That's what I was saying, it stops the overlay appearing, it doesn't remove it once it shows (IMO, untested).
Created a crack but it doesnt work so good it crashes some windows modules will post it later if i can fix it
Heh... don't patch the activation factory stuff... it's all interlocked between different DLLs. I'd try doing what woot132 said to do, and patch the text drawing function, then replace the images in twinui.dll with blanks.
I was thinking patch first char with 20h (space) and zero terminate rest of the string. that works in a debugger, just setting Count to zero is not a good option as the code will loop endlessly resulting in a high cpu load. one of the calls in twinui.dll snip: 6B4D8A19 |. 8985 10F8FFFF MOV DWORD PTR SS:[EBP-7F0],EAX 6B4D8A1F |. 33C0 XOR EAX,EAX 6B4D8A21 |. 50 PUSH EAX ; /pDTParams 6B4D8A22 |. 68 500C0000 PUSH 0C50 ; |Format = DT_LEFT|DT_TOP|DT_WORDBREAK|DT_EXPANDTABS|DT_CALCRECT|DT_NOPREFIX 6B4D8A27 |. 8D85 78FBFFFF LEA EAX,[EBP-488] ; | 6B4D8A2D |. 50 PUSH EAX ; |Rect 6B4D8A2E |. 6A FF PUSH -1 ; |Count = -1. 6B4D8A30 |. 56 PUSH ESI ; |String 6B4D8A31 |. FFB5 F8F7FFFF PUSH DWORD PTR SS:[EBP-808] ; |hDC 6B4D8A37 |. FF15 04565E6B CALL DWORD PTR DS:[6B5E5604] ; \USER32.DrawTextExW
Yeah but there is only one direct call, but if there is any indirect calls that will cause issues indeed.
Could you not just send an empty string to the 56 PUSH ESI line? wouldn't this effectively call the next routine like normal and not draw anything?
Also, would be nice if you share your complete method, not just the results, If I knew what people were doing I'd have more luck in trying to learn this stuff Guess I'll have to extract the original and do a file compare to see what you've patched, then look for the same hex codes in the x64 so i can see if I can do the same for that... Then we could use a patcher tool to automate the hex changes and make a batch that will close explorer, take ownership, run the patcher, restart explorer and close. That is what I'd do to make it most usable by people.
two calls to DrawTextExW are redirected and strings are patched (20h and zero terminated) and excution is return and the images are fully tranperent, btw good luck have phun
not having fun at all, because you patched the pictures and other non DrawTextW fixes, there is thousands of changes in the hex comparison, even tho I wanted to I can't make the x64 patch. x86 testing time I can at least confirm it works... just hope we can get a x64 one too I trust you knew what you were doing, by using the correct terms in your post... not everyone knows 20h = space and zero term is required in c strings.
3 hour left and I'll know if the x86 one works... Wishing I knew how to invoke the watermark manually with rundll32 twinui.dll,InsertCommandHere type of command.