I was wondering if any of you guys know how to turn WFP off without having to patch the sfc_os.dll/sfc.dll.

There is a nice utility named WfpAdmin the problem with it is that it is not free and I would like to write my own utility to do this.

Thanks in advance

YEP, I search for that answer too!

what exactly are the limitations of the wfpadmin, i downloaded it from the main site, and ran the console version,and i dont get any warning about a trial/limitation

A while ago I downloaded that application and the console version was completely unusable. In fact, I don't think it was even included in the trial version. Would you mind uploading the version you downloaded? I've been looking for the console version of that application for months.

www.collakesoftware.com

maybe someone can crack it
ive seen only 2 bad cracks for it that only reset the day-counter but not make it a full version.. also i can't use the console version because u can only use it in a full registered version.. i dont gonna buy this shit becuz it's some basics for windows.. dont gonna pay money for it :s :s :s

if someone is able to crack it then crack it!

The console version does not work (try specifying command arguments) in the 1.03 trial. Haven't tried any others but don't think they'll work.

ahhh yes youre write, it says console iso nly available in full mode, hadnt tried it with sommands yet so hadnt seen that

mm i hardly need that if someone has the full version .. it will help me ALOT !

I wouldn't mind more technical insight on how it does exactly disable wfp for certain files. Well looks like some debugging is needed :\

well , the creator find a way to bypass wfp after windows made it impossible to disable wfp with that value , so the program is now needed .. plz if anyone gets the program share it with us ..

Don't know if this will help you any, but...

Do a search for the file that you want to replace, quickly delete both instances. If you don't catch the file in the service pack directory quick enough WFP will use it to replace the original one. I have tested this

There was mention on another post about replacing the file with your version and insuring the file details are the same, I haven't tested this.

btw i think when file is deleted from dllcache dir and deleted from windir , it is lost forever but displays a message saying plz insert windows xp cd

Yup, boshcash that is what is happening when you delete them both. Filling the file with NOPs, 0s at the end in order to have a similar size than the previous one does not work either.

I'm wondering how MS patches circumvent WFP.

i hardly need that wfpadmin or any other program that does the same thing , or i wanna know how to disable the wfp manually at windows xp (totally disable it)

There are several guides on how to patch dll files with your hex editor to disable WFP (you still got to set a registry key in order to disable it completely then). One of them is on the wfpadmin site.