Modified UXTHEME.DLL and the SFCDisable reg hack

[mystek]

Will putting a reg file in the HFSVCPACK folder as follows:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"SFCDisable"=dword:00000001

Disable Windows File protection long enough to install a modified UXTHEME.DLL and let Windows register it instead of the original when it installs?

I want to modify the system to use additional themes but not disable Windows File Protection completely.

[tap52384]

If you want to do this yourself, why don't you simply use the method outlined on the Unattended MSFN Guide for "using modified files." This way, you'll be able to place the uxtheme.dll file directly into the Windows XP source:

Unattended MSFN Wiki Page

Else, use nLite nLite Homepage

Edited May 19, 2006 by tap52384

[x-pert]

mystek

With XVI32 serch for string 83 F8 9D 75 07 8B C6 in sfc_os.dll and replace to 83 F8 9D 75 07 90 90. Update checksum with ModifyPE, cab it and put in FIX folder.

Not relly sure, but put in winnt.sif :

[systemFileProtection]

SFCDisable=ffffff9d

SFCShowProgress=1

SFCQuota=1

Edited May 19, 2006 by x-pert

[heisking]

All you need to do is put the modified uxtheme.dll in the FIX folder. Just make sure it is cabbed. That way it will overwrite the original and get installed without the need for changing sfc_os.dll or any registry entries.

[mystek]

Tried that and it didn't work. Downloaded a modified uxtheme.dll, cabbed it (UXTHEME.DL_) placed it in the FIX folder and ran HFSLIP v60518b. No errors. During install, system would not let me add file. had to ESC file install to continue. Did I do something wrong?

[x-pert]

mystek

First you mast to patch sfc_os.dll

[mystek]

I do not want to permanently disable WFP. I only want it disabled during install so the modified dll can replace the original. See RyanVM question in the following post:

http://www.msfn.org/board/?showtopic=23587

I am interested tin the registry hack to accomplish this.

[x-pert]

mystek

If you 83 F8 9D 75 07 8B C6 in sfc_os.dll replace to B8 9D FF FF FF 90 90 only then WFP will be disabled forever. If you 83 F8 9D 75 07 8B C6 in sfc_os.dll replace to 83 F8 9D 75 07 90 90 then needs ffffff9d.

[mystek]

Thanks, I will give it a try this weekend and post outcome.

[fdv]

A note to everyone about the registry hack to turn off WFP:

It does not work in Windows 2000.

It does not work in Windows XP.

It does not work in Windows 2003.

You NEVER need it. The only thing you can do is use a modified SFC.DLL, SFC_OS.DLL, or SFCFILES.DLL. My instructions for editing SFC_OS come from x-pert. My instructions for editing SFC come from an unnamed source in Moscow who wishes to remain anonymous. My edited SFCFILES binary was also created by my Moscow friend using information published by Damian Bakowski.

If you want to turn SFC back on, then boot in safe mode and replace the modded version(s) of the SFC dlls you edited with the original versions.

Personally, I like SFC running after install, so here's what I do: in my windows 2000 source folder, I copied SFC.DLL and SFCFILES.DLL and renamed the copies to SFC.ORIG and SFCFILES.ORIG. That way I have a source CD with the original files.

Edited May 19, 2006 by fdv

[x-pert]

fdv

How about http://www.bitsum.com/aboutwfp.asp Hack Method 4 ? and nLite using this method.

[heisking]

mystek

If you go to MSFN's Unattended Windows, near the bottom of the page, you will find links for XP and 2k3 prehacked UXTHEME.DLL files that are already cabbed. I use this on XPSP2 without a modified SFC.DLL, SFC_OS.DLL, or SFCFILES.DLL and have no problems with the install. It works perfectly.

SFC checks the files when windows is running and puts the old file back if it detects that one of the protected files have been changed. During setup if UXTHEME.DLL is sliptreamed on the install disk SFC will consider it to be the correct file. It sounds to me like you may not have run modifyPE on it before you cabbed it.

[Camarade_Tux]

I read http://www.bitsum.com/aboutwfp.asp#Hack_Method_2 and found it very interesting on the performance side.

Afaik, if modified sfcfiles.dll or sfc*.dll are used, monitoring is not stopped.

Of course if you use an empty sfcfiles.dll it will monitor 0 files but imho it is still a performance lack (and also if I disable wfp, I prefer to do it at 100%).

Does anyone know how to do that ?

Adding something to be run at each startup to stop it ?

Use some modded files ?

(to find "sfc" in winlogon.exe you need to search for 73 00 66 00 63; Unicode ?)

[mystek]

heisking, I tried that and put it in the FIX folder. I may have gotten a bad file so I downloaded the one from the link you provided and will try again.

**Update - Worked! I guess I got a bad file the first time, thanks.

Edited May 20, 2006 by mystek

[headroom]

Windows Registry Editor Version 5.00

;Disable WFP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"SFCDisable"=dword:FFFFFF9D

Is This Correct?