|
Squidge
Now I'm curious about some things.
Service packs can update it easily by moving files into the cache, setting the checksum and then asking for a version update.
Sounds really interesting. Would you be more precise? I'd like to hear the technical details!
Now I realise, that patching sfc.dll is not the best thing to do! You, perhaps, can modify the list of files returned by sfcfiles.dll API SfcGetFiles. The array looks like:
.data:68012000 arr_of_files dd 0 ; DATA XREF: sub_6801109C+54�o
.data:68012000 ; sfcfiles_1+33o
.data:68012004 dd offset aSystemrootSyst ; "%systemroot%\\system32\\12520437.cpx"
.data:68012008 dd 0
.data:6801200C dd 0
.data:68012010 dd offset aSystemrootSy_0 ; "%systemroot%\\system32\\12520850.cpx"
.data:68012014 dd 0
.data:68012018 dd 0
.data:6801201C dd offset aSystemrootSy_1 ; "%systemroot%\\system32\\drivers\\1394bus.s"...
So, you find you name here, substitute it with the anything you want, and, perhaps, you may now forget about the WFP for the concrete file, BUT! It is not a proper way of doing things!
Unless you know Microsoft's checksumming algorithm
Any ideas where I can find it? Do you mean a PE checksum or sth more sophisticated? Give me more info, please!
|
Threaded Mode
