trodas

http://www.windowsnetworking.com/articles_...ection-SP2.html Meanwhile I already dound this for the SP2

Thanks, but the filesize is the very same... So, I assume it is depacked and try it... And whooooa, it works!!! On my Win2kSP2 as well as on Win2k server SP3 and as well as on WinXP SP1.0a :thumbup8 Now only if I could hack the SP2 sfc_os.dll - the values 8B and C6 at offset E3BB aren't presents. Any help?

Oleg_II - first - congratulations. I deleted all the *.cat files except for the NT5INF.CAT you recommended and system is still booting and functioning normaly Thanks! And sure, not, I did not expect that I can delete anything if I disable the protection - Im not dumb Many files are actually used! fdv - pardon me, but ATM all my findings indicated, that if the sfcfiles.dll is still need, then it looks fake to me. If the OS settle for empty sfcfiles.dll (that mean's what? Zero lenght file, or just some cleaned-up version? And how I can create / obtain one then?), then it is not fake :-P (this is for W2K) And what about for XP? Is there a difference between SP1.0a and SP2? There the guide show to patch the file sfc_os.dll file. sfcfiles should be there also empty? And what with the sfc.dll on XP? And the *.cat files are likely then deletable too, right? And friend CAN delete the sfcfiles.dll on XP, but he have disabled the WFP by some other application that handmade and it does not enter the 90 90 values, but something different... Questions, questions, I know. So many questions... And yes, that is what I going to do. HFSLIP DX9.0c + IE6 + 48bit support (atapi.sys) and + my patched versions of few dlls + 3rd party versions of notepad and ping - and then nLite it :-) No empty version of sfcfiles.dll? Well, one more reason to obtain it myself! And even I thank you very much for informative post, please, do not bring the discussion whatever if WFP good or not. Sure it is good. Yet crazy people did not like it. Besides, I rarely install anything (if something need installing, I did not use it) and I have backup - 5min and whole C drive is like it was in last fresh win install, so Please stop about it. PS: okay, found the file: http://www.vorck.com/data/SFCFILES.DL_ ...now just how to extract it. extrac32.exe /E SFCFILES.DL_ did not seems to work...

Yep, but for use as TaskManager is too big and bloated with usefull, yet confusing lists and stuff. Hmmm. Good program to have, but not good as replacement for task manager...

tommyp - well, I did not use any files yet, I submit serious questions and I would like (very much) to get a aducated answer on things that are ATM beyond me. Futhermore my findings suggest that the ways used / suggested to use aren't good at all - in short, I would say that they are fake. But read on... atomizer - thank you very much for many usefull lings, however not even the Rootkit revealer did show me the cursed WFP process or stuff... Oleg_II - thank you very very much, but what if the OS is up and running? Im a bit affraid, because - well, read on... My today findings. Totally disabled sounds very good for me. In need, please re-read my goals to get rid of CPU, memory and files asociated with the WFP hidden service. So, I searched and found: http://www.winguides.com/registry/display.php/790 I edited the poor sfc.dll (change the values "8B C6" to read "90 90") file and replaced it by my way - just rename the orginal to sfcx.dll and copy the edited one, reboot and done. No more messages and stuff. And then it come. When WFP is "Totally disabled", then Im sure can delete it's files, because they aren't need anymore, right? sfc.exe - manual utility - go w/o problem. However the sfcfiles.dll refuse to get deleted. I got suspicous. Renamed it (always works ), and rebooted. As machine booting and near the end, after login - a silent reboot come. I expected blue screen, not instant reboot tough, the results is the same. The dll is still need. Therefore is more that likely the WFP service is still up and running and the only one difference there is now - that the recover of file from dllcache or the message when apropriate file is not found is surpressed, but that it is! The service is more that likely still running, still eating my CPU time, still controling me and still need the files I want to get rid off... I call this "solution" a fake remove. I hope nLite does better job, yet then the question - how to get REALLY rid of WFP, remain.

No, I just wanted to replace the few files I mention. And after install I have to say that finally things are fine. All files are correctly replaced, register values inserted and everything is in order, working. Good work. Now just nLite the install and ... PS. it's worth mentioning that for packing the file to become the "wordpad.ex_" is used the win utility makecab and for depacking one can use win utility expand

What the alternate task manager do better? Eg. will it show my all processes and allow to kill ANY process? And if at least partly yes - where to get it? PS. I replacing the Notepad with NotepadEx for a quite long time just by hand. Any files can be easily replaced even with the running of WFP by simple way. First - KILL by clear delete (not move to trash) all the files into dllcache. Then rename even as important file as shell32.dll to shell32x.dll and copy a modified file named shell32.dll to it's place. Reboot. Now your file is used, winblows can't restore orginal AND you can delete the shell32x.dll orginal file Easy

Good point. I will do that in case of WFP almost for sure. Yet I will not reinstall the other machines, folding machines and one DL server, so I want more info on subject and how to remove it totally, w/o wasting any more CPU cycles. Ever Yet some files HAS to come into windows by the HFSLIP and FIX way, mainly the atapi.sys one. Remember, SP2 has 137G HDD limit. My HDD has ATM 250MB and sure grow over time again So, w/o having the SP3 version of atapi.sys and the register value enabling 48bit access is very problematic to even touch the D drive, where are all the drivers for install and stuff are Now - shall we talk about the WFP? And the rootkit thing? How do I give myself the rights to see more? Will I see then the WFP service? (eg. cleanest way will be just turn it off) Other way has to be, when M$ overrided the register value (curse them!) to disable the override. But can you tell me what happen with the modified SFC.dll? I mean - is the service still running this way or not? (and how to check that, when the service will ignore the changes then?) And sub-question - witch files can be killed then? Surely the sfc.exe, sfc.dll and sfcfiles.dll, however the article mention (and mind suggest as well), that all the checksums of all the files need more catalog files to gather, so, witch other files? There is about 7MB of cat files. These contain the up-to-date list by the Win2k SP2 time of signed files that could be all removed? (directory CatRoot inside system32 dir) In XP SP2 is the amount of MB there little over 10MB, becuase there are two CatRoot and CatRoot2 dirs. So, when the WFP is killed, these will not be necessary any longer, right?

Well, simply because Im bound to use nLite on the resulting install, so in order to remain nLite compatible, I has to do it AFTER the install - seems. And okay, I check the thread tomorrow...

I want kill the WFP childish protection. One reason - power. Certainly it has to take some CPU time to watch over what is going on. Second reason - I can't stand OS watching me. Call me paranoic, but I can't. IMHO is my responsibility, since it is MY system, right? Besides, I have a backup. And I frequently modify any files I feel fit, so such childish limitations I consider myself as too restricting. (like the commies once restricted us in some ways, till we found out the hard way, that in US people get restricted "for their own good" - like the commies say - by similar ways as commies did... - political ramblings, pay no attention) Therefore I want it to go - to hell, to be precise. I also extremly hate the idea that OS is controlling what I doing. Hell, if I wand to delete any OS file, I will do it. Still. No-one can stop me - okay, dllcache can make my life harder, but still can't stop me. No way. I already found some solutions there: http://www.vorck.com/2ksp5.html#15 ...however I have first ask the utmost important question - WITCH process is watching over my files? I did not - like I mention - are comfortable with the idea of OS watching over me, and I also did not see any SFC.exe as process into my windows! Therefore it must be hidden or something - or simply sincluded with another process. I want to kill then the process as well! Looks like to me, that the way to go is the "totally disabled SFC.DLL, and his method has since spread far and wide to sites I won't even mention" (a link to guide like this will be appreciated) - but my technical question is - what happen then? It will be there still the "watchdog" process over the bloody files or not? What happen to the process, when the dll will be empty? Will it stop? Hardly, right? Probably just run and do not check, right? So, how to stop it even running - what about that? For obvious reasons I did not even consider the way to clear the watched files list into the sfcfiles.dll - this and the sfc.exe + sfc.dll is simply files I intend to remove from my HDD ASAP when possible :devil: The sub-question goes like this. Recently, Sonny was caught using rootkit way to hide it's spyware anti-copy protection stuff. When I read about it I realize, that there are some things I extremly hate and that is OS limiting me. Spyware processed that I can't end with classic windows task manager. Let me state it clear - I believe that administrator user should under any circumstances end any process he desire - even if it lead to immediate hard reboot. Never, ever, ever should task manager refuse to stop process. Now - what I read was, that I has to give myself these privilegies, even as admin. How? And will it help me to end proceses, for witch one has to use the ProcView to kill? Will it allow me to show hidden processes? Is there a way to make the task manager more powerfull in kill-task thing? I simply believe that even system process has to bend over the user will. W/O using the hardwired reset button, I mean http://www.updatexp.com/windows-file-protection.html Ha! It IS a invisible suxxka! KIIIILLLL!!!

You got a point Files packed now with the makecab command and tomorrow I report how the install went HFSLIPping it now

Okay, Im not affraid about hexing some files Hit me with the turor, please! And if you can make it for Win2k too (mainly my interest is with Win2k), I will be much pleased ...and the others?

I can't find any register patch like this patch mention: Can anyone fix this path? I think it is wrong... I use it this way:

Well, I hate to admit, but you are right So, I did it again (w/o the Oops ) and on Windows 2000 SP2 Czech build 2948 I run the HFSLIP 51224. ERROR_REPORT.TXT CONTENTS of the w2k.reg file: INTO FIX DIRECTORY ARE these files notepad.exe - 600k NotepadEx file ping.exe - hrPING atapi.sys - from SP3 to get 48bit addressing comdlg32.dll - bigger open/save file windows shell32.dll - bigger choose directory windows NTDETECT.COM - from WinXP SP1.0a - HFSLIP documentation says that it give W2k a little faster boot ntldr - from WinXP SP1.0a - HFSLIP documentation says that it give W2k a little faster boot RESULTS Fully installable Win2k, all seems working, no error messages or stuff. However, from the files I intend to replace in windows, most aren't get replaced. Results are pretty mised up. Let me show. NTDETECT.COM - OKAY, replaced perfectly ntldr - OKAY, replaced perfectly notepad.exe - FAILED, found in WinNT dir, should replace notepad.exe in WinNT\system32 dir ping.exe - FAILED, my version is missing completely from instalation atapi.sys - FAILED, my version is missing completely from instalation comdlg32.dll - FAILED, my version is missing completely from instalation shell32.dll - FAILED, my version is missing completely from instalation For the sake of precision it should be added that in normal windows installation for sure notepad.exe is found in WinNT dir as well, as into system32 dir (yes, it is there 2x) and IIRC same goes for the ping.exe (not entierly sure there, but I think yes...) Maybe that is where HFSLIP "slipped" and the rest get wrong because of that? PS. about the disabling SFC - well, the thing is, that I intend to run nLite over the HFSLIPed install, so, this is not a solution. But a post-install solution I welcome as well! I made it already clear there: http://www.msfn.org/board/index.php?showtopic=64458

tommyp - sounds good, but... I cannot imagine more protected file that shell32.dll is And no, this was after nLite... So I have to test again and more carefully the HFSLIP alone, **** This is exactly what I hate - finding bugs in such problematic stuff and looking witch program screwed up...

My friend, on XP, using TuneUp 2004 get the windows file protection sucesfully disabled and the register have this value: (16bit, no binary as WRONGLY the sticky suggest) Yet for me it won't work/ghelp/cause any change. And since he have the TuneUp 2004 uninstalled anyway, it has to be - at least for win2k something else... Hmmm, I actually tried it on another PC with XP SP2 and the results are exactly the same. This simple thing does not work. Something is still missing Anyone?

First I want to report flawless slipstreaming of IE6 and DX9.0c into Czech Windows 2000 Professional SP2 build 2948 Yet I have stupid question. Some (hell, all in fact) of the files I want include belong to the system32 directory. How can I archieve this, when, for example, ping and notepad are into both these directories after win install??? All my files: notepad.exe ping.exe atapi.sys comdlg32.dll shell32.dll Belongs to the system32 dir. But how I can tell HFSLIP to put the file where...??? Should I create a system32 (or any other for that matter, probably avoid long names and stuff) dir inside of the FIX directory??? Thanks for letting me know

I wonder if anyone know about these there things that I would very much like to deploy On Windows 2000 SP2 Czech build 2948. First - windows file protection. You know it - move notepad, ping or any other file to trash and the annoing message come in... right? So, how to disable it? Into the pined topis I found something that look like this (WFP? Windows File Protection?) yet my attempt failed: Second - NTFS date stamp. NTFS save last access time, witch took time and I want disable it. How? Anyone know? Third - TCP/IP priority 1. nLite claim that it "drastically reduce the response" on network based stuff, witch interest me - of course Many reasons - from faster surfing to ping in games - all is TCP/Ip related. Now - how?

nLite can crank down the OS ram requirments like a miracle. 50MB for XP, 34MB for W2k SP2. Both examples w/o drivers, tough

WinXP SP2is just plain crap, IMHO. The problem is, that reinstalling the machine means that it stop folding for a while, and that is out of question ATM, due to massive race So, a XP SP2 solution will still come handy... Or maybe I could live with anything else, that can change the advanced timings and the latency things as nForce2 tweaker do, run on startup fine and did not cause any problems I mean mainly these: Possibility to select even lower latency timings (as low as 0) will be even better, as the machine have absolutely NOTHING to do with any graphic or PCI devices and all speed is put to the folding AND lower latency improve the speed of CPU a lot (hexus PI benches, for example)

Well, I have a problem. I set chkdsk /t:0 so there is no wait on chkdsk start, so I can't cancel it. The problem? Well, I got a crash, my HDD is okay, but I still wanted check it, so I set the chkdsk to run and rebooted. All is okay, however the 4th test from 5 of them (data check) is that crazy slow one, so I want reboot and stop it, but it starting all over again and again and it too more that hour to get into 74%, where it waited about 10min, so I reset the machine - but no, it get again and again... And I will run chkdsk - but first let me delete many files so the run will be much faster. Is there a way? It is a 250G Maxtor 8MB cache drive on PR3800+ machine, and about 220G partion, NTFS. Need help, has to work, can't wait or can't find a solution, anyone??? Ctrl + C or Esc not helping. Anything can be done???

The problem is, that these securitz holes seems only increase, as the M$ bloatware into XP becomming bigger and bigger and more and more integrated with the system, witch of course make it volunerable and sometimes even unsatable. The nices proof is, that if you O/C your machine beyong your stable limits (to know, where there limits is, you has to break them ) and during bootup, XP freeze. W2k freeses as well, however it did not get damaged. In contrast, XP require then repair or reinstall...!!! This is not a system for me.

Done, set the /noexecute=AlwaysOff into the Boot.ini, however the problem persist. Still is says that IO.SYS is present, but the driver cannot connect to and EPrivilege **** with this stuff. So, it is reinstall of the SP2 crap the only one solution? Already it survived a vires attack, so the SP2 has some advantages, after all... XP SP1.0a machines as well, as w2k ones get infected

Done! Works! Million thanks, alrichey!

What websites... aaaaargh! Well, yep, Im a hell of a pervert ;-) Any problems with it? alrichey - thanks a lot, mate! It took me a long, to find the dialog I wanted to tweak, but on my way I tweaked a lot other dialogs anyway, so... ;-) If anyone want hit just the right one, then go to the: Dialog/1079 Dialog/1087 Reboot to find what the hell happen ;-)