132 lines
4.5 KiB
Plaintext
132 lines
4.5 KiB
Plaintext
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
|
||
|
||
WINDOWS 2000 Windows File Protection Explained
|
||
|
||
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
|
||
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||
|
||
|
||
|
||
------------------------------------
|
||
1. What is Windows File Protection?
|
||
------------------------------------
|
||
|
||
WFP protects system files by running in the background and detecting any
|
||
changes to system files that are actively being protected. If changes
|
||
occur Windows 2000 will prompt you and inform you that it has been
|
||
overwritten by a obscure file and will ask you for your Windows 2000
|
||
CDROM.
|
||
|
||
|
||
------------------
|
||
2. How WFP Works
|
||
------------------
|
||
|
||
WFP actively runs in the background and compares installed system
|
||
files with ones found in its backup directory (Dllcache) If a
|
||
file is overwritten by another program, WFP will search for replacement
|
||
copies in this order:
|
||
- dllcache directory (C:\WINNT\System32\DllCache)
|
||
- Search network path (if installed via network)
|
||
- Search Windows 2000 CD
|
||
|
||
If the file is already found in the dllcache directory, or a network
|
||
path, then Windows 2000 will NOT prompt you it will simply replace the
|
||
file and move on. If however, it can't be detected on either two, it
|
||
will prompt you for your windows 2000 disk. WFP will make logs of what
|
||
tried to replace the file as well.
|
||
|
||
|
||
-------------------------------------------
|
||
3. Disabling WFP (Service Pack 1 or Gold)
|
||
-------------------------------------------
|
||
|
||
Since WFP is actively monitoring files all the time, it does take some
|
||
CPU time away from you, not much but it may count for some computer guru.
|
||
If you are using Windows 2000 Service Pack 1, or the Gold Edition follow
|
||
the indications below:
|
||
- Open the registry editor (start - run.. - regedit - ok)
|
||
- go to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\
|
||
Winlogon
|
||
- Create a new DWORD value in the right-pane, and name it "SFCDisable"
|
||
- Give it a value of "2"
|
||
- Reboot your machine.
|
||
|
||
-----------------------------------
|
||
4. Disabling WFP (Service Pack 2)
|
||
-----------------------------------
|
||
|
||
Service Pack 2 either intentionally disables SFCDisable dword, or accidently.
|
||
In either event you CANNOT disable WFP using the registry entry provided above,
|
||
until now.
|
||
|
||
- Run a Hex Editor (can find one at download.com)
|
||
- Open file sfc.dll in system32 directory
|
||
- Go to offset 6211/6212
|
||
- Change '8B C9' to read '90 90'
|
||
- Save file
|
||
- Now make the SFCDisable value in the registry.
|
||
|
||
|
||
---------------------------
|
||
5. Replacing System Files
|
||
---------------------------
|
||
|
||
You can disable System File Protection, then just replace files like you
|
||
normally would. Or you could keep your System File Protection still active
|
||
and replace files. Heres how:
|
||
- Modify the file of your choosing
|
||
- Save it to C:\WINNT\ServicePackFiles, C:\WINNT\System32\Dllcache
|
||
- Save it to its orignal directory
|
||
|
||
File should now be replaced, with WFP functioning normal.
|
||
|
||
-------------------------
|
||
6. Run A File Check (SFC)
|
||
-------------------------
|
||
|
||
If you'd like to verify your files right now, you can do so.
|
||
- Click Start - Run.. - type command - click ok
|
||
- type sfc /scannow
|
||
- press enter
|
||
- Windows will now verify your files
|
||
|
||
|
||
-------------------
|
||
7. Rebuild Dllcache
|
||
-------------------
|
||
|
||
Rebuilding the Dllcache is useful if you decided to LIMIT the amount of
|
||
space WFP is allowed to use, to purge the cache do this:
|
||
- Click Start - Run.. - type command - click ok
|
||
- type sfc /purgecache
|
||
- WFP will now REBUILD the cached directory, make sure you have your
|
||
windows cd available when this happens!
|
||
|
||
|
||
---------------------
|
||
8. Limit Cache size
|
||
---------------------
|
||
|
||
Cache taking up too much room? Limit it!
|
||
- Click start - run.. - type command - click ok
|
||
- type sfc /cachesize=x (where 'x' is the amount in megabytes WFP is limited to)
|
||
- press enter
|
||
|
||
|
||
This concludes the tutorial on System File Protection in Windows 2000.
|
||
|
||
|
||
Written by: ParanoidXE (nemesisera@yahoo.com)
|
||
Dated: 05/16/02
|
||
<EFBFBD> paranoidxe 2002-2003
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|