Windows File Protection

OSR_Community_User · February 25, 2002, 8:55am

Hi All,

I’m trying to copy the fastfat.sys compiled in checkbuild mode to the system32 folder on windows 2000. But it is not getting copied. Once i reboot the system, the same original file will be there as Windows File Protection is turned on. I just wanted to know how to disable the same. I tried setting the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon \SFCDisable to 1 but no use. It is mentioned that setting SFCDisable require a kernel debugger to be hooked up. If a kernel debugger is not hooked up, Windows File Protection is not disabled. I’ve no idea about the kernel debugger.

Thanks in advance
Sincerely
ML

Nathan_Nesbit · February 25, 2002, 12:48pm

Believe it or not the docs are correct. You do need a kernel debugger
attached to the system for the disable key to be accepted.

D/l windbg from http://www.microsoft.com/ddk/debugging and hook it up as
described in it’s documentation.

More information about WFP can be found at
http://www.microsoft.com/hwdev/driver/sfp/wfp.asp

-----Original Message-----
From: Nagaraja ML Sonale [mailto:xxxxx@rediffmail.com]
Sent: Monday, February 25, 2002 5:51 AM
To: File Systems Developers
Subject: [ntfsd] Windows File Protection

Hi All,

I’m trying to copy the fastfat.sys compiled in checkbuild mode to the
system32 folder on windows 2000. But it is not getting copied. Once i
reboot the system, the same original file will be there as Windows File
Protection is turned on. I just wanted to know how to disable the same.
I tried setting the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon \SFCDisable to 1 but no use. It is mentioned
that setting SFCDisable require a kernel debugger to be hooked up. If a
kernel debugger is not hooked up, Windows File Protection is not
disabled. I’ve no idea about the kernel debugger.

Thanks in advance
Sincerely
ML

You are currently subscribed to ntfsd as: xxxxx@microsoft.com To
unsubscribe send a blank email to %%email.unsub%%

OSR_Community_User · February 25, 2002, 2:04pm

I use simpler (for me) solution. Just “hide” (move elsewhere) all “original”
drivers. I move whole \Driver Cache\i386 directory to other place so Windows
can’t find the “original” copy of driver and leave my driver alone.

-----Original Message-----
From: Nagaraja ML Sonale [mailto:xxxxx@rediffmail.com]
Sent: Monday, February 25, 2002 5:51 AM
To: File Systems Developers
Subject: [ntfsd] Windows File Protection

Hi All,

I’m trying to copy the fastfat.sys compiled in checkbuild mode to the
system32 folder on windows 2000. But it is not getting copied. Once i
reboot the system, the same original file will be there as Windows File
Protection is turned on. I just wanted to know how to disable the same.
I tried setting the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon \SFCDisable to 1 but no use. It is mentioned
that setting SFCDisable require a kernel debugger to be hooked up. If a
kernel debugger is not hooked up, Windows File Protection is not
disabled. I’ve no idea about the kernel debugger.

Thanks in advance
Sincerely
ML

You are currently subscribed to ntfsd as: xxxxx@microsoft.com To
unsubscribe send a blank email to %%email.unsub%%

You are currently subscribed to ntfsd as: 100xcd@100xcd.com
To unsubscribe send a blank email to %%email.unsub%%

OSR_Community_User · February 25, 2002, 2:10pm

Search MSDN. There is a registry key to turn this off.
OSR also has a program you can download to do this for you.

Jamey

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Vladimir Ignatov
Sent: Monday, February 25, 2002 11:00 AM
To: File Systems Developers
Subject: [ntfsd] RE: Windows File Protection

I use simpler (for me) solution. Just “hide” (move elsewhere) all
“original” drivers. I move whole \Driver Cache\i386 directory to other
place so Windows can’t find the “original” copy of driver and leave my
driver alone.

-----Original Message-----
From: Nagaraja ML Sonale [mailto:xxxxx@rediffmail.com]
Sent: Monday, February 25, 2002 5:51 AM
To: File Systems Developers
Subject: [ntfsd] Windows File Protection

Hi All,

I’m trying to copy the fastfat.sys compiled in checkbuild mode to the
system32 folder on windows 2000. But it is not getting copied. Once i
reboot the system, the same original file will be there as Windows
File Protection is turned on. I just wanted to know how to disable the

same. I tried setting the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon \SFCDisable to 1 but no use. It is
mentioned
that setting SFCDisable require a kernel debugger to be hooked up. If
a
kernel debugger is not hooked up, Windows File Protection is not
disabled. I’ve no idea about the kernel debugger.

Thanks in advance
Sincerely
ML

You are currently subscribed to ntfsd as: xxxxx@microsoft.com To
unsubscribe send a blank email to %%email.unsub%%

You are currently subscribed to ntfsd as: 100xcd@100xcd.com To
unsubscribe send a blank email to %%email.unsub%%

You are currently subscribed to ntfsd as: xxxxx@storagecraft.com To
unsubscribe send a blank email to %%email.unsub%%

OSR_Community_User · February 25, 2002, 2:22pm

Jamey,

you wrote on Monday, February 25, 2002, 20:07:19:

JK> Search MSDN. There is a registry key to turn this off.

There was an undocumented key value that could be used to completely
turn off WFP, but has been removed in W2K SP2 and later. The documented
registry keys that turn off WFP work only if a kernel debugger is
attached.

JK> OSR also has a program you can download to do this for you.

Or try http://www.collakesoftware.com/CSdownloads.htm#WfpAdmin

Ralf.