In theory everything is possible but consider that on x86 system of Microsoft Windows hot-patching is allowed and all components are compiled that way, yes even ntosknrl. You can recognize the hot-patch ability by the famous pseudo nop and stack init Code: mov edi, edi push ebp mov ebp, esp Due to KPP aka PatchGuard on x64 the driver includes a reliable way to disable it on the fly. But keep in mind that Microsoft is the owner and creator of Windows which opens them ways and doors to achieve things we don't even know about. Sure M$ can kill it but they can also detect loaders, bios mods, RemoveWAT, Chew-WGA and so on... ( in theory of course ) But to be honest, the only way for M$ to disable this method is to rewrite sppsvc coz normally all programs trust the kernel don't they 9tos
Seriously. it's senseless, since MS never detects such things this way. I mean, Paradox driver had it all (randomization and encryption) and they killed it easily when they decided to. I don't think they'd bother to do anything against this driver though, at least not until it'll be as popular as Paradox was.
I tested it for Secr9tos and I must really confirm that till now it's the easiest tool to use ! Nice work on this ! N
it said patching was successful but it still does not pass WAT, i downloaded RW-Everything but how do i generate a report?
download and run the tool called "MGADiag" and then use the "Copy" option and paste it to a notepad dude. Then paste it here.
Patching? The driver available on MDL atm does not patch anything in the kernel.... the old driver, of course, cannot work on any hardware but I recommend to use Slic Bump Toolkit instead of RW-Everything... but in the end use what u prefer.
frwil how did they blocked Paradox's driver? I'm sure secr9tos will add more protection to it so it will not be a easy task for microsoft.
Diagnostic Report (1.5.0540.0): ----------------------------------------- WGA Data--> Genuine Validation Status: Unsupported OS Windows Product Key: *****-*****-TMVMJ-BBMRX-3MBMV Windows Product Key Hash: 55n8g6xdzhe4AOWhmTzdzQoLfa4= Windows Product ID: 00426-292-0000007-85913 Windows Product ID Type: 0 Windows License Type: Unknown Windows OS version: 6.1.7600.2.00010100.0.0.000 Download Center code: F7B67B7 ID: 82012ae5-e68a-4932-896c-f5e3cf676a52 Is Admin: No AutoDial: Registry: 0x0 WGA Version: Failed to retireve file version. - 0x80070006 Signature Type: Unknown. Validation Diagnostic: System Scan Data--> Scan: Complete Cryptography: Complete Notifications Data--> Cached Result: N/A Cache refresh Interval: N/A Extended notification delay(non-genuine): N/A Extended notification delay(un-activated): N/A All disabled: N/A Reminder reduced: N/A File Exists: No Version: N/A Signatue Type: N/A OGA Data--> Office Status: 111 Office Diagnostics: Browser Data--> Proxy settings: N/A User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32) Default Browser: C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe Download signed ActiveX controls: Prompt Download unsigned ActiveX controls: Disabled Run ActiveX controls and plug-ins: Allowed Initialize and script ActiveX controls not marked as safe: Disabled Allow scripting of Internet Explorer Webbrowser control: Disabled Active scripting: Allowed Script ActiveX controls marked as safe for scripting: Allowed File Scan Data--> Other data--> Office Details: <GenuineResults><MachineData><UGUID>82012ae5-e68a-4932-896c-f5e3cf676a52</UGUID><Version>1.5.0540.0</Version><OS>6.1.7600.2.00010100.0.0.000</OS><PKey>*****-*****-*****-*****-3MBMV</PKey><PID>00426-292-0000007-85913</PID><PIDType>0</PIDType><SID>S-1-5-21-2352484888-185749639-2578315776</SID><SYSTEM><Manufacturer>Dell Inc. </Manufacturer><Model>Dell XPS720 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc. </Manufacturer><Version>A06</Version><SMBIOSVersion major="2" minor="3"/><Date>20080401000000.000000+000</Date></BIOS><HWID>96B93607018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone></MachineData> <Software><Office><Result>111</Result><Products/></Office></Software></GenuineResults>
Diagnostic Report (1.9.0019.0): ----------------------------------------- WGA Data--> Validation Status: Genuine Validation Code: 0 Cached Validation Code: 0x0 Windows Product Key: *****-*****-TMVMJ-BBMRX-3MBMV Windows Product Key Hash: 55n8g6xdzhe4AOWhmTzdzQoLfa4= Windows Product ID: 00426-292-0000007-85913 Windows Product ID Type: 5 Windows License Type: Retail Windows OS version: 6.1.7600.2.00010100.0.0.001 ID: {56BC6101-FB8B-4253-8314-53A0CEEB9B46}(1) Is Admin: Yes TestCab: 0x0 WGA Version: N/A, hr = 0x80070002 Signed By: N/A, hr = 0x80070002 Product Name: Windows 7 Ultimate Architecture: 0x00000000 Build lab: 7600.win7_gdr.091207-1941 TTS Error: Validation Diagnostic: Resolution Status: N/A WgaER Data--> ThreatID(s): N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 WGA Notifications Data--> Cached Result: N/A, hr = 0x80070002 File Exists: No Version: N/A, hr = 0x80070002 WgaTray.exe Signed By: N/A, hr = 0x80070002 WgaLogon.dll Signed By: N/A, hr = 0x80070002 OGA Notifications Data--> Cached Result: N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 OGAExec.exe Signed By: N/A, hr = 0x80070002 OGAAddin.dll Signed By: N/A, hr = 0x80070002 OGA Data--> Office Status: 109 N/A OGA Version: N/A, 0x80070002 Signed By: N/A, hr = 0x80070002 Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3 Browser Data--> Proxy settings: N/A User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32) Default Browser: C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe Download signed ActiveX controls: Prompt Download unsigned ActiveX controls: Disabled Run ActiveX controls and plug-ins: Allowed Initialize and script ActiveX controls not marked as safe: Disabled Allow scripting of Internet Explorer Webbrowser control: Disabled Active scripting: Allowed Script ActiveX controls marked as safe for scripting: Allowed File Scan Data--> File Mismatch: C:\Windows\system32\sppcomapi.dll[hr = 0x80070714] File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16385] Other data--> Office Details: <GenuineResults><MachineData><UGUID>{56BC6101-FB8B-4253-8314-53A0CEEB9B46}</UGUID><Version>1.9.0019.0</Version><OS>6.1.7600.2.00010100.0.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-3MBMV</PKey><PID>00426-292-0000007-85913</PID><PIDType>5</PIDType><SID>S-1-5-21-2352484888-185749639-2578315776</SID><SYSTEM><Manufacturer>Dell Inc. </Manufacturer><Model>Dell XPS720 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc. </Manufacturer><Version>A06</Version><SMBIOSVersion major="2" minor="3"/><Date>20080401000000.000000+000</Date></BIOS><HWID>96B93607018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>B8K </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> Spsys.log Content: 0x80070002 Licensing Data--> Input Error: Can not find script file "C:\Windows\system32\slmgr.vbs". Windows Activation Technologies--> HrOffline: 0x80070005 HrOnline: 0x00000000 HealthStatus: 0x0000000000002000 Event Time Stamp: 4:12:2010 17:19 WAT Activex: Registered WAT Admin Service: Not Registered - 0x80070005 HWID Data--> HWID Hash Current: NAAAAAIAAgABAAEAAwABAAAAAQABAAEAeqjCX+AECNTmU5IAPKEU1uxCdq2wTlxioq0qhQ== OEM Activation 1.0 Data--> N/A OEM Activation 2.0 Data--> BIOS valid for OA 2.0: yes Windows marker version: 0x0 OEMID and OEMTableID Consistent: yes BIOS Information: ACPI Table NameOEMID ValueOEMTableID Value APICDELL B8K FACPDELL B8K HPETDELL B8K BOOTDELL B8K MCFGDELL B8K SSDTDELLst_ex DUMYDELL B8K SLICDELL B8K
Your validation code is 0 = genuine. The interesting is that u have SLIC but your on Retail Channel. One of the following applies to your situation: * You have bought Windows 7 * You are in initial grace period * You have applied RemoveWAT or Chew7 * You have forgot to install key & cert.
I had an idea that I dont think I have the skills it implement but I think you do. so the idea is to hook set_genuine_local and or set_genuine_localEX and a. prevent a users machine from being set non-genuine when the driver is installed b. reset a non-genuine status to genuine when your driver loads or the next time genuine status is checked.
Should be possible, will look at it in the near future... but just tell me one thing: What .dll or .exe exports/non-exports the function you mentioned above?
i have applied both RemoveWAT and Chew7 and still it is not genuine, I test this by changing my date to after my trial period and i cannot receive updates.
Nononsence, WAT now asks sppsvc directly for the genuine status, instead of using the slwga functions
....and what if me make WAT think that if talkes to sppsvc @k00lguy105: Is there any reason why you applied RemoveWAT and Chew7 at the same time. BTW... for now you won't pass validation check at microsoft.com\genuine if RWAT or Chew applied. Either remove them and use the driver/daz loader/bios mod or wait untill Chew7 1.0 gets released
it's been a while but I just had a look at sppc.dll, and slc.dll and it looks like something similar is exported from those 2 dll's