Hi. can you please post the original so we can compare. For some reason my file is a different size i'm using the same version of windows???
LiveFreeDead im very pleased with your commitment to get this nasty bugger patched as for woot332 he probably doesn't have x64 cpu if that's so maybe it would be a good idea to upload the original twinui.dll x64 version for him if he decides to do the patching.
I have that too, but that is the hardest tool to edit asm commands or hex. It doesn't offer any context menu command for editing the data, they are all about tracing as read only. If I could figure out IDA I may have a lot more to offer. The thing I find with IDA is that it makes virtual addresses and this makes the hex positions even harder to determine as it jumps to the code block position and not the current command position when you sync your Flowchart/code listing to the Hex Window.
@LiveFreeDead lol, as for a x64 patch maybe patching the first instruction with a retn (C3h) could work?. Haven't had time to download Windows 8 x64 version and it does take some time to test. twinui.dll file size changed coz resource BITMAP\7701,7703,7704 was swapped out with alpha transparent images. example: CALL sub sub: PUSH EBP ---> RETN (C3h byte) MOV EBP,ESP
I don't really know as this thread is all over the place in my opinion. What are the steps, in lament terms on getting rid of the watermark on x64 - Professional edition.
Ok I've placed it in my x64 VM to test to see if the address I traced and the file you patched works , be damn great if it does, will take 4 hours minimum for effects to be known, I'll report more in 7-8 hours when I wake up. Or if anything occurs before then. Keep in mind mine was just an idea to skip the call to the function that draws the text to the screen, I have no way of knowing if I picked the right one or not, woot said their was 2 addresses to patch in the x86 so it may not work still. I did notice I was unable to open your patched on in PEExplorer, but I can the original, so the whole thing may fail (I don't recommend anyone try it on a real OS yet, even if your curious ). -EDIT- We're still working on a x64 solution, woot332 knows what he's doing but is yet to get x64 let alone patching it like his working x86 version ,WinF?hrer has just tried my patching method I traced, but we need to wait 4 hours for it to take effect (the Watermark can not be invoked manually yet). I can say that the patched twinui.dll above was able to boot fine and the Metro and charms bar are still working fine, so it may be safe to use still, just not sure if it'll work or not yet
is the zippyshare downloadable dll for x64 and does it remove the activate overlay? ignore this post, answer above ..
i had my reply window open and then i was called away, when i posted my reply 15 min later he already had answered my question. my bad ..
offset address Thanks Woot332 is it possible you can give us the offset address of the call that gets returned, or a way to find it. thanks for all your work and time...