Hello,
I have forgotten registry key that I need to change in order to update
Microsoft drivers,
for example I8042prt.sys.The Win200 restore original version after reboot.
Thank in advice
Mark
Registry for updating Microsoft driverstry this - google for something like
‘disable system file protection’
“Mark Shnaider” wrote in message news:xxxxx@ntdev…
Hello,
I have forgotten registry key that I need to change in order to update
Microsoft drivers,
for example I8042prt.sys.The Win200 restore original version after reboot.
Thank in advice
Mark
This one sounds like a challenge to me now. It’s been a while I did not try,
and I know it was pretty easy to do on win2k, by tweaking a reg entry, and
windbg being connected, target boot on debug kernel(enabaled). Now I need to
do some testing, and I was looking thru google, found some gory detail about
how to do it. But nothing yet seems to work, even those software pkgs, that
one can download and try. At best some of those are incomplete, when it
comes downto Xp w/SP1.
If anyone had any success, pls let us know. BTW, there are a lot of info(s)
on the net, most of them are old, hence does not work. Even some of them
mentioned, manually (w/Hex editor) one can change a jmp or something on a
dll, but saving would be problem. Then ther are hypothisis about storing
first to the dllcache folder, then to the system folder, blah, blah… they
dont work. Hmm, something interestng…
-pro
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Lyndon J Clarke
Sent: Tuesday, April 20, 2004 7:51 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Registry for updating Microsoft drivers
Registry for updating Microsoft driverstry this - google for something like
‘disable system file protection’
“Mark Shnaider” wrote in message news:xxxxx@ntdev…
Hello,
I have forgotten registry key that I need to change in order to update
Microsoft drivers,
for example I8042prt.sys.The Win200 restore original version after reboot.
Thank in advice
Mark
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@garlic.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Do you want to say MS approved way with registry setting and windbg connected doesn’t work? Doubts.
As for unapproved ways, we had a discussion in this list about year before. I just tested my utility at XP SP1 and it works. I guess I briefly described how it works in mentioned discussion (and won’t repeat it because some list members take such utilities as weapons).
BTW, I believe the way with dllcache folder also works but you haven’t applied it correctly. IIRC the trick is to remove original files so SFC watcher can’t repair your changes.
Best regards,
Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http:://www.upek.com]
From: xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on behalf of Prokash Sinha[SMTP:xxxxx@garlic.com]
Reply To: Windows System Software Devs Interest List
Sent: Wednesday, April 21, 2004 4:01 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Registry for updating Microsoft driversThis one sounds like a challenge to me now. It’s been a while I did not try,
and I know it was pretty easy to do on win2k, by tweaking a reg entry, and
windbg being connected, target boot on debug kernel(enabaled). Now I need to
do some testing, and I was looking thru google, found some gory detail about
how to do it. But nothing yet seems to work, even those software pkgs, that
one can download and try. At best some of those are incomplete, when it
comes downto Xp w/SP1.If anyone had any success, pls let us know. BTW, there are a lot of info(s)
on the net, most of them are old, hence does not work. Even some of them
mentioned, manually (w/Hex editor) one can change a jmp or something on a
dll, but saving would be problem. Then ther are hypothisis about storing
first to the dllcache folder, then to the system folder, blah, blah… they
dont work. Hmm, something interestng…-pro
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Lyndon J Clarke
Sent: Tuesday, April 20, 2004 7:51 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Registry for updating Microsoft driversRegistry for updating Microsoft driverstry this - google for something like
‘disable system file protection’“Mark Shnaider” wrote in message news:xxxxx@ntdev…
> Hello,
> I have forgotten registry key that I need to change in order to update
> Microsoft drivers,
> for example I8042prt.sys.The Win200 restore original version after reboot.
> Thank in advice
> Mark
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@garlic.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@upek.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
As my approach says, it is nothing undocumented weapon or anything :). I
just need it for my testing, then again I always say dont trust me, when
there is even slightest smell of suspesion. Yes, people have every reason to
argue about some of the previous discussion we were deeply engaged. I just
think that “TRUTH BE TOLD”, then again my truth sometime depends on which
side of the coin is my perspective !!!.
I just tried following 2 to 3 docs, over the internet, none seems to work.
MS has couple docs/KB/support docs, but they are outdated, I think, and they
specifically said how to disable, so I dont think this is any problem to try
doing it. I didn’t search the ntdev yet, and if there is any objection, I
would not even search. Under 2K, I had the whole stack ( including fastfat,
cdrom, floppy drvier) all taken from the source, and it was the first try to
test, and work. Now I did spend almost 1/2 day, and saw it is not that easy
anymore …
I tried to replace the original file in the dllcache folder with the
modified(Hexedited), that stays there, then if I reboot and/or replace the
systemfolder and reboot, the effect is same. There is some service or
something running, that replace the sysfolder’s file withing 1 or 2 sec.
I’ve only extra stuff is the softice on the target, not sure if it is
getting on my way or not…
I will try again tomorrow, to see …
thanx
-pro
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Michal Vodicka
Sent: Tuesday, April 20, 2004 8:20 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Registry for updating Microsoft drivers
Do you want to say MS approved way with registry setting and windbg
connected doesn’t work? Doubts.
As for unapproved ways, we had a discussion in this list about year before.
I just tested my utility at XP SP1 and it works. I guess I briefly described
how it works in mentioned discussion (and won’t repeat it because some list
members take such utilities as weapons).
BTW, I believe the way with dllcache folder also works but you haven’t
applied it correctly. IIRC the trick is to remove original files so SFC
watcher can’t repair your changes.
Best regards,
Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http:://www.upek.com]
From:
xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on
behalf of Prokash Sinha[SMTP:xxxxx@garlic.com]
Reply To: Windows System Software Devs Interest List
Sent: Wednesday, April 21, 2004 4:01 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Registry for updating Microsoft driversThis one sounds like a challenge to me now. It’s been a while I did not
try,
and I know it was pretty easy to do on win2k, by tweaking a reg entry, and
windbg being connected, target boot on debug kernel(enabaled). Now I need
to
do some testing, and I was looking thru google, found some gory detail
about
how to do it. But nothing yet seems to work, even those software pkgs,
that
one can download and try. At best some of those are incomplete, when it
comes downto Xp w/SP1.If anyone had any success, pls let us know. BTW, there are a lot of
info(s)
on the net, most of them are old, hence does not work. Even some of them
mentioned, manually (w/Hex editor) one can change a jmp or something on a
dll, but saving would be problem. Then ther are hypothisis about storing
first to the dllcache folder, then to the system folder, blah, blah…
they
dont work. Hmm, something interestng…-pro
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Lyndon J Clarke
Sent: Tuesday, April 20, 2004 7:51 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Registry for updating Microsoft driversRegistry for updating Microsoft driverstry this - google for something
like
‘disable system file protection’“Mark Shnaider” wrote in message news:xxxxx@ntdev…
> Hello,
> I have forgotten registry key that I need to change in order to update
> Microsoft drivers,
> for example I8042prt.sys.The Win200 restore original version after reboot.
> Thank in advice
> Mark
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@garlic.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@upek.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@garlic.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Don’t replace the driver file. Just change the binary path of the
driver/service entry.
Replacing the actual driver, DLL, or executable is rarely, rarely necessary.
This is the reason that SFP is so strict.
– arlie
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Prokash Sinha
Sent: Wednesday, April 21, 2004 12:03 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Registry for updating Microsoft drivers
As my approach says, it is nothing undocumented weapon or anything :). I
just need it for my testing, then again I always say dont trust me, when
there is even slightest smell of suspesion. Yes, people have every reason to
argue about some of the previous discussion we were deeply engaged. I just
think that “TRUTH BE TOLD”, then again my truth sometime depends on which
side of the coin is my perspective !!!.
I just tried following 2 to 3 docs, over the internet, none seems to work.
MS has couple docs/KB/support docs, but they are outdated, I think, and they
specifically said how to disable, so I dont think this is any problem to try
doing it. I didn’t search the ntdev yet, and if there is any objection, I
would not even search. Under 2K, I had the whole stack ( including fastfat,
cdrom, floppy drvier) all taken from the source, and it was the first try to
test, and work. Now I did spend almost 1/2 day, and saw it is not that easy
anymore …
I tried to replace the original file in the dllcache folder with the
modified(Hexedited), that stays there, then if I reboot and/or replace the
systemfolder and reboot, the effect is same. There is some service or
something running, that replace the sysfolder’s file withing 1 or 2 sec.
I’ve only extra stuff is the softice on the target, not sure if it is
getting on my way or not…
I will try again tomorrow, to see …
thanx
-pro
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Michal Vodicka
Sent: Tuesday, April 20, 2004 8:20 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Registry for updating Microsoft drivers
Do you want to say MS approved way with registry setting and windbg
connected doesn’t work? Doubts.
As for unapproved ways, we had a discussion in this list about year before.
I just tested my utility at XP SP1 and it works. I guess I briefly described
how it works in mentioned discussion (and won’t repeat it because some list
members take such utilities as weapons).
BTW, I believe the way with dllcache folder also works but you haven’t
applied it correctly. IIRC the trick is to remove original files so SFC
watcher can’t repair your changes.
Best regards,
Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http:://www.upek.com]
From:
xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on
behalf of Prokash Sinha[SMTP:xxxxx@garlic.com]
Reply To: Windows System Software Devs Interest List
Sent: Wednesday, April 21, 2004 4:01 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Registry for updating Microsoft driversThis one sounds like a challenge to me now. It’s been a while I did
not
try,
and I know it was pretty easy to do on win2k, by tweaking a reg entry,
and windbg being connected, target boot on debug kernel(enabaled). Now
I need
to
do some testing, and I was looking thru google, found some gory detail
about
how to do it. But nothing yet seems to work, even those software pkgs,
that
one can download and try. At best some of those are incomplete, when
it comes downto Xp w/SP1.If anyone had any success, pls let us know. BTW, there are a lot of
info(s)
on the net, most of them are old, hence does not work. Even some of
them mentioned, manually (w/Hex editor) one can change a jmp or
something on a dll, but saving would be problem. Then ther are
hypothisis about storing first to the dllcache folder, then to the system
folder, blah, blah…
they
dont work. Hmm, something interestng…-pro
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Lyndon J Clarke
Sent: Tuesday, April 20, 2004 7:51 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Registry for updating Microsoft driversRegistry for updating Microsoft driverstry this - google for something
like
‘disable system file protection’“Mark Shnaider” wrote in message news:xxxxx@ntdev…
> Hello,
> I have forgotten registry key that I need to change in order to
> update Microsoft drivers, for example I8042prt.sys.The Win200 restore
> original version after reboot.
> Thank in advice
> Mark
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@garlic.com To
> unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@upek.com To
> unsubscribe send a blank email to xxxxx@lists.osr.com
>
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@garlic.com To unsubscribe
send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@sublinear.org To unsubscribe
send a blank email to xxxxx@lists.osr.com
> ----------
From: xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on behalf of Prokash Sinha[SMTP:xxxxx@garlic.com]
Reply To: Windows System Software Devs Interest List
Sent: Wednesday, April 21, 2004 6:02 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Registry for updating Microsoft driversI tried to replace the original file in the dllcache folder with the
modified(Hexedited), that stays there, then if I reboot and/or replace the
systemfolder and reboot, the effect is same. There is some service or
something running, that replace the sysfolder’s file withing 1 or 2 sec.
I’ve only extra stuff is the softice on the target, not sure if it is
getting on my way or not…
Sure, SFC watcher thread which runs in context of winlogon process. Half of day?! Did you ever start FileMon to see from where files are copied? It isn’t so easy; there are of course checksums for files in dllcache and there is some .cab file which contains binaries has to be also removed. I don’t remember exactly and don’t have a reason to try it. Somebody posted it in this list and if you don’t want to search archives… well, you’re on your own.
Best regards,
Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http:://www.upek.com]
> ----------
From: xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on behalf of Arlie Davis[SMTP:xxxxx@sublinear.org]
Reply To: Windows System Software Devs Interest List
Sent: Wednesday, April 21, 2004 6:22 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Registry for updating Microsoft driversDon’t replace the driver file. Just change the binary path of the
driver/service entry.
Interesting idea, simple and efficient. I’m curious how it would work for filesystems and other boot drivers; I’d try to use new driver with different name in system32\drivers directory. And at least two OSes installed for easy repair if some errors occurs and OS doesn’t find a file.
Best regards,
Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http:://www.upek.com]
No I did not mean or say that I dont want to search the ntdev. Also I would
like to try a fairly easy way, like what Arlie just mentioned, or some of
the MS documented way. Yes, something I was missing, so I was tempted to
even get it by the hack (edit with hex editor), anyway, I will definitely
give a shot as Arile said, and as you suspect that KB/support doc should
work. I’ve not used filemon in a long time. Last was when playing w/ 2k at
the prerelease time frame…, one of the FS guru wrote an NT virtual fs,
that I was porting to 2k …
-pro
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Michal Vodicka
Sent: Tuesday, April 20, 2004 9:22 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Registry for updating Microsoft drivers
From:
xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on
behalf of Prokash Sinha[SMTP:xxxxx@garlic.com]
Reply To: Windows System Software Devs Interest List
Sent: Wednesday, April 21, 2004 6:02 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Registry for updating Microsoft driversI tried to replace the original file in the dllcache folder with the
modified(Hexedited), that stays there, then if I reboot and/or replace the
systemfolder and reboot, the effect is same. There is some service or
something running, that replace the sysfolder’s file withing 1 or 2 sec.
I’ve only extra stuff is the softice on the target, not sure if it is
getting on my way or not…
Sure, SFC watcher thread which runs in context of winlogon process. Half of
day?! Did you ever start FileMon to see from where files are copied? It
isn’t so easy; there are of course checksums for files in dllcache and there
is some .cab file which contains binaries has to be also removed. I don’t
remember exactly and don’t have a reason to try it. Somebody posted it in
this list and if you don’t want to search archives… well, you’re on your
own.
Best regards,
Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http:://www.upek.com]
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@garlic.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Thank you very much
I found by google how disable Windows File Protection.
Disabling Windows File Protection
You may disable WFP by setting the value SFCDisable (REG_DWORD) in
HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows NT\ CurrentVersion\
Winlogon. By default, SFCDisable is set to 0, which means WFP is active.
Setting SFCDisable to 1 will disable WFP. Setting SFCDisable to 2 will
disable WFP for the next system restart only (without a prompt to
re-enable).
regards
Mark
-----Original Message-----
From: Prokash Sinha [mailto:xxxxx@garlic.com]
Sent: Wednesday, April 21, 2004 6:03 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Registry for updating Microsoft drivers
As my approach says, it is nothing undocumented weapon or anything :). I
just need it for my testing, then again I always say dont trust me, when
there is even slightest smell of suspesion. Yes, people have every reason to
argue about some of the previous discussion we were deeply engaged. I just
think that “TRUTH BE TOLD”, then again my truth sometime depends on which
side of the coin is my perspective !!!.
I just tried following 2 to 3 docs, over the internet, none seems to work.
MS has couple docs/KB/support docs, but they are outdated, I think, and they
specifically said how to disable, so I dont think this is any problem to try
doing it. I didn’t search the ntdev yet, and if there is any objection, I
would not even search. Under 2K, I had the whole stack ( including fastfat,
cdrom, floppy drvier) all taken from the source, and it was the first try to
test, and work. Now I did spend almost 1/2 day, and saw it is not that easy
anymore …
I tried to replace the original file in the dllcache folder with the
modified(Hexedited), that stays there, then if I reboot and/or replace the
systemfolder and reboot, the effect is same. There is some service or
something running, that replace the sysfolder’s file withing 1 or 2 sec.
I’ve only extra stuff is the softice on the target, not sure if it is
getting on my way or not…
I will try again tomorrow, to see …
thanx
-pro
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Michal Vodicka
Sent: Tuesday, April 20, 2004 8:20 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Registry for updating Microsoft drivers
Do you want to say MS approved way with registry setting and windbg
connected doesn’t work? Doubts.
As for unapproved ways, we had a discussion in this list about year before.
I just tested my utility at XP SP1 and it works. I guess I briefly described
how it works in mentioned discussion (and won’t repeat it because some list
members take such utilities as weapons).
BTW, I believe the way with dllcache folder also works but you haven’t
applied it correctly. IIRC the trick is to remove original files so SFC
watcher can’t repair your changes.
Best regards,
Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http:://www.upek.com]
From:
xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on
behalf of Prokash Sinha[SMTP:xxxxx@garlic.com]
Reply To: Windows System Software Devs Interest List
Sent: Wednesday, April 21, 2004 4:01 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Registry for updating Microsoft driversThis one sounds like a challenge to me now. It’s been a while I did not
try,
and I know it was pretty easy to do on win2k, by tweaking a reg entry, and
windbg being connected, target boot on debug kernel(enabaled). Now I need
to
do some testing, and I was looking thru google, found some gory detail
about
how to do it. But nothing yet seems to work, even those software pkgs,
that
one can download and try. At best some of those are incomplete, when it
comes downto Xp w/SP1.If anyone had any success, pls let us know. BTW, there are a lot of
info(s)
on the net, most of them are old, hence does not work. Even some of them
mentioned, manually (w/Hex editor) one can change a jmp or something on a
dll, but saving would be problem. Then ther are hypothisis about storing
first to the dllcache folder, then to the system folder, blah, blah…
they
dont work. Hmm, something interestng…-pro
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Lyndon J Clarke
Sent: Tuesday, April 20, 2004 7:51 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Registry for updating Microsoft driversRegistry for updating Microsoft driverstry this - google for something
like
‘disable system file protection’“Mark Shnaider” wrote in message news:xxxxx@ntdev…
> Hello,
> I have forgotten registry key that I need to change in order to update
> Microsoft drivers,
> for example I8042prt.sys.The Win200 restore original version after reboot.
> Thank in advice
> Mark
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@garlic.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@upek.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@garlic.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@arx.com
To unsubscribe send a blank email to xxxxx@lists.osr.com