مشاهده نسخه کامل
: EhsanHF
12-08-2006, 13:17
سلام .
من توی کرک ویندوز ویستا ( نسخه CTP 5308 ) مشکل دارم . یعنی نتونستم کرکش کنم .
کسی هست که تونسته باشه کرک کنه ؟ چون قابیلت Aero اون در صورتی فعال میشه که ویندوز اکتیو باشه .
اینم راهنمای کرک که من متوجه همه قسمتهاش نشدم :
Windows Vista 5308 anti product activation patch v1.0
================================================== ====
How to use:
Exchange c:\windows\system32\winlogon.exe with that one
0. Make sure the Versions match
1. Start\rightclick on explorer\'run elevated'
2. Change Permissions:
Rightclick on c:\windows\system32\winlogon.exe
Security/owner and overtake ownership of winlogon.exe as administrator
Close securitydialog and reopen it
Change permission to fullaccess for administrators
3. rename winlogon.exe to winlogon.org
4. copy this winlogon.exe into c:\windows\system32\
(If you still don't have enough rights to set permission - try login as 'real' Administrator:
click on 'other user' and type in "Administrator"[ + password] )
Instead of winlogon.exe you can exchange SLC.dll instead.
But this is a dll and also used by other programs that Query license value
and will also effect these in positive or negative way. The 'patched' slc.dll
will always return 1 to any licensevalue request. So for ex for
isActivated 1 or IsAeroThemeAllow 1 is good but for
MaxAllowedTerminalServerConnection 1 is no so good.
However exchange both winlogon.exe and SLC.dll is possible but doesn't makes much sense.
Noninversive workarounds
* Break out from Vista Activationscreen
-------------------------------------
When your time to activate is down you will get a dialogbox to activate windows and are not allowed to login.
That trick will help out:
-> click on contact M$
-> rightclick inside browser windows and choose print
-> Button find printer
-> rightclick on network - explore
now explorer is started.
Minimize activate windows but do not close it.
Limitations:
* Shortcuts like Alt+Ctrl+Del , Winkey+L have no effect because Winlogon_SAS_Handler (=Secure Attention Sequence) is not setup at this point
* When screensaver popup you maybe get logged off
That's is not the best solutions but it's simple and easy to apply and need to chance absolutly nothing.
* Boot in Safemode (F8 during boot) will skip Activationcheck
* Disable Software Licensing Service
Press Winkey+R enter "services.msc"
Doubleclick on 'SL UI' and 'Software Licensing Service'
and choose Start: 'Disable'
* SL UI notification service
----------------------------------------------------------
Winlogon pseudocode
If IsSafemode [GetSystemMetrics(43)] <-Patched to goto Continue Login
if WPA-Check()==failed
No Login
Continue Login:
WPA-Check:
if SLC.dll!SLGetWindowsInformationDWORD("Winlogon-Licensing-InteractiveLogon")!=1
Launch SLUI.exe [=activationScreen]
if SLC.dll!SLGetWindowsInformationDWORD("Winlogon-Licensing-InteractiveLogon")!=1
return(WPA-Check := failed)
return(WPA-Check := ok)
The Patch
0100EE83 . 6A 43 PUSH 43 ; /Index = SM_CLEANBOOT
0100EE85 . FF15 E4130001 CALL [<&USER32.GetSystemMetrics>] ; \GetSystemMetrics
0100EE8B . 83F8 01 CMP EAX, 1
0100EE8E 90 NOP
0100EE8F E9 63010000 JMP <nowpa>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
0100EE8E /0F84 63010000 JE <nowpa>
... now WPA is skipped as in save mode
SLC.dll!SLGetWindowsInformationDWORD redirects query to SLS
SLC=SystemLicenseClient,SLS=SystemLicenseService
SystemLicenseService gets Value from
HKEY_LOCAL_MACHINE\TempHive\ControlSet002\Control\ ProductOptions
If that helps that is the struct-definationfiles I use for winhex script for better edit&display. (Note: I used [ برای مشاهده لینک ، لطفا با نام کاربری خود وارد شوید یا ثبت نام کنید ] ti export binary regdata to a file first)
section "datablock"
goto 0x14
uint16 "blocklen"
uint16 "StrLen"
uint16 "dataType"
uint16 "datasize"
uint32 "unused"
uint32 "unused2"
string16 (StrLen/2) "label"
hex (datasize) "data"
endsection
but you can also edit it directly in regedit so for ex. right after
"SMBServer-WindowsMaxInSMBConns" follows
0a 00 00 00 what means only '10' incoming network connection for fileshares are allowed.
X64-winlogon patch
.text:00000001000152CF 49 8B 4F 10 mov rcx, [r15+10h]
.text:00000001000152D3 E8 48 3C 00 00 call sub_100018F20
.text:00000001000152D8 8D 4E 43 lea ecx, [rsi+43h]
.text:00000001000152DB FF 15 07 C4 FE FF call cs:GetSystemMetrics
.text:00000001000152E1 8D 5E 01 lea ebx, [rsi+1]
.text:00000001000152E4 3B C3 cmp eax, ebx
.text:00000001000152E6 0F 84 0F 02 00 00 jz ok2
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~
90 nop
.text:00000001000152E6 E9 0F 02 00 00 jmp ok2
.text:00000001000152EC 49 8B 4F 18 mov rcx, [r15+18h]
.text:00000001000152F0 E8 47 5D 00 00 call sub_10001B03C
Possible Search'n'Replace Pattern for x64 winlogon.exe
Search for : 8D 5E 01 3B C3 0F 84 (?? ?? 00 00) lea ebx, [rsi+1]; cmp eax, ebx; jz 0000????
Replace with : 8D 5E 01 3B C3 90 E9
من توی کرک ویندوز ویستا ( نسخه CTP 5308 ) مشکل دارم . یعنی نتونستم کرکش کنم .
کسی هست که تونسته باشه کرک کنه ؟ چون قابیلت Aero اون در صورتی فعال میشه که ویندوز اکتیو باشه .
اینم راهنمای کرک که من متوجه همه قسمتهاش نشدم :
Windows Vista 5308 anti product activation patch v1.0
================================================== ====
How to use:
Exchange c:\windows\system32\winlogon.exe with that one
0. Make sure the Versions match
1. Start\rightclick on explorer\'run elevated'
2. Change Permissions:
Rightclick on c:\windows\system32\winlogon.exe
Security/owner and overtake ownership of winlogon.exe as administrator
Close securitydialog and reopen it
Change permission to fullaccess for administrators
3. rename winlogon.exe to winlogon.org
4. copy this winlogon.exe into c:\windows\system32\
(If you still don't have enough rights to set permission - try login as 'real' Administrator:
click on 'other user' and type in "Administrator"[ + password] )
Instead of winlogon.exe you can exchange SLC.dll instead.
But this is a dll and also used by other programs that Query license value
and will also effect these in positive or negative way. The 'patched' slc.dll
will always return 1 to any licensevalue request. So for ex for
isActivated 1 or IsAeroThemeAllow 1 is good but for
MaxAllowedTerminalServerConnection 1 is no so good.
However exchange both winlogon.exe and SLC.dll is possible but doesn't makes much sense.
Noninversive workarounds
* Break out from Vista Activationscreen
-------------------------------------
When your time to activate is down you will get a dialogbox to activate windows and are not allowed to login.
That trick will help out:
-> click on contact M$
-> rightclick inside browser windows and choose print
-> Button find printer
-> rightclick on network - explore
now explorer is started.
Minimize activate windows but do not close it.
Limitations:
* Shortcuts like Alt+Ctrl+Del , Winkey+L have no effect because Winlogon_SAS_Handler (=Secure Attention Sequence) is not setup at this point
* When screensaver popup you maybe get logged off
That's is not the best solutions but it's simple and easy to apply and need to chance absolutly nothing.
* Boot in Safemode (F8 during boot) will skip Activationcheck
* Disable Software Licensing Service
Press Winkey+R enter "services.msc"
Doubleclick on 'SL UI' and 'Software Licensing Service'
and choose Start: 'Disable'
* SL UI notification service
----------------------------------------------------------
Winlogon pseudocode
If IsSafemode [GetSystemMetrics(43)] <-Patched to goto Continue Login
if WPA-Check()==failed
No Login
Continue Login:
WPA-Check:
if SLC.dll!SLGetWindowsInformationDWORD("Winlogon-Licensing-InteractiveLogon")!=1
Launch SLUI.exe [=activationScreen]
if SLC.dll!SLGetWindowsInformationDWORD("Winlogon-Licensing-InteractiveLogon")!=1
return(WPA-Check := failed)
return(WPA-Check := ok)
The Patch
0100EE83 . 6A 43 PUSH 43 ; /Index = SM_CLEANBOOT
0100EE85 . FF15 E4130001 CALL [<&USER32.GetSystemMetrics>] ; \GetSystemMetrics
0100EE8B . 83F8 01 CMP EAX, 1
0100EE8E 90 NOP
0100EE8F E9 63010000 JMP <nowpa>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
0100EE8E /0F84 63010000 JE <nowpa>
... now WPA is skipped as in save mode
SLC.dll!SLGetWindowsInformationDWORD redirects query to SLS
SLC=SystemLicenseClient,SLS=SystemLicenseService
SystemLicenseService gets Value from
HKEY_LOCAL_MACHINE\TempHive\ControlSet002\Control\ ProductOptions
If that helps that is the struct-definationfiles I use for winhex script for better edit&display. (Note: I used [ برای مشاهده لینک ، لطفا با نام کاربری خود وارد شوید یا ثبت نام کنید ] ti export binary regdata to a file first)
section "datablock"
goto 0x14
uint16 "blocklen"
uint16 "StrLen"
uint16 "dataType"
uint16 "datasize"
uint32 "unused"
uint32 "unused2"
string16 (StrLen/2) "label"
hex (datasize) "data"
endsection
but you can also edit it directly in regedit so for ex. right after
"SMBServer-WindowsMaxInSMBConns" follows
0a 00 00 00 what means only '10' incoming network connection for fileshares are allowed.
X64-winlogon patch
.text:00000001000152CF 49 8B 4F 10 mov rcx, [r15+10h]
.text:00000001000152D3 E8 48 3C 00 00 call sub_100018F20
.text:00000001000152D8 8D 4E 43 lea ecx, [rsi+43h]
.text:00000001000152DB FF 15 07 C4 FE FF call cs:GetSystemMetrics
.text:00000001000152E1 8D 5E 01 lea ebx, [rsi+1]
.text:00000001000152E4 3B C3 cmp eax, ebx
.text:00000001000152E6 0F 84 0F 02 00 00 jz ok2
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~
90 nop
.text:00000001000152E6 E9 0F 02 00 00 jmp ok2
.text:00000001000152EC 49 8B 4F 18 mov rcx, [r15+18h]
.text:00000001000152F0 E8 47 5D 00 00 call sub_10001B03C
Possible Search'n'Replace Pattern for x64 winlogon.exe
Search for : 8D 5E 01 3B C3 0F 84 (?? ?? 00 00) lea ebx, [rsi+1]; cmp eax, ebx; jz 0000????
Replace with : 8D 5E 01 3B C3 90 E9