - The guide is updated. (The section "How To Use Blinders" is better explained)
  
• 12/04/2006 - The section "How To Circumvent WPA" have been updated with a new patch that support Vista
  
• 01/22/2007 - Fixed the link to the Anti-WPA-files! Also, now there is no password!
  
• 03/17/2007 - Added the WPA-files to this post, instead of eksternal hosting.
  
• 03/17/2007 - Fixed the dead image-links - Thx to Digitaluploader.com
  
• 10/17/2007 - Fixed a few links and updated some information.
  
• 02/01/2008 - Added the option to use an older version of the patch.
  
• 03/27/2008 - Fixed images again (now they are danish, hope you guys survive)
  
• 11/07/2008 - Fixed the links to the images.

Best Regards
Spiziuz

This post has been edited by Spiziuz: 12 November 2008 - 07:34 PM

Spiziuz, on Oct 19 2006, 06:58 PM, said:

The downloaded file WPA-Kill.rar did not contains the referred file WPA_kill3.exe(the others are present).
Is your patch applicable on DLL version 1.5.540.0 dated 28 Jun 2006 ?
Thanks

clipper87, on Oct 26 2006, 12:38 AM, said:

As I write above "(Name may vary, that’s not important.)". WPAkill will patch winlogon.exe It has NOTHING what so ever to do with legitcheckcontrol.dll

Regards

The link to get WGA_kill3.exe is broken

http://www.mediamax....ed/WPA-Kill.exe

edit: Is there a site or a place where this file originated from? And what is the latest version?
I looked around and i got WPA_Kill.exe Version 2.0.1 and it doesn't seem to need CRYPT.DLL to work, and i didn't get any fancy read me.
There were a few places to download this file, but all links i happen to go by seem to have the link broken.


Sketter

This post has been edited by Sketter: 17 November 2006 - 04:02 AM

Sketter, on Nov 17 2006, 12:26 AM, said:

The latest version no longer edits the winlogon.exe file instead it catches the request as to wether windows is booting in safemode by running in memory during boot.

It can be found here http://thepiratebay.org/tor/3508016/AntiWP...for_x64_and_x86

Version 3.4.6

Note: It says antiWPA (WPA_KILL) version 2.0 still works fine!
The new version is mainly to prevent it being uninstalled by new service packs being installed.

niksoftware, on Nov 18 2006, 04:36 PM, said:

The torrent seems dead. No one is sharing it. Could you upload one to the site? or a place that hosts the file without the use of torrents? Please and thank you.

Sketter

The link is not dead for the Anti WPA

Thanks for the link to the WPA-torrent.. I will check it out ASAP. I read the decription on the torrentfile, and i read that this on was taken from Win2k3? If this program is the same as the one i link to, it will work for xp. About the readme, im not sure which one you mean? I have included an unofficial readme, and there is the official (the very long one..). You may not get the official read me if you download the tool elsewhere..

And yes.. WPA_Kill IS a badass motherfucker to track down Its hosted almost nowhere..! And i found it on Wares P2P in the first place, and i wasnt even looking for it, i just did a search on "windows crack" (for fun!) - and i got like 10000+ results... Then i downloaded a huge "windows crack pack" - and found the tool there. first i was like "yeah right, bullshit!" - but when my mothers computer was fucked due to activation issues, i tried the tool as a last resort, and found out that it was pure gold i had in my hands!

And btw.. WPA have nothinh to do with legitcheck.. Legitcheck is used at WGV
(read explenation above)

Regards

EDIT: I FOUND THE PATCHES!! THEY HAVE BEEN UPLOADED HERE
- There are versions that cover multiple versions of XP! I will update my guide to use these files

This post has been edited by Spiziuz: 23 November 2006 - 03:29 PM

Wow thanks for the detailed explanation and all the links etc,this has to be the most definitive howto I have ever come across concerning windows activation etc,and believe me I have scoured the web.I also downloaded that massive file with thousands of cracks and serials and all sorts of things,tried one which had to be run in safe mode which I think deleted several files from windows as windows would no longer start up,had to run the original installation cd choosing the repair option,then luckily I tried WPA-kill.exe,oh btw here's the help me file in case you are interested.Thanx again and good luck.
-======================================-
Windows 2003 & XP & LH
Anti Product Activation Crack 2.0.0
-======================================-

The crack will patch some bytes in your
winlogon.exe and totally disable the
Windows Product Activation Check.

Tested with winlogon.exe build:
Windows XP 2600.0 (Retail)
Windows 2K3 3790.0 (Retail)
Windows XP 2600.2180 (SP2 RTM)
Windows XP 2600.1106 (SP1)
Windows 2K3 3790.1218 (8.7.2004)
Windows Longhorn (not tested by myself)

This version uses a generic patch engine
which supports all current version of Windows
and hopefully all future ones.


The Options
===========

First read all about the options.
Second don't change anything you without a reason.


* Apply OOBE Fix
This applies the Out Of Box Experience ->OOBE Patch
which removes the 'Activate Windows' link from the
start menu and makes the Activating Windows Dialog
saying 'Already Activated'

Note: This is more a cosmetically fix and really not
needed for the patch to work properly.


* Apply WPA Fix
This removes the WPA-Check in Winlogon.exe.
If you want to get rid of the Windows Activation
this MUST be Enabled !
Disable this if you just want to undo the OOBE-Fix.

Note: However you can use this program also to
decrypt and unprotect other MS-Files
like DPCDLL.dll or LICDLL.DLL. So if you
do so disable this option.


* Remove selfcheck blocks
If you press the 'Apply' Button the self checks are always
disable by 'correcting' the pointer.

This option will additionally overwrite the self check block
calls in the program code with the Value 90 (NOP=No OPeration)
and will improve the readability of disassembly.

Note: This option is absolutely not necessary for the patch to
work.


* Debug: Save decrypted code to *.bin
Writes each decrypted program parts into a file with the
address as filename looking like this: 2C18D.bin, 3678B.bin...


* Debug: Save decrypted code to exe
Writes each decrypted program parts back into the file.
If the option 'Remove crypt blocks' is not check just the decrypted
RAW-Output is written into the exe. (After you enable this you
have to right click on 'Apply/Browse' and open the file you want
to decrypt)

Note: This option is dangerous!
Without having 'Remove crypt blocks' option enabled this will
make crash the input file crash for sure.
This option is absolutely not necessary for the patch to
work.


* Remove crypt blocks
This will decrypt the crypt program parts of the input file and
write them back to into the exe and do some other fixes to keep the
File executable. If you want to disassemble the file enable this
one.

Note: This option is absolutely not necessary for the patch to
work.


* Debug: Verbose Output
Output Debug information
This may be helpful to identify some problems.


==================================================
F A Q - Frequently Asked Questions
==================================================


??????????????????????????????????????????????????????????????????????????????????
I want to change my CD-Key - but msoobe.exe also says
'Already Activated and don't show the Activation Dialog
??????????????????????????????????????????????????????????????????????????????????

Enable option 'Apply OOBE Fix' and
Disable option 'Apply &WPA Fix' -to keep the WPA-Patch active-
then click on the 'Restore Backup' Button


PREVIOUS VERSIONS:
Start regedit and go to
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents\[OOBETimer]
Edit this and set Last Byte to FF.
Start this -if the Activation are delete- to show the Activation
dialog:
%SYSTEMROOT%\system32\oobe\msoobe.exe /A



??????????????????????????????????????????????????????????????????????????????????
Is it possible to integrate WPA_KILL.EXE in the WinXP setup-routine?
I have a WinXP pro setup CD (sp2 integrated).
??????????????????????????????????????????????????????????????????????????????????

Integrating the AntiWPA Patch in the Windows Setup:

1. Extract [WindowsSetupDir]\i386\winlogon.ex_ to a temporary Dir.
(Winrar or winace will do the job - or rename it to winlogon.cab and
double-click on it - to use the build-in WindowsCabExtract)

2. Apply the WPA Crack to the file.
Right click on 'Apply/Browse' and choose the file.
(To unlock all buttons of the WPA-Patch right click on 'Quit')

3. Repack winlogon.exe an put it back in the installation folder
Use Winace (and choose MS-Cab as compression method) and name
the packed cab-file winlogon.ex_.
Or use the makecab.exe(included in Windows XP) start cmd.exe in the
dir
winlogon.exe is in and Enter:

makecab winlogon.exe

After that you will get winlogon.ex_ as output.

PREVIOUS VERSIONS:
In previous versions the PE Checksum of the file wasn't updated by the
patch.
This caused setup to reject winlogon.exe during installation.
But this has been fixed in this version.


??????????????????????????????????????????????????????????????????????????????????
What changes does this patch to my System and how to undo it?
??????????????????????????????????????????????????????????????????????????????????

1.It modifies c:\WINDOWS\system32\Winlogon.exe and creates a
backup named Winlogon.bak
UNDO: Rename Winlogon.exe -> Winlogon.OUT
Rename Winlogon.bak -> Winlogon.exe
After Reboot you will be able to delete Winlogon.OUT if you
like


2.The RegistryValue
HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\WPAEvents\[OOBETimer]
is set to a fixed value as it is activated.
UNDO: Edit this with Regedit and set Last Byte to FF.
This will 'DeActivate' Windows

Note: Normally this value is written (not read!) by winlogon.exe on
every start up just as information for MSOOBE.
This value has no effect on the real Activation.

3.The 'Activate Windows' Link from the Startmenu is remove
UNDO: Start\Execute:
rundll32 setupapi,InstallHinfSection RESTORE_OOBE_ACTIVATE 132
syssetup.inf

Other Changes:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
"SourcePath" and "ServicePackSourcePath" will be temporary delete
during the patch
and (if nothing real bad happens) restored if it's finished.



??????????????????????????????????????????????????????????????????????????????????
How to set another path to Winlogon.exe?
??????????????????????????????????????????????????????????????????????????????????

Right click on the 'Apply/Browse' button.
If the Patch is already and the 'Apply/Browse' button is greyed out
Right click on the 'Quit' button to force unlock all buttons.

Note: You can also use the Windows Anti WPA Patch to de-protect
(Remove SelfCheckBlock SCB) from other protected
Microsoft exe and dll's:
For ex: licdll.dll, DPCDLL.dll or Windows PLUS! Pack Executables
Of course the WPA-Patch is skipped in this case.


??????????????????????????????????????????????????????????????????????????????????
The Patch doesn't work after I rebooted, the WPA Reminder pops up
again.
Also during the Patch the Windows Systemfile Protection Dialogbox
didn't
come up.
??????????????????????????????????????????????????????????????????????????????????

Maybe the Patch was undone by the Windows File Protection.
To check if the patch is still active start the Windows Anti WPA Patch
again and check if it says 'Patch already applied'.



??????????????????????????????????????????????????????????????????????????????????
How to disable this damn Windows File Protection(WFP)?
??????????????????????????????????????????????????????????????????????????????????

There is no really official way to disable this

This is an undocumented setting worked for recent windows versions:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon
SFCDisable=0xffffff9d

BUT: It was removed in Windows 2000 Service Pack 2 and in Windows XP !
When you restart your computer, the System event log will contain Event
ID 64032, "Windows File Protection is not active on this system."

SFCDisable (REG_DWORD)
0 = enabled (default - WinXP Professional)
1 = disabled, prompt at boot to re-enable - Require a kernel debugger
to be hooked up or this will be ignored!
2 = disabled at next boot only, no prompt to re-enable - Require a
kernel debugger to be hooked up or this will be ignored!
4 = enabled, with popups disabled (default - for all Server Windows)
More about this and how to re-enable the
'SFCDisable=0xffffff9d-setting'
-> http://www.collakeso...om/aboutwfp.htm
To make this more flexible here is a search'n'replace patch:
(Rename sfc_os.dll to sfc_os.OUT; copy sfc_os.OUT to sfc_os.dll)
Open sfc_os.dll in a hexeditor
Search for : 83 f8 9D 75 08 33 C0 40
Replace with: 83 f8 9D EB 08 33 C0 40

So this is were it comes from:
A1 D8E1C376 MOV EAX, [SFCDisable]
Patch- > 83F8 9D CMP EAX, -63 ; = 0xffffff9d !
Search > 75 08 JNZ SHORT Don't_Set_SFCDisable_=_1
Data > 33C0 XOR EAX, EAX
> 40 INC EAX
A3 D8E1C376 MOV [SFCDisable], EAX
:Don't_Set_SFCDisable
Btw this fragment is the reason 0xffffff9d don't work anymore - so
alternatively Nop Out (=overwrite with 0x90) that bastard



Well I found a real simple way to disable this for sure:
Rename c:\WINDOWS\system32\sfc.dll to sfc-OUT.dll to something else
After Reboot the WFP is disable.
BUT I advice to rename sfc-OUT.dll back to sfc.dll soon because I
notice
That you can't install any new Hardware Device Driver because
syssetup.dll
Statically imports sfc.dll and fail to load if sfc.dll is not found.
so files which import
Sfc.dll will start again



?????????????????????????????????????????????????????????????????????????????????????????????
How you access/modify the winlogon.exe file while the winlogon process
is running ?
I only saw you are using standart API calls but I must have missed
something...
?????????????????????????????????????????????????????????????????????????????????????????????

How to modify an File (like winlogon.exe) while it is in use:

1.Rename winlogon.exe -> winlogon.bak
That's the most important thing about that. You can't delete or
modify a file that's in use, but you can RENAME it! (under Win9x
this don't work. But there you can rename the dir the file is in...)

2.Copy winlogon.bak -> winlogon.exe

3.Now you can edit winlogon.exe. Of course you can't delete (or
modify) winlogon.bak as long as it is in use.
But you surely want to keep an backup of it, don't you?

Oh i almost forgot to mention an other annoy thing:
>The Windows system File Protection (WFP) <
When renaming/modifying winlogon.exe as described above the WFP will
immediately restore the original file without any warning(There will just
be an entry in the event logger - but how cares about this).
To avoid this:
* Delete all files in C:\windows\system32\dllcache\*.*
* Rename the path were installed your last Service pack or the path to
the windows installation file to something else like
'D:\installs\WinXP_SP2' -> 'D:\installs\WinXP_SP2.out'
So the WFP won't file them to restore

Well the WPA-Patch doesn't rename your Windows installation path it
deletes temporary the path to this in you registry and restores it after
the patch (actually after you clicked on the OK button of the
messagebox).
These Registry paths are:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
"SourcePath"= "D:\installs\WinXP_CD"
"ServicePackSourcePath" ="D:\installs\WinXP_SP2"

----------------------------------------------------------
Just a hint to see if the patch worked without to Reboot:

1.Apply the patch
2.Logon as an other user
(But don't log of - choose change/disconnect user)
3.When you login just see if the patch works...
... or if not this damn
'You haven't activated your Windows yet...' message

(4.If you logoff the first user now 'winlogo.bak' is no long in use
and you can delete/modify it)

Ah and to get an better overview about the processes which are running
on your machine use this:
http://www.sysintern...e/procexp.shtml
And next time you can't delete a files use 'search handle' and enter
the filename then close the handle(=file) or kill the process...




??????????????????????????????????????????????????????????????????????????????????
PREVIOUS VERSIONS:
I got 'ERROR: Unknown Version of winlogon.exe'.
Can you include this version in your WPA-Patcher ?
??????????????????????????????????????????????????????????????????????????????????

Well please try the offset locator button to patch this new Version.
Since Version 1.4 I added a heuristic search for offset locator which
should find the right offset by default and highlight it.
So -after you read the warning- just double click on the highlight
Offset on the List to set this as new patch-Offset.

If this is not a Beta or Release Candidate Version send me your
-unpatched- Winlogon.exe by email and add if the default offset (found by the
for offset locator) works.




??????????????????????????????????????????????????????????????????????????????????
PREVIOUS VERSIONS:
The patch don't work - if i click on the 'Activate Windows' link in
the
start menu, it says Windows isn't activated and that there are only xx
days left.
??????????????????????????????????????????????????????????????????????????????????

This patch didn't stop the trial counter nor will it 'Activate' your
Windows.

The WPA-Patch fixes the condition jump which decides whether windows
was started in safe mode
and the activation check should be skipped or if it was started in
normal mode and it should be done.
So in short it will make winlogon.exe to skip the is-Windows-activated
check when you logon.

To see if the patch work wait about one minute after you logon -
if the Activation reminder balloon in the tray bar DON'T pop up - the
patch IS working.
Some other things to see that it works
The messagebox that reminders you to active if there are only 5 days
left and
The messagebox that says you're not allowed to logon until you active
will be away.

So patching msobmain.dll just to make it say it's activated is only
additional overheat and
also may cause some problems. Maybe if you want to change your CDKey
and you don't reach the CDKEY change dialog because it says already
activated...
Ok what i need to do is to include some FAQ-info text in the next
version about that issue.
Maybe I will add a "Let's Activate Windows" force true patch if there
is such a big need for this
I mean if this will make someone sleeps better at night - is enough for
a good reason.




-------------------------------------------------
History

2.0.0 Oct'04
Patcher is now able to scan the crypt code parts
and to finds the right patch offset automatically
(no Version and offsetlocator hassle anymore)
PE Checksum of patched file is updated
Added Restore Backup Function
Added menu bar with Options

1.7.x Oct'04
*Internal Beta Versions*

1.6.2 Sep'04
Added MSOOBE Activation Fix
Added Readme.txt

1.6 Aug'04
Added support for WinXP SP2 2180

1.5 Jul'04
BugFix: Changes set by offsetlocator were not written to disk

1.4 Jun'04
Added support for WinXP SP2 RC1 2142
Added heuristic search for offset locator

1.3 Jun'04
Added support for WinXP SP2 RC1 2120
smaller changes

1.2 Apr'04
Patch recoded in Visual Basic 6
Added generic check block disabler
Added offset locator to support unknown versions
Added support for WinXP SP2 Beta and Win2K3
Improved Windows File Protection support

1.1 Nov'03
BugFix: SP1 crashed when returning from standby
Improved Windows File Protection support

1.0 Sep'03
First release using the apatch-engine


<http:\\Antiwpa.cjb.net> crackware2k@freenet.de

"The file that needs to be patched on the picture, is the file called "iecustom.dll". This is due to the fact that the picture is taken from the blinder for the new IE7 Final. When the file is chosen, it will be patched by the blinder. When this is done, you can install the program as usual, with no validation-check!."




I tried this with the new [latest] IE7 only to find that the blinder quoted as for IE7 Final does not work with the version I downloaded. I get the message that the iecustom.dll is not the correct file! Also, the latest IE7 download is not a zip file but an executive [.exe] file. Not that this precluded opening and extracting the files but they are obviously not the same as for a [non-existent?] zip file. In this I refer to the blinder by"Snodger". Understand that I am in no way criticising snodger but I would like to know if there is a later version of this blinder as I have not been able to locate one.

homeboy, on Dec 25 2006, 05:49 AM, said:

I'm somewhat puzzled by your post. Did you download the English language version of IE7? If so, did you download it using the link I provided? My blinder does work on that file; I have just tested it. Also what is this mysterious non-existent zip file that you refer to? Why should you refer to a file that is non-existent and which nobody has mentioned previously?

If you used a version for a language other than English then you could well receive a message that iecustom.dll was not the expected file. In that case you need to adopt another approach. See my post here for instructions.

This post has been edited by snodger: 29 December 2006 - 12:11 AM

Hi, if I can just take this opportunity to say thanks very much for this guide - it's great, both the pictures and the explanations.

If I may just say that it would be helpful for others if you could put the link to the latest download site http://www.mediamax....pa_versions.rar in the first post, some people might miss it - like I did at first...

Oh, and the only other thing is that when I downloaded the file it gave a warning on my norton antivirus - a hacktool and a trojan. Winrar virus scan fixed one of the files and then I used norton to delete the other, but I was able to use the wpa kill file to fix my problem. Thanks.

This post has been edited by Spooky: 01 January 2007 - 11:26 PM

snodger, on Dec 29 2006, 06:00 AM, said:

Oops! Firstly my apologies to Snodger. I was misled by the second part of his instructions viz.,

2. Use WinRAR, WinZIP or similar to unpack IE7-WindowsXP-x86-enu to its own folder.

I assumed this referred to a ZIP file but now realize that one can "unpack" an EXE file using WinRAR/WinZIP. However, that being said, I am still not able to install IE7 using this method. As to why I am not sure. Running update.exe resulted in the changing of files and/or installing of others. When the dialogue box stated "updating registry" [I think! the process is pretty fast!] I got a message stating quite simply "Access denied". When I closed that box it said something like restoring files etc., and promptly rebooted without my assistance! I can see no problems with my computer and IE6 still works. Any ideas - I would be obliged, especially if it helps to reduce/remove my frustration!

Very good guide but I come across a problem;

I install the antiwpa and to check to see if its working I do what it said in the readme by going into cmd.exe and typing

TASKLIST /M /FI "MODULES eq antiwpa.dll

However I get this

INFO: No tasks running with the specified criteria

Any suggestions?

Running with no service packs at all on XP Pro 2002

Thanks

Oh edit - I did reboot and try but got the same result

This post has been edited by yeahboy: 04 January 2007 - 02:17 AM

I am sending this via my newly installed IE.7. MANY thanks for your help, it took me about an hour to sort it but without this guide I'm not sure if I would have done it. Once again MANY THANKS. Note to people having problems: PERSEVERE....follow the guide and IT WORKS !!! I made several mistakes before I sorted it and ALWAYS back up files you are using just in case.

Hi there I can't seem to get the WGA validation ACTIVE-X installed, there is just no popup.

I did another validation trick about a year ago, but that fucked my install I guess.

anyone a workaround because it jus't wont display the activex notification.

forzatio, on Feb 17 2007, 11:32 PM, said:

Did you use muBlinder?

WarXchild, on Feb 17 2007, 10:56 PM, said:

hi yes I did at that time and now I use it too, everything has status GREEN.

forzatio, on Feb 18 2007, 01:58 AM, said:

ok, and what happens when you click on the Go To Microsoft Update button? Or are you trying the Download Center?

WarXchild, on Feb 17 2007, 11:13 PM, said:

I did microsoft update, then it's looking for updates (progressbar) then it comes up with a screen with this text:

Validation for original windows

[ support-id: 0x8DDD100F ]

Do you want to validate windows now ? Continue, then it brings me to this page.

http://www.microsoft...hyValidate.aspx

It should give me a popup with the activeX installation for the validation, but it just gives me nothing even though security settings are set to very low.

This post has been edited by forzatio: 17 February 2007 - 10:22 PM

forzatio, on Feb 18 2007, 02:22 AM, said:

ok, try this (make sure muBlinder and all browser windows are closed):

1) Delete the file LegitCheckControl.DLL, you will find it in C:\Windows\System32

2) Go to http://www.microsoft...hyValidate.aspx and click on the "Validate Now" button.

3) On the next screen, an ActiveX popup should appear, install that ActiveX.

4) After its installed and it says your windows is not geniune, close the browser window.

5) Run muBlinder, go to the Validation tab and click on "Enable" so that everything is green again.

6) Click on the Go To Microsoft Update button and try to get updates.