Government Security
Network Security Resources

Jump to content

How To Disable Tftp.exe, Ftp.exe And Net.exe

- - - - - windows bug cache
  • Please log in to reply
1 reply to this topic

#1 Guest_Alexander01_*

Guest_Alexander01_*
  • Guests

Posted 07 January 2004 - 02:13 AM

Windows 2000 and Win2k SP1 (NOT SP2+ or XP)



System Key: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

Value Name: SFCDisable

Data Type: REG_DWORD (DWORD Value)

Value Data: 0 = enabled (default), ffffff9d = disabled



Change the value of "SFCDisable" to equal "ffffff9d" to disable WFS or "0" to enable it. The other valid hexadecimal values are: 



1 - disabled, prompt at boot to re-enable 

2 - disabled at next boot only, no prompt to re-enable 

4 - enabled, with popups disabled 

ffffff9d - for completely disabled 



Restart Windows for the change to take effect. 



Additional Steps for Windows 2000 Service Pack 2 and Windows XP



This setting is disabled in Windows 2000 SP2+ and Windows XP, and needs to re-enabled using a hex editor and changing SFC.DLL

(or SFC_OS.DLL for Windows XP) following these instructions: (alternatively you can just replace 

the existing dll with the one from SP1 via boot disk or whatever.. then use the reg key.. but thats no fun is it?  )



Windows 2000 SP2 +



Make a backup the SFC.DLL in the C:\WINNT\SYSTEM32 directory. 

Make an additional copy of SFC.DLL called SFC1.DLL and open it in a hex editor. 

At offset 00006211 (6211h) you should find the values "8B" and "C6". Do not continue if you are unable to find these values. 

Change the values "8B C6" to read "90 90" and save the changes. 

Run these commands to update the system files: 

copy c:\winnt\system32\sfc1.dll c:\winnt\system32\sfc.dll /y

copy c:\winnt\system32\sfc1.dll c:\winnt\system32\dllcache\sfc.dll /y



If you are prompted to insert the Windows CD, click Cancel. 

Restart Windows for the change to take effect. 



Windows XP 



Make a backup the SFC_OS.DLL in the C:\WINDOWS\SYSTEM32 directory. 

Make an additional copy of SFC_OS.DLL called SFC_OS1.DLL and open it in a hex editor. 

Windows XP (no Service Pack)

At offset 0000E2B8 (0E2B8h) you should find the values "8B" and "C6". 

Windows XP (Service Pack 1)

At offset 0000E3BB (0E3BBh) you should find the values "8B" and "C6". 

Do not continue if you are unable to find these values. 

Change the values "8B C6" to read "90 90" and save the changes. 

Run these commands to update the system files: 

copy c:\windows\system32\sfc_os1.dll c:\windows\system32\sfc_os.dll /y

copy c:\windows\system32\sfc_os1.dll c:\windows\system32\dllcache\sfc_os.dll /y



If you are prompted to insert the Windows CD, click Cancel. 

Restart Windows for the change to take effect. 

Once these files have been updated apply the registry setting above. 



Alternatively you can also just start the machine with a debugger attached running the kernel with /DEBUG

I do this all the time for various reasons but I wouldnt advise this option unless you really know what your doing.


#2 Blake

Blake

    Former Commander In Chief

  • Retired Admin
  • 7,334 posts

Posted 07 January 2004 - 11:16 AM

Good Post Archived ;)





Also tagged with one or more of these keywords: windows, bug, cache