Jump to content
Tuts 4 You

Modifying Explorer


Scale

Recommended Posts

Posted

I want my explorer to be default on modifyed and i would also like to add find target from the shortcut menu to the shell menu,

But im unsure if this is a good idea to even attempt.

Any tips would be handy :)

Posted

well it could be done but just one remark windows has

something called (WFP) it's a file restoring feature

so that it restores the deleted system files not to have any troubles so simply

if you have a modified Explorer that you want to use you'll have to disable this feature or else

your file will be deleted after being replaced by the original and replaced back by the origial file

automaticly and as for giving some new touches you'll have to code some things and inject code to Explorer

but just be sure not to harm any byte in the file or else you won't have any Start Menu or Folders unless you have backup so be carefull with this file "I Prefere edittin g it with a Resource Editor like PE Explorer or Resource Hacker" !!

Posted
well it could be done but just one remark windows has

something called (WFP) it's a file restoring feature

so that it restores the deleted system files not to have any troubles so simply

if you have a modified Explorer that you want to use you'll have to disable this feature or else

your file will be deleted after being replaced by the original and replaced back by the origial file

automaticly and as for giving some new touches you'll have to code some things and inject code to Explorer

but just be sure not to harm any byte in the file or else you won't have any Start Menu or Folders unless you have backup so be carefull with this file "I Prefere edittin g it with a Resource Editor like PE Explorer or Resource Hacker" !!

WFP = windows file protection. Easily defeated by booting via a boot disk.

IIRC all the files it protects are written in plain text in one of the .dlls. Makes it extremely easy to remove protection permanently by patching the dll so that a file is not protected anymore.

Posted

If you delete windows/system32/dllcache folder then wfp can't restore original file.

Posted
well it could be done but just one remark windows has

something called (WFP) it's a file restoring feature

so that it restores the deleted system files not to have any troubles so simply

if you have a modified Explorer that you want to use you'll have to disable this feature or else

your file will be deleted after being replaced by the original and replaced back by the origial file

automaticly and as for giving some new touches you'll have to code some things and inject code to Explorer

but just be sure not to harm any byte in the file or else you won't have any Start Menu or Folders unless you have backup so be carefull with this file "I Prefere edittin g it with a Resource Editor like PE Explorer or Resource Hacker" !!

WFP = windows file protection. Easily defeated by booting via a boot disk.

IIRC all the files it protects are written in plain text in one of the .dlls. Makes it extremely easy to remove protection permanently by patching the dll so that a file is not protected anymore.

Do u happen to know which dll? ^^

Posted (edited)

Okay... the 'master copies' of files are in : "\Windows\System32\Dllcache". Every five seconds or so, the WFP will copy the originals back over the live versions ensuring that they cannot be tampered with (Good as it stops virus/malware altering core system files)

The list of files protected is in "c:\windows\system32\sfcfiles.dll". Patching this DLL allows you to

Edited by Loki
Posted

The other option is (rather than edit the list of protected files) to get explorer.exe (or whatever), modify it, and then replace it in the dllcache folder so that when WFP copies it back, it is copying your already modified version.

This then ensures WFP is doing its job in terms of protecting the files from further modification by virus etc.

Posted

ohh damn it !!

deleting folders and files screws too much

an easy method is using a reg key to do your nasty job

and disale the WFP and that's it another way using safeXP ??

or any other tool that gives you possibility to modify such settings in windows.......

Posted

there's a registry setting you can use to replace files on bootup (just like hotfixes do) google it.

Just put the file into dllcache first, and it circumvents the protection. If it's a driver like file or something (like psapi.dll) you'' have to replace it by hand, using a boot cd like Hiren's or similar.

I use transperentis (win2k) and it patches explorer, it does so in this manner described.

Posted

Ok one problem,

I recently reinstalled win xp havent done any assembly in a while now when i try to attach i get access denied...

(with all apps) I have admin rights, when i do windows system exploit i can attach.

windows system exploit:

use at command to start a command prompt as system kill explorer and restart explorer with the system command prompt viola max rights but i lose my desktop etc etc.

What is preventing me from attaching??

Posted

the usage of the explorer it's still in the current process some times

so try using File Unlocker to unlock it from any related processesa and

then attach it but any way you said you had a modified file from explorer

right so if you want your desktop for a while end the original explorer process

and put thge modified ine in another directory and start it using the task manager "run"

or new task button choose the file and it'll work perfect after that work on it and debug while

running another one but it's only for testing so try using a file that doesn't contain too many errors !!

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...