Universal Theme Patcher Open Source Now!

Because I have no free time to update these patch for a few months, so I plan to open the source code of the "Universal Theme Patcher".

The source code includes a console program for demo the patch engine.
You can migrate it to your own project freely.
In your final tool, add a link to deepxw is recommended.

Source code link: http://universalthemepatcher.googlecode.com

XPize and Vize are well-known 3rd party theme of Windows. It will try to use this patch engine.

Posted by deepxw at 00:46   |   422 comments  

My blog will be frozen in next few months

I can not reply all comments, I would like to say sorry to those friends who have written a message here.

1) Blogger has been blocked by FW. I am very difficult to open the site, even if I use a proxy.

2) I am preparing for a exam, so I do not have much free time.

Posted by deepxw at 00:25   |   364 comments  

Sign PE file with certificate by programing

Someone needs this function, so I post it.

First, you need to creat a *.cer and *.pvk by makecert.exe.

#pragma comment (lib, "Cryptui.lib")

// Function: SignFile
// Purpose: Sign PE file with certificate. (*.pvk and *.cer)
// Arguments:
// pszExeFile [in] The PE file name.
// pszPvkFile [in] The private key file name. (*.pvk)
// pszCertFile [in] The certificate file name. (*.cer, *.spc)
// Returns:
// If success, return TURE.
// Notes:
// Last modified: 2009.01.20

BOOL SignFile(LPTSTR pszExeFile, LPTSTR pszPvkFile, LPTSTR pszCertFile)
BOOL bResult;

pvkFileInfo.pwszPvkFileName = pszPvkFile;
pvkFileInfo.pwszProvName = NULL;
pvkFileInfo.dwProvType = PROV_RSA_FULL;

pvkInfo.pwszSigningCertFileName = pszCertFile;
pvkInfo.pPvkFileInfo = &pvkFileInfo;

signInfo.dwSize = sizeof(CRYPTUI_WIZ_DIGITAL_SIGN_INFO);
signInfo.pwszFileName = pszExeFile;
signInfo.dwSigningCertChoice = CRYPTUI_WIZ_DIGITAL_SIGN_PVK;
signInfo.pSigningCertPvkInfo = &pvkInfo;
signInfo.pwszTimestampURL = NULL;
signInfo.dwAdditionalCertChoice = CRYPTUI_WIZ_DIGITAL_SIGN_ADD_CHAIN;
signInfo.pSignExtInfo = NULL;

bResult = CryptUIWizDigitalSign(CRYPTUI_WIZ_NO_UI, NULL, NULL, &signInfo, NULL);

return bResult;

} // SignFile()

Posted by deepxw at 00:15   |   476 comments  

How To Remove Watermark By Programing

Some friends asked me how to remove the watermark by programming, now, I have post a demo to google code. You can found the source code at http://code.google.com/p/removewatermark/

Main steps:
Load the user32.dll.mui into memory by API LoadLibraryEx().
Find the string table by FindResourceEx(), and load it by LoadResource(), LockResource().

Look up the watermark string in string table, we can get the string virtual address and length, then calculate the string offset base the module address, and we get the file offset.
Map the file to memory, just simple zero the watermark string.
In order to make the procedure simple, so use the simplest method.

Finally, re-check sum the file.
OK, all done.

Code snippet:

// Load string from resource with special langID
BOOL LoadStringExx(
HINSTANCE hInst, // Hinstance of lib
WORD wLangID, // Language ID of resource
PRES_STRING_INFO pInfo // Pointer to the string info

HRSRC hFindRes; // Handle of the resources has been found
HGLOBAL hLoadRes; // Handle of the resources has been loaded
LPVOID pRes; // Pointer to the resources
UINT nBlockID; // String block ID

pInfo->dwFileOffset = 0; // String offset in the file
pInfo->dwBytes = 0; // String length, in bytes
pInfo->pszText = NULL;

nBlockID = pInfo->uStringID / 16 + 1;

// find the string block
hFindRes = FindResourceEx(hInst, RT_STRING, MAKEINTRESOURCE(nBlockID), wLangID);
if(!hFindRes )

hLoadRes = LoadResource(hInst, hFindRes);
if(!hLoadRes )

pRes = LockResource(hLoadRes);
if(!pRes )

WCHAR* pParse = (WCHAR *)pRes; // Pointer to the String block
UINT nIndex = pInfo->uStringID % 16; // Calculate the string index
int nLen;

// 16 strings per block
for( i = 0; i < (nIndex & 15); i++ )
pParse += 1 + (int)*pParse;

// OK, we get it
nLen = (UINT)*pParse; // The length of the target string.
pParse += 1; // Pointer to the target string

// Main point, calculate the string offset
pInfo->dwFileOffset = (DWORD) ( (DWORD_PTR)pParse - (DWORD_PTR)hInst ) + 1;
pInfo->dwBytes = nLen * sizeof(WCHAR);

// allocate memory
pInfo->pszText = (LPWSTR)MALLOC((nLen + 1) * sizeof(WCHAR));
if (!pInfo->pszText)

// copy string for return
CopyMemory((LPVOID)pInfo->pszText, (LPVOID)pParse, pInfo->dwBytes);
*(PWCHAR)((DWORD_PTR)pInfo->pszText + pInfo->dwBytes) = 0;

// Clean up, free memory

if (pRes)

if (hFindRes)

// if pointer is null, we return a NULL string
if (!pInfo->pszText)
pInfo->pszText = (LPWSTR)MALLOC(sizeof(WCHAR));
pInfo->pszText[0] = 0;

return TRUE;

} // LoadStringExx()

Posted by deepxw at 00:10   |   327 comments  

Say Bye To Half-open TCP Connections Limit In Vista/2008 SP2

Good news from Microsoft!

At May 6, 2009, In this article, Microsoft confirm that:
By default, the half-open TCP connections limit is disabled in Windows Server 2008 with Service Pack 2 (SP2) and in Windows Vista with Service Pack 2 (SP2).

Thank for this, my doubts about RateLimit long time ago has been solved by Microsoft's answer.

Last year, I found a case. In Vista, I can simply modify the value "TcpCreateAndConnectTcbRateLimitDepth" from 1 to 0 in the kernel memory, and then the Half-open TCP connections limit has been removed immediately!
But I am not sure whether this is a safe method. so, in tcp-z, this function never be active. TCP-Z only show this value.

After Vista 16670 and Windows 7 6956, Microsoft strangely set TcpCreateAndConnectTcbRateLimitDepth to 0 in default.
In latterly version of TCP-Z, it will show a lock icon to distinguish these difference.

Now, Microsoft answer: It's safe! and provide a simple modification method by registry.
When you add a registry entry "EnableConnectionRateLimiting", and set to 1 or 0, it will switch TcpCreateAndConnectTcbRateLimitDepth between 1/0 synchronously.
You can see the changes in the graph of TCP-Z.
After TcpCreateAndConnectTcbRateLimitDepth change to 1, Windows will calculate the create rate and do the limitation. In testing you can see the value is limited to 11.

This registry entry only works in Windows Server 2008 with SP2 / Windows Vista with SP2 / Window 7.

It is time to retire for me!

Full article in Microsoft.com

How to enable the half-open TCP connections limit in Windows Vista with Service Pack 2 and in Windows Server 2008 with Service Pack 2


By default, the half-open TCP connections limit is disabled in Windows Server 2008 with Service Pack 2 (SP2) and in Windows Vista with Service Pack 2 (SP2). This article describes how to impose the half-open TCP connections limit in Windows Server 2008 with SP2 and in Windows Vista with SP2. The limit is ten connections.

Note In Windows Server 2008 and in Windows Vista with Service Pack 1 (SP1), the system allows for a maximum of ten half-open TCP connections at any time.


How to enable the half-open TCP connections limit

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756 How to back up and restore the registry in Windows

To enable the half-open TCP connections limit in Windows Server 2008 with SP2 or in Windows Vista with SP2, set the value of the EnableConnectionRateLimiting DWORD registry entry to 1 (0x00000001).

To do this, follow these steps:

1) Click Start, type regedit in the Start Search box, and then click regedit.exe in the Programs list.

If you are prompted for an administrator password or for confirmation, type your password, or click Continue.

2) Locate and then double-click the following registry key:

3) In the Value data box, type 1, and then click OK.

4) Exit Registry Editor.
5) Restart the computer.

Comment by deepxw: In fact, It's no need to restart computer.

Posted by deepxw at 20:48   |   642 comments  

Remote Desktop Test In Windows 2008 STD

OS: Windows Server 2008 standard edition, with SP1.

In default, 2k8 std only allow allow 2 users in active.
Administrator log in console, and user t2 log in by RDP.
When user t1 try to log in to 2k8, Windows will prompt you need to disconnect one of t2/administrator. After t1 log in, and t2 has been kick away.

Fortunately, the "Universal Termsrv.dll Patch" can still works under Windows 2008.
After patch the file Termsrv.dll, it can allow 7 users log in and active at the same time.

Thanks for the help of Elias Hantzakos, so I was able to complete this test.

Posted by deepxw at 21:44   |   545 comments  

Next previous home
Copyright 2009 deepxw | TCP-Z, Best TCP/IP Patch