[Windows File Protection] Do you disable it?!

[blahface]

Hey!

Has anyone else here been nagged about a modded system file - so put in your windows disk to remove the 'modded' file(s)!?!

Next question - can you disable it checking certain files?! cos I would like to disable:

logonui.exe - Windows XP Login/Welcome screen

ntoskrnl.exe - Windows XP Boot Screen

thanking you for your time!

[jaclaz]

The Fred de Vorck method of disabling it involves the use of a modified SFCFILES.DLL, i.e. an empty list of files.

http://www.msfn.org/board/index.php?showtopic=58049

http://www.msfn.org/board/index.php?showtopic=71256

So it is very probable that you can modify SFCFILES.DLL deleting just the files names that you want NO protection on, though I cannot say HOW it can be done, i.e. if the file has a checksum of some kind.....

jaclaz

[enuffsaid]

Open your registry and find the key below.

System Key: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

Value Name: SFCDisable

Data Type: REG_DWORD (DWORD Value)

Value Data: 0 = enabled (default), ffffff9d = disabled

Change the value of "SFCDisable" to equal "ffffff9d" to disable WFS or "0" to enable it. The other valid hexadecimal values are:

1 - disabled, prompt at boot to re-enable

2 - disabled at next boot only, no prompt to re-enable

4 - enabled, with popups disabled

ffffff9d - for completely disabled

Restart Windows for the change to take effect.

Additional Steps for Windows 2000 Service Pack 2 and Windows XP

This setting is disabled in Windows 2000 SP2 and Windows XP, and needs to re-enabled using a hex editor and changing SFC.DLL (or SFC_OS.DLL for Windows XP) following these instructions:

Windows 2000 SP2

Make a backup the SFC.DLL in the C:\WINNT\SYSTEM32 directory.

Make an additional copy of SFC.DLL called SFC1.DLL and open it in a hex editor.

At offset 00006211 (6211h) you should find the values "8B" and "C6". Do not continue if you are unable to find these values.

Change the values "8B C6" to read "90 90" and save the changes.

Run these commands to update the system files:

copy c:\winnt\system32\sfc1.dll c:\winnt\system32\sfc.dll /y

copy c:\winnt\system32\sfc1.dll c:\winnt\system32\dllcache\sfc.dll /y

If you are prompted to insert the Windows CD, click Cancel.

Restart Windows for the change to take effect.

Windows XP

Make a backup the SFC_OS.DLL in the C:\WINDOWS\SYSTEM32 directory.

Make an additional copy of SFC_OS.DLL called SFC_OS1.DLL and open it in a hex editor.

Windows XP (no Service Pack)

At offset 0000E2B8 (0E2B8h) you should find the values "8B" and "C6".

Windows XP (Service Pack 1)

At offset 0000E3BB (0E3BBh) you should find the values "8B" and "C6".

Do not continue if you are unable to find these values.

Change the values "8B C6" to read "90 90" and save the changes.

Run these commands to update the system files:

copy c:\windows\system32\sfc_os1.dll c:\windows\system32\sfc_os.dll /y

copy c:\windows\system32\sfc_os1.dll c:\windows\system32\dllcache\sfc_os.dll /y

If you are prompted to insert the Windows CD, click Cancel.

Restart Windows for the change to take effect.

Once these files have been updated apply the registry setting above.

Note: You must manually modify the operating system files using a hex editor to allow this tweak to disable SFC on Windows 2000 (SP1+) or Windows XP.

Edited February 9, 2007 by enuffsaid