Jump to content

windows file protection


vinifera

Recommended Posts


well i tried for me the easiest way, and that was from $OEM$ folder to execute .cmd file that would

1. apply regedit /s to enable it in registry - FAILS

2. rename patched file to .old extension - PASSES

3. copy the untouched .dll - FAILS

-

4. execute shutdown -r to "update" changes :P

so i get this nice screenie

14avl8n.png

have in mind i prefer easier way to do things than to meddle with additional things like WPI

(no offence to nobody)

location of dll is in: \$OEM$\SFC\sfc_os.dll

location of reg key is in same folder

the CMD file that is being invoked via runonce has this in it:

(and is in same location as dll and reg key)

regedit /s enableSFC.reg
ren %systemroot%\system32\sfc_os.dll sfc_os.dll.old
copy sfc_os.dll %systemroot%\system32\sfc_os.dll /y
exit

maybe i am missing something here... ?

Edited by vinifera
Link to comment
Share on other sites

vinifera, I am not sure how you are running the commands, but it looks like to me that the two commands that are failing are failing because they do not have full paths on the .reg and .dll files. I don't know what directory is active when your .cmd file is being executed, but I bet it is not the correct one. Please include full paths here

regedit /s enableSFC.reg
copy sfc_os.dll %systemroot%\system32\sfc_os.dll /y

and let us know how it works. If the .reg continues to fail, please post it also. More error information is always better. Enjoy, John.

Link to comment
Share on other sites

hi and thanks for quickness

this is my main structure (disregard other folders)

23lmlx4.png

the reg, dll and called cmd are in SFC folders (pic up)

the SFC.cmd, that contain those commands is called like this

RUNONCE
|-------------> XP-new\BATCH.CMD
|----------------> \$OEM$\SFC\SFC.cmd

so regarding commands

they are called from same folder where .cmd is executed, so they should have worked

but im gonna try regarding COPY command, copy %source%\$OEM$\SFC\sfc_os.dll %systemroot%\system32\sfc_os.dll /y

but regarding regedit /s, this should have worked and it didnt

Edited by vinifera
Link to comment
Share on other sites

vinifera, your full path command will not work because the %Source% has a trailing \, so now you will have two. If the copy command is failing because of path, the .reg is also for the same reason - the enableSFC.reg file cannot be found. I am still looking and will get back later if I see anything else. Enjoy, John.

Link to comment
Share on other sites

sorry to be annoying

but i didn't understand about

your full path command will not work because the %Source% has a trailing \, so now you will have two

you mean DOS prompt reckognises it as CD:\\

or CD:\$OEM$\SFC\\file.ext

?

Link to comment
Share on other sites

sucsess :D

you were indeed right, the path messed it up

the only annoyance now i experienced, is when upon first OS GUI boot

when those commands for registry (to enable sfc), rename patched and copy original unpatched to sys32 are done

i get that dialog of SFC reporting something was changed and calls upon SP3 cd to restore "original file"

could be because maybe i added reg enable before rename/copy...

ill try to reverse order and report back :P

Edited by vinifera
Link to comment
Share on other sites

vinifera, I don't know why you are getting the message from SFC. I don't and I am changing the Registry before I do the rename and copy. Are you sure you have SFC disabled for your test run? Please attach (no paste) your Last Session.ini. Enjoy, John.

Link to comment
Share on other sites

vinifera, if reversing the order of the commands does not stop the SFC message, then take a look at the sfc_os.dll in your source folder and see if it is the same as the one in your original CD. I check the hash codes for this (I use HashTab - free). Also look at the version number. If it is different, then perhaps a hot fix has updated the file. Remember I am running XP x64 and my experience does not reflect directly into yours. You can see why it was important to use a VM for these tests - I hacked around on this for some time. Enjoy, John.

EDIT: Here is a thread that I started a year ago about this subject.

Edited by johnhc
Link to comment
Share on other sites

nah, i still get the dialog when reversed reg to last command,

i did compare the renamed .dll with one i copied, they are different,

but i can't compare which one is newer since theres no digital signature on it

as for looking in Modified info, i only get todays date (for one installed, i guess its the one nlite patched)

my only desperate try would be, to rename and copy the dll

in t-12 stage when i am adding some reg entires for explorer

-

and then to add reg entry to enable SFC as i did for now, in first GUI boot

lol does that make sense ? :D

Edited by vinifera
Link to comment
Share on other sites

vinifera, just use the Version tab under Properties to see if they are same/different. Please do a search on your source folder after running nLite and your original CD folder for sfc_os (no extension) and look at the size, version and hash for all files found. You will need to extract the sfc_os.DL_ to see the information for the files. If you saw the 2008 thread I pointed to above, you will see that the nLite modified file is the same size, but different hash. Possibly an SP (have you added an SP?) or a hot fix has replaced the nLite modified file. I don't think what you are proposing will help, but it won't hurt to try - power of VM. Enjoy, John.

Link to comment
Share on other sites

Speaking of versions, check this out and tell me if you see anything peculiar;

N.B. the Service Pack versions say it all; one is from the original CD, and one from the modified I have installed and am using right now. I didn't disable SFC during nLite-ing.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...