Bypass Windows 7 Extended Security Updates Eligibility

Discussion in 'MDL Projects and Applications' started by abbodi1406, Nov 17, 2019.

  1. mspaintmsi

    mspaintmsi MDL Novice

    May 9, 2015
    23
    151
    0
    #21 mspaintmsi, Nov 18, 2019
    Last edited by a moderator: Nov 23, 2019
    Where do I even begin..

    Do not, under absolutely any circumstances.....
    This is certainly NOT the way you want your system to die.

    Replacing system libraries is a very bad idea. Everything that uses SLC functions outside of the ones implemented will either throw an error or immediately crash. (in the worst case, break existing configuration)
    The kernel will be fine as it obtains everything from the registry, but most likely after some time a BSOD will occur because of an NPE caused by more important parts of the system.
    This will entirely break half of Windows' Licensing and half of Windows along with it.

    We're trying to do it cleanly and (to some extent) transparently, so nothing breaks along with it.
    Take a look at how @abbodi1406 's implementation works and try to build upon that.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. -=ismail=-

    -=ismail=- MDL Member

    Jul 25, 2013
    104
    427
    10
    #22 -=ismail=-, Nov 18, 2019
    Last edited by a moderator: Nov 23, 2019
    @mspaintmsi,

    Hi, it was only for information how to get admin rights with onboard windows tools to avoid superuser32/64.exe file.

    Nevermind, let me reinstall my windows, I think I have another example based on SLC from script.

    :)


    edit:
    Well, after copying slshim64.dll to C:\windows\servicing\slc.dll on 64-Bit version I could install the test update. I did nothing else after fresh installation.
    Please note that on fresh installation there is no slc.dll in this folder; that means no replacement of files(!)


    Again, its only for information/educational purposes how to get admin rights with windows onboard tools.


    Code:
    @ECHO OFF
    CLS
    COLOR 0A
    
    ::64-Bit; servicing path
    set "source64=%~dp0slshim64.dll"
    set "dest64=%SystemRoot%\servicing"
    takeown /F "%dest64%" /A
    icacls "%dest64%" /grant Administrators:F
    if exist "%dest64%\slc.dll" del "%dest64%\slc.dll"
    copy "%source64%" "%dest64%\slc.dll"
    takeown /F "%dest64%\slc.dll" /A
    icacls "%dest64%\slc.dll" /grant Administrators:F
    copy "%source64%" "%dest64%\slc.dll"
    icacls "%dest64%" /setowner "NT SERVICE\TrustedInstaller"
    icacls "%dest64%" /grant:r Administrators:RX
    
    
    pause
    
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    10,044
    38,834
    340
    #23 abbodi1406, Nov 19, 2019
    Last edited: Nov 19, 2019
    (OP)
    @-=ismail=-

    i know how to "override" trustedinstaller-protected locations, but using superuser is better than messing with permissions
     
  4. -=ismail=-

    -=ismail=- MDL Member

    Jul 25, 2013
    104
    427
    10
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. p0werb1t

    p0werb1t MDL Novice

    Feb 1, 2014
    3
    3
    0
    Perhaps, now that it seems to work, is better to wait and see what ms will do, and only after make adjustments/changes.
    It is very good to already have clean ways that not replace system files and are not affected by sfc and windows updates. Even so, slshim and kurwica dlls could be marked by Defender or other AVs ...

    Thank you all, long life to 7!
     
  6. NST_Adventure

    NST_Adventure MDL Senior Member

    Jun 1, 2019
    300
    33
    10
    Oh No :( :kick:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. alaviss

    alaviss MDL Novice

    Aug 16, 2011
    9
    8
    0
    It appears that the SlcShim version causes "Turn Windows features on or off" to rollback at 98% during multiple reboot changes (ie. disabling Tablet PC components). Uninstalling SlcShim fixes the issue.

    This is on Windows 7 Enterprise x64.
     
  8. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    10,044
    38,834
    340
    #28 abbodi1406, Nov 24, 2019
    Last edited: Nov 24, 2019
    (OP)
    Any chance to share C:\Windows\Logs\CBS logs?

    Edit:
    nevermind, i reproduced the issue
    thanks
     
  9. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    10,044
    38,834
    340
    #29 abbodi1406, Nov 24, 2019
    Last edited: Nov 25, 2019
    (OP)
    # Updated

    removed SlcShim, as it break other servicing operations (particularly SppInstaller: SLpUpdateComponentTokens)
    Kurwica hook will be used for all editions now

    thanks to @alaviss for reporting
     
  10. PC_Uzaarr

    PC_Uzaarr MDL Novice

    Sep 18, 2019
    9
    1
    0
    Since MS is planning to raise the price of ESUs each year, do you think they will alter their verification scheme each year. If not, then year one subscribers could get all 3 yrs without paying more. So do you think this patch will work for subsequent year ESUs or will we just have wait & see if modifications to the patch are required?
     
  11. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    10,044
    38,834
    340
    #31 abbodi1406, Dec 1, 2019
    Last edited: Dec 1, 2019
    (OP)
    Test update KB4528069 check for all years MAK keys licenses in order

    when 2nd year arrive, they can simply remove 1st year check and leave 2 & 3, and so on

    of course we shall wait to see if the verification logic change on February 2020 updates, but i doubt they will change it on first year at least
     
  12. mspaintmsi

    mspaintmsi MDL Novice

    May 9, 2015
    23
    151
    0
    The way this works right now is that every single software licensing policy out of those three:
    • Client-ESU-Year1
    • Client-ESU-Year2
    • Client-ESU-Year3
    is checked (in order) and if any of those is set to true, you're eligible for ES updates.
    So this thing will most likely not change as it seems to be ready for all 3 years of extended support.

    Windows Update will most likely verify the same thing through WMI, which can also be easily hooked. We'll have to wait and see what Microsoft comes up with .-.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. PC_Uzaarr

    PC_Uzaarr MDL Novice

    Sep 18, 2019
    9
    1
    0
    :worthy: @ abbodi1406 & mspaintmsi
     
  14. nuhuh

    nuhuh MDL Novice

    Oct 10, 2013
    22
    2
    0
    Can leaving this bypass installed/enabled all the time cause any issues?

    Do I need kurwica32.dll and superUser32.exe on 64bit Windows?
     
  15. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    10,044
    38,834
    340
    No, not yet
    no
     
  16. Nazzy

    Nazzy MDL Junior Member

    Nov 19, 2016
    50
    20
    0
    Will Bypass work for Win7 activated by DAZ Loader?
     
  17. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    24,996
    35,554
    390
    It should, and did on my tests, windows doesn't know that the slic is artificially in the boot sector and not inside the bios.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  18. herocspx

    herocspx MDL Novice

    Sunday
    1
    0
    0
    mark ,see later
     
  19. JayPea

    JayPea MDL Novice

    Feb 28, 2009
    40
    11
    0
    You clever bastards! :D