Jump to content

re enable file protection

verfee

By verfee
in nLite

 Share

Recommended Posts

verfee

verfee

Posted
Posted

Just wanted to know what Nlite does to disable Windows file protection so I can enable it again, I know it sets "SFCDisable" to equal "ffffff9d" in the registry but there is more to it because changing this value and restarting has no effect.

Link to comment
Share on other sites

andrewpayne

andrewpayne

Posted
Posted

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"SFCDisable"=dword:00000000

Copy and paste the above to a text file and rename with 'reg' extension - double click to apply the new setting.

Link to comment
Share on other sites
verfee

verfee

Posted
  • Author
Posted (edited)

Bledd I found what you were referring to, you could have explained a little better considering there wasn't any description of the app and if it's capable of re-enabling WFP. Suffice to say it doesn't work because it thinks WFP is enabled when it isn't, I made sure by renaming a protected file (calc.exe) to another name and waiting for a replacement by windows, it doesn't.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"SFCDisable"=dword:00000000

Copy and paste the above to a text file and rename with 'reg' extension - double click to apply the new setting.

That won't work because it isn't a registry script.

Edited by verfee
Link to comment
Share on other sites
dontasciime

dontasciime

Posted
Posted

You would need to get the older version of sfc_os.dll file, search on google, as you have to patch the dll file, it shows you which bytes need patching , more importantly for you it show you the original values, so you could patch them back to normal, then use the registry, although i am not sure how nlite does it, maybe get my sfc and replace yours in safe mode, though mine ends in 0 and not 2160, though mine is def from a sp1 install which is what your supposed to have and not the sp2 one whos file version ends in 2180.

sfc_os.zip

Link to comment
Share on other sites
  • 2 weeks later...
Falcon4

Falcon4

Posted
Posted (edited)

I needed some help with this too. Turns out that every single computer in my house has a disabled SFC, and I needed to run sfc /scannow on one of my computers. I thought disabling SFC only disabled "active scanning" and you still had the option to run it. Guess not.

(I got an error, saying "The specific error code is 0x000006ba" and that the RPC service could not be contacted - in case someone like me goes searching for this solution.)

I fixed it by running the patch program in the first reply; it thought my SFC was enabled so I allowed it to "re-patch" it, then I immediately turned around and had it un-patch SFC. Rebooted, and now SFC is performing a scan just fine. :D

edit: Attached the file I'm referring to.

edit edit: Correction. Now it's constantly asking for the Windows XP CD, saying I don't have it inserted (I even put in my completely-official CD and it denied it). Something's majorly screwed up...

WFPswitch.exe

Edited by Falcon4
Link to comment
Share on other sites
jaclaz

jaclaz

Posted
Posted
I know it sets "SFCDisable" to equal "ffffff9d" in the registry but there is more to it because changing this value and restarting has no effect.

The above applies ONLY to elder versions, with a patched SFCx.DLL:

http://www.winguides.com/registry/display.php/790/

but it is inconvenient, as every newish SP will change the address to be patched.

Read these:

http://pubs.logicalexpressions.com/Pub0009...icle.asp?ID=290

http://pubs.logicalexpressions.com/pub0009...icle.asp?ID=510

The "new" method is derived from an idea of Damian Bakowsky:

http://www.d--b.webpark.pl/index2_en.htm

http://www.d--b.webpark.pl/reverse04_en.htm

(making an EMPTY sfcfiles.dll)

I passed the info to Fred Vorck:

http://www.vorck.com/remove-ie.html

who bettered the coding and the method found it's way into Nuhi's Nlite:

A friend who wishes to go uncredited for making "our" versions of SETUPAPI.DLL and SFCFILES.DLL, as well as Control Panel Wrapper, SLEEP, REBOOT, and CHMDUMP

Nuhi, for introducing himself, and for the back-and-forth ideas that help both our projects

TommyP for HFSLIP and his efforts to keep it compatable with my files

Timo, for details describing the SETUPDLL hack that I used in the SETUPAPI hack I implement

Damian Bakowski for the initial idea of an empty SFCFILES.DLL

jaclaz

Link to comment
Share on other sites
Falcon4

Falcon4

Posted
Posted (edited)

I got a headache trying to read all that information.

How do you re-enable it?! :-(

I seem to have it half-enabled. It still doesn't detect my CD, and because of that I'm stuck with a half-baked SFC that's causing me nothing but problems.

nLite's #1 problem is that 100% of its options are completely irreversible. Unlike many nLite users, I like keeping my OS installed for more than a week at a time. I don't want to have to reinstall Windows every time I need a little insignificant piece of s*** I removed back with nLite! =\

Edited by Falcon4
Link to comment
Share on other sites
  • 7 months later...
Kiki Burgh

Kiki Burgh

Posted
Posted (edited)

hi! although not directly related (/) i hope that by sharing this, it would help clarify a few things ... allow me to quote:

On a different subject... SFCFILES.DLL by the way works on ALL versions of Windows, just to clear that up. SFC.DLL and SFC_OS.DLL are different matters entirely. You can use SFCFILES.DLL and no other modified binaries and SFC will be disabled. To recap, for the confused :D

To shut Windows File Protection off:

Use a modified SFC.DLL in Windows 2000

Use a modified SFC_OS.DLL in Windows XP and Windows 2003

No need for a modified SFCFILES.DLL

To disable Windows File Protection causing it to check an empty list:

Use a modified SFCFILES.DLL in ANY version of Windows

No need for a modified SFC*.DLL

For complete overkill, so that Windows File Protection is shut off AND has an empty list which it doesn't even check:

Use a modified SFC.DLL in Windows 2000

Use a modified SFC_OS.DLL in Windows XP and Windows 2003

AND Use a modified SFCFILES.DLL in ANY version of Windows

fdv, took the liberty of sharing this :P there is an English fileset where the above files may be extracted from ... it used to be downloadable as a separate files ... i think though the above file should do the trick, is this right, fdv? ;) this is his site: http://www.vorck.com/remove-ie.html ... i am pretty certain, fdv will be happy to answer any inquiry ... Edited by Kiki Burgh
Link to comment
Share on other sites
Kiki Burgh

Kiki Burgh

Posted
Posted

some additional info ... :) from: http://www.vorck.com/hfslip.html

SETUPAPI.DLL

This is optional, you do not have to have it. … Here is how to edit SETUPAPI.DLL to shut off setup file checking to allow you to edit system files such as LAYOUT.INF. Svajunas points out that "for Xp (SP1, SP2) and W2k3 (SP1), search for sequence 55 8B EC 8B 45 2C and replace with 33 C0 C2 30 00 2C. This should work and for future Xp and W2k3 versions."

SFC_OS.DLL (OR USE AN EMPTY SFCFILES.DLL)

This is optional, you do not have to shut off WFP. … Here is how to edit SFC_OS.DLL to shut off Windows File Protection (link coming, for now use Google). A quick word about Windows File Protection. It was designed not to thwart you, but to prevent software from changing your DLLs on you. WFP is a good thing 95% of the time. Also, if you're setting up a system for someone else, and WFP is off, how long do you think it would be before they were on the phone with you telling you that their system is "acting weird?" Alternately, instead of hacking SFC_OS.DLL, you can leave it alone and use a version of SFCFILES.DLL that is empty. Download this new SFCFILES.DLL .... I got the idea here, but there were several errors in the approach, so a programmer friend re-wrote the DLL for me. Here is the source.

and from: http://www.vorck.com/2ksp5.html
STEP SIXTEEN. (advanced. FYI only.)

Windows File Protection, Part I.

STEP SEVENTEEN. (advanced. FYI only.)

Windows File Protection, Part II.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...