Logo: TechTrax...brought to you by MouseTrax Computing Solutions
 Home | Archives | Authors | About Us | Subscribe/Membership | Consultants | Mouse Droppings | Feedback | Member Login Get an RSS feed for this site! Right click this button and subscribe with your default RSS reader!
 Issue | Department  |  Next Article  |  Previous Article

Disabling System File Protection in Windows XP with Service Pack 2 Installed.

by Vic Ferri

Note – for disabling system file protection in Windows XP and Windows XP-SP1, see my previous article here
http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID=290

You might also want to check out the previous article for more information on System File Protection.

Disabling System File Protection in XP prior to SP2 involved editing the included sfc_os.dll file on your system. However, the version of sfc-os.dll that comes with SP2 is different and you can not disable file protection with it. In order to disable file protection in Windows XP-SP2, you must use the previous version of the sfc-os.dll file which is 5.1.2600.1106: (the one with SP2 is 5.1.2600.2180)

So to begin, get a copy of the previous version from your Windows XP CD or search for it on the net.

Step One - Editing SFC-OS.DLL

Open sfc-os.dll with a hex editor (here we are using UltraEdit as our hex editor) and go to offset
0xECE9

Clicking Ok will take you right to the line containing the values you need to change.

The values to change are:

33 C0 40

Change to:

90 90 90

In this example, using UltraEdit, the change was made by right clicking the selected values and choosing the Replace option. Then it was just a matter of entering 909090 in the Replace With field and clicking Replace.

After clicking Replace – notice the values have been changed.

Once done save your changes. Now rename the file with a bak extension (sfc_os.bak).

Step Two - Replacing the Original File

Now we need to use the command prompt, to overwrite your original sfc_os.dll file with the hacked version. The original exists in two locations:

1. Windows/System32 folder

2. Windows/System32/dllcache folder

Here’s an easier way to do this for newbies or anyone who doesn’t like entering long command lines.

      Place a copy of sfc_oc.bak into both your dllcache and System32 folder.

Then in the dllcache folder, look for cmd.exe, double click it and enter this command:

 

                   Copy SFC_OS.BAK SFC_OS.DLL /Y

 

Next,  go to your System32 folder and do the same thing. Look for cmd.exe , double click it and enter exactly the same command.

 

Notes:

  • If you have a problem overwriting the files, you can do the copying within the Recovery Console or you can try in Safe Mode.
  • Tthe dllcache folder is a hidden folder so make sure you have selected to show all files in you Folder options.
  • It is important to copy the file to your dllcache folder FIRST.
  • Iif you get prompted to enter your Windows CD, click Cancel.

Once the files have been copied, shut down your computer and restart

Step Three - Registry Settings

Final step is to disable System File Protection in registry.

Go to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

In the right hand pane, if it doesn't exist, create a new Dword value named:

SFCDisable

Double click it and enter:

FFFFFF9D

The resulting registry value in the right hand side should look like this:

Exit the registry and restart your computer.

System File Protection should now be disabled.

Click to rate this article.

 

Go up to the top of this page.
Copyright (c) 2002–2012 by MouseTrax Computing Solutions, www.mousetrax.com, Chicago, IL, All Content is Copyrighted and All Rights Reserved
This site powered by the Logical Web Publisher™: Content management by Logical Expressions, Inc.