TCP-Z Support Windows 7 Build 7000

ISO: 7000.0.081212-1400_client_en-us_Ultimate-GB1CULFRE_EN_DVD.iso
OS: Windows 7, Build 7000
Platform: 32bit, x86
Tcpip.sys version: 6.1.7000.0
TCP/IP Half Open Connection Limited Default Value: 10

All version of TCP-Z after 20081107 can patch this version of Windows 7.
Includes: V2.0 / V2.1 /V2.2 / V2.3

Posted by deepxw at 12:31   |   11 comments  

Merry Christmas!

Merry Christmas to everybody!
I wish you have a happy new year!

Btw, I bring a message about next version of TCP-Z. It's in development.

Posted by deepxw at 00:21   |   6 comments  

Tcpz-x86d.sys has been removed from virus list of NOD32

Today, I recevied reply from ESET, tcpz-x86d.sys has been removed from virus list of NOD32. NOD32 will not report tcpz-x86d.sys as a rootkit in new database.

TCP-Z is not a rootkit!
It is just a tool for adjust half open connection limited in runtime.

Posted by deepxw at 19:17   |   37 comments  

TCP-Z Support Windows 7 6936

OS: Windows 7, Build 6936
Platform: 64bit, x64
Tcpip.sys version: 6.1.6936.0
TCP/IP Half Open Connection Limited Default Value: 10

TCP-Z V2.2 can patch this version of Windows 7.
Memory Patch: Working perfectly.
Known issue: GUI program show File Limited as "Unknown". This issue will be fixed in the next version.

Posted by deepxw at 13:28   |   2 comments  

TCP-Z, V2.2.1, Build 20081216 Release


Update: V2.2.1, Build 20081216

Download Link 1: TCPZ_20081216.zip
Download Link 2: TCPZ_20081216.zip

2008.12.16 V2.2.1.36
* Modify TcpzQueryRegParameters(), Add a null parameter iNullAction, Avoid NOD32 report as virus.
This version has not other function update.

Project Name: TCP-Z (TCP-Z Network Monitor)
Support OS: Windows XP SP2 SP3/2003/2008/Vista SP1 SP2/Windows 7, All 32bit (x86) / 64bit (x64)

Event ID 4226 Patcher, EvID4226 fix, TCP/IP Patche, TCP Half Open Limited Patcher.

Raise the limited of half-open connection, Release the power of your network, download faster, and more task can be run at the same time.

Features:
1) Safe And Easy: Modifies Tcpip.sys in memory. The changes take effect immediately; do not need to restart the computer.

2) Wide Compatibility: It searches limited offset through signature, no longer focused on the MS upgrade and update.
Support all version of Windows, Which with half-open limited.

3) Professional Chart: TCP-Z shows number of estabilished connection, half open connection, Create depth, download/upload speed in real-time.
And software will show the number of warnings events in per-minute, which TCP half open connection overload.

************
* Usages *
************
1) Manually: Use GUI application tcpz.exe / tcpz64.exe to modify limited value.

2) Automatically: Install TCP-Z Virtual Device. It modify limited value automatically without human intervention. Use Device Manager property page to customize the maximum value.

Two version TCP-Z can run an independent, you can choose one of them.




History:

2008.11.07 V2.0.0.30 beta
* Modified all search function. Improve success rate.

2008.11.12 V2.1.0.33
+ Add tcpz64.exe, a native x64 program.
* Modify search function.
* Memory Limited of XP up to 1000.
* Fix: compatibility of multi-core CPU.
* Fix: fail to load driver in Windows 7 x64.

2008.11.29 V2.2.0.35
+ Virtual drive, add a option to custom limited value. Add a UnLimited option for Vista / Windows 7.
+ GUI program, capture screen by hot-key F5 / F6. It needs gdi+ support.
* GUI program, add Vista UAC manifest. May not be compatible with XP SP2, you can upgrade Sevice Pack, or continue to use the V2.1 version of TCP-Z.
* GUI program be changed to a single file, portable version.

2008.12.16 V2.2.1.36
* Modify TcpzQueryRegParameters(), Add a null parameter iNullAction, Avoid NOD32 report as virus.

Posted by deepxw at 20:43   |   7 comments  

NOD32 wrong report tcpz-x86d.sys as virus

When you update NOD32 to "v.3693 (20081215)", It will report the file tcpz-x86d.sys as virus, which named as "Win32/Rootkit.Agent.NHN".

tcpz-x86d.sys MD5: 0E219B74E2C68A34CA09D8FE114F6D11

This is wrong! My software is not a rootkit!

I will contact ESET to solve.

Update: DEC 18, 2008, tcpz-x86d.sys has been removed from virus list of NOD32.

Posted by deepxw at 14:03   |   12 comments  

TCP-Z User Guide (With Picture)

[newest, Event ID 4226 Patch, EvID4226 fix, TCP/IP Patch, Tcpip.sys Patch, remove half open limit, tcpip.sys patch, TCP Half Open Connection Limited Patcher, Windows XP SP2 SP3, Vista SP1 SP2, Windows 7, X86, X64,32-bit,64-bit, Edition.]


Usages:

1) Manually:

Use GUI application tcpz.exe / tcpz64.exe to modify limited value.

Although you exit the TCP-Z, the modified values will remain in the kernel memory.
The modified values will remain in effect, until shutdown computer.

This is a temporary modification, restart the system will revert to the initial value.
You need to modify the limit value in each boot.


2) Automatically:

Install TCP-Z Virtual Device to patch in silent mode.

Virtual Device also patch kernel memory. But it is more automated, takes effect as a File Patch.

It modify limited value automatically without human intervention. Use Device Manager property page to customize the maximum value.

Driver only need to install once, the half-open limit number will be locked as your settings.
The modified values will in effect at each system boot, until you unistall the driver.

Although you update Windows Service Pack, but no need to re-install the driver again.

Install, or Uninstall.
32bit, run the program as administrator: "TCPZ_Setup-x86.exe".
64bit, run the program as administrator: "TCPZ_Setup-x64.exe"


Two version TCP-Z can run an independent, you can choose one of them.



TCP-Z Overview



TCP Window



1) File version.

2) TCP/IP half-open connection limit value, read from the file tcpip.sys in hard disk.

3) TCP/IP half-open connection limit value, read from the kernel memory.

4) Indicating the tcpip.sys whether or not a original file.
"Yes", meaning that the file has not been modified.

5) Count of system event, which ID equal to 4226.

6) Record of peak. Left-click the icon, it will display the highest values and the time of that event.

7) Change the align of real time counter label.

8) Number of established connections.

9) Number of half-open connections.
Half-open connection, it's incomplete outgoing/outbound TCP connection, in SYN-SENT state.

10) Create depth, create rate depth. This value is read from kernel memory of tcpip.sys.
In fact, Windows control this value not exceeds the memory limit(3).
TCP half-open connection limitation is popular statement.

11) Number of incoming/inbound TCP connections, in SYN-RCVD state.
A program open a port to listening. When a remote client trying to connect to this port, will result in this case.

12) Real time number, peak number. xx/yy, xx is real time value, yy is peak/higest value.
Connection graph and speed graph has the same format.

13) Download speed, in Kilobytes/second.

14) Upload speed, in Kilobytes/second.

15) Elapsed time of statistics.
It will be reset to 0 when you change the net adapter in (16).

16) Connection name and the network adapter name.

17) Statistics of download data and upload data.
It will be reset to 0 when you change the net adapter in (16).


* Windows Server 2003 / 2008 / 7 is unlimited. so that Limit value will grayed out.

Statistics Window



1) Reset the counter to 0, and start a new statistics.

2) Total number of upload data in this connection/adapter.
Statistics since the system boot up.

3) Total number of download data in this connection/adapter.
Statistics since the system boot up.

* If your are using BT/e-mule, and the incoming connection attempts is 0. It means the listening port has been blocked by firewall, or your are in the LAN without port mapping/forward.

You will missed more remote clients, resulting in lower download speeds.

Detail Window



1) Command line of the process.

2) Creation time of the process.

3) Physical memory usage of the process, the current working set of the process.

4) Virtual memory usage of the process.

5) I/O Read bytes.
In Task Manager, the number of bytes read in input/output operations generated by a process, including file, network, and device I/Os. I/O Read Bytes directed to CONSOLE (console input object) handles are not counted.

6) I/O Write bytes.
In Task Manager, the number of bytes written in input/output operations generated by a process, including file, network, and device I/Os. I/O Write Bytes directed to CONSOLE (console input object) handles are not counted.


Patch Window



1) Modify limit value in kernel memory.

Although you exit the TCP-Z, the modified values will remain in the kernel memory.
The modified values will remain in effect, until shutdown computer.

This is a temporary modification, restart the system will revert to the initial value.
You need to modify the limit value in each boot.

2) Press this button to apply new limit value.

You can using command line to modify the limit value:
tcpz.exe -limit:200
tcpz.exe -limit:200 -autoexit

3) Direct modify the limit value in file tcpip.sys.

This function only enabled in the Windows XP.
If you want to patch Vista, please try another tool "Universal Tcpip.sys Patch".

* Tcpip.sys of Windows XP have 4 bytes for comparing, the limit can be achieved 0xFFFFFFFF.

* Tcpip.sys of Vista/Windows 7, there are only 1 byte, so the upper limit is 0xFF (255).


Keyboard Control


Switch Tab Ctrl + Tab
Switch Control Tab
Confirm Space
Capture TCP-Z Window to image file F5
Capture full screen to image file F6


Command Line


tcpz.exe -limit:200
tcpz.exe -limit:200 -autoexit
tcpz.exe -minimize

If antivirus software block tcp-z loading driver and cause tcp-z fail to startup, you can bypass driver in command line:
tcpz.exe -nodriver

But, without driver support, it will lost the memory patch feature.

Posted by deepxw at 12:27   |   47 comments  

Remove Watermark, V0.8, Build 20090509

Note: Don't use V0.1 / 0.2 / 0.3 in Windows 7 6956 /7000 /7022 /7048 /7057 /7068 /7077 /7100 /7106 or later version!
Only V0.4/v0.5/0.6/0.8 is support these Windows 7.

Read following text for detail.


Sometimes, the watermark still exists on the desktop after reboot, you need to manually rebuild the MUI cache by:
Press key "R" in removeWatermark;
Or run "mcbuilder.exe".



Remove all Watermark on desktop.
Such as "Evaluation Copy", "For testing purpose only", "Test Mode", "Safe Mode".

Support: Windows Vista /Server 2008 /Windows 7, 64bit(x64) / 32bit(x86), All Service Pack & all language of Windows.

2009.05.09 V0.8
Download Link 1: RemoveWatermark_20090509.zip
Download Link 2: RemoveWatermark_20090509.zip
Download Link 3: RemoveWatermark_20090509.zip (Click the link to download)

It is a universal patch!
Without language limited, Supports all language of windows!
And without limited of Service Pack.

This tool provides two ways to remove the watermark.

* The default method, modify user32.dll.mui. This method is safe for all Windows.
In 64-bit Vista / Windows 7, It needs Re-Build MUI cache, this will take a few minutes, please wait.

* Method 2: modifies user32.dll. 100% remove all watermark. (Run program with argument "-enforce")

But don't use Method 2 in Windows 7 6956 / 7000 or later version.
It likes a unknown bug in these version of Windows.
Any modification with user32.dll in Windows 7 6956 will cause application fail to run in compatibility mode.

V0.1 / V0.2 / V0.3 is patch user32.dll in default, so these version is not compatible with Windows 6956 / 7000!


Windows 7 server / Vista is no problem.

Notes:
1, Can operate in normal mode. Do not need to enter safe mode.
2, Choose the corresponding patch based on you Windows:
For 32bit(x86): RemoveWatermarkX86.exe
For 64bit(x64): RemoveWatermarkX64.exe

3, If "Test Mode" still exists on the desktop after reboot, you can run RemoveWatermark and Press key "R" to rebuild MUI cache.
Or open command prompt as administrator, run mcbuilder.exe again, then restart computer.


4, Command line / argument usages:
-silent Patch in silent mode.
-view View the string of user32.dll.mui, don't patch file.


History:
2008.11.04 V0.2
Test in Windows Vista SP2 16497 / Windows 7 M3 6801, OK.
2008.12.10 V0.3
+ Add support argument "-silent" to patch in silent mode.
Test in Windows 7 6956, OK.

2009.01.17 V0.4
+ Support modifies user32.dll.mui to remove watermark string.
* The default method, from modify user32.dll, change to modify user32.dll.mui.
Test in Windows 7 7000, OK.

2009.03.14 V0.5
* Remove the last space of string.
Test in Windows 7 Build 7057, OK.
RemoveWatermark_20090314.zip

2009.03.31 V0.6
+ Add a option to rebuild MUI cache.
* Modify message table.
Test in Windows 7 6.1.7068.0, OK.
RemoveWatermark_20090331.zip

2009.05.09 V0.8
+ In Windows 7 beta version, remove the string "This copy of Windows is not genuine".

Test in Windows 7 6.1.7100.0, OK.



New OS support:
Windows 7 RC, 6.1.7077.0 (winmain_win7rc.090404-1255)
Windows 7 6.1.7106.0 (winmain.090408-1623)
Windows 7 RC, 6.1.7100.0 (winmain_win7rc.090421-1700)
Vista SP2 RTM 6.0.6002.18005 (lh_sp2rtm.090410-1830)

Posted by deepxw at 21:16   |   163 comments  

TCP-Z Support Windows 7 6956

OS: Windows 7, Build 6956
Platform: 32bit, x86
Tcpip.sys version: 6.1.6956.0
TCP/IP Half Open Connection Limited Default Value: 10
TCP-Z V2.2 can patch this version of Windows 7.

Posted by deepxw at 22:59   |   6 comments  

TCP/IP Patcher Compare Technical Features

On Internet there are all kinds of TCP/IP half-open Limited Patchers, according to the modified target, can be divided into two types: File Patcher and Memory Patcher.

File Patcher, patch the file Tcpip.sys on harddisk.
This action will break out the digital signature, system will not to boot at normal mode.
You must press key F8 at boot menu, and select 'disable digital signature enforcement'. Otherwise, a BSOD will come to your screen.
You can install ReadyDriver Plus to press F8 automatically.
Another method is sign tcpip.sys with a test signature, then system can boot in test mode normally without press F8. System must enable test mode, otherwise, BSOD comes.

Memory Patcher, patch tcpip.sys in system memory.
This is the best way to patch limited of half-open connection.

It does not direct modify the file tcpip.sys itself, so there is no damage to tcpip.sys.
There is also a advantage of Memory Patch is flexible control and modify the limited value of immediate effect, do not need to restart the computer.

Ordinary File Patcher (Not repair digital signature), the representative: Patcher within Thunder and Bitspirit, VistaTcpipUacPatch, and so on, many fall into this type of patcher.

File Patcher (With Test digital signature), the representative: Universal Tcpip.sys Patch, Half-open limit fix。

Memory Patcher, the representative: UnlimitTcpip,TCP-Z

In all patchers, the quantity of OS that TCP-Z supports is the most. The chart that TCP-Z provides can be used as reference data for the needing to crack or not, whether or not to modified successfully.

32bits & 64bits, NT5(Windows XP)

32bits, NT6(Windows Vista / Windows 7)

64bits, NT6(Windows Vista / Windows 7)


Note:
X --- It means that does not require the setting.

Command for setup status of TestSigning.
Set to On: bcdedit.exe -set TESTSIGNING ON
Set to Off: bcdedit.exe -set TESTSIGNING OFF

Posted by deepxw at 14:36   |   16 comments  

TCP-Z, V2.2, Build20081129 Release



Update: V2.2, Build 20081129

Download link 1: TCPZ_20081129.zip
Download link 2: TCPZ_20081129.zip

Project Name: TCP-Z (TCP-Z Network Monitor)
Support OS: Windows XP SP2 SP3/2003/2008/Vista SP1 SP2/Windows 7, All 32bit (x86) / 64bit (x64)

Event ID 4226 Patcher, EvID4226 fix, TCP/IP Patcher, TCP Half Open Limited Patcher.

Raise the limited of half-open connection, Release the power of your network, download faster, and more task can be run at the same time.

Features:
1) Safe And Easy: Modifies Tcpip.sys in memory. The changes take effect immediately; do not need to restart the computer.

2) Wide Compatibility: It searches limited offset through signature, no longer focused on the MS upgrade and update.
Support all version of Windows, Which with half-open limited.

3) Professional Chart: TCP-Z shows number of estabilished connection, half open connection, Create depth, download/upload speed in real-time.
And software will show the number of warnings events in per-minute, which TCP half open connection overload.

************
* Usages *
************
1) Manually: Use GUI application tcpz.exe / tcpz64.exe to modify limited value.

2) Automatically: Install TCP-Z Virtual Device. It modify limited value automatically without human intervention. Use Device Manager property page to customize the maximum value.

Two version TCP-Z can run an independent, you can choose one of them.




History:

2008.11.07 V2.0.0.30 beta
* Modified all search function. Improve success rate.

2008.11.12 V2.1.0.33
+ Add tcpz64.exe, a native x64 program.
* Modify search function.
* Memory Limited of XP up to 1000.
* Fix: compatibility of multi-core CPU.
* Fix: fail to load driver in Windows 7 x64.

2008.11.29 V2.2.0.35
+ Virtual drive, add a option to custom limited value. Add a UnLimited option for Vista / Windows 7.
+ GUI program, capture screen by hot-key F5 / F6. It needs gdi+ support.
* GUI program, add Vista UAC manifest. May not be compatible with XP SP2, you can upgrade Sevice Pack, or continue to use the V2.1 version of TCP-Z.
* GUI program be changed to a single file, portable version.

Posted by deepxw at 19:48   |   21 comments  

Next previous home
 
Copyright 2009 deepxw | TCP-Z, Best TCP/IP Patch