Frontpage
Forums
Tutorials
Members
Calendar
Subscription
Donate
Links
Contact 
Help
bump?
SFC_OS.DLL hack for XP SP2 Final
Rate Topic:
Back to top
#22
- Like a big surly teddy bear.
-
- Group: Members
- Posts: 2,661
- Joined: 31-August 03
Posted 11 August 2004 - 03:25 PM
kolath, on Aug 11 2004, 10:40 AM, said:
Bachus, on Aug 6 2004, 10:31 PM, said:
How would I go about removing a certain directory (in this case Program Files and everything under it) from being watched by WFP? There was post with a hacked dll for SP1 a while back, but I didn't find it in a search. Besides, I don't remember there being much in the way of instructions for making a new version of the dll. 
+1
I have used the hacked SFC_OS.dll + registry method to disable WFP before, but all I really want to do is delete those annoying folders that XP puts in the Program Files directory (e.g. "xerox", "MSN Gaming Zone", "Movie Maker", etc). Is there any way to remove these from the list of protected files rather than disabling WFP altogether. And also, does anyone know why the heck those stupid folders are considered protected system folders in the first place?
Disable WFP, delete the folders, then re-enable it. Does that work?
#23
Posted 11 August 2004 - 05:19 PM
nope. At least it didn't work on SP1. I disabled WFP, deleted the folders, rebooted, no problem. But if I ever re-enabled WFP, the folders would come back on the next reboot.
#24
Posted 11 August 2004 - 05:48 PM
*DELETE* <- we're off on a tangent here, sorry 
How can we test this?
Turning the system clock ahead did not cause it to expire...
thaNX
RaveRod, on Aug 7 2004, 11:51 PM, said:
...Build 2179, I think, will expire is 180 days...
How can we test this?
Turning the system clock ahead did not cause it to expire...
thaNX
#25
- Like a big surly teddy bear.
-
- Group: Members
- Posts: 2,661
- Joined: 31-August 03
Posted 11 August 2004 - 06:52 PM
kolath, on Aug 11 2004, 07:19 PM, said:
nope. At least it didn't work on SP1. I disabled WFP, deleted the folders, rebooted, no problem. But if I ever re-enabled WFP, the folders would come back on the next reboot.
In that case, it would be nice to be able to remove those entries from the sfcfiles list
#26
- *shrug*
-
- Group: Members
- Posts: 685
- Joined: 11-September 03
Posted 11 August 2004 - 06:57 PM
To the people who want to unprotect certain folders, please use the forum search. Here the thread with that information:
http://www.msfn.org/...showtopic=21334
@netquik: The SFC_OS.DL_ file attached has been modified with modpe (correct header). It is ready to be put on the CD.
The SFCSetting registry key is added by me so that you can disable WFP while Windows actually looks at SFCDisable (therefore tricking Windows into thinking it's enabled).
In most cases, SFCDisable will turn out to be 0x0000000 while SFCSetting will be 0xffffff9d. That tricks Windows into thinking WFP is enabled but when it comes to removing protected files, it isn't.
http://www.msfn.org/...showtopic=21334
@netquik: The SFC_OS.DL_ file attached has been modified with modpe (correct header). It is ready to be put on the CD.
The SFCSetting registry key is added by me so that you can disable WFP while Windows actually looks at SFCDisable (therefore tricking Windows into thinking it's enabled).
In most cases, SFCDisable will turn out to be 0x0000000 while SFCSetting will be 0xffffff9d. That tricks Windows into thinking WFP is enabled but when it comes to removing protected files, it isn't.
#27
- Like a big surly teddy bear.
-
- Group: Members
- Posts: 2,661
- Joined: 31-August 03
Posted 11 August 2004 - 09:18 PM
Below is a link to a patched sfcfiles.dll for SP2 (with the PE header modified), ready to be put onto a CD. I tested it in VirtualPC and it worked OK. Folders in Program Files are now deletable 
http://www.ryanvm.ne...fn/sfcfiles.dl_
http://www.ryanvm.ne...fn/sfcfiles.dl_
#28
- ineXPlicable
-
- Group: Developers
- Posts: 3,062
- Joined: 22-August 03
Posted 11 August 2004 - 09:24 PM
I think you mean ...
http://www.ryanvm.ne...fn/SFCFILES.DL_
But I know you are just showing off that ryanvm.net !
(GreenMachine.net is long gone, alas)
EDIT:: Silly me: forgot to add Thanks, RyanVM!
http://www.ryanvm.ne...fn/SFCFILES.DL_
But I know you are just showing off that ryanvm.net !
(GreenMachine.net is long gone, alas)
EDIT:: Silly me: forgot to add Thanks, RyanVM!
#29
- MSFN Admin
-
- Group: Members
- Posts: 73
- Joined: 11-August 04
Posted 12 August 2004 - 05:05 AM
RaveRod, can I use your attached file and replace it in mi I386/ or do I have to edit my own SFC_OS.DLL? I didn't quite catch that...
#30
- *shrug*
-
- Group: Members
- Posts: 685
- Joined: 11-September 03
Posted 12 August 2004 - 07:02 AM
@xb00t: You can use the one attached on the CD. No need to edit it. I only put the edits up so that people know what is edited in that file.
#31
- MSFN Admin
-
- Group: Members
- Posts: 73
- Joined: 11-August 04
Posted 12 August 2004 - 07:39 AM
RaveRod, on Aug 12 2004, 07:02 AM, said:
@xb00t: You can use the one attached on the CD. No need to edit it. I only put the edits up so that people know what is edited in that file.
#32
Posted 12 August 2004 - 01:58 PM
Okay thanks!!!
RaveRod
can you tell me which code is the header CRC?
I have to be ready to manually apply patch to italian version
(this is why i m so curious)
is At offset (0000ECE9)?
RaveRod
can you tell me which code is the header CRC?
I have to be ready to manually apply patch to italian version
(this is why i m so curious)
is At offset (0000ECE9)?
#33
- Like a big surly teddy bear.
-
- Group: Members
- Posts: 2,661
- Joined: 31-August 03
Posted 12 August 2004 - 05:03 PM
GreenMachine, on Aug 11 2004, 11:24 PM, said:
I think you mean ...
http://www.ryanvm.ne...fn/SFCFILES.DL_
But I know you are just showing off that ryanvm.net !
(GreenMachine.net is long gone, alas)
EDIT:: Silly me: forgot to add Thanks, RyanVM!
http://www.ryanvm.ne...fn/SFCFILES.DL_
But I know you are just showing off that ryanvm.net !
(GreenMachine.net is long gone, alas)
EDIT:: Silly me: forgot to add Thanks, RyanVM!
hehe, didn't realize it was case sensitive
And for what it's worth, I would have attached it but it was too big
8)
#34
- *shrug*
-
- Group: Members
- Posts: 685
- Joined: 11-September 03
Posted 13 August 2004 - 10:50 PM
netquik, on Aug 13 2004, 05:58 AM, said:
can you tell me which code is the header CRC?
Use the ModifyPE program available at unattended.msfn.org. It will modify the PE (CRC) header of SFC_OS.DLL to allow setup to accept it.
#35
Posted 20 August 2004 - 02:10 PM
What exactly does the hacked sfcfiles.dll do/used for? I searched Google and found that if you remove the file, you can delete those folders that appearantly have no use in Program Files.. but what about the hacked version?
Edit: And if you use the hacked sfc_os.dl_ do you need to edit i386\hivesft.inf ? The guide says use one or the other but the auther of this thread makes it sound like you need both.
Edit: And if you use the hacked sfc_os.dl_ do you need to edit i386\hivesft.inf ? The guide says use one or the other but the auther of this thread makes it sound like you need both.
#36
- Like a big surly teddy bear.
-
- Group: Members
- Posts: 2,661
- Joined: 31-August 03
Posted 21 August 2004 - 09:25 AM
Quote
What exactly does the hacked sfcfiles.dll do/used for? I searched Google and found that if you remove the file, you can delete those folders that appearantly have no use in Program Files.. but what about the hacked version?
Quote
Edit: And if you use the hacked sfc_os.dl_ do you need to edit i386\hivesft.inf ? The guide says use one or the other but the auther of this thread makes it sound like you need both.
Raverod earlier in the thread said:
@RyanVM: Yes the hive does need to be edited (or you can import the registry entry during "cmdlines". If you import the registry entry during "RunOnceEx", WFP won't be disabled until the second boot.
#37
- Advanced Member
-
- Group: Members
- Posts: 401
- Joined: 04-August 04
Posted 21 August 2004 - 10:11 AM
gabriel_buc, on Aug 7 2004, 03:58 AM, said:
RaveRod, on Aug 7 2004, 07:42 AM, said:
Use the information on the unattended page here (just replace the file there with this file here):
http://unattended.msfn.org/xp/wfp.htm
http://unattended.msfn.org/xp/wfp.htm
@ Adiel, OMERZEN & DaLurker:
If you would just follow the link provided you would find the answer t oyour question.
ok thank u
#38
Posted 21 August 2004 - 11:44 AM
RaveRod, on Aug 13 2004, 10:50 PM, said:
netquik, on Aug 13 2004, 05:58 AM, said:
can you tell me which code is the header CRC?
Use the ModifyPE program available at unattended.msfn.org. It will modify the PE (CRC) header of SFC_OS.DLL to allow setup to accept it.
thanks RaveRod...
I would go with modifyPE in anyway cause i'm going to patch italian version...
so is this the change without CRC question?
At offset (00000F82) change:
CODE
44 00 69 00 73 00 61 00 62 00 6C 00 65
to:
CODE
53 00 65 00 74 00 74 00 69 00 6E 00 67
thanks
#39
Posted 22 August 2004 - 07:24 PM
hi raverod...
i have another little question
At offset (00000F82) change:
CODE
44 00 69 00 73 00 61 00 62 00 6C 00 65
to:
CODE
53 00 65 00 74 00 74 00 69 00 6E 00 67
At offset (0000ECE9) change:
CODE
33 C9
to:
CODE
EB 01
okay..
At offset (0000ECE9) I found (SP2 EN)
33 C0 not 33 C9
Am I wrong?
i have another little question
At offset (00000F82) change:
CODE
44 00 69 00 73 00 61 00 62 00 6C 00 65
to:
CODE
53 00 65 00 74 00 74 00 69 00 6E 00 67
At offset (0000ECE9) change:
CODE
33 C9
to:
CODE
EB 01
okay..
At offset (0000ECE9) I found (SP2 EN)
33 C0 not 33 C9
Am I wrong?
- ← What can you do doring GUI-mode Setup?
- Unattended Windows 2000/XP/2003
- Renaming all Windows folders within setup files →
