| In this article we will cover a quick hack to
the Windows XP Registry. As changes are made to your system from
installing applications and other software, the Window File Protection (WFP)
system works to keep XP running and not introduce anything that may cause
the system to become unstable, a curse of older Windows based operating
systems. Windows File Protection is an important tool, with it; you can
run an executable (sfc.exe) that will start a process to analyze your
system but other times, you will want to disable it. |
WFP is part of the System File Checker, a tool used to try to keep the
system stable by helping stop common problems that cause DLL inconsistencies.
WFP when used may try to block the installation of software that you do want
to install, but can't. Because you may run into this issue, you should know
how to disable it. With Windows XP SP2, the ability to disable WFP has been
removed. This article shows how to reverse this process.
"For a complete guide to security, check out 'Security + Study Guide and DVD
Training System' from
Amazon.com"
Registry Editing
Microsoft recommends that before you ever edit the Registry, you always
attempt to back up the Registry and understand how to restore it if a problem
occurs. In the Links and References section you will find
an article that covers how to quickly back up the Registry so that if a
mistake is made, you can at least have a backup of your system.
Disabled Windows File Protection
Windows XP has the ability to protect itself from crashing from system
instability infamously caused by third party software overwriting important
system files. Once overwritten, the system can become unstable and crash.
Windows File Protection is always enabled by default. It will allow
‘digitally’ signed files to replace existing system files. Windows Service
Packs, Hotfix, System Upgrades, Windows Updates, Device Drivers through Device
Manager and so on.
To run it, go to Start => Run = type SFC /SCANNOW => hit Enter
The scan starts and if you need to fix something, you will be prompted for
the distribution media.
So, now that you know how it operates and how to operate it, and you know
why you may want to disable it – let’s look at how to reverse how XP SP2 keeps
you from doing that.
How to Disable WFP in XP SP2
Starting with Windows 2000 Service packs, and now introduced in Windows XP
SP2, Microsoft removed the ability to disable Windows File Protection.
The version of %SystemRoot%\System32\sfc_os.dll that is included in
Windows XP SP2 is 5.1.2600.2180. As you can see from the file on a pre-
SP2 system, this is what you want to see. If you have the SP2 version, then
you will want to remove that.
To Disable WFP in Windows XP SP2:
- Copy %SystemRoot%\System32\SFC_OS.DLL to %SystemRoot%\System32\SFC_Patch.DLL
- Open %SystemRoot%\System32\SFC_Patch.DLL in a hex editor as seen
below. You can get a free one at
http://www.genkisoft.com/turbohex.shtml
- At offset 0xECE9, change 33C040 to 909090 and save
the changes.
- You can search the file for the offset with ctrl+g
- Open a CMD prompt and type:
Copy %SystemRoot%\System32\SFC_Patch.DLL %SystemRoot%\System32\dllcache\SFC_OS.DLL
/Y
-and-
Copy %SystemRoot%\System32\SFC_Patch.DLL %SystemRoot%\System32\SFC_OS.DLL
/Y
- If prompted to insert the Windows CD-ROM, press Cancel
- Shutdown XP, then restart
- Set SFCDisable to 0xffffff9d
- Shutdown XP, then restart
You could also use the Recovery Console to perform the copy. This will be
covered in a future article.
Summary
In this article we covered the basics of changing around the ‘fixes’
installed by XP SP2. If you are like me, you like to be able to customize your
OS and this is an article that shows you that you can make XP more flexible
for you and what it is ‘you’ want it to do. More Tweaks coming your way. Stay
tuned!
