FalconHawk
asked on
Adding a file to the Windows File Protection
Lets start with the beginning.... :)
I recently modded a few system files of windows to get another view of certain things. I modded the Ntoskrnl and i modded the bootscreen to show other images then the windows background and the standart bootup screen. They both work fine, and i havent had any trouble.
Now, the question. Because the files are modded and have another name (i put a new OS in that would us the other kernel), the windows file protection wont protect my new file. The question is, how can i add it to the WFP? The answer i DONT need is: "Boot in safe mode, delete the origional kernel and rename your file to ntsokrnl.exe to have file protection"
Thanks in Advance,
FHawk
I recently modded a few system files of windows to get another view of certain things. I modded the Ntoskrnl and i modded the bootscreen to show other images then the windows background and the standart bootup screen. They both work fine, and i havent had any trouble.
Now, the question. Because the files are modded and have another name (i put a new OS in that would us the other kernel), the windows file protection wont protect my new file. The question is, how can i add it to the WFP? The answer i DONT need is: "Boot in safe mode, delete the origional kernel and rename your file to ntsokrnl.exe to have file protection"
Thanks in Advance,
FHawk
ASKER
Thanks for the quick response RF. ill try that on my next reboot (which will be tomorrow, as im loaded with work :( )
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Nice find Tolomir!! :)
Should probably work on XP.
RF
Should probably work on XP.
RF
Since the problem is the file protection, already existing in win2k, I see no problem with it. Even if that hacked kernel is not included in the windows file protection scheme, by any reason, it won't be overwritten by the protected copy of the original kernel, since it uses a different name.
So FalconHawk only has to modify the boot.ini according to the windows xp version:
ala (this is my own boot.ini "patched" like suggested in the article)
---
[boot loader]
timeout=30
default=multi(0)disk(0)rdi sk(0)parti tion(1)\WI NDOWS
[operating systems]
multi(0)disk(0)rdisk(0)par tition(1)\ WINDOWS="M icrosoft Windows XP Hacked Logo" /fastdetect /kernel=kernel01.exe
---
But since he already modified the bootlogo - my god I think, I've done that last time with OS/2 Warp - I have full trust in him.
@ FalconHawk: A feedback would be appreciated, of cause.
So it's Bedtime for me,
Tolomir
So FalconHawk only has to modify the boot.ini according to the windows xp version:
ala (this is my own boot.ini "patched" like suggested in the article)
---
[boot loader]
timeout=30
default=multi(0)disk(0)rdi
[operating systems]
multi(0)disk(0)rdisk(0)par
---
But since he already modified the bootlogo - my god I think, I've done that last time with OS/2 Warp - I have full trust in him.
@ FalconHawk: A feedback would be appreciated, of cause.
So it's Bedtime for me,
Tolomir
ASKER
"@ FalconHawk: A feedback would be appreciated, of cause."
The way you described is indeed how i modded my bootscreen. The only thing i missed (surptise surprise) was the use of a hex editor to replace the pallette with a new one, since my image wasnt made of system colours.. (i did it, works just fine)
For my question: let me rephrase it a little bit. The problem is not getting the WFP or making the screen, im more interested in the point if its safe. Can i be sure that my AV, and other software like windows wont go messing around with my new file? since its not a windows file? thats actually the question :) i mean, i dont want to have to reload the bootscreen every week or something.....
But of course, you already earned points ^^
The way you described is indeed how i modded my bootscreen. The only thing i missed (surptise surprise) was the use of a hex editor to replace the pallette with a new one, since my image wasnt made of system colours.. (i did it, works just fine)
For my question: let me rephrase it a little bit. The problem is not getting the WFP or making the screen, im more interested in the point if its safe. Can i be sure that my AV, and other software like windows wont go messing around with my new file? since its not a windows file? thats actually the question :) i mean, i dont want to have to reload the bootscreen every week or something.....
But of course, you already earned points ^^
Nope, i think, you are fine.
As it seems, windows itself doesn't care itself (might change in windows longhorn, the trusted computing....)
An antivirus solution will see no offence, since it will not match any malware. I mean you changed the bitmap...
I think, even if you file would be added to WFP, an overeager antivirus or antispyware solution would still kill the file everytime after leaving WFP. So the website I got the idea from, would have mentioned such a problem.
Tolomir
As it seems, windows itself doesn't care itself (might change in windows longhorn, the trusted computing....)
An antivirus solution will see no offence, since it will not match any malware. I mean you changed the bitmap...
I think, even if you file would be added to WFP, an overeager antivirus or antispyware solution would still kill the file everytime after leaving WFP. So the website I got the idea from, would have mentioned such a problem.
Tolomir
ASKER
Well, i guess thats all i need to know. The only warning i read was about updating windows, but only if you changed the file name and deleted the origional. Thanks, and enjoy the points ^^
ok, thank you.
Try adding a copy of the file(s) to the dllcache folder.
Maybe, do this in Safe mode.
Good luck!
RF