MAS-Legacy-Methods/1st Release/HWID - GamerOsState Method/HWID_Activation.cmd

1269 lines
46 KiB
Batchfile

@setlocal DisableDelayedExpansion
@echo off
::============================================================================
::
:: This script is a part of 'Microsoft Activation Scripts' (MAS) project.
::
:: Homepage: massgrave.dev
:: Email: windowsaddict@protonmail.com
::
::============================================================================
:: To activate, run the script with "/HWID" parameter or change 0 to 1 in below line
set _act=0
:: To activate with LockBox method, run the script with "/HWID-Lockbox" parameter or change 0 to 1 in below line
set _lock=0
:: To disable changing edition if current edition doesn't support HWID activation, change the value to 1 from 0 or run the script with "/HWID-NoEditionChange" parameter
set _NoEditionChange=0
:: If value is changed in above lines or parameter is used then script will run in unattended mode
::========================================================================================================================================
:: Re-launch the script with x64 process if it was initiated by x86 process on x64 bit Windows
:: or with ARM64 process if it was initiated by x86/ARM32 process on ARM64 Windows
set "_cmdf=%~f0"
for %%# in (%*) do (
if /i "%%#"=="r1" set r1=1
if /i "%%#"=="r2" set r2=1
)
if exist %SystemRoot%\Sysnative\cmd.exe if not defined r1 (
setlocal EnableDelayedExpansion
start %SystemRoot%\Sysnative\cmd.exe /c ""!_cmdf!" %* r1"
exit /b
)
:: Re-launch the script with ARM32 process if it was initiated by x64 process on ARM64 Windows
if exist %SystemRoot%\SysArm32\cmd.exe if %PROCESSOR_ARCHITECTURE%==AMD64 if not defined r2 (
setlocal EnableDelayedExpansion
start %SystemRoot%\SysArm32\cmd.exe /c ""!_cmdf!" %* r2"
exit /b
)
:: Set Path variable, it helps if it is misconfigured in the system
set "PATH=%SystemRoot%\System32;%SystemRoot%\System32\wbem;%SystemRoot%\System32\WindowsPowerShell\v1.0\"
if exist "%SystemRoot%\Sysnative\reg.exe" (
set "PATH=%SystemRoot%\Sysnative;%SystemRoot%\Sysnative\wbem;%SystemRoot%\Sysnative\WindowsPowerShell\v1.0\;%PATH%"
)
:: Check LF line ending
pushd "%~dp0"
>nul findstr /rxc:".*" "%~nx0"
if not %errorlevel%==0 (
echo:
echo Error: This is not a correct file. It has LF line ending issue.
echo:
ping 127.0.0.1 -n 6 > nul
popd
exit /b
)
popd
::========================================================================================================================================
cls
color 07
title HWID Activation
set _args=
set _elev=
set _unattended=0
set _args=%*
if defined _args set _args=%_args:"=%
if defined _args (
for %%A in (%_args%) do (
if /i "%%A"=="/HWID" set _act=1
if /i "%%A"=="/HWID-Lockbox" set _lock=1
if /i "%%A"=="/HWID-NoEditionChange" set _NoEditionChange=1
if /i "%%A"=="-el" set _elev=1
)
)
for %%A in (%_act% %_lock% %_NoEditionChange%) do (if "%%A"=="1" set _unattended=1)
::========================================================================================================================================
set winbuild=1
set "nul=>nul 2>&1"
set psc=powershell.exe
for /f "tokens=6 delims=[]. " %%G in ('ver') do set winbuild=%%G
set _NCS=1
if %winbuild% LSS 10586 set _NCS=0
if %winbuild% GEQ 10586 reg query "HKCU\Console" /v ForceV2 2>nul | find /i "0x0" 1>nul && (set _NCS=0)
if %_NCS% EQU 1 (
for /F %%a in ('echo prompt $E ^| cmd') do set "esc=%%a"
set "Red="41;97m""
set "Gray="100;97m""
set "Green="42;97m""
set "Magenta="45;97m""
set "_White="40;37m""
set "_Green="40;92m""
set "_Yellow="40;93m""
) else (
set "Red="Red" "white""
set "Gray="Darkgray" "white""
set "Green="DarkGreen" "white""
set "Magenta="Darkmagenta" "white""
set "_White="Black" "Gray""
set "_Green="Black" "Green""
set "_Yellow="Black" "Yellow""
)
set "nceline=echo: &echo ==== ERROR ==== &echo:"
set "eline=echo: &call :dk_color %Red% "==== ERROR ====" &echo:"
if %~z0 GEQ 200000 (set "_exitmsg=Go back") else (set "_exitmsg=Exit")
::========================================================================================================================================
if %winbuild% LSS 10240 (
%eline%
echo Unsupported OS version detected.
echo Project is supported for Windows 10/11.
goto dk_done
)
if exist "%SystemRoot%\Servicing\Packages\Microsoft-Windows-Server*Edition~*.mum" (
%eline%
echo HWID Activation is not supported for Windows Server.
echo Use KMS38 or KMS Activation.
goto dk_done
)
for %%# in (powershell.exe) do @if "%%~$PATH:#"=="" (
%nceline%
echo Unable to find powershell.exe in the system.
goto dk_done
)
::========================================================================================================================================
:: Fix for the special characters limitation in path name
set "_work=%~dp0"
if "%_work:~-1%"=="\" set "_work=%_work:~0,-1%"
set "_batf=%~f0"
set "_batp=%_batf:'=''%"
set _PSarg="""%~f0""" -el %_args%
set "_ttemp=%temp%"
setlocal EnableDelayedExpansion
::========================================================================================================================================
echo "!_batf!" | find /i "!_ttemp!" 1>nul && (
if /i not "!_work!"=="!_ttemp!" (
%eline%
echo Script is launched from the temp folder,
echo Most likely you are running the script directly from the archive file.
echo:
echo Extract the archive file and launch the script from the extracted folder.
goto dk_done
)
)
::========================================================================================================================================
:: Elevate script as admin and pass arguments and preventing loop
>nul fltmc || (
if not defined _elev %nul% %psc% "start cmd.exe -arg '/c \"!_PSarg:'=''!\"' -verb runas" && exit /b
%eline%
echo This script require administrator privileges.
echo To do so, right click on this script and select 'Run as administrator'.
goto dk_done
)
::========================================================================================================================================
:dl_menu
if %_unattended%==0 (
cls
mode 76, 25
title HWID Activation
echo:
echo:
echo:
echo:
echo ____________________________________________________________
echo:
if !_lock!==0 (
call :dk_color2 %_White% " [1] HWID Activation " %_Green% " [Downlevel Method]"
) else (
call :dk_color2 %_White% " [1] HWID Activation " %_Yellow% " [LockBox Method]"
)
echo ____________________________________________
echo:
echo [C] Change Method
echo:
echo [0] %_exitmsg%
echo ____________________________________________________________
echo:
call :dk_color2 %_White% " " %_Green% "Enter a menu option in the Keyboard:"
choice /C:1C0 /N
set _el=!errorlevel!
if !_el!==3 exit /b
if !_el!==2 (
if !_lock!==0 (
set _lock=1
) else (
set _lock=0
)
cls
echo:
call :dk_color %_Green% " Downlevel Method:"
echo It creates downlevelGTkey ticket for activation with simplest process.
echo:
call :dk_color %_Yellow% " LockBox Method:"
echo It creates clientLockboxKey ticket which better mimics genuine activation,
echo But requires more steps such as,
echo - Cleaning ClipSVC licences
echo - Deleting a volatile and protected registry key by taking ownership
echo - System may need a restart for succesful activation
echo - Microsoft Account and Store Apps may need relogin-restart in the system
echo:
call :dk_color2 %_White% " " %Green% "Note:"
echo Microsoft accepts both types of tickets and that's unlikely to change.
echo On a production system we suggest to use Downlevel [default] Method.
echo:
call :dk_color %_Yellow% " Press any key to go back..."
pause >nul
goto :dl_menu
)
if !_el!==1 goto :dl_menu2
goto :dl_menu
)
:dl_menu2
cls
mode 102, 37
set _title=title HWID Activation
if %_lock%==0 (%_title% [Downlevel Method]) else (%_title% [Lockbox Method])
::========================================================================================================================================
echo:
echo Initializing...
call :dk_product
call :dk_ckeckwmic
:: Show info for potential script stuck scenario
sc start sppsvc %nul%
if %errorlevel% NEQ 1056 if %errorlevel% NEQ 0 (
echo:
echo Error code: %errorlevel%
call :dk_color %Red% "Failed to start [sppsvc] service, rest of the process may take a long time..."
echo:
)
::========================================================================================================================================
:: Check if system is permanently activated or not
call :dk_checkperm
if defined _perm (
cls
echo ___________________________________________________________________________________________
echo:
call :dk_color2 %_White% " " %Green% "Checking: %winos% is Permanently Activated."
call :dk_color2 %_White% " " %Gray% "Activation is not required."
echo ___________________________________________________________________________________________
if %_unattended%==1 goto dk_done
echo:
choice /C:10 /N /M "> [1] Activate [0] %_exitmsg% : "
if errorlevel 2 exit /b
)
cls
::========================================================================================================================================
:: Check files
if not exist "!_work!\BIN\gatherosstate.exe" (
%eline%
echo 'gatherosstate.exe' file is missing in 'BIN' folder. Aborting...
goto dk_done
)
:: Verify gatherosstate.exe file
set _hash=
for /f "skip=1 tokens=* delims=" %%# in ('certutil -hashfile "!_work!\BIN\gatherosstate.exe" SHA1^|findstr /i /v CertUtil') do set "_hash=%%#"
set "_hash=%_hash: =%"
if /i not "%_hash%"=="FABB5A0FC1E6A372219711152291339AF36ED0B5" (
if /i not "%_hash%"=="0CC709275767E0AA7BD69236E364A45E66AAD9AB" (
%eline%
echo gatherosstate.exe SHA1 hash mismatch found.
echo:
echo Detected: %_hash%
goto dk_done
)
)
::========================================================================================================================================
:: Check Evaluation version
if exist "%SystemRoot%\Servicing\Packages\Microsoft-Windows-*EvalEdition~*.mum" (
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v EditionID 2>nul | find /i "Eval" 1>nul && (
%eline%
echo [%winos% ^| %winbuild%]
echo Evaluation Editions cannot be activated. Download ^& Install full version of Windows OS.
echo:
echo https://massgrave.dev/
goto dk_done
)
)
::========================================================================================================================================
:: Check SKU value / Check in multiple places to find Edition change corruption
set osSKU=
set regSKU=
set wmiSKU=
for /f "tokens=3 delims=." %%a in ('reg query "HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions" /v OSProductPfn 2^>nul') do set "regSKU=%%a"
if %_wmic% EQU 1 for /f "tokens=2 delims==" %%a in ('"wmic Path Win32_OperatingSystem Get OperatingSystemSKU /format:LIST" 2^>nul') do if not errorlevel 1 set "wmiSKU=%%a"
if %_wmic% EQU 0 for /f "tokens=1" %%a in ('%psc% "([WMI]'Win32_OperatingSystem=@').OperatingSystemSKU" 2^>nul') do if not errorlevel 1 set "wmiSKU=%%a"
set osSKU=%wmiSKU%
if not defined osSKU set osSKU=%regSKU%
if not defined osSKU (
%eline%
echo SKU value was not detected properly. Aborting...
goto dk_done
)
::========================================================================================================================================
set error=
:: Check Internet connection
cls
echo:
for /f "skip=2 tokens=2*" %%a in ('reg query "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /v PROCESSOR_ARCHITECTURE') do set arch=%%b
echo Checking OS Info [%winos% ^| %winbuild% ^| %arch%]
set _intcon=
for /f "delims=[] tokens=2" %%# in ('ping -n 1 licensing.mp.microsoft.com') do if not [%%#]==[] set _intcon=1
%psc% "$t = New-Object Net.Sockets.TcpClient;try{$t.Connect("""licensing.mp.microsoft.com""", 443)}catch{};$t.Connected" | findstr /i true 1>nul
if %errorlevel% EQU 0 (
echo Checking Internet Connection [Connected]
) else (
set error=1
if defined _intcon (
call :dk_color %Red% "Checking Internet Connection [Internet Found But Cant Connect licensing.mp.microsoft.com]"
call :dk_color %Magenta% "Make sure restricted Internet [Office/College] is not connected and URL is not blocked in the system"
) else (
call :dk_color %Red% "Checking Internet Connection [Not Connected]"
)
)
::========================================================================================================================================
:: Check Windows Script Host
set _WSH=1
reg query "HKCU\SOFTWARE\Microsoft\Windows Script Host\Settings" /v Enabled 2>nul | find /i "0x0" 1>nul && (set _WSH=0)
reg query "HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings" /v Enabled 2>nul | find /i "0x0" 1>nul && (set _WSH=0)
if %_WSH% EQU 0 (
reg add "HKLM\Software\Microsoft\Windows Script Host\Settings" /v Enabled /t REG_DWORD /d 1 /f %nul%
reg add "HKCU\Software\Microsoft\Windows Script Host\Settings" /v Enabled /t REG_DWORD /d 1 /f %nul%
if not "%arch%"=="x86" reg add "HKLM\Software\Microsoft\Windows Script Host\Settings" /v Enabled /t REG_DWORD /d 1 /f /reg:32 %nul%
echo Enabling Windows Script Host [Successful]
)
::========================================================================================================================================
echo Initiating Diagnostic Tests...
set "_serv=ClipSVC wlidsvc sppsvc LicenseManager Winmgmt wuauserv"
:: Client License Service (ClipSVC)
:: Microsoft Account Sign-in Assistant
:: Software Protection
:: Windows License Manager Service
:: Windows Management Instrumentation
:: Windows Update
:: Check disabled services
set serv_ste=
for %%# in (%_serv%) do (
set serv_dis=
reg query HKLM\SYSTEM\CurrentControlSet\Services\%%# /v Start %nul% || set serv_dis=1
for /f "skip=2 tokens=2*" %%a in ('reg query HKLM\SYSTEM\CurrentControlSet\Services\%%# /v Start 2^>nul') do if /i %%b equ 0x4 set serv_dis=1
if defined serv_dis (if defined serv_ste (set "serv_ste=!serv_ste! %%#") else (set "serv_ste=%%#"))
)
:: Change disabled services startup type to default
set serv_csts=
set serv_cste=
if defined serv_ste (
for %%# in (%serv_ste%) do (
if /i %%#==ClipSVC (reg add "HKLM\SYSTEM\CurrentControlSet\Services\%%#" /v "Start" /t REG_DWORD /d "3" /f %nul% & sc config %%# start= demand %nul%)
if /i %%#==wlidsvc sc config %%# start= demand %nul%
if /i %%#==sppsvc (reg add "HKLM\SYSTEM\CurrentControlSet\Services\%%#" /v "Start" /t REG_DWORD /d "2" /f %nul% & sc config %%# start= delayed-auto %nul%)
if /i %%#==LicenseManager sc config %%# start= demand %nul%
if /i %%#==Winmgmt sc config %%# start= auto %nul%
if /i %%#==wuauserv sc config %%# start= demand %nul%
if !errorlevel!==0 (
if defined serv_csts (set "serv_csts=!serv_csts! %%#") else (set "serv_csts=%%#")
) else (
set error=1
if defined serv_cste (set "serv_cste=!serv_cste! %%#") else (set "serv_cste=%%#")
)
)
)
if defined serv_csts echo Enabling Disabled Services [Successful] [%serv_csts%]
if defined serv_cste (
echo %serv_cste% | findstr /i "ClipSVC sppsvc" %nul% && (
call :dk_color %Red% "Enabling Disabled Services [Failed] [%serv_cste%] [Restart System]"
) || (
call :dk_color %Red% "Enabling Disabled Services [Failed] [%serv_cste%]"
)
)
::========================================================================================================================================
:: Check if the services are able to run or not
:: Workarounds are added to get correct status and error code because sc query doesn't output correct results in some conditions
set serv_e=
for %%# in (%_serv%) do (
set errorcode=
set checkerror=
net start %%# /y %nul%
sc query %%# | find /i "4 RUNNING" %nul% || set checkerror=1
sc start %%# %nul%
set errorcode=!errorlevel!
if !errorcode! NEQ 1056 if !errorcode! NEQ 0 set checkerror=1
if defined checkerror if defined serv_e (set "serv_e=!serv_e!, %%#-!errorcode!") else (set "serv_e=%%#-!errorcode!")
)
if defined serv_e (
set error=1
call :dk_color %Red% "Starting Services [Failed] [%serv_e%]"
)
::========================================================================================================================================
:: Various error checks
for %%# in (wmic.exe) do @if "%%~$PATH:#"=="" (
call :dk_color %Gray% "Checking WMIC.exe [Not Found]"
)
%psc% $ExecutionContext.SessionState.LanguageMode 2>nul | find /i "Full" 1>nul || (
set error=1
call :dk_color %Red% "Checking Powershell [Not Responding]"
)
if %_wmic% EQU 1 wmic path Win32_ComputerSystem get CreationClassName /value 2>nul | find /i "computersystem" 1>nul
if %_wmic% EQU 0 %psc% "Get-CIMInstance -Class Win32_ComputerSystem | Select-Object -Property CreationClassName" 2>nul | find /i "computersystem" 1>nul
if %errorlevel% NEQ 0 (
set error=1
call :dk_color %Red% "Checking WMI [Not Responding] %_wmic%"
)
if not "%regSKU%"=="%wmiSKU%" (
set error=1
call :dk_color %Red% "Checking WMI/REG SKU [Difference Found - WMI:%wmiSKU% Reg:%regSKU%]"
)
DISM /English /Online /Get-CurrentEdition %nul%
set error_code=%errorlevel%
cmd /c exit /b %error_code%
if %error_code% NEQ 0 set "error_code=[0x%=ExitCode%]"
if %error_code% NEQ 0 (
call :dk_color %Red% "Checking DISM [Not Responding] %error_code%"
)
if exist "%SystemRoot%\Servicing\Packages\Microsoft-Windows-*EvalEdition~*.mum" (
call :dk_color %Red% "Checking Eval Packages [Non-Eval Licenses are installed in Eval Windows]"
)
cscript //nologo %windir%\system32\slmgr.vbs /dlv %nul%
set error_code=%errorlevel%
cmd /c exit /b %error_code%
if %error_code% NEQ 0 set "error_code=0x%=ExitCode%"
if %error_code% NEQ 0 (
set error=1
call :dk_color %Red% "Checking slmgr /dlv [Not Responding] %error_code%"
)
reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\PersistedTSReArmed" %nul% && (
set error=1
call :dk_color %Red% "Checking Rearm [System Restart Is Required]"
)
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ClipSVC\Volatile\PersistedSystemState" %nul% && (
set error=1
call :dk_color %Red% "Checking ClipSVC [System Restart Is Required]"
)
for /f "skip=2 tokens=2*" %%a in ('reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v "SkipRearm" 2^>nul') do if /i %%b NEQ 0x0 (
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v "SkipRearm" /t REG_DWORD /d "0" /f %nul%
call :dk_color %Red% "Checking SkipRearm [Default 0 Value Not Found, Changing To 0]"
net stop sppsvc /y %nul%
net start sppsvc /y %nul%
set error=1
)
call :dk_actids
if not defined applist (
net stop sppsvc /y %nul%
cscript //nologo %windir%\system32\slmgr.vbs /rilc %nul%
if !errorlevel! NEQ 0 cscript //nologo %windir%\system32\slmgr.vbs /rilc %nul%
call :dk_refresh
call :dk_actids
if not defined applist (
set error=1
call :dk_color %Red% "Checking Activation IDs [Not Found]"
)
)
set token=0
if exist %Systemdrive%\Windows\System32\spp\store\2.0\tokens.dat set token=1
if exist %Systemdrive%\Windows\System32\spp\store_test\2.0\tokens.dat set token=1
if %token%==0 (
set error=1
call :dk_color %Red% "Checking SPP tokens.dat [Not Found]"
)
if not exist %SystemRoot%\system32\sppsvc.exe (
set error=1
call :dk_color %Red% "Checking sppsvc.exe File [Not Found]"
)
if /i %error_code% EQU 0xc0000022 (
echo "%serv_e%" | find /i "sppsvc" %nul% && (
call :dk_color %Magenta% "Looks like you may have used a Gaming spoofer. Check Activation Troubleshoot option in MAS."
)
)
::========================================================================================================================================
:: Detect Key
set key=
set pfn=
set altkey=
set changekey=
set curedition=
set altedition=
set notworking=
set actidnotfound=
for /f "skip=2 tokens=2*" %%a in ('reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v BuildBranch 2^>nul') do set "branch=%%b"
if defined applist call :hwiddata key attempt1
if not defined key call :hwiddata key attempt2
if defined notworking call :hwidfallback
if not defined key call :hwidfallback
if defined altkey (set key=%altkey%&set changekey=1&set notworking=)
if defined notworking if defined notfoundaltactID (
call :dk_color %Red% "Checking Alternate Edition For HWID [%altedition% Activation ID Not Found]"
if exist "%SystemRoot%\Servicing\Packages\Microsoft-Windows-*EvalEdition~*.mum" (
call :dk_color %Magenta% "Evaluation Windows Found. Install Full version of Windows. https://massgrave.dev/"
)
)
if not defined key (
%eline%
echo [%winos% ^| %winbuild% ^| SKU:%osSKU%]
echo Unable to find this product in the supported product list.
echo Make sure you are using updated version of the script.
echo https://massgrave.dev
echo:
goto dk_done
)
::========================================================================================================================================
:: Install key
echo:
if defined changekey (
call :dk_color %Magenta% "[%altedition%] Edition product key will be used to enable HWID activation."
echo:
)
if %_wmic% EQU 1 wmic path SoftwareLicensingService where __CLASS='SoftwareLicensingService' call InstallProductKey ProductKey="%key%" %nul%
if %_wmic% EQU 0 %psc% "(([WMISEARCHER]'SELECT Version FROM SoftwareLicensingService').Get()).InstallProductKey('%key%')" %nul%
if not %errorlevel%==0 cscript //nologo %windir%\system32\slmgr.vbs /ipk %key% %nul%
set errorcode=%errorlevel%
cmd /c exit /b %errorcode%
if %errorcode% NEQ 0 set "errorcode=[0x%=ExitCode%]"
if %errorcode% EQU 0 (
call :dk_refresh
echo Installing Generic Product Key [%key%] [Successful]
) else (
set error=1
call :dk_color %Red% "Installing Generic Product Key [%key%] [Failed] %errorcode%"
if defined applist if defined actidnotfound call :dk_color %Red% "Activation ID not found for this key. Make sure you are using updated version of MAS."
)
::========================================================================================================================================
:: Files are copied to temp to generate ticket to avoid possible issues in case the path contains special character or non English names
echo:
set "temp_=%SystemRoot%\Temp\_Temp"
if exist "%temp_%\.*" rmdir /s /q "%temp_%\" %nul%
md "%temp_%\" %nul%
pushd "!_work!\BIN\"
copy /y /b "gatherosstate.exe" "%temp_%\gatherosstate.exe" %nul%
popd
if not exist "%temp_%\gatherosstate.exe" (
call :dk_color %Red% "Copying Required Files to Temp [%temp_%] [Failed]"
goto :dl_final
) else (
echo Copying Required Files to Temp [%temp_%] [Successful]
)
::========================================================================================================================================
if /i "%_hash%"=="0CC709275767E0AA7BD69236E364A45E66AAD9AB" (
echo Checking gatherosstate.exe [Already Modified]
%nul% ren "%temp_%\gatherosstate.exe" "gatherosstatemodified.exe"
goto :dlskipmod
)
:: Modify gatherosstate.exe
pushd "%temp_%\"
%nul% %psc% "$f=[io.file]::ReadAllText('!_batp!') -split ':hex\:.*';iex ($f[1]);"
popd
if not exist "%temp_%\gatherosstatemodified.exe" (
call :dk_color %Red% "Creating Modified Gatherosstate [Failed] Aborting..."
goto :dl_final
)
set _hash=
for /f "skip=1 tokens=* delims=" %%# in ('certutil -hashfile "%temp_%\gatherosstatemodified.exe" SHA1^|findstr /i /v CertUtil') do set "_hash=%%#"
set "_hash=%_hash: =%"
if /i not "%_hash%"=="0CC709275767E0AA7BD69236E364A45E66AAD9AB" (
call :dk_color %Red% "Creating Modified Gatherosstate [Failed] [Hash Not Matched] Aborting..."
goto :dl_final
) else (
echo Creating Modified Gatherosstate [Successful]
)
:dlskipmod
::========================================================================================================================================
:: Clean ClipSVC Licences
:: This code runs only if Lockbox method to generate ticket is manually set by the user in this script.
if %_lock%==1 (
for %%# in (ClipSVC) do (
sc query %%# | find /i "STOPPED" %nul% || net stop %%# /y %nul%
sc query %%# | find /i "STOPPED" %nul% || sc stop %%# %nul%
)
rundll32 clipc.dll,ClipCleanUpState
if %winbuild% LEQ 10240 (
echo Cleaning ClipSVC Licences [Successful]
) else (
if exist "%ProgramData%\Microsoft\Windows\ClipSVC\tokens.dat" (
call :dk_color %Red% "Cleaning ClipSVC Licences [Failed]"
) else (
echo Cleaning ClipSVC Licences [Successful]
)
)
)
::========================================================================================================================================
:: Below registry key (Volatile & Protected) gets created after the ClipSVC License cleanup command, and gets automatically deleted after
:: system restart. It needs to be deleted to activate the system without restart.
:: This code runs only if Lockbox method to generate ticket is manually set by the user in this script.
set "RegKey=HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ClipSVC\Volatile\PersistedSystemState"
set "_ident=HKU\S-1-5-19\SOFTWARE\Microsoft\IdentityCRL"
if %_lock%==1 (
reg query "%RegKey%" %nul% && %nul% call :regownstart
reg delete "%RegKey%" /f %nul%
reg query "%RegKey%" %nul% && (
call :dk_color %Red% "Deleting a Volatile Registry [Failed]"
call :dk_color %Magenta% "Restart the system, that will delete this registry key automatically"
) || (
echo Deleting a Volatile Registry [Successful]
)
REM Clear HWID token related registry to fix activation incase if there is any corruption
reg delete "%_ident%" /f %nul%
reg query "%_ident%" %nul% && (
call :dk_color %Red% "Deleting a Registry [Failed] [%_ident%]"
) || (
echo Deleting a Registry [Successful] [%_ident%]
)
)
::========================================================================================================================================
:: Multiple attempts to generate the ticket because in some cases, one attempt is not enough.
echo:
set "_noxml=if not exist "%temp_%\GenuineTicket.xml""
"%temp_%/gatherosstatemodified.exe" Pfn=%pfn%;DownlevelGenuineState=1
%_noxml% timeout /t 3 %nul%
%_noxml% net stop sppsvc /y %nul%
%_noxml% call "%temp_%/gatherosstatemodified.exe" Pfn=%pfn%;DownlevelGenuineState=1
%_noxml% timeout /t 3 %nul%
:: Refresh ClipSVC (required after cleanup) with below command, not related to generating tickets
if %_lock%==1 (
for %%# in (wlidsvc LicenseManager sppsvc) do (net stop %%# /y %nul% & net start %%# /y %nul%)
call :dk_refresh
)
%_noxml% (
call :dk_color %Red% "Generating GenuineTicket.xml [Failed] [%pfn%]"
goto :dl_final
)
if %_lock%==1 (
find /i "clientLockboxKey" "%temp_%\GenuineTicket.xml" >nul && (
echo Generating GenuineTicket.xml [Successful] [clientLockboxKey Ticket Created]
) || (
call :dk_color %Red% "Generating GenuineTicket.xml [Failed] [%pfn%]"
call :dk_color %Red% "downlevelGTkey Ticket created. Aborting..."
goto :dl_final
)
) else (
echo Generating GenuineTicket.xml [Successful]
)
::========================================================================================================================================
:: Change Windows region to USA to avoid activation issues as Windows store license is not available in many countries
for /f "skip=2 tokens=2*" %%a in ('reg query "HKCU\Control Panel\International\Geo" /v Name 2^>nul') do set "name=%%b"
for /f "skip=2 tokens=2*" %%a in ('reg query "HKCU\Control Panel\International\Geo" /v Nation 2^>nul') do set "nation=%%b"
set regionchange=
if not "%name%"=="US" (
set regionchange=1
%psc% Set-WinHomeLocation -GeoId 244
if !errorlevel! EQU 0 (
echo Changing Windows Region To USA [Successful]
) else (
call :dk_color %Red% "Changing Windows Region To USA [Failed]"
)
)
::==========================================================================================================================================
:: Generate GenuineTicket.xml and apply
:: Most correct way to apply a ticket is by restarting ClipSVC service but we can not check the log details in this way
:: To get the log details and also to correctly apply ticket, script will install tickets two times (service restart + clipup -v -o)
set "tdir=%ProgramData%\Microsoft\Windows\ClipSVC\GenuineTicket"
if exist "%tdir%\*.xml" del /f /q "%tdir%\*.xml" %nul%
if not exist "%tdir%\" md "%tdir%\" %nul%
copy /y /b "%temp_%\GenuineTicket.xml" "%tdir%\GenuineTicket.xml" %nul%
if not exist "%tdir%\GenuineTicket.xml" (
call :dk_color %Red% "Copying Ticket to ClipSVC Location [Failed]"
)
set "_xmlexist=if exist "%tdir%\GenuineTicket.xml""
%_xmlexist% (
net stop ClipSVC /y %nul%
net start ClipSVC /y %nul%
%_xmlexist% timeout /t 2 %nul%
%_xmlexist% timeout /t 2 %nul%
%_xmlexist% (
if exist "%tdir%\*.xml" del /f /q "%tdir%\*.xml" %nul%
call :dk_color %Red% "Installing GenuineTicket.xml [Failed With ClipSVC Service Restart, Wait...]"
)
)
clipup -v -o -altto %temp_%\
::==========================================================================================================================================
call :dk_product
echo:
echo Activating...
echo:
call :dk_act
call :dk_checkperm
if defined _perm (
call :dk_color %Green% "%winos% is permanently activated."
goto :dl_final
)
if not defined error (
REM Clear store ID related registry to fix activation incase if there is any corruption
set "_ident=HKU\S-1-5-19\SOFTWARE\Microsoft\IdentityCRL"
reg delete "!_ident!" /f %nul%
reg query "!_ident!" %nul% && (
call :dk_color %Red% "Deleting a Registry [Failed] [!_ident!]"
) || (
echo Deleting a Registry [Successful] [!_ident!]
)
REM Refresh some services and license status
for %%# in (wlidsvc LicenseManager sppsvc) do (net stop %%# /y %nul% & net start %%# /y %nul%)
call :dk_refresh
call :dk_act
call :dk_checkperm
)
if defined _perm (
call :dk_color %Green% "%winos% is permanently activated."
) else (
call :dk_color %Red% "Activation Failed %error_code%"
if defined notworking (
call :dk_color %Magenta% "At the time of writing this, HWID Activation was not supported for this product."
) else (
call :dk_color2 %Magenta% "Check this page for help" %_Yellow% " https://massgrave.dev/troubleshoot"
)
)
::========================================================================================================================================
:dl_final
echo:
if exist "%temp_%\.*" rmdir /s /q "%temp_%\" %nul%
if exist "%temp_%\" (
call :dk_color %Red% "Cleaning Temp Files [Failed]"
) else (
echo Cleaning Temp Files [Successful]
)
if defined regionchange (
%psc% Set-WinHomeLocation -GeoId %nation%
if !errorlevel! EQU 0 (
echo Restoring Windows Region [Successful]
) else (
call :dk_color %Red% "Restoring Windows Region [Failed] [%name%-%nation%]"
)
)
if %osSKU%==175 call :dk_color %Red% "ServerRdsh Editon does not officially support activation on non-azure platforms."
goto :dk_done
::========================================================================================================================================
:regownstart
setlocal
set "TMP=%SystemRoot%\Temp"
set "TEMP=%SystemRoot%\Temp"
%psc% "$f=[io.file]::ReadAllText('!_batp!') -split ':regown\:.*';iex ($f[1]);"
endlocal
exit /b
:: Below code runs only if Lockbox method is manually set by the user in this script
:: It takes ownership of a volatile registry key and deletes it, which gets created in Lockbox method
:: Thanks to Remko Weijnen for the code and thanks to abbodi1406 for the help
:: remkoweijnen.nl/blog/2012/01/16/take-ownership-of-a-registry-key-in-powershell/
:regown:
$definition = @"
using System;
using System.Runtime.InteropServices;
namespace Win32Api
{
public class NtDll
{
[DllImport("ntdll.dll", EntryPoint="RtlAdjustPrivilege")]
public static extern int RtlAdjustPrivilege(int Privilege, bool Enable, bool CurrentThread, ref bool Enabled);
}
}
"@
Add-Type -TypeDefinition $definition -PassThru | Out-Null
[Win32Api.NtDll]::RtlAdjustPrivilege(9, $true, $false, [ref]$false) | Out-Null
$SID = New-Object System.Security.Principal.SecurityIdentifier('S-1-5-32-544')
$IDN = ($SID.Translate([System.Security.Principal.NTAccount])).Value
$Admin = New-Object System.Security.Principal.NTAccount($IDN)
$path = 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\ClipSVC\Volatile\PersistedSystemState'
$key = [Microsoft.Win32.RegistryKey]::OpenBaseKey('LocalMachine', 'Registry64').OpenSubKey($path, 'ReadWriteSubTree', 'takeownership')
$acl = $key.GetAccessControl()
$acl.SetOwner($Admin)
$key.SetAccessControl($acl)
$rule = New-Object System.Security.AccessControl.RegistryAccessRule($Admin,"FullControl","Allow")
$acl.SetAccessRule($rule)
$key.SetAccessControl($acl)
:regown:
::========================================================================================================================================
:: Get Windows permanent activation status
:dk_checkperm
if %_wmic% EQU 1 wmic path SoftwareLicensingProduct where (LicenseStatus='1' and GracePeriodRemaining='0' and PartialProductKey is not NULL) get Name /value 2>nul | findstr /i "Windows" 1>nul && set _perm=1||set _perm=
if %_wmic% EQU 0 %psc% "(([WMISEARCHER]'SELECT Name FROM SoftwareLicensingProduct WHERE LicenseStatus=1 AND GracePeriodRemaining=0 AND PartialProductKey IS NOT NULL').Get()).Name | %% {echo ('Name='+$_)}" 2>nul | findstr /i "Windows" 1>nul && set _perm=1||set _perm=
exit /b
:: Refresh license status
:dk_refresh
if %_wmic% EQU 1 wmic path SoftwareLicensingService where __CLASS='SoftwareLicensingService' call RefreshLicenseStatus %nul%
if %_wmic% EQU 0 %psc% "$null=(([WMICLASS]'SoftwareLicensingService').GetInstances()).RefreshLicenseStatus()" %nul%
exit /b
:: Activation command
:dk_act
set error_code=
if %_wmic% EQU 1 wmic path SoftwareLicensingProduct where "ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' and PartialProductKey<>null" call Activate %nul%
if %_wmic% EQU 0 %psc% "(([WMISEARCHER]'SELECT ID FROM SoftwareLicensingProduct WHERE ApplicationID=''55c92734-d682-4d71-983e-d6ec3f16059f'' AND PartialProductKey IS NOT NULL').Get()).Activate()" %nul%
if not %errorlevel%==0 cscript //nologo %windir%\system32\slmgr.vbs /ato %nul%
set error_code=%errorlevel%
cmd /c exit /b %error_code%
if %error_code% NEQ 0 (set "error_code=[Error Code: 0x%=ExitCode%]") else (set error_code=)
exit /b
:: Get Windows Activation IDs
:dk_actids
set applist=
if %_wmic% EQU 1 set "chkapp=for /f "tokens=2 delims==" %%a in ('"wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f') get ID /VALUE" 2^>nul')"
if %_wmic% EQU 0 set "chkapp=for /f "tokens=2 delims==" %%a in ('%psc% "(([WMISEARCHER]'SELECT ID FROM SoftwareLicensingProduct WHERE ApplicationID=''55c92734-d682-4d71-983e-d6ec3f16059f''').Get()).ID ^| %% {echo ('ID='+$_)}" 2^>nul')"
%chkapp% do (if defined applist (call set "applist=!applist! %%a") else (call set "applist=%%a"))
exit /b
:: Get Product name (WMI/REG methods are not reliable in all conditions, hence winbrand.dll method is used)
:dk_product
set winos=
set d1=[DllImport(\"winbrand\",CharSet=CharSet.Unicode)]public static extern string BrandingFormatString(string s);
set d2=$AP=Add-Type -Member '%d1%' -Name D1 -PassThru; $AP::BrandingFormatString('%%WINDOWS_LONG%%')
for /f "delims=" %%s in ('"%psc% %d2%"') do if not errorlevel 1 (set winos=%%s)
echo "%winos%" | find /i "Windows" 1>nul || (
for /f "skip=2 tokens=2*" %%a in ('reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v ProductName 2^>nul') do set "winos=%%b"
if %winbuild% GEQ 22000 (
set winos=!winos:Windows 10=Windows 11!
)
)
exit /b
:: Check wmic.exe
:dk_ckeckwmic
set _wmic=0
for %%# in (wmic.exe) do @if not "%%~$PATH:#"=="" (
wmic path Win32_ComputerSystem get CreationClassName /value 2>nul | find /i "computersystem" 1>nul && set _wmic=1
)
exit /b
::========================================================================================================================================
:dk_color
if %_NCS% EQU 1 (
echo %esc%[%~1%~2%esc%[0m
) else (
%psc% write-host -back '%1' -fore '%2' '%3'
)
exit /b
:dk_color2
if %_NCS% EQU 1 (
echo %esc%[%~1%~2%esc%[%~3%~4%esc%[0m
) else (
%psc% write-host -back '%1' -fore '%2' '%3' -NoNewline; write-host -back '%4' -fore '%5' '%6'
)
exit /b
::========================================================================================================================================
:dk_done
echo:
if %_unattended%==1 timeout /t 2 & exit /b
call :dk_color %_Yellow% "Press any key to %_exitmsg%..."
pause >nul
exit /b
::========================================================================================================================================
:: 1st column = Activation ID
:: 2nd column = Generic Retail/OEM/MAK Key
:: 3rd column = SKU ID
:: 4th column = Key part number
:: 5th column = 1 = activation is not working (at the time of writing this), 0 = activation is working
:: 6th column = Key Type
:: 7th column = WMI Edition ID
:: 8th column = Version name incase same Edition ID is used in different OS versions with different key
:: Separator = _
:hwiddata
for %%# in (
8b351c9c-f398-4515-9900-09df49427262_XGVPP-NMH47-7TTHJ-W3FW7-8HV2C___4_X19-99683_0_OEM:NONSLP_Enterprise
c83cef07-6b72-4bbc-a28f-a00386872839_3V6Q6-NQXCX-V8YXR-9QCYV-QPFCT__27_X19-98746_0_Volume:MAK_EnterpriseN
4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c_VK7JG-NPHTM-C97JM-9MPGT-3V66T__48_X19-98841_0_____Retail_Professional
9fbaf5d6-4d83-4422-870d-fdda6e5858aa_2B87N-8KFHP-DKV6R-Y2C8J-PKCKT__49_X19-98859_0_____Retail_ProfessionalN
f742e4ff-909d-4fe9-aacb-3231d24a0c58_4CPRK-NM3K3-X6XXQ-RXX86-WXCHW__98_X19-98877_0_____Retail_CoreN
1d1bac85-7365-4fea-949a-96978ec91ae0_N2434-X9D7W-8PF6X-8DV9T-8TYMD__99_X19-99652_0_____Retail_CoreCountrySpecific
3ae2cc14-ab2d-41f4-972f-5e20142771dc_BT79Q-G7N6G-PGBYW-4YWX6-6F4BT_100_X19-99661_0_____Retail_CoreSingleLanguage
2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8_YTMG3-N6DKC-DKB77-7M9GH-8HVX7_101_X19-98868_0_____Retail_Core
2a6137f3-75c0-4f26-8e3e-d83d802865a4_XKCNC-J26Q9-KFHD2-FKTHY-KD72Y_119_X19-99606_0_OEM:NONSLP_PPIPro
e558417a-5123-4f6f-91e7-385c1c7ca9d4_YNMGQ-8RYV3-4PGQ3-C8XTP-7CFBY_121_X19-98886_0_____Retail_Education
c5198a66-e435-4432-89cf-ec777c9d0352_84NGF-MHBT6-FXBX8-QWJK7-DRR8H_122_X19-98892_0_____Retail_EducationN
cce9d2de-98ee-4ce2-8113-222620c64a27_KCNVH-YKWX8-GJJB9-H9FDT-6F7W2_125_X22-66075_1_Volume:MAK_EnterpriseS_VB
d06934ee-5448-4fd1-964a-cd077618aa06_43TBQ-NH92J-XKTM7-KT3KK-P39PB_125_X21-83233_0_OEM:NONSLP_EnterpriseS_RS5
706e0cfd-23f4-43bb-a9af-1a492b9f1302_NK96Y-D9CD8-W44CQ-R8YTK-DYJWX_125_X21-05035_0_OEM:NONSLP_EnterpriseS_RS1
faa57748-75c8-40a2-b851-71ce92aa8b45_FWN7H-PF93Q-4GGP8-M8RF3-MDWWW_125_X19-99617_0_OEM:NONSLP_EnterpriseS_TH
2c060131-0e43-4e01-adc1-cf5ad1100da8_RQFNW-9TPM3-JQ73T-QV4VQ-DV9PT_126_X22-66108_1_Volume:MAK_EnterpriseSN_VB
e8f74caa-03fb-4839-8bcc-2e442b317e53_M33WV-NHY3C-R7FPM-BQGPT-239PG_126_X21-83264_1_Volume:MAK_EnterpriseSN_RS5
3d1022d8-969f-4222-b54b-327f5a5af4c9_2DBW3-N2PJG-MVHW3-G7TDK-9HKR4_126_X21-04921_0_Volume:MAK_EnterpriseSN_RS1
60c243e1-f90b-4a1b-ba89-387294948fb6_NTX6B-BRYC2-K6786-F6MVQ-M7V2X_126_X19-98770_0_Volume:MAK_EnterpriseSN_TH
eb6d346f-1c60-4643-b960-40ec31596c45_DXG7C-N36C4-C4HTG-X4T3X-2YV77_161_X21-43626_0_____Retail_ProfessionalWorkstation
89e87510-ba92-45f6-8329-3afa905e3e83_WYPNQ-8C467-V2W6J-TX4WX-WT2RQ_162_X21-43644_0_____Retail_ProfessionalWorkstationN
62f0c100-9c53-4e02-b886-a3528ddfe7f6_8PTT6-RNW4C-6V7J2-C2D3X-MHBPB_164_X21-04955_0_____Retail_ProfessionalEducation
13a38698-4a49-4b9e-8e83-98fe51110953_GJTYN-HDMQY-FRR76-HVGC7-QPF8P_165_X21-04956_0_____Retail_ProfessionalEducationN
df96023b-dcd9-4be2-afa0-c6c871159ebe_NJCF7-PW8QT-3324D-688JX-2YV66_175_X21-41295_0_____Retail_ServerRdsh
d4ef7282-3d2c-4cf0-9976-8854e64a8d1e_V3WVW-N2PV2-CGWC3-34QGF-VMJ2C_178_X21-32983_0_____Retail_Cloud
af5c9381-9240-417d-8d35-eb40cd03e484_NH9J3-68WK7-6FB93-4K3DF-DJ4F6_179_X21-32987_0_____Retail_CloudN
8ab9bdd1-1f67-4997-82d9-8878520837d9_XQQYW-NFFMW-XJPBH-K8732-CKFFD_188_X21-99378_0_____OEM:DM_IoTEnterprise
ed655016-a9e8-4434-95d9-4345352c2552_QPM6N-7J2WJ-P88HH-P3YRH-YY74H_191_X21-99682_0_OEM:NONSLP_IoTEnterpriseS_VB
d4bdc678-0a4b-4a32-a5b3-aaa24c3b0f24_K9VKN-3BGWV-Y624W-MCRMQ-BHDCD_202_X22-53884_0_____Retail_CloudEditionN
92fb8726-92a8-4ffc-94ce-f82e07444653_KY7PN-VR6RX-83W6Y-6DDYQ-T6R4W_203_X22-53847_0_____Retail_CloudEdition
d4f9b41f-205c-405e-8e08-3d16e88e02be_J7NJW-V6KBM-CC8RW-Y29Y4-HQ2MJ_205_X23-15027_0_OEM:NONSLP_IoTEnterpriseSK
) do (
for /f "tokens=1-9 delims=_" %%A in ("%%#") do (
if %1==key if %osSKU%==%%C (
REM Detect key attempt 1
if "%2"=="attempt1" if not defined key (
echo "!applist!" | find /i "%%A" 1>nul && (
if %%E==1 set notworking=1
set key=%%B
set pfn=Microsoft.Windows.%%C.%%D_8wekyb3d8bbwe
)
)
REM Detect key attempt 2
if "%2"=="attempt2" if not defined key (
set actidnotfound=1
set 8th=%%H
if not defined 8th (
if %%E==1 set notworking=1
set key=%%B
set pfn=Microsoft.Windows.%%C.%%D_8wekyb3d8bbwe
) else (
echo "%branch%" | find /i "%%H" 1>nul && (
if %%E==1 set notworking=1
set key=%%B
set pfn=Microsoft.Windows.%%C.%%D_8wekyb3d8bbwe
)
)
)
)
)
)
exit /b
::========================================================================================================================================
:: Below code is used to get alternate edition name and key if current edition doesn't support HWID activation
:: ProfessionalCountrySpecific won't be converted because it's not a good idea to change CountrySpecific editions
:: 1st column = Current SKU ID
:: 2nd column = Current Edition Name
:: 3rd column = Current Edition Activation ID
:: 4th column = Alternate Edition Activation ID
:: 5th column = Alternate Edition HWID Key
:: 6th column = Alternate Edition Name
:: Separator = _
:hwidfallback
set notfoundaltactID=
if %_NoEditionChange%==1 exit /b
for %%# in (
125_EnterpriseS-2021___________cce9d2de-98ee-4ce2-8113-222620c64a27_ed655016-a9e8-4434-95d9-4345352c2552_QPM6N-7J2WJ-P88HH-P3YRH-YY74H_IoTEnterpriseS-2021
191_IoTEnterpriseS-Win11_______59eb965c-9150-42b7-a0ec-22151b9897c5_d4f9b41f-205c-405e-8e08-3d16e88e02be_J7NJW-V6KBM-CC8RW-Y29Y4-HQ2MJ_IoTEnterpriseSK-Win11
138_ProfessionalSingleLanguage_a48938aa-62fa-4966-9d44-9f04da3f72f2_4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c_VK7JG-NPHTM-C97JM-9MPGT-3V66T_Professional
) do (
for /f "tokens=1-6 delims=_" %%A in ("%%#") do if %osSKU%==%%A (
echo "!applist!" | find /i "%%C" 1>nul && (
echo "!applist!" | find /i "%%D" 1>nul && (
set altkey=%%E
set curedition=%%B
set altedition=%%F
) || (
set altedition=%%F
set notfoundaltactID=1
)
)
)
)
exit /b
::========================================================================================================================================
:: Script changes below values in official gatherosstate.exe so that it can generate usable ticket in Windows unlicensed state
:: github.com/Gamers-Against-Weed/GamersOsState
:hex:[
$bytes = [System.IO.File]::ReadAllBytes("gatherosstate.exe")
$bytes[320] = 0xf8
$bytes[321] = 0xfb
$bytes[322] = 0x05
$bytes[324] = 0x03
$bytes[13672] = 0x25
$bytes[13674] = 0x73
$bytes[13676] = 0x3b
$bytes[13678] = 0x00
$bytes[13680] = 0x00
$bytes[13682] = 0x00
$bytes[13684] = 0x00
$bytes[32748] = 0xe9
$bytes[32749] = 0x9e
$bytes[32750] = 0x00
$bytes[32751] = 0x00
$bytes[32752] = 0x00
$bytes[32894] = 0x8b
$bytes[32895] = 0x44
$bytes[32897] = 0x64
$bytes[32898] = 0x85
$bytes[32899] = 0xc0
$bytes[32900] = 0x0f
$bytes[32901] = 0x85
$bytes[32902] = 0x1c
$bytes[32903] = 0x02
$bytes[32904] = 0x00
$bytes[32906] = 0xe9
$bytes[32907] = 0x3c
$bytes[32908] = 0x01
$bytes[32909] = 0x00
$bytes[32910] = 0x00
$bytes[32911] = 0x85
$bytes[32912] = 0xdb
$bytes[32913] = 0x75
$bytes[32914] = 0xeb
$bytes[32915] = 0xe9
$bytes[32916] = 0x69
$bytes[32917] = 0xff
$bytes[32918] = 0xff
$bytes[32919] = 0xff
$bytes[33094] = 0xe9
$bytes[33095] = 0x80
$bytes[33096] = 0x00
$bytes[33097] = 0x00
$bytes[33098] = 0x00
$bytes[33449] = 0x64
$bytes[33576] = 0x8d
$bytes[33577] = 0x54
$bytes[33579] = 0x24
$bytes[33580] = 0xe9
$bytes[33581] = 0x55
$bytes[33582] = 0x01
$bytes[33583] = 0x00
$bytes[33584] = 0x00
$bytes[33978] = 0xc3
$bytes[34189] = 0x59
$bytes[34190] = 0xeb
$bytes[34191] = 0x28
$bytes[34238] = 0xe9
$bytes[34239] = 0x4f
$bytes[34240] = 0x00
$bytes[34241] = 0x00
$bytes[34242] = 0x00
$bytes[34346] = 0x24
$bytes[34376] = 0xeb
$bytes[34377] = 0x63
[System.IO.File]::WriteAllBytes("gatherosstatemodified.exe", $bytes)
:hex:]
::========================================================================================================================================