WFP is part of the System File Checker, a tool used to try to keep the system stable by helping stop common problems that cause DLL inconsistencies. WFP when used may try to block the installation of software that you do want to install, but can’t. Because you may run into this issue, you should know how to disable it. With Windows XP SP2, the ability to disable WFP has been removed. This article shows how to reverse this process.
“For a complete guide to security, check out ‘Security + Study Guide and DVD Training System’ from Amazon.com“
Registry Editing
Microsoft recommends that before you ever edit the Registry, you always attempt to back up the Registry and understand how to restore it if a problem occurs. In the Links and References section you will find an article that covers how to quickly back up the Registry so that if a mistake is made, you can at least have a backup of your system.
Disabled Windows File Protection
Windows XP has the ability to protect itself from crashing from system instability infamously caused by third party software overwriting important system files. Once overwritten, the system can become unstable and crash. Windows File Protection is always enabled by default. It will allow ‘digitally’ signed files to replace existing system files. Windows Service Packs, Hotfix, System Upgrades, Windows Updates, Device Drivers through Device Manager and so on.
To run it, go to Start => Run = type SFC /SCANNOW => hit Enter
The scan starts and if you need to fix something, you will be prompted for the distribution media.
So, now that you know how it operates and how to operate it, and you know why you may want to disable it – let’s look at how to reverse how XP SP2 keeps you from doing that.
How to Disable WFP in XP SP2
Starting with Windows 2000 Service packs, and now introduced in Windows XP SP2, Microsoft removed the ability to disable Windows File Protection.
The version of %SystemRoot%\System32\sfc_os.dll that is included in Windows XP SP2 is 5.1.2600.2180. As you can see from the file on a pre- SP2 system, this is what you want to see. If you have the SP2 version, then you will want to remove that.
To Disable WFP in Windows XP SP2:
- Copy %SystemRoot%\System32\SFC_OS.DLL to %SystemRoot%\System32\SFC_Patch.DLL
- Open %SystemRoot%\System32\SFC_Patch.DLL in a hex editor as seen below. You can get a free one at http://www.genkisoft.com/turbohex.shtml
- At offset 0xECE9, change 33C040 to 909090 and save the changes.
- You can search the file for the offset with ctrl+g
- Open a CMD prompt and type:
Copy %SystemRoot%\System32\SFC_Patch.DLL %SystemRoot%\System32\dllcache\SFC_OS.DLL /Y
-and-
Copy %SystemRoot%\System32\SFC_Patch.DLL %SystemRoot%\System32\SFC_OS.DLL /Y
- If prompted to insert the Windows CD-ROM, press Cancel
- Shutdown XP, then restart
- Set SFCDisable to 0xffffff9d
- Shutdown XP, then restart
You could also use the Recovery Console to perform the copy. This will be covered in a future article.
Summary
In this article we covered the basics of changing around the ‘fixes’ installed by XP SP2. If you are like me, you like to be able to customize your OS and this is an article that shows you that you can make XP more flexible for you and what it is ‘you’ want it to do. More Tweaks coming your way. Stay tuned!
Windows XP Registry Backup 101
http://www.windowsnetworking.com/articles_tutorials/Windows-XP-Registry-Backup.html
