info.txt

(12 KB) Pobierz
Windows Genuine Advantage Fix 1.4
=================================

Now the version problem is fixed - it should take a while until 
LegitCheckControl.DLL Version 9.3.265 comes out.

Go to

http://www.microsoft.com/genuine/offers

to test/get more info about that

Close your internet explorer and start 'Windows Genuine Advantage Fix.exe'
it will extract c:\WINDOWS\SYSTEM32\LegitCheckControl.dll
that's all.



Alternativ workaround:

1. In Internetoption/security 
set 'Execute ActiveX controls & Plugins' to 
'Ask me each time' 

2. Go to Windows Genuine Advantage page and 
select no if you are ask to install or run an ActiveX control 

-> you will get to the 'Install Windows Genuine Advantage'-page 

3. Now enter the line below into the Browser's URL-adress: 
javascript:document.genuineForm.submit(); 

...and you should get around the 'Windows Genuine Advantage' Validation. 

check if the url is 
...microsoft.com/genuine/offers/Details.aspx... 

because the workaround refers to the following java code at this page: 


<form name="genuineForm" method="post" action="Details.aspx?displ...> 
   <input type="hidden" name="__VIEWSTATE" value="dDw2M..." /> 
   <SCRIPT language="javascript"> 
      if (LegitCheckOnLoad("?display...) == 0)    
         {^^^^^^^^^^^^^^^^ <- Nasty evil WGA Call !!! 
            document.genuineForm.submit(); 
         } 
   </SCRIPT> 


Alternativ workaround for download/updates:

javascript:document.cookie="WinGenCookie=validation=0";location.reload();



<CW2K>					http:\\antiwpa.tk



najpierw kliknij podwujnie na klucze 

p�niej

uruchom plik samorozpakuj�cy si� , 



























-------------------------------------------------


The patch will make the ActiveX Control to always return 0 (result = 0)


(result == 0)
(pageName != "SuccessfulActivation" && pageName != "Offers")
/genuine/downloads/SuccessfulActivation.aspx"		// Allow execution to continue

(result == 1)
error=19
G�ltigkeitspr�fung nicht abgeschlossen: Windows muss aktiviert sein[0x80080219


(result == 2)
(pageName == "SuccessfulActivation" || pageName == "Offers")
/genuine/downloads/default.aspx&LegitCheckError=2		// Allow execution to continue
G�ltigkeitspr�fung nicht abgeschlossen: Ein Fehler ist aufgetreten

(result == 3)
error=20
Fehler bei der G�ltigkeitspr�fung: Ung�ltiger Product Key[0x80080220

(result == 4)
error=1
G�ltigkeitspr�fung nicht abgeschlossen: Product ID wurde nicht erkannt[0x80080201]


(result == 5)
error=2
G�ltigkeitspr�fung nicht abgeschlossen: Ung�ltige Product ID[0x80080202]


(result == 6)
error=0
G�ltigkeitspr�fung nicht abgeschlossen: Nicht unterst�tztes Betriebssystem[0x80080200


(result == 7) // new error code for win2k
(pageName == "SuccessfulActivation" || pageName == "Offers")
/genuine/downloads/default.aspx&LegitCheckError=7		// Allow execution to continue

(result == 8)
error=22
Fehler bei der G�ltigkeitspr�fung: Ung�ltiger Product Key[0x80080222]
Der Product Key Ihrer Windows-Kopie wurde von Microsoft nie ausgegeben


(result == 99 || result == 90)
error=7"
G�ltigkeitspr�fungscode abgelaufen[0x80080207]
M�glicherweise haben Sie den G�ltigkeitspr�fungscode auf der G�ltigkeitspr�fungsseite des Download Centers nicht korrekt eingegeben.



(result == -100)
(pageName != "Offers")
error=6		// Allow execution to continue
ActiveX-Fehler[0x80080206]
Ihre Interneteinstellungen verhindern m�glicherweise, dass das Original-ActiveX-Steuerelement korrekt ausgef�hrt wird, oder Sie sind nicht der Systemadministrator des verwendeten Computers.


else
pageName != "Offers")
/genuine/downloads/AutomaticUpdates.aspx		// Allow execution to continue


return result;





Techinfo:
---------

The fix will make LegitCheck.LegitCheck() to always return "0"

'details.htm'
-------------------------------------------------
<form name="genuineForm" method="post" action="details.aspx?displaylang=de&amp;OfferId=7AC8A932-68A5-4147-B303-9C3456DAE568" id="genuineForm">
<input type="hidden" name="__VIEWSTATE" value="dDwtMTgwNzA2NDgxOzs+QuszTKr3Yj7MbUvFdUkUVl/DeEo=" />
</form>

<script language="javascript">
			var storeResult = -1;

			function ExecuteOnLoad()
			{
				var sresult = "-100
				try
				{
					sresult = LegitCheck.LegitCheck();
					alert("LegitCheck.LegitCheck() returned "+sresult)

				}
				catch(ex)
				{
					// Allow user to try Alternate Method
				}

				var result = Number(sresult);

				if(result == 0)
				{
					storeResult = 0;
				}
			(result == 1)
				{
					document.location.href="/genuine/downloads/AutomaticUpdates.aspx?displaylang=de&OfferId=7AC8A932-68A5-4147-B303-9C3456DAE568&Error=19
				}
			(result == 2)
				{
					document.location.href="/genuine/downloads/EnterProductKey.aspx?displaylang=de&OfferId=7AC8A932-68A5-4147-B303-9C3456DAE568
				}
			(result == 3)
				{
					document.location.href="/genuine/downloads/AutomaticUpdates.aspx?displaylang=de&OfferId=7AC8A932-68A5-4147-B303-9C3456DAE568&Error=20
				}
			(result == 4)
				{
					document.location.href="/genuine/downloads/AutomaticUpdates.aspx?displaylang=de&OfferId=7AC8A932-68A5-4147-B303-9C3456DAE568&Error=1
				}
			(result == 5)
				{
					document.location.href="/genuine/downloads/AutomaticUpdates.aspx?displaylang=de&OfferId=7AC8A932-68A5-4147-B303-9C3456DAE568&Error=2
				}
			(result == 6)
				{
					document.location.href="/genuine/downloads/AutomaticUpdates.aspx?displaylang=de&OfferId=7AC8A932-68A5-4147-B303-9C3456DAE568&Error=0
				}
			(result == 7) // win2k exception handling
				{
					document.location.href="/genuine/downloads/PurchaseDetails.aspx?displaylang=de&OfferId=7AC8A932-68A5-4147-B303-9C3456DAE568&key=na
				}
			(result == -100)
				{
					// Allow user to try Alternate Method
				}
				else
				{
					// Allow user to try Alternate Method
				}
			}

			ExecuteOnLoad();

		</script>
				<script language="javascript">
					if(storeResult == 0)
					{
						document.genuineForm.submit();
					}
				</script>

-------------------------------------------------
How it works;

	1. javascript 'ExecuteOnLoad()' is called
	2. inside 'ExecuteOnLoad' it calls LegitCheck.LegitCheck which runs the ActiveX applet
	3.	only if storeResult == 0
		it will execute document.genuineForm.submit();
		which submits the data ( __VIEWSTATE="dDwtMTgwNzA2NDgxOzs+QuszTKr3Yj7MbUvFdUkUVl/DeEo=")
		of the genuineForm as confirm
      This data was generated by the server and so contains no data from your PC.

To skip the validation without that patch
edit detail*.htm of your temporary internetfiles like this

			...
			}

			// ExecuteOnLoad()

		</script>
				<script language="javascript">
					// if(storeResult == 0)
					{
						document.genuineForm.submit();
					}
				</script>

Pay attention that the size don't change (Enable overwritemode(Insertkey) OR delete 2xSpace before you enter //)
and save file
Go to the Addressline in the IE and press enter - don't use the Reloadbutton.


How to debug:

Start IE and execute WGA once
Attach the ollydbg to iexplorer.exe
in memoryview located LegitCheckControl and set a breakpoint (f2) on '.text' section

If it breaks breakpoint to code and renew breakpoint on .text ...
delete Breakpoints on unimportant COM-interfacecalls until you reached
the important one ( =.LegitCheck())

first of all LegitCheckControl will crash if you decrypt it with antiwpa2
and it later it is gets relocated  by the OS because it cann't load to it's prefered loadaddress so..

To decrypt encrypted codepart check at what baseadress LegitCheckControl.dll is loaded
use Rebase.exe or lordPe to rebase LegitCheckControl.dll to that adresss
finally use antiwpa2 to decrypt LegitCheckControl.dll


Some closer look

so whats inside:
c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage\data\data.dat

Name     		Offset Size Meaning
00000011 17      0968 0004
00000010 16      096E 0004
00000006 6       0974 003C
000BADB1 765361  09B2 00BC 2.PID+CDKEY in unicode
0074C8EF 7653615 0A70 0004
0074C8F7 7653623 0A76 0092
0000000A 10      0B0A 002C
0074C8FA 7653626 0B38 0002
00000002 2       0B3C 0008 1.
00000007 7       0B46 0134 RSA2
00000008 8       0C7C 0134 RSA2
0074C8F5 7653621 0DB2 00DA
00000064 100     0E8E 0018 3.fixed size PID accii


the patch	LegitCheckControl.dll Version 1.3.265.0

0002C01B    55              PUSH    EBP
0002C01C    8BEC            MOV     EBP, ESP
0002C01E    83EC 58         SUB     ESP, 58
0002C021    A1 98504700     MOV     EAX, [475098]
0002C026    53              PUSH    EBX
0002C027    57              PUSH    EDI
0002C028    8B7D 0C         MOV     EDI, [EBP+C]
0002C02B    33DB            XOR     EBX, EBX			<- EBX=0 !!! 
0002C02D    3BFB            CMP     EDI, EBX
0002C02F    8945 FC         MOV     [EBP-4], EAX
0002C032    894D A8         MOV     [EBP-58], ECX
0002C035    75 0A           JNZ     SHORT 0002C041
0002C037    B8 57000780     MOV     EAX, 80070057
0002C03C    E9 C1000000     JMP     0002C102
0002C041    56              PUSH    ESI
0002C042    E8 D6FAFFFF     CALL    0002BB1D
0002C047    395D 08         CMP     [EBP+8], EBX
0002C04A    8B75 10         MOV     ESI, [EBP+10]
0002C04D    8906            MOV     [ESI], EAX
is replaced with
0002C04D    891E            MOV     [ESI], EBX	so retval is alway 0

0002C04F    74 4D           JE      SHORT 0002C09E
0002C051    FF75 08         PUSH    [DWORD EBP+8]
0002C054    50              PUSH    EAX
0002C055    FF75 08         PUSH    [DWORD EBP+8]
0002C058    8D45 AC       ...
Plik z chomika:

natura53
Inne pliki z tego folderu:

Katastrofa w Czarnobylu (2006) Lektor PL(1).avi (614344 KB)
6.jpg (127 KB)
05d.jpg (41 KB)
05ChernoVillage.jpg (55 KB)
05CheckPoint.jpg (25 KB)
info.txt

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:
