Near that. I have listed process, modules and threads using .net functions. I have calculated the expected thread start address by looking at the dll, plus call stack offset and module base address. This may not be the best way but I think it will do for now. I have compiled using the Any Cpu flag, so it should load the proper files given the Os version. LOL
@ LiveFreeDead: can I use your patch even if I have activated windows? because if will be deactivate I will have no watermarks?
So with the any CPU flag set, I guess both me and Daz were correct Quantum Answer. -EDIT- It's not my patch, I am not that smart! But yeah, his Thread Killer will cause NO problems at all, run it 100 times on an activated machine, still will just do it's thing and exit.
I told you guys that hacking twinui.dll wasn't the smartest way to do this. I'd really like to know how exactly you kill the thread. What program did you use?
He specified that he'll share the source code with us, I put in my PM request for it anyway very curious on how he's done it. But he doesn't use a program, he used WinAPI's etc written in .Net, tho he may have used other tools to get the details originally?
I didnt know a 32 bit version would give error on 64 bit process, good to know. I expect the way it's know will work for everyone. In a few hours I will make some changes and release a new version with source, so you guys may take a look.
If I run the thread killer (your version) it does not work for me in my VM) ?? enterprise x64 anyone else got this problem or is it just me ?
What do you mean, it's not been long enough for you to get results yet! If you mean it doesn't do anything when you run it, that's the beauty of it, to test it's working Download Process Explorer and watch as it kills off the thread. I have tested it as working for Win x64 Pro, maybe enterprise is different, how many more of these VM's do I need to install -EDIT- Remembered my Real PC was Enterprise, so I tested it on that, it worked fine for me in Windows x64 Enterprise too.
I know but if I already have the activation watermark present (I got it right now) and then run the utility it doesn't work. doesn't this app kill the childThread ? (I got 6 vms running ) x86 pro and enterprise and x64 pro and enterprise and 2 original untouched enterprise and professional vms
The thread killer stops the watermark ever showing, it doesn't stop it once it's shown. Exit Explorer.exe (or reboot) then run the tool on startup or anytime before the watermark is shown. -EDIT- I too have a x64 VM snapshot saved in active state with the watermark shown - handy for testing out other solutions. -EDIT- He is killing the thread that waits 4 hours and calls another section of memory to show the Watermark, so if it's never called it will never show, but if the watermark is already shown and you kill the calling thread, it'll do absolutely nothing, the watermark will remain.
aah that's the problem ok I will try it (we need to find a way to call the watermark ) it takes too long xd
I am using his first x64 release on a VM, it's been up 3 1/2 hours, so I'll start the secondary tests (CPU usage, Metro apps etc) soon.
@ sephirothrx7 I didn't know until I tested it on a 64-bit system either. I'd built everything on a 32-bit virtual machine and it worked perfectly, but then I tested it on a 64-bit system and it listed the threads belonging to the process, but I had no idea what them threads belonged to e.g. ole32.dll, ntdll.dll etc. So I done a little reading and that's when I found that by passing the process ID to CreateToolhelp32Snapshot that it'd fail. So to break things down as to how it can be achieved via WinAPI: Get the process ID of explorer via CreateToolhelp32Snapshot (no PID required) Get all of the threads running for the process via CreateToolhelp32Snapshot (no PID requied) Use NtQueryInformationThread with ThreadQuerySetWin32StartAddress (9) to retrieve the address of each thread Use CreateToolHelp32Snapshot with the explorer PID to get a list of modules (goes into MODULEENTRY32 structure) Loop through each and use modBaseAddr, modBaseSize and our known address (step 3) to calculate the name and/or path of each thread Look for twinui.dll and terminate the thread via TerminateThread
How are you calling the watermark? I tried to do it with rundll32 twinui.dll,GetActivationFactory and a few other types but could never get it to work. Tried moving the date forward on the VM too.
@ LiveFreeDead: can I use this patch even if I have activated windows? because if will be deactivate I will have no watermarks? im sorry; I didnt see above "You can use these tools on an Activated Windows 8 RTM without causing problems. " Thank you ) I will now install windows with your tool and then activate windows, and no more any watermarks,
Updated above post with the answer to that question, but i had answered your question 3 pages back when you asked me the same thing Keep in mind that this is not a patch, it is a tool. A patch will make changes to your system, this one makes no changes, that is why you have to keep running it on every boot.