Yurek3 Posted September 11, 2005 Posted September 11, 2005 DreamPackPL (version 2oo4.o6.1o)Damian Bakowskie-mail: d--b@wp.plweb: www.d--b.webpark.plThis tool is FREE for non-commercial usage.THIS SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND.YOU USE THIS SOFTWARE ONLY FOR OWN RISK.REQUIREMENTS------------ - Windows 2000, XP - Windows installation CD Note!To get access to Windows XP, You can use also CD from Windows 2000.CONTENT------- - DreamPack.exe 87050 bytes - sfcfiles.dll 39424 bytesINSTALLATION------------1) InstallInstallation on current machine. You must have admin rights. After installation you must reboot system.2) Create CDCreate from original Windows Installation CD new bootable CD with DreamPackPL. From this CD you can boot every machine with 2000/XP system without knowing admin password.How to create new Windows installation CD for DreamPackPL:You can create this CD with program DremPackPL only in Windows 2000/XP.DreamPackPL will need 400-600MB free space for creating ISO image.After image file is created, You can burn it with any program.* boot from CDAfter boot from CD You must choose system in Recovery Console.Console will accept every admin password.You can change current directory> cd system32You should also make backup of sfcfiles.dll(backup file sfcfiles.lld will be used during uninstalling)> ren sfcfiles.dll sfcfiles.lldThen You must copy from CD file pinball.ex_ into system32 directory with change file name to sfcfiles.dll> copy x:\i386\pinball.ex_ sfcfiles.dll(x - CD drive letter; 'map' command display all drive letters)Finally You can write 'exit' command and reboot computer.Note!All time You use DreamPackPL, Windows File Protection will be disabled.3) ExtractExtract file SFCFILES.DLL to selected path.If you use other software to boot system or have FAT partition, then you can manually replace sfcfiles.dll on target system.--Configuration of DreamPackPL is stored in registry in encrypted form end protected from deleting or change. While uninstalling this configuration is removed from registry.Log file created by Logon Logger is also encrypted.COMMANDS DESCRIPTION--------------------Commands can be entered in edit-boxes "User Name" or "Password" in Winlogon window.Commands are not case-sensetive. Command can have 1-15 characters.Every command's character sequence can be changed.Every command can be deactivated (except DreamOn).Only DreamOn command is initially activated.Command types:--> DreamOn - default "dreamon"Display DreamPackPL window at logon desktop.--> PassOn - default "passon"Turn on standard logon mode - user name and password are requiered.--> PassOff - default "passoff"Turn on logon mode without need to enter valid password. User will be logged on with wrong password and hash (LM+NT).Entering this command in "Password" edit-box will cause automatic password acceptation.--> LogonLoggerOn - default "logonloggeron"Turn on Logon Logger.--> LogonLoggerOff - default "logonloggeroff"Turn off Logon Logger.--> DreamDesktop - default "dreamdesktop"Create (and/or switch) new desktop for system account and load Explorer shell.--> God-Password - default "god"This command-password is a master password and will be always accepted.User will be logged on with wrong password and wrong hash (LM+NT) independent from current logon mode.MENU DESCRIPTION------------------> Passwords <-- -----> Normal checkingStandard logon mode - user name and password are requiered. [command PassOn] -----> Logon with wrong password and hashLogon mode without need to enter valid password. User will be logged on with wrong password and hash (LM+NT). [command PassOff] -----> Logon with given hashStandard logon mode, additional with possibility to enter hash (LM+NT) - when password is unknown, but hash (LM+NT) is known. User will be logged on with given (wrong) password and given hash. -----> Hash CalculatorCompute hash (LM+NT) from given password. -----> Hash AuditDisplay users list and hashes (LM+NT).--> Accounts <-- -----> Windows accounts panelDisplay standard system accounts edit window.--> Logon Logger <-- -----> Use Logon LoggerTurn on/off Logon Logger (initially deactivated). [commands LogonLoggerOn, LogonLoggerOff] -----> Log file view and settingsDisplay Logon Logger settings window. -----> Delete fileDelete Logon Logger log file.--> Execute <-- -----> ConsoleExecute Console -----> RegeditExecute Regedit -----> Task ManagerExecute Task Manager -----> SyseditExecute System Configuration Editor -----> NotepadExecute Notepad -----> CalculatorExecute Calculator -----> Explorer shellLoad Explorer shell -----> Other...Execute selected program.--> Desktops <-- -----> Create (switch to) DreamPackPL desktopCreate (and/or switch) new desktop for system account and load Explorer shell. [command DreamDesktop]--> Commands <-- -----> Commands settingsDisplay commands settings window--> Uninstall DreamPackPL <--Uninstall DreamPackPL.UNINSTALLING------------There is no need to boot again from CD. Just select "Uninstall DreamPackPL" from menu and reboot system.Old file sfcfiles.dll will be recovered from sfcfiles.lld (after reboot this backup file will be deleted). If backup file not exist, DreamPackPL will try recover file sfcfiles.dll from system32/dllcache directory.http://www.d--b.webpark.pl/reverse04_en.htmhttp://www.d--b.webpark.pl/dreampackpl_en.htmhttp://www.d--b.webpark.pl/reverse01_en.htmGood luck
Yurek3 Posted September 13, 2005 Author Posted September 13, 2005 (edited) How to fully disable System File Checker (SFC, WFP). The method with patching sfc_os.dll (or sfc.dll) file dont disable fully WFP. Protected files can be replaced only manually. If any installator will use function MoveFileEx (with MOVEFILE_DELAY_UNTIL_REBOOT flag) to replace in-use protected files, then the files will be not replaced. The reason for this is, that session manager (smss.exe) while loading system, before replace any files, check list of protected files. If given file is in this list, then replace will fail. Until you add to registry AllowProtectedRenames value, the protected files will be not replaced. Second often used function is SetupInstallFile (with SP_COPY_FORCE_IN_USE flag). This function before add a file to replace-list, check with SfcIsFileProtected (from sfc_os.dll) whether the file is protected or not. If file sfc_os.dll is patched, then SfcIsFileProtected will return always false. So SetupInstallFile will no add AllowProtectedRenames value to the registry. I have develop my own method to full disabling WFP. This method is simple, more flexible and dont need to patch any files. It based on empty list of protected files. So WFP is on, but list of protected files is empty and all files are not protected. List of protected files is in file sfcfiles.dll. I have wrote my own sfcfiles.dll file with empty list. One thing that is to do, is replace this one file. How replace sfcfiles.dll file ?This file is a in-use protected file. To replace it, you need copy my sfcfiles0.dll into system directory and add two values to this key:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session ManagerAfter reboot, WFP will be fully disabled.To add this two values to registry you must have admin rights. And dont forget to make backup of old sfcfiles.dll.1)Value name: PendingFileRenameOperationsValue type: array of null-terminated strings (REG_MULTI_SZ)Value data: \??\c:\winnt\system32\sfcfiles0.dll!\??\c:\winnt\system32\sfcfiles.dllThis value is used to replace files at reboot time.In first line is a path to the file that should be moved. In second line is new path for this file.Note: Creating a value of REG_MULTI_SZ type in registry editor is available from XP version. To replace this file in Windows 2000 use automatic installation descripted below.2)Value name: AllowProtectedRenamesValue typ: DWORD (REG_DWORD)Value data:1This value is needed to replace protected file.And that is all. Automatic installation mode for Windows 2000 user (work also in XP).I have added two functions to sfcfiles0.dll file: Install and Uninstall. These functions will add two values to registry. Before calling these functions, file sfcfiles0.dll should be in system directory.Function: InstallCalling: Select a command "Execute..." from start menu (or in command prompt) and enter:rundll32 sfcfiles0 InstallFirst, this function will make backup of old sfcfiles.dll file to system32\dllcache directory, and add two registry values. If file sfcfiles.dll exist already in dllcache, then it will be not overwrite. After reboot file sfcfiles0.dll will be renamed to sfcfiles.dll.Function: UninstallCalling: Select a command "Execute..." from start menu (or in command prompt) and enter:rundll32 sfcfiles UninstallThis function copy in dllcache the file sfcfiles.dll to sfcfiles.tmp. This temporary file will be moved after reboot to system32 directory. File sfcfiles.dll (with empty list) from system directory will be copyed to sfcfiles0.dll..http://www.d--b.webpark.pl/reverse04_en.htm Edited September 13, 2005 by Yurek3
Nepali Posted September 16, 2005 Posted September 16, 2005 what should be done to fully disable SFC and WFC,,shall i replace the sfcfiles,dll with yours.will this disable SFC, WFPi want it to be included in UACD.. HOW ?
Nepali Posted September 17, 2005 Posted September 17, 2005 my antivirus detected it..it not worthy..........is there no other way to fullyy disable SFC, WFP
Yurek3 Posted September 17, 2005 Author Posted September 17, 2005 (edited) It isn't trojan. M$ doesn't like such files and he gave them trojan for antyvir campaignsTrojan wants going outside in order to seize check-ups above this computer. this file isn't doing it.He is only showing wasps, that niem of no files to protection. Edited September 17, 2005 by Yurek3
Nepali Posted September 18, 2005 Posted September 18, 2005 The simplest way to disable SFC, WFP:-****************************************This file will completely disable SFC, WFPwithout having any registry settingsand also no tension of antivirus.... popups..just replace original file with this one .. or u can simply place this in ur i386 folder.enjoy....SFC_OS.dll
cyberloner Posted September 19, 2005 Posted September 19, 2005 sorry asking a stupic question...why need to disable it?
Nepali Posted September 21, 2005 Posted September 21, 2005 yeah thats stupid...coz i modify my windows XPxpize + ryans + modified core files
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now