babyboomer Posted June 23, 2005 Share Posted June 23, 2005 This might be slightly off topic, but does anyone know how Windows determines that a sytem file has been modified? I have not looked into this, but I assume it has a list of file checksums or suchlike stashed away somewhere, since it can detect changes even if it does not have the original file available.It would be useful to know how this works as it might open the door to replacing system files (is it OK to mention wpa kill here?) without getting pestered by WFP. Turning WFP off completely is not an attractive option. Link to comment Share on other sites More sharing options...
jaclaz Posted June 29, 2005 Share Posted June 29, 2005 The "feature" is called either WFP or SFC, it is (mostly) inside the SFC.DLL.Originally it was possible to enable/disable it changing a value in the Registry.Later it has been modified.Read here:http://www.vorck.com/remove-ie.htmlhttp://www.vorck.com/2ksp4.html#8http://www.d--b.webpark.pl/reverse04_en.htmhttp://www.bitsum.com/aboutwfp.asphttp://www.bitsum.com/index.asp#WfpAdminjaclaz Link to comment Share on other sites More sharing options...
babyboomer Posted June 29, 2005 Share Posted June 29, 2005 Thank you very much jaclaz. These are very useful links, especially the bitsum stuff, which appears to let me do exactly what I wanted via 'hack 5' and looks like a good source of information generally. Brill.I was not aware that the ffffff9d trick had disappeared, but I would be loath to user it anyway as I believe that SFC offers a useful level of protection most of the time. I just want to be able to sneak round it when I choose to. Link to comment Share on other sites More sharing options...
Pusso Posted June 29, 2005 Share Posted June 29, 2005 Have you maybe deleted Dllcache somehow...check in system32\dllcache is it full, around 300mb.<{POST_SNAPBACK}>Hi nuhi,I have the same problem. My DLL cache is VERY small ~13 MB. I have definitely not deleted the files in there, as I had the problems described in this thread right after installing. Any way to fill the dllcache again?I am using the latest nLite (no component removal or tweaks applied with nLite, just SP2 and ryan VM)ThanksPusso aka Gero Link to comment Share on other sites More sharing options...
jaclaz Posted June 30, 2005 Share Posted June 30, 2005 Thank you very much jaclaz. These are very useful links, especially the bitsum stuff, which appears to let me do exactly what I wanted via 'hack 5' and looks like a good source of information generally. Brill.I was not aware that the ffffff9d trick had disappeared, but I would be loath to user it anyway as I believe that SFC offers a useful level of protection most of the time. I just want to be able to sneak round it when I choose to.Looky here:http://www.msfn.org/board/index.php?showtopic=46964(untested) B) jaclaz Link to comment Share on other sites More sharing options...
RJARRRPCGP Posted June 30, 2005 Share Posted June 30, 2005 (edited) This don't appear to be in the right category. Oops. Edited June 30, 2005 by RJARRRPCGP Link to comment Share on other sites More sharing options...
primianoc Posted July 8, 2005 Share Posted July 8, 2005 (edited) In setuperr.log there is two files: syssetup.dll and tcpip.sysErrore:Il file di sistema denominato [c:\windows\system32\syssetup.dll] non è stato firmato correttamenteda Microsoft. La versione corretta del file potrebbe non venire ripristinata. Utilizzare l'utilità SFC per accertarsi che il file sia integro.***Errore:Il file di sistema denominato [c:\windows\system32\drivers\tcpip.sys] non è stato firmato correttamenteda Microsoft. La versione corretta del file potrebbe non venire ripristinata. Utilizzare l'utilità SFC per accertarsi che il file sia integro.***Excuse me, i don't think this topic is closed . This means i can't write about windows file protection or there's a solution in the next release ? Thanks for your very good work! Edited July 8, 2005 by primianoc Link to comment Share on other sites More sharing options...
Davelicious Posted July 8, 2005 Share Posted July 8, 2005 (edited) The WFP problem is still persisting.In 99% of the cases the protection only asks for the CDbut it doesn't recover any files from it ??? (at least not detected with filemon or no traces in eventviewer)TIP:Maybe this will help people who doesn't want to turn off WFPCopy the i386 dir from the install cd to your HDDand add the newly created path to following regkey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation SourcesI haven't tried it yet but it could be worth a try.Keep us informed Edited July 8, 2005 by Davelicious Link to comment Share on other sites More sharing options...
primianoc Posted July 8, 2005 Share Posted July 8, 2005 (edited) Your suggestion don't work. I try to regenerate the dll cache with command "sfc /scannow" and some file anren't located on winLite disc nor on original windows xp sp2 corporate. The file dir_dllcache.txt is what i get by the dir command in the directory c:\windows\system32\dllcache. I think the sfc system try to restore some files i remove by nlite, for exemple keyboard layout. Any ideas? Edited July 8, 2005 by primianoc Link to comment Share on other sites More sharing options...
Davelicious Posted July 8, 2005 Share Posted July 8, 2005 I also performed "sfc /scannow" command to check what files are missing.and I discovered that it are in most cases the files of components I removed. (like games, etc)see my nlite Preset File. _20_6_05_.ini I used.the scannow resulted in following missing files on the nlited installCD:c:\windows\msagent\intl\agt0401.dllc:\windows\msagent\intl\agt0408.dllc:\windows\msagent\intl\agt040d.dllc:\windows\msagent\intl\agt0412.dllc:\windows\msagent\intl\agt0419.dllc:\windows\msagent\intl\agt041f.dllc:\program files\msn gaming zone\windows\bckg.dllc:\program files\msn gaming zone\windows\bckgres.dllc:\program files\msn gaming zone\windows\bckgzm.exec:\windows\system32\blastcln.exec:\windows\system32\c_10003.nlsc:\windows\system32\c_10004.nlsc:\windows\system32\c_10005.nlsc:\windows\system32\c_10006.nlsc:\windows\system32\c_10007.nlsc:\windows\system32\c_10017.nlsc:\windows\system32\c_10021.nlsc:\windows\system32\c_10081.nlsc:\windows\system32\c_1361.nlsc:\windows\system32\c_20000.nlsc:\windows\system32\c_20932.nlsc:\windows\system32\c_20936.nlsc:\windows\system32\c_20949.nlsc:\windows\system32\c_28594.nlsc:\windows\system32\c_28595.nlsc:\windows\system32\c_28596.nlsc:\windows\system32\c_28597.nlsc:\windows\system32\c_28598.nlsc:\windows\system32\c_28599.nlsc:\windows\system32\c_28603.nlsc:\windows\system32\c_708.nlsc:\windows\system32\c_720.nlsc:\windows\system32\c_737.nlsc:\windows\system32\c_855.nlsc:\windows\system32\c_857.nlsc:\windows\system32\c_862.nlsc:\windows\system32\c_864.nlsc:\windows\system32\c_866.nlsc:\windows\system32\c_869.nlsc:\windows\system32\c_875.nlsc:\windows\system32\c_is2022.dllc:\windows\system32\c_iscii.dllc:\windows\system32\cards.dllc:\program files\msn gaming zone\windows\chkr.dllc:\program files\msn gaming zone\windows\chkrres.dllc:\program files\msn gaming zone\windows\chkrzm.exec:\program files\msn gaming zone\windows\cmnclim.dllc:\program files\msn gaming zone\windows\cmnresm.dllc:\windows\system32\freecell.exec:\windows\system32\ftlx041e.dllc:\windows\ime\imkr6_1\dicts\hanja.lexc:\windows\ime\imkr6_1\dicts\hanjadic.dllc:\program files\msn gaming zone\windows\hrtz.dllc:\program files\msn gaming zone\windows\hrtzres.dllc:\program files\msn gaming zone\windows\hrtzzm.exec:\windows\ime\imkr6_1\applets\hwxkor.dllc:\windows\ime\imkr6_1\dicts\imekr.lexc:\windows\system32\imekr61.imec:\windows\ime\imkr6_1\imekrcic.dllc:\windows\ime\imkr6_1\applets\imekrmbx.dllc:\windows\ime\imkr6_1\imekrmig.exec:\windows\ime\imkr6_1\imkrinst.exec:\windows\system32\kbd101a.dllc:\windows\system32\kbd101b.dllc:\windows\system32\kbd101c.dllc:\windows\system32\kbd103.dllc:\windows\system32\kbda1.dllc:\windows\system32\kbda2.dllc:\windows\system32\kbda3.dllc:\windows\system32\kbdarme.dllc:\windows\system32\kbdarmw.dllc:\windows\system32\kbdaze.dllc:\windows\system32\kbdazel.dllc:\windows\system32\kbdblr.dllc:\windows\system32\kbdbu.dllc:\windows\system32\kbddiv1.dllc:\windows\system32\kbddiv2.dllc:\windows\system32\kbdest.dllc:\windows\system32\kbdfa.dllc:\windows\system32\kbdgeo.dllc:\windows\system32\kbdgkl.dllc:\windows\system32\kbdhe.dllc:\windows\system32\kbdhe220.dllc:\windows\system32\kbdhe319.dllc:\windows\system32\kbdheb.dllc:\windows\system32\kbdhela2.dllc:\windows\system32\kbdhela3.dllc:\windows\system32\kbdhept.dllc:\windows\system32\kbdinbe1.dllc:\windows\system32\kbdinben.dllc:\windows\system32\kbdindev.dllc:\windows\system32\kbdinguj.dllc:\windows\system32\kbdinhin.dllc:\windows\system32\kbdinkan.dllc:\windows\system32\kbdinmal.dllc:\windows\system32\kbdinmar.dllc:\windows\system32\kbdinpun.dllc:\windows\system32\kbdintam.dllc:\windows\system32\kbdintel.dllc:\windows\system32\kbdkaz.dllc:\windows\system32\kbdkor.dllc:\windows\system32\kbdkyr.dllc:\windows\system32\kbdlt.dllc:\windows\system32\kbdlt1.dllc:\windows\system32\kbdlv.dllc:\windows\system32\kbdlv1.dllc:\windows\system32\kbdmon.dllc:\windows\system32\kbdru.dllc:\windows\system32\kbdru1.dllc:\windows\system32\kbdsyr1.dllc:\windows\system32\kbdsyr2.dllc:\windows\system32\kbdtat.dllc:\windows\system32\kbdth0.dllc:\windows\system32\kbdth1.dllc:\windows\system32\kbdth2.dllc:\windows\system32\kbdth3.dllc:\windows\system32\kbdtuf.dllc:\windows\system32\kbdtuq.dllc:\windows\system32\kbdur.dllc:\windows\system32\kbdurdu.dllc:\windows\system32\kbdusa.dllc:\windows\system32\kbduzb.dllc:\windows\system32\kbdvntc.dllc:\windows\system32\kbdycc.dllc:\windows\system32\ksc.nlsc:\program files\movie maker\moviemk.exec:\windows\srchasst\msgr3en.dllc:\windows\system32\mshearts.exec:\windows\srchasst\nls302en.lexc:\windows\ime\shared\res\padrs412.dllc:\program files\windows nt\pinball\pinball.exec:\program files\msn gaming zone\windows\rvse.dllc:\program files\msn gaming zone\windows\rvseres.dllc:\program files\msn gaming zone\windows\rvsezm.exec:\program files\msn gaming zone\windows\shvl.dllc:\program files\msn gaming zone\windows\shvlres.dllc:\program files\msn gaming zone\windows\shvlzm.exec:\windows\system32\sol.exec:\windows\system32\spider.exec:\windows\srchasst\srchctls.dllc:\windows\srchasst\srchui.dllc:\windows\help\tours\mmtour\tour.exec:\windows\system32\tourstart.exec:\program files\msn gaming zone\windows\uniansi.dllc:\windows\system32\winmine.exec:\windows\system32\winntbbu.dllc:\program files\movie maker\wmm2ae.dllc:\program files\movie maker\wmm2eres.dllc:\program files\movie maker\wmm2ext.dllc:\program files\movie maker\wmm2filt.dllc:\program files\movie maker\wmm2fxa.dllc:\program files\movie maker\wmm2fxb.dllc:\program files\movie maker\wmm2res.dllc:\program files\movie maker\wmm2res2.dllc:\windows\system32\wscntfy.exec:\windows\system32\wscsvc.dllc:\windows\system32\wscui.cplc:\program files\msn gaming zone\windows\zclientm.exec:\program files\msn gaming zone\windows\zcorem.dllc:\program files\msn gaming zone\windows\zeeverm.dllc:\program files\msn gaming zone\windows\znetm.dllc:\program files\msn gaming zone\windows\zoneclim.dllc:\program files\msn gaming zone\windows\zonelibm.dllc:\windows\system32\setup\zoneoc.dlland like "primianoc" mentioned even if I perform sfc /scannow with an original XP+SP2 (non nlited)It misses a few files:c:\windows\system32\kbd101b.dllc:\windows\system32\kbd101c.dllc:\windows\system32\kbd103.dllc:\windows\system32\kbdkor.dll Link to comment Share on other sites More sharing options...
primianoc Posted July 8, 2005 Share Posted July 8, 2005 Well, i don't see which files sfc try to restore (and can't find on original cd "not nlited"), but i think there's somethink in the system (a .ini file?) in which there's the complete list of "important files". So the os is nlited but sfc don't know it! We must tell it that the system is nlited! But.... how? Link to comment Share on other sites More sharing options...
jaclaz Posted July 9, 2005 Share Posted July 9, 2005 (edited) The list of files is INSIDE sfcfiles.dll.(NOT sfc.dll) thanks Toods.Read the links in my previous posts.jaclaz Edited July 9, 2005 by jaclaz Link to comment Share on other sites More sharing options...
Toods Posted July 9, 2005 Share Posted July 9, 2005 The list of files is INSIDE sfc.dll.Read the links in my previous posts.jaclaz<{POST_SNAPBACK}>I think you mean sfcfiles.dll. Link to comment Share on other sites More sharing options...
jaclaz Posted July 9, 2005 Share Posted July 9, 2005 (edited) I think you mean sfcfiles.dll.Yep, sorry, I meant SFCFILES.DLL.I am correcting my previous post, so that it does not make confusion.Here is where it is explained:http://www.vorck.com/2ksp4.html#8 Edited July 9, 2005 by jaclaz Link to comment Share on other sites More sharing options...
primianoc Posted July 9, 2005 Share Posted July 9, 2005 It's a good site, but that's a way to disable totally sfc. Is there a way for enable sfc only for any files? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now