Well buy a legitimate retail mak key if you want permanent activation, what's the problem with KMS if you're activated every 180 days in an automated way like with office 2010 & Win7 Ent, if you ever used the activator for these it runs automatic.
There won't be anything "definitive" short of using a retail key or an OEM machine. Emulating OEM may not be possible at all, certainly not for some time. Just look at the state of Windows 7 Enterprise and Office 2010. That's what it's going to be like for Windows 8.
The best thing about them is that you can run them on a VM, fiddle some records into DNS and your whole LAN activates its Win7 and Office2010 automatically without doing anything on the clients. That's why I need a local solution and not spurious servers on the Internet.
Let me say some words about KMS protocol structure..... First of all - packet's hash signature computation is done without any help from windows crypto API. In fact, this is Rijndael (AES) based keyed hash function, based on blocksize 128 bit with 6 rounds. Full initial keyschedule is hardcoded into sppsvc.exe and it is VERY, VERY GOOD protected. Capturing this was main ZWT failure ... they cutted off part of sppsvc and with little modifications pasted it into KMSservice.exe. Now (some time ago) i dumped correct key tables - no more error 0x8007000D, actually there was a need to completely rewrite crypto algo assembler code and substitute it in kmsservice. Starting from Win 8 we have deal with two independent versions of KMS packets: 4.0 and 5.0 (win 8 client and server versions use ver 5, but older OSes and Office use ver 4). Here goes some tech info, if this can help for someone RPC interface MIDL definition is very simple: [uuid(51c82175-844e-4750-b0d8-ec255555bc06), version(1.0)] interface KmsActivation { long Activate ( [in] long RequestSize, [in][size_is(RequestSize)] char Request[], [out] long * ResponseSize, [out][ref][size_is(*ResponseSize)] char ** Response ); } Next: request and response packets Currently i don't have full info about some struct members, but this isn't very important for mini-kms implementation. KmsRequestV4: WORD VersionMinor; //0 WORD VersionMajor; //4 DWORD Tag1; //depends from activating software (differs win7 and office) DWORD Tag2; //--------------------------- "" --------------------------------- DWORD GraceTime; //Minutes remaining grace GUID APP_ID; GUID SKU_ID; GUID PID3; GUID InstallationPID //actual machine identification aka MachineID DWORD MinimumClients; //25 for Windows, 5 for Office DWORD Timestamp; //100ns timeslices from 01.01.1600 GUID Reserved; //NULL GUID WCHAR[0x40] Workstation; //activating workstation name BYTE[0x10] HashSignature; //Hash function, mentioned above, calculated from all previous packet, including version KmsResponseV4: WORD VersionMinor; //0 WORD VersionMajor; //4 DWORD KmsPidLength; //actual PID length is 0x62, including terminating zero WCHAR[0x62] KmsPID; // GUID InstallationPID; //see above, MUST be same as in request DWORD Timestamp; //---------------------""---------------------- DWORD A; //26 DWORD B; //120 DWORD C; //10080 BYTE[0x10] HashSignature; //see above So far it was true for V4 ... but in V5 not so easy: KmsPacketV5: WORD VersionMinor; //0 WORD VersionMajor; //5 BYTE[0x100] Payload; //encrypted data .................. Again, encryption & decryption is done entirely in sppsvc.exe ... The main idea is to decompile sppsvc.exe and extract crypto algo from it, but this won't be easy task due to heavy code obfuscation. OK, tired to write this all Some additions: What really does ZWT 'keygen': it does reply of CONSTANT KmsResponse packet, substituting only InstallationID and Timestamp, and after that signing that all with hash. possible garbage bytes after WorkstationName terminating zero ARE LEGAL. As said before, the only failure is faulty hash key schedule, which in turn SOMETIMES AND DATA_DEPENDING gives invalid hash value ....................... Little later i can post FULL hash algo source code.
@FiB3R_OPTiC and @100, keep doing off-topics post and Im going request to remove you from this thread/whatever. I totally agree with you and I couldnt find the 'kickstart' routine, where all the data is processed and returned to the opp request. Thx for the structure, tho.
Routines can be find only via RPC interface definitions in sppsvc. However, they are very strong obfuscated
PM'ing to mods to get our comments removed for whatever reason isn't going to earn you any brownie points, nor will the mods be best pleased by you filling up their inbox whining, you said you want something more definitive well buy a retail key and save us the whining about non permanent activation, nobody is ever going to decode the MS master key for permanent activations. After all the thread is about KMS which is non permanent so if you want something else get off this thread.
This file actually keeps current licensing state, yes - it is updated with latest KMS activation info, but from possible activation perspective this is pretty useless wchar_t simply is default Windows string type... and this file contains a LOT of strings but ... did you find in it kms ver5 ENCRYPTED packet????
Part of the payload has a flag for Client VM state @ least if the client is running in Hyper V( KMS Host logs VM 0/1). Not really critical for mini-kms as mentioned. I haven't had much time lately to play with the rest.
Some help for Mister Arrogant Noobs garbellano ... who search about something that he already have under his nose and eyes ! Noobs of the century !!! Mister Arrogant !!!! Lesson 1: How to use a debugger and understand what it's does ! Code: .text:005825A5 .text:005825A5 loc_5825A5: ; CODE XREF: sub_58258D+Cj .text:005825A5 mov edx, [ebp+arg_4] .text:005825A8 mov ecx, [ebp+arg_0] .text:005825AB push ebx .text:005825AC push esi .text:005825AD push edi .text:005825AE call sub_72D23E ; read Byte 0 .text:005825B3 mov edx, [ebp+arg_C] .text:005825B6 mov ecx, [ebp+arg_8] .text:005825B9 movzx eax, al .text:005825BC movzx eax, ds:byte_4011F0[eax] ; SBOX1 (Yes "Genius" Garbellano, it's a SBOX) .text:005825C3 push eax .text:005825C4 call sub_72D281 ; write byte 0 .text:005825C9 mov edx, [ebp+arg_4] .text:005825CC mov ecx, [ebp+arg_0] .text:005825CF lea edx, [edx+1] ; Byte 1 .text:005825D2 call sub_72D23E .text:005825D7 mov ecx, dword_77AC08 .text:005825DD movzx edx, al .text:005825E0 add edx, Tampon ; implicite : Byte 1+ 00h .text:005825E6 call sub_72D23E ; When aTampon isused, sub_72D23E become a very special function. take a look to the function if needed .text:005825EB mov edx, [ebp+arg_C] .text:005825EE mov ecx, [ebp+arg_8] .text:005825F1 mov byte ptr [ebp+arg_10], al .text:005825F4 push [ebp+arg_10] .text:005825F7 lea edx, [edx+1] ; Byte 1 .text:005825FA .text:005825FA loc_5825FA: ; DATA XREF: .text:0071B935o .text:005825FA call sub_72D281 ; write byte 1 .text:005825FF mov edx, [ebp+arg_4] .text:00582602 mov ecx, [ebp+arg_0] .text:00582605 lea edx, [edx+2] ; Byte 2 .text:00582608 call sub_72D23E .text:0058260D mov edx, [ebp+arg_C] .text:00582610 mov ecx, [ebp+arg_8] .text:00582613 movzx eax, al .text:00582616 movzx eax, ds:byte_4012F0[eax] ; SBOX2 (Yes Noobs Garbellano, it's another SBOX) .text:0058261D push eax .text:0058261E lea edx, [edx+2] .text:00582621 call sub_72D281 .text:00582626 mov edx, [ebp+arg_4] .text:00582629 mov ecx, [ebp+arg_0] .text:0058262C lea edx, [edx+3] ; byte 3 .text:0058262F call sub_72D23E .text:00582634 mov edx, [ebp+arg_C] .text:00582637 mov ecx, [ebp+arg_8] .text:0058263A movzx eax, al .text:0058263D movzx eax, ds:byte_4013F0[eax] ; SBOX3 (Yes arrogant Garbellano, it's another SBOX) .text:00582644 push eax .text:00582645 lea edx, [edx+3] .text:00582648 call sub_72D281 .text:0058264D mov edx, [ebp+arg_4] .text:00582650 mov ecx, [ebp+arg_0] .text:00582653 lea edx, [edx+4] ; Byte 4 .text:00582656 call sub_72D23E .text:0058265B mov edx, Tampon .text:00582661 movzx ecx, al .text:00582664 add edx, 100h ; Byte 4 +100h .text:0058266A add edx, ecx .text:0058266C mov ecx, dword_77AC08 .text:00582672 call sub_72D23E .text:00582677 mov edx, [ebp+arg_C] .text:0058267A mov ecx, [ebp+arg_8] .text:0058267D mov byte ptr [ebp+arg_10], al .text:00582680 push [ebp+arg_10] .text:00582683 lea edx, [edx+4] .text:00582686 call sub_72D281 .text:0058268B mov edx, [ebp+arg_4] .text:0058268E mov ecx, [ebp+arg_0] .text:00582691 lea edx, [edx+5] .text:00582694 call sub_72D23E .text:00582699 mov edx, [ebp+arg_C] .text:0058269C lea edx, [edx+5] ; Byte 5 .text:0058269F call sub_5BDE50 .text:005826A4 mov ecx, [ebp+arg_8] .text:005826A7 movzx eax, al .text:005826AA push eax .text:005826AB call sub_72D281 .text:005826B0 mov edx, [ebp+arg_4] .text:005826B3 mov ecx, [ebp+arg_0] .text:005826B6 lea edx, [edx+6] ; Byte 6 .text:005826B9 call sub_72D23E .text:005826BE mov edx, Tampon .text:005826C4 movzx ecx, al .text:005826C7 add edx, 200h ; Byte 6 + 200h .text:005826CD add edx, ecx .text:005826CF mov ecx, dword_77AC08 .text:005826D5 call sub_72D23E .text:005826DA mov edx, [ebp+arg_C] .text:005826DD mov ecx, [ebp+arg_8] .text:005826E0 mov byte ptr [ebp+arg_10], al .text:005826E3 push [ebp+arg_10] .text:005826E6 lea edx, [edx+6] .text:005826E9 call sub_72D281 .text:005826EE mov edx, [ebp+arg_4] .text:005826F1 mov ecx, [ebp+arg_0] .text:005826F4 lea edx, [edx+7] ; Byte 7 .text:005826F7 call sub_72D23E .text:005826FC mov edx, Tampon .text:00582702 movzx ecx, al .text:00582705 add edx, 300h ; Byte 7 +300h .text:0058270B add edx, ecx .text:0058270D mov ecx, dword_77AC08 .text:00582713 call sub_72D23E .text:00582718 mov edx, [ebp+arg_C] .text:0058271B mov ecx, [ebp+arg_8] .text:0058271E mov byte ptr [ebp+arg_10], al .text:00582721 push [ebp+arg_10] .text:00582724 lea edx, [edx+7] .text:00582727 call sub_72D281 .text:0058272C mov edx, [ebp+arg_4] .text:0058272F mov ecx, [ebp+arg_0] .text:00582732 lea edx, [edx+8] .text:00582735 call sub_72D23E .text:0058273A mov edx, Tampon .text:00582740 movzx ecx, al .text:00582743 add edx, 400h ; byte 8 + 400h .text:00582749 add edx, ecx .text:0058274B mov ecx, dword_77AC08 .text:00582751 call sub_72D23E .text:00582756 mov edx, [ebp+arg_C] .text:00582759 mov ecx, [ebp+arg_8] .text:0058275C mov byte ptr [ebp+arg_10], al .text:0058275F push [ebp+arg_10] .text:00582762 lea edx, [edx+8] .text:00582765 call sub_72D281 .text:0058276A mov edx, [ebp+arg_4] .text:0058276D mov ecx, [ebp+arg_0] .text:00582770 lea edx, [edx+9] .text:00582773 call sub_72D23E .text:00582778 mov edx, Tampon .text:0058277E movzx ecx, al .text:00582781 add edx, 500h ; byte 9 +500h .text:00582787 add edx, ecx .text:00582789 mov ecx, dword_77AC08 .text:0058278F call sub_72D23E .text:00582794 mov edx, [ebp+arg_C] .text:00582797 mov ecx, [ebp+arg_8] .text:0058279A mov byte ptr [ebp+arg_10], al .text:0058279D push [ebp+arg_10] .text:005827A0 lea edx, [edx+9] .text:005827A3 call sub_72D281 .text:005827A8 mov edx, [ebp+arg_4] .text:005827AB mov ecx, [ebp+arg_0] .text:005827AE lea edx, [edx+0Ah] ; byte 10 .text:005827B1 call sub_72D23E .text:005827B6 mov edx, [ebp+arg_C] .text:005827B9 mov ecx, [ebp+arg_8] .text:005827BC movzx eax, al .text:005827BF movzx eax, ds:byte_4029F0[eax] ; SBOX4 (Yes BigMouth Garbellano, it's another SBOX.Go learn to use a debugger!) .text:005827C6 push eax .text:005827C7 lea edx, [edx+0Ah] .text:005827CA call sub_72D281 .text:004011F0 byte_4011F0 db 0E0h, 6, 5Ch, 0A8h, 0FBh, 0D6h, 2Fh, 0C4h, 0A5h, 54h, 0A9h, 3Fh, 85h, 0A3h, 2Ch, 0EBh, 0CFh, 77h, 4Eh, 0C3h, 63h, 0C1h, 18h, 86h, 2Bh, 4Fh, 0AEh, 0B0h, 0D9h, 0F6h, 19h, 0BFh, 49h, 53h, 64h, 46h, 0B9h, 3, 0CEh, 0C9h, 16h, 0A2h, 72h, 0Ah, 0F1h, 6Eh, 0B4h, 0Fh, 0Ch, 7Eh, 5Ah, 76h, 32h, 0CDh, 2Eh, 13h, 0BDh, 0BBh, 28h, 0B5h, 0DFh, 84h, 0E7h, 58h, 8Ch, 9Eh, 7, 0E6h, 4Ch, 22h, 30h, 8Eh, 47h, 0B2h, 82h, 8Fh, 5Dh, 0A1h, 93h, 2, 35h, 3Eh, 0C8h, 8Bh, 7Ah, 69h, 0D5h, 88h, 1, 31h, 5Eh, 87h, 1Dh, 55h, 26h, 8Dh, 2Ah, 0, 10h, 9, 0D3h, 98h, 0CBh, 0DAh, 70h, 60h, 34h, 57h, 0E1h, 0FDh, 0C5h, 0DDh, 0D0h, 0E8h, 3Bh, 1Fh, 59h, 29h, 0D1h, 41h, 0Bh, 0E5h, 15h, 9Bh, 0FFh, 75h, 7Bh, 0E9h, 0F5h, 40h, 0D7h, 79h, 17h, 56h, 4Dh, 73h, 4Bh, 5Fh, 0F4h, 0ADh, 71h, 0DBh, 0B3h, 0C6h, 27h, 95h, 33h, 96h, 0E2h, 3Ah, 0EFh, 83h, 90h, 0A4h, 48h, 4, 0CAh, 7Ch, 97h, 0FCh, 91h, 0F8h, 52h, 0E3h, 6Fh, 74h, 0BAh, 65h, 6Ah, 20h, 0B8h, 8, 1Bh, 21h, 0F9h, 0AFh, 7Dh, 39h, 6Bh, 0FEh, 1Ah, 7Fh, 42h, 43h, 0C2h, 0EAh, 51h, 67h, 0B7h, 1Ch, 9Ch; 0 .text:004011F0 ; DATA XREF: sub_58258D+2Fr .text:004011F0 db 0CCh, 0D8h, 0ACh, 81h, 0F0h, 6Ch, 0E4h, 99h, 0EEh, 37h, 0FAh, 5Bh, 0ABh, 9Ah, 0A6h, 89h, 0F3h, 0Eh, 0DEh, 14h, 0ECh, 45h, 66h, 36h, 0B1h, 23h, 0A7h, 78h, 3Dh, 2Dh, 6Dh, 0B6h, 0C0h, 1Eh, 44h, 11h, 62h, 0A0h, 68h, 0F7h, 12h, 94h, 38h, 0C7h, 80h, 0EDh, 0DCh, 0F2h, 24h, 0AAh, 0Dh, 61h, 0D2h, 3Ch, 9Fh, 9Dh, 0D4h, 5, 8Ah, 4Ah, 0BCh, 92h, 50h, 25h, 0BEh; 191 .text:004012F0 byte_4012F0 db 27h, 96h, 0E4h, 8Dh, 0CFh, 10h, 1Ah, 1, 0CDh, 7Dh, 1Fh, 55h, 8Ch, 0DAh, 6Eh, 54h, 1Eh, 8Bh, 8, 4Ch, 37h, 36h, 6Fh, 0Ah, 24h, 12h, 0B7h, 9Fh, 0E9h, 0B9h, 0C2h, 69h, 0A2h, 0Ch, 80h, 35h, 38h, 6, 62h, 23h, 81h, 0D8h, 3Eh, 2Ah, 0C6h, 0B3h, 4, 0AEh, 46h, 0E3h, 52h, 0E0h, 9Ah, 0F6h, 97h, 4Fh, 3Dh, 71h, 0E5h, 0D1h, 0E2h, 89h, 0BFh, 9, 64h, 17h, 6Bh, 31h, 82h, 67h, 0D5h, 1Dh, 0B2h, 0F5h, 0E1h, 4Dh, 87h, 51h, 98h, 0A9h, 14h, 0A7h, 0DFh, 78h, 0E8h, 0A1h, 49h, 0EAh, 3Fh, 0C9h, 70h, 0FFh, 50h, 0CBh, 0E7h, 25h, 0F4h, 85h, 0ADh, 0D9h, 0ECh, 9Bh, 19h, 91h, 2Eh, 0DEh, 42h, 8Fh, 0FCh, 86h, 0EFh, 0D3h, 61h, 99h, 7Bh, 0ABh, 43h, 0C4h, 30h, 13h, 0Dh, 48h, 56h, 0D2h, 0C3h, 0B5h, 58h, 18h, 11h, 33h, 3Ch, 26h, 0BBh, 0BCh, 0CCh, 76h, 7, 7Fh, 63h, 0D7h, 0C1h, 7Ah, 84h, 1Bh, 2Fh, 3, 79h, 0Bh, 5Bh, 66h, 47h, 0B8h, 5Dh, 0C0h, 0C8h, 0CEh, 92h, 2Dh, 0AAh, 0F1h, 29h, 0DDh, 95h, 73h, 5Ah, 0B1h, 8Eh, 0A3h, 0DCh, 4Ah, 0D0h, 21h, 59h, 9Eh, 0F0h, 0D6h, 3Bh, 0B6h, 0BAh, 2, 6Dh, 0F3h, 16h, 0B4h, 0DBh, 0C5h, 5Eh, 3Ah, 6Ch, 0CAh; 0 .text:004012F0 ; DATA XREF: sub_58258D+89r .text:004012F0 db 0ACh, 83h, 65h, 7Ch, 5Fh, 75h, 0BEh, 0AFh, 0A6h, 0EDh, 41h, 22h, 5, 15h, 0B0h, 0A8h, 94h, 88h, 4Eh, 6Ah, 0A5h, 9Dh, 0A4h, 34h, 2Ch, 5Ch, 60h, 0EEh, 7Eh, 90h, 0Eh, 9Ch, 8Ah, 0, 72h, 93h, 0F9h, 0EBh, 45h, 0FBh, 39h, 57h, 0F7h, 0FAh, 32h, 0C7h, 0E6h, 77h, 28h, 0D4h, 0BDh, 0FEh, 40h, 4Bh, 0A0h, 0FDh, 0Fh, 1Ch, 2Bh, 0F2h, 74h, 44h, 53h, 0F8h, 68h, 20h; 190 .text:004013F0 byte_4013F0 db 11h, 59h, 0C9h, 62h, 75h, 45h, 0C3h, 1Ah, 2Dh, 3Eh, 0CCh, 91h, 7Ah, 71h, 0CFh, 8Ch, 0E5h, 19h, 46h, 0D7h, 0F6h, 3, 0CBh, 0C6h, 66h, 8, 0CAh, 74h, 0DAh, 0C8h, 0A2h, 43h, 31h, 0BBh, 0ADh, 3Fh, 0A1h, 4Fh, 0DFh, 51h, 6Dh, 1Dh, 5, 95h, 0ACh, 94h, 5Bh, 7Fh, 0B9h, 0A5h, 99h, 81h, 24h, 34h, 13h, 70h, 0DCh, 97h, 9Eh, 8Fh, 44h, 6Eh, 4Dh, 54h, 0B2h, 9Dh, 0FBh, 5Dh, 0Bh, 6Fh, 0F4h, 0EAh, 85h, 27h, 0C2h, 5Ch, 33h, 8Bh, 87h, 0Ah, 0E7h, 0C1h, 0AFh, 68h, 10h, 0E1h, 7Bh, 0EDh, 92h, 0BFh, 80h, 6Bh, 42h, 0A4h, 0ECh, 18h, 0C0h, 9Bh, 1Ch, 0A3h, 0FFh, 0F9h, 0F1h, 6Ch, 89h, 76h, 57h, 6Ah, 3Ah, 48h, 32h, 1Eh, 2Ah, 0B5h, 4Bh, 0F0h, 0E6h, 52h, 4Eh, 36h, 47h, 0FDh, 8Dh, 8Ah, 17h, 0Dh, 2, 20h, 29h, 69h, 84h, 0F2h, 0E3h, 67h, 79h, 3Ch, 22h, 1, 0F5h, 72h, 9Ah, 4Ah, 0A8h, 50h, 0E2h, 0DEh, 0B7h, 0CDh, 0BEh, 73h, 0EFh, 1Fh, 0A0h, 28h, 0AAh, 0DDh, 0E8h, 9Ch, 0B4h, 0C5h, 14h, 0D6h, 0FAh, 61h, 0CEh, 41h, 0F8h, 0Eh, 0DBh, 78h, 90h, 0D9h, 49h, 0EEh, 96h, 25h, 98h, 0A9h, 60h, 0B6h, 7Ch, 0D0h, 0C4h, 83h, 2Ch, 0E4h, 56h, 0B3h, 0; 0 .text:004013F0 ; DATA XREF: sub_58258D+B0r .text:004013F0 db 5Ah, 26h, 55h, 38h, 8Eh, 0B8h, 0D3h, 0E0h, 0D4h, 40h, 0Ch, 7Eh, 0A6h, 0C7h, 0ABh, 0D1h, 63h, 0D2h, 77h, 9Fh, 35h, 82h, 0F7h, 1Bh, 0Fh, 0E9h, 0B0h, 12h, 53h, 37h, 9, 4, 0B1h, 3Dh, 93h, 58h, 0F3h, 88h, 0D8h, 0AEh, 86h, 23h, 15h, 3Bh, 5Eh, 7, 6, 7Dh, 39h, 0BAh, 2Fh, 65h, 5Fh, 0EBh, 0BDh, 64h, 2Eh, 4Ch, 0FCh, 30h, 2Bh, 21h, 0FEh, 0BCh, 0D5h, 0A7h, 16h; 189 .text:004029F0 byte_4029F0 db 8, 8Ch, 92h, 0D7h, 0C2h, 82h, 6Fh, 19h, 71h, 0A1h, 43h, 0BBh, 0C9h, 0EAh, 1Eh, 99h, 55h, 98h, 4, 0F4h, 9, 35h, 5Ch, 26h, 3, 77h, 5Fh, 2Eh, 4Bh, 0C3h, 41h, 36h, 25h, 0AAh, 13h, 0E5h, 0FFh, 3Dh, 11h, 8Ah, 0A2h, 5, 7Dh, 0CEh, 30h, 93h, 7Bh, 32h, 97h, 3Bh, 2Fh, 68h, 73h, 42h, 8Bh, 5Dh, 0EBh, 0B1h, 0CDh, 0BEh, 0C7h, 0Fh, 0BDh, 58h, 0Bh, 3Fh, 0ABh, 0E7h, 0D3h, 65h, 53h, 38h, 3Ah, 88h, 39h, 9Ch, 95h, 4Dh, 2Ch, 40h, 0F0h, 0E4h, 2, 5Bh, 74h, 0DEh, 69h, 1Ch, 0EFh, 5Ah, 0D6h, 78h, 0F9h, 0B8h, 0DCh, 0E2h, 45h, 6Dh, 0C8h, 0FEh, 0B3h, 18h, 63h, 33h, 96h, 0D2h, 51h, 0C4h, 0D0h, 0B5h, 0ECh, 0EDh, 8Fh, 0C5h, 0A7h, 17h, 8Eh, 0B4h, 0, 56h, 57h, 3Eh, 4Ch, 0FDh, 0DBh, 0C0h, 0CAh, 15h, 9Eh, 0AEh, 28h, 0F1h, 0FAh, 0B2h, 22h, 89h, 91h, 9Ah, 24h, 67h, 0C6h, 0D5h, 27h, 7Ah, 1Dh, 0E8h, 20h, 2Dh, 0Eh, 0F2h, 0ADh, 3Ch, 31h, 23h, 49h, 0A8h, 8Dh, 0E3h, 21h, 9Fh, 4Ah, 0A4h, 34h, 0BAh, 0DAh, 50h, 46h, 0D4h, 47h, 7Fh, 0B0h, 94h, 86h, 0F6h, 0EEh, 7Eh, 0CFh, 0DFh, 0F8h, 9Bh, 52h, 4Eh, 72h, 6Ah, 0AFh, 85h, 0A6h, 0BFh, 37h, 7Ch; 0 .text:004029F0 ; DATA XREF: sub_58258D+232r .text:004029F0 db 75h, 64h, 0E0h, 84h, 1Fh, 1, 59h, 76h, 10h, 0B6h, 0D8h, 60h, 6Ch, 0E1h, 6Eh, 0CCh, 29h, 0B7h, 0FBh, 0Ah, 90h, 6, 0Ch, 2Ah, 44h, 83h, 0A9h, 4Fh, 7, 0F3h, 79h, 54h, 6Bh, 80h, 14h, 12h, 1Ah, 87h, 2Bh, 70h, 0F7h, 48h, 0D1h, 0A3h, 0D9h, 0F5h, 62h, 9Dh, 0BCh, 81h, 0Dh, 0B9h, 0A5h, 0DDh, 0C1h, 5Eh, 0A0h, 1Bh, 0FCh, 0E6h, 0E9h, 0CBh, 0ACh, 16h, 66h, 61h; 190
yea, he is a lil mad at me because, well, he didnt show what exactly what he was doing. Anyways Im on another project right now and I lost interest on this way to activate windows 8, I dont like the idea of 'emulate' or decode-data-transmission etc, I like the idea of something more definitive. Oh, btw, N00B, Im talking to you jarod75, I was THERE a MONTH ago... Show me something I dont already know. Anyways, as I said, Im on another thing right now.
ALREADY DONE NOOBS ! I SHOW YOU TWO THINGS: - I SHOW YOU HOW TO USE A DEBUGGER - I SHOW YOU THAT "THIS FUNCTION THAT DO NOTHING" IS IN FACT THE CORE FUNCTION INVOLVED IN KMS ACTIVATION GO, GO NOOBS!, FAR AWAY, ON YOUR NEW DEFINITIVE PROJECT TO ACTIVATE I DONT KNOW WHAT .... On road, don't forget to have assembler & debugger training, You will strongly need it Noobs !