- Windows version (e.g. XP, Vista, 7)
- Architecture (e.g. 32-bit/64-bit)
- msv1_0.dll version (e.g. 6.1.7600.16525) along with MD5 checksum, if possible
Technical details: The script tries to locate all existing Windows installations and corresponding Windows editions as well. Thereafter, it replaces the CMP instruction responsible for password verification with a 'benign' sequence of bytes. For reverting back the changes, the process is just the opposite. The whole idea is derived from WindowsGate and Astr0baby's tutorial.
- Install Grub4DOS. You may prefer using RMPrepUSB. Script tested with Grub4DOS v0.4.5c-2013-03-03.
- Download grubutils and copy WENV binary on the root of the boot media. Script tested with grubutils-2011-06-27.
- Copy PassPass.g4b and menu.lst on the root of the boot volume.
- Ideally 'Autodetect' mode should be able to list out all existing Windows installation. For buggy BIOS-es, try appropriate <Disk#> and <Partition#> to 'Forcedetect' Windows installations.
- Choose either 'Patch' or 'Unpatch' respectively for disabling/re-enabling password verification.
- Reboot and boot into target Windows.
- jaclaz - For ideas, code snippets, information. The script embeds his DLL version detection script.
- Ectomorph a.k.a. Damian Bakowski - For his 'unannounced' patch for 32-bit version of msv1_0.dll.
- Astr0baby - For his reversing tutorial
Edited by HolmesSherlock, 02 June 2013 - 08:26 PM.