How to use a kernel debuger

Im trying to set HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SFCDisable = 1 (Decimal) to disalble SFC.
To do so the KB article (http://support.microsoft.com/kb/222473) says I must hook up a kernel debuger and to make it work.  I have windbg installed but can't get it to connect no do I know what to do after that?
DigitalGlobeISSystem AdminAsked:
Who is Participating?
 
briancassinConnect With a Mentor Commented:
I was assuming you were using windows XP

yes you should be able to modify that address since that is the original dll. The system is going to keep the dll in use because the SFC always is running.

You'll need to create a BART PE bootdisk then put it in the PC reboot it so that you boot from bart and then use it's built in file manager along with a hex editor (you will have to download the hex editor ahead of time and save it to the hard drive so you can access it in bart) as mentioned in the above article.

here is where you can get bart from http://www.nu2.nu/pebuilder
0
 
briancassinCommented:
Here is a better guide as the microsoft information is no longer accurate after service pack they replaced the DLL that runs it and therefore that procedure in that KB will no longer work without some additional work

http://www.windowsnetworking.com/articles_tutorials/Tweaking-XP-Windows-File-Protection-SP2.html


0
 
briancassinCommented:
You can also use this tool here

http://www.litepc.com/xppreview.html

which can remove the windows file protection but you would have to rebuild your windows os. You can also do it using Nlite which is free http://www.nliteos.com
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
DigitalGlobeISSystem AdminAuthor Commented:
The problem is that I am using Server 2003 and the SFC_OS.dll files are different.
I tried modifying the XP pre SP2 SFC_OS.dll and copying to dllcache and system32 and overwriting but it did not work.  I has the original Server 2003 SFC_OS.dll in there.  The DOS copy did complete but after I rebooted the original was back.  Also I was going to just modify the SFC_OS.dll (at the same 0xECE9 location) from Server 2003 but now it is "In use" all the time and I cant change it.
0
 
DigitalGlobeISSystem AdminAuthor Commented:
OK, I'll try that.
0
 
DigitalGlobeISSystem AdminAuthor Commented:
This worked, it took me a while to figure out I had to use the Win2K3 cd for the source files.

Thanks
0
 
briancassinCommented:
no problem glad it worked :)
0
All Courses

From novice to tech pro — start learning today.