Jump to content

Some questions about nLite internals

GrofLuigi

By GrofLuigi
in nLite

 Share

Recommended Posts

GrofLuigi

GrofLuigi

Posted
Posted

Hi, Nuhi and everyone else. Just some things I've been wondering about, but are not obvious:

1. While integrating hotfix, does nLite always use QFE branch?

2. While patching WFP, what dlls get patched? sfc_os.dll, sfcfiles.dll, syssetup.dll - some of them, all of them, any other?

Thank you.


nuhi

nuhi

Posted
Posted

1. yes

2. sfc_os is the main one for the asked patch. Sfcfiles for cosmetics and syssetup is reserved for removals and other heavy editing, not required for the SFC patch. nlite patches all 3, I could check if it is possible to skip syssetup patching when only SFC patch is selected if you care about that, that is one of the old parts of nLite which I haven't look in years and basically one who disables SFC probably does more anyway.

3. it is the same of course

Martin H

Martin H

Posted
Posted

To disable SFC(WFP), then either sfc_os.dll/sfc.dll is patched to disable SFC(with or without needing a reg-entry), or sfcfiles.dll is wiped clean so SFC is enabled, but no files is protected/backed-up.

nLite currently patches sfc_os.dll/sfc.dll from '83 F8 9D 75 07 8B C6' to 'B8 9D FF FF FF 90 90'

I haven't checked if nLite also modifies other files additionally(sfcfiles.dll), but the above is all that's needed to fully disable SFC.

Then nLite also sets this reg-entry :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:FFFFFF9D

...But that reg-entry is useless in our case, as it only needs to be applied when patching sfc_os.dll/sfc.dll from '83 F8 9D 75 07 8B C6' to '83 F8 9D 75 07 90 90' and not in the better(full) way which nLite does.

GrofLuigi

GrofLuigi

Posted
  • Author
Posted

Thank you for your answers.

I was asking because I was not sure if syssetup.dll was patched, and I think it needs to be in order to avoid popups on usb drive inserting. But I did not test thoroughly (or with the latest nLite).

GL

nuhi

nuhi

Posted
Posted

GrofLuigi, if you have USB issue then I presume you just used nLite to integrate drivers? If that is the case then it is fixed in next version, hopefully, be sure to let me know.

GrofLuigi

GrofLuigi

Posted
  • Author
Posted
GrofLuigi, if you have USB issue then I presume you just used nLite to integrate drivers? If that is the case then it is fixed in next version, hopefully, be sure to let me know.

No, I don't have problems, mostly because the computer I work on has XP build from a year ago, and at that time I had problems with USB and don't remember if I had used nLite's WFP patch or not, but patched the three dlls with solutions from all over the web - L'Azimuté patches and whatnot. In the meantime, I've been trying nlite on virtual machine - which doesn't have real usb support - so I thought I'd ask.

That's why it was so general question - trying to learn something. :)

Greetings

GL

Martin H

Martin H

Posted
Posted
I was asking because I was not sure if syssetup.dll was patched, and I think it needs to be in order to avoid popups on usb drive inserting.

If you're removing cat files, then don't...

When disabling SFC then the non-driver cat files are redundant, but the driver cat files are needed to avoid popups whenever you're installing hardware which makes use of those specific drivers...

GrofLuigi

GrofLuigi

Posted
  • Author
Posted

Thank you Martin H, this was something I didn't know. :)

But I never remove CAT files.

On somewhat related note, what annoys me the most is that just invoking device manager (no installation of anything) starts Cryptographic Service (which is set to manual on my computer, and also all three sfc-related dll files are patched, and all possible registry driver signing policies are set to ignore). Also, at that time, all .inf's are enumerated and several .pnf's created (I delete .pnf's regularly). Those .pnf's are mostly related to syssetup.inf, I think.

But I guess this is something else, burried deeply into the os... Although it would be a good thing to find it kill it. :) Why? To reduce burden on the OS and downlevel wear and tear. (The computer is unresponsive for few minutes when it does this).

GL

Martin H

Martin H

Posted
Posted

You are most welcome, mate :)

Unfortunetly i cannot help you with your "Cryptographic Service" issue, as i do not know the answer to that...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...