Modifying Explorer

March 29, 2007

I want my explorer to be default on modifyed and i would also like to add find target from the shortcut menu to the shell menu,

But im unsure if this is a good idea to even attempt.

Any tips would be handy

March 30, 2007

well it could be done but just one remark windows has

something called (WFP) it's a file restoring feature

so that it restores the deleted system files not to have any troubles so simply

if you have a modified Explorer that you want to use you'll have to disable this feature or else

your file will be deleted after being replaced by the original and replaced back by the origial file

automaticly and as for giving some new touches you'll have to code some things and inject code to Explorer

but just be sure not to harm any byte in the file or else you won't have any Start Menu or Folders unless you have backup so be carefull with this file "I Prefere edittin g it with a Resource Editor like PE Explorer or Resource Hacker" !!

March 30, 2007

well it could be done but just one remark windows has
something called (WFP) it's a file restoring feature
so that it restores the deleted system files not to have any troubles so simply
if you have a modified Explorer that you want to use you'll have to disable this feature or else
your file will be deleted after being replaced by the original and replaced back by the origial file
automaticly and as for giving some new touches you'll have to code some things and inject code to Explorer
but just be sure not to harm any byte in the file or else you won't have any Start Menu or Folders unless you have backup so be carefull with this file "I Prefere edittin g it with a Resource Editor like PE Explorer or Resource Hacker" !!

WFP = windows file protection. Easily defeated by booting via a boot disk.

IIRC all the files it protects are written in plain text in one of the .dlls. Makes it extremely easy to remove protection permanently by patching the dll so that a file is not protected anymore.

March 30, 2007

If you delete windows/system32/dllcache folder then wfp can't restore original file.

March 30, 2007

well it could be done but just one remark windows has
something called (WFP) it's a file restoring feature
so that it restores the deleted system files not to have any troubles so simply
if you have a modified Explorer that you want to use you'll have to disable this feature or else
your file will be deleted after being replaced by the original and replaced back by the origial file
automaticly and as for giving some new touches you'll have to code some things and inject code to Explorer
but just be sure not to harm any byte in the file or else you won't have any Start Menu or Folders unless you have backup so be carefull with this file "I Prefere edittin g it with a Resource Editor like PE Explorer or Resource Hacker" !!
WFP = windows file protection. Easily defeated by booting via a boot disk.
IIRC all the files it protects are written in plain text in one of the .dlls. Makes it extremely easy to remove protection permanently by patching the dll so that a file is not protected anymore.

Do u happen to know which dll? ^^

March 30, 2007

Okay... the 'master copies' of files are in : "\Windows\System32\Dllcache". Every five seconds or so, the WFP will copy the originals back over the live versions ensuring that they cannot be tampered with (Good as it stops virus/malware altering core system files)

The list of files protected is in "c:\windows\system32\sfcfiles.dll". Patching this DLL allows you to

Edited March 30, 2007 by Loki

March 30, 2007

The other option is (rather than edit the list of protected files) to get explorer.exe (or whatever), modify it, and then replace it in the dllcache folder so that when WFP copies it back, it is copying your already modified version.

This then ensures WFP is doing its job in terms of protecting the files from further modification by virus etc.

March 30, 2007

ohh damn it !!

deleting folders and files screws too much

an easy method is using a reg key to do your nasty job

and disale the WFP and that's it another way using safeXP ??

or any other tool that gives you possibility to modify such settings in windows.......

March 30, 2007

there's a registry setting you can use to replace files on bootup (just like hotfixes do) google it.

Just put the file into dllcache first, and it circumvents the protection. If it's a driver like file or something (like psapi.dll) you'' have to replace it by hand, using a boot cd like Hiren's or similar.

I use transperentis (win2k) and it patches explorer, it does so in this manner described.

March 30, 2007

Ok one problem,

I recently reinstalled win xp havent done any assembly in a while now when i try to attach i get access denied...

(with all apps) I have admin rights, when i do windows system exploit i can attach.

windows system exploit:

use at command to start a command prompt as system kill explorer and restart explorer with the system command prompt viola max rights but i lose my desktop etc etc.

What is preventing me from attaching??

March 31, 2007

the usage of the explorer it's still in the current process some times

so try using File Unlocker to unlock it from any related processesa and

then attach it but any way you said you had a modified file from explorer

right so if you want your desktop for a while end the original explorer process

and put thge modified ine in another directory and start it using the task manager "run"

or new task button choose the file and it'll work perfect after that work on it and debug while

running another one but it's only for testing so try using a file that doesn't contain too many errors !!

Sign In

Modifying Explorer

Recommended Posts

Scale

Angel-55

Loki

GaBoR

Scale

Loki

Loki

Angel-55

Fungus

Scale

Angel-55

Create an account or sign in to comment

Create an account

Sign in

Community

Search