sfc_os.dll

[smokingflowers]

Hi All,

I'm a sys admin in the process of creating an unattended install of XP SP2.

I have a need to disable WFP and although it seems fairly simple to achieve I have a couple of questions... regarding sfc_os.dll.

The old XP SP1 verison of this file was hackable with a HEx editor to allow use of the reg tweak. I can find no such information on how to do this for the file that ships with SP2. I know it is possible to replace the SP2 file with a hacked SP1 veriosn of the file.

Is the veriosn posted the SP1 version (hacked) or has some bright spark managed to do the same for the SP2 version? http://unattended.msfn.org/advanced/hackedfiles/wfp.htm

I'd just like to know exactly what I'm getting into as I manage a corporate envirnment and need to document and explain this to others....

[Kelsenellenelvian]

I still cannot get this to work. I've replaced every sfc_os.dll file on my machine with this one AND changed both SFCSetting and SFCDisable in the registry. This doesn't work for me.

Disabling Windows File Protection Permanently.

I made an hacked SFC_OS.DLL for disabling WFP without any registry settings.

You can replace the file from your Windows XP SP2 source files or follow this guide if you have already installed XP.

1) Rename the hacked SFC_OS.DLL to SFC_OS.DLL.HACK

2) Unchecked "Hide protected operating system files" from "Folder Options"

3) Copy SFC_OS.DLL.HACK to "%WINDIR%\system32\dllcache"

4) Copy SFC_OS.DLL.HACK to "%WINDIR%\system32"

5) Start Task Manager, select Processes tab, right-click on explorer.exe and select End Process

6) On Task Manager menu, select File / New Task(Run...) and browse to "%WINDIR%\system32\dllcache"

7) Rename SFC_OS.DLL to SFC_OS.DLL.BAK and rename SFC_OS.DLL.HACK to SFC_OS.DLL

8) Browse to "%WINDIR%\system32"

9) Rename SFC_OS.DLL to SFC_OS.DLL.BAK and rename SFC_OS.DLL.HACK to SFC_OS.DLL

If windows appears select "Cancel" and on Task Manager menu, select Shutdown / Restart

That's it. For re-enabling I think it's obvious.

English SP2 SFC_OS.DL_

French SP2 SFC_OS.DL_

Get the english one and just place it in your I386 folder overwriting the original that is all you need to do.

Edited November 16, 2005 by kelsenellenelvian

[smokingflowers]

Thanks for the reply but my question still isn't answered...

Is the hacked version in the link I provided the SP1 file or the SP2 file?

How exactly did you hack the dll you posted a link to? Did you start with the SP1 file or the SP2 file?

I don't like the idea of using the SP1 file as I bet the nice people at Microsoft will release a hotfix sooner or later which updates it if it finds the SP1 verison... This could have some serious consequences in my environment if a WFP scan were to start throwing up prompts to replace files....

thanx B)

[Kelsenellenelvian]

I did not hack that file some one else did and if you look at the bottom of the page you provided it also has links for several different ones.