Yeah you are right, if this thing wants to replace the loaders or other cracks then it must be automatic. So, its not best sol. to thoes seeking permanent alternative.
Deleting the registry key alone will reset the rearm count and there is no need to mess with the system files.
Couldn't this be done from a script also? The idea would be to simply add the script to the winPE disk and have only one command instead of people hashing their registry from the pe disk?
You can save it in the root directory as bat file Code: reg load HKLM\MY_SYSTEM "%~dp0Windows\System32\config\system" reg delete HKLM\MY_SYSTEM\WPA /f reg unload HKLM\MY_SYSTEM
Cool, maybe this whole idea should be made as an offline automated process if possible. The instruction tend to confuse people and there seem to be some variables. PMR, will your can you make somehting that would work from the ERD or winPE?
I thought I would write a service, but I have now discarded the project since the manual steps (in the first post) didn't work on a VM running Win7 Pro. It always ends up in "Notification mode" and /rearm gives the "0xC004FE00" error. Unless that registry key (WPA) can be somehow deleted in Windows, there's nothing I can do to automate this.
Borland Delphi 7. I was going to write the service later. Right now I have only finished the tool that will Reset the Rearm Count and that will install/uninstall the service. Of course it won't work if doing it manually following the steps in the first post doesn't work either.
I do not think it can be done... WPA registry key is in use by the operating system Maybe if you kill the service locking it winlogon.exe ? But then again i think the system reboots if you kill winlogon.exe
OK, I tried the service, but it was unable to delete the key. It did start as NT AUTHORITY\SYSTEM, but it still couldn't delete the key. I even tried "reg delete HKLM\SYSTEM\WPA" from a SYSTEM cmd (started by my service), but it still said "Access is denied". That key must be locked by some Windows process/service. What program?
another program... lol it copies your system hive changes it then tells windows to use the hive it made then reboots your system...
I highly doubt that it would be possible to unload the SYSTEM hive while Windows is running. Another way to delete the key is to use the Windows Recovery Environment, this can be accessed by pressing F8 after POST and select Repair your Computer. Select your input language, Enter login details and Open Command Prompt.
Napalum modifies winload.exe, such that on next boot at startup the program runs and deletes the registry key, this is where you get the black screen with Please Wait..and then reboots to normal. I'm still looking at the program.