How to use a kernel debuger

Im trying to set HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SFCDisable = 1 (Decimal) to disalble SFC.
To do so the KB article (http://support.microsoft.com/kb/222473) says I must hook up a kernel debuger and to make it work.  I have windbg installed but can't get it to connect no do I know what to do after that?
DigitalGlobeISSystem AdminAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

briancassinCommented:
Here is a better guide as the microsoft information is no longer accurate after service pack they replaced the DLL that runs it and therefore that procedure in that KB will no longer work without some additional work

http://www.windowsnetworking.com/articles_tutorials/Tweaking-XP-Windows-File-Protection-SP2.html


0
briancassinCommented:
You can also use this tool here

http://www.litepc.com/xppreview.html

which can remove the windows file protection but you would have to rebuild your windows os. You can also do it using Nlite which is free http://www.nliteos.com
0
DigitalGlobeISSystem AdminAuthor Commented:
The problem is that I am using Server 2003 and the SFC_OS.dll files are different.
I tried modifying the XP pre SP2 SFC_OS.dll and copying to dllcache and system32 and overwriting but it did not work.  I has the original Server 2003 SFC_OS.dll in there.  The DOS copy did complete but after I rebooted the original was back.  Also I was going to just modify the SFC_OS.dll (at the same 0xECE9 location) from Server 2003 but now it is "In use" all the time and I cant change it.
0
Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

briancassinCommented:
I was assuming you were using windows XP

yes you should be able to modify that address since that is the original dll. The system is going to keep the dll in use because the SFC always is running.

You'll need to create a BART PE bootdisk then put it in the PC reboot it so that you boot from bart and then use it's built in file manager along with a hex editor (you will have to download the hex editor ahead of time and save it to the hard drive so you can access it in bart) as mentioned in the above article.

here is where you can get bart from http://www.nu2.nu/pebuilder
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DigitalGlobeISSystem AdminAuthor Commented:
OK, I'll try that.
0
DigitalGlobeISSystem AdminAuthor Commented:
This worked, it took me a while to figure out I had to use the Win2K3 cd for the source files.

Thanks
0
briancassinCommented:
no problem glad it worked :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software

From novice to tech pro — start learning today.