Sign in to follow this  
Followers 0
Dougiefresh

Need help disabling WFP for a single file....

6 posts in this topic

#1 ·  Posted (edited)

I am trying to write a program to patch the resources for an operating system. The project is called XP Theme Source Patcher. One of the problems I've had in patching a Live System is Windows File Protection does not allow me to replace files that I've copied to a different location and then patched.

I found this code, which disables WFP for a period of 1 minute. I'm not sure how to implement the code so that I can call it as a function. Can anyone help me?

Hack Method 3: Disable WFP on a specific file for 1 minute via undocumented SFC API

The SFC_OS.DLL module exports another very useful undocumented, unnamed API at oridinal 5: SfcFileException. This handy API will register a temporary SFC exception for specific file, allowing the file to be updated. The period the exception is in place is currently one minute.

Ordinal 5:

DWORD WINAPI SfcFileException(DWORD dwUnknown0, PWCHAR pwszFile, DWORD dwUnknown1);

dwUnknown0 Unknown. Set to 0

pwszFile Filename

dwUnknown1 Unknown. Set to -1

The return value is 0 if success, or 1 if an error occurred (usually that the file is not protected by WFP).

An example call to this API is:

SetSfcFileException(0, L"c:\\windows\\notepad.exe",-1);

Edited by Dougiefresh

Share this post


Link to post
Share on other sites



I found some info on the AutoIt forum. Does this look right for this DLL call?

DllCall("SFC_OS.DLL", "dword", 0, "str", "c:\windows\notepad.exe", "dword", -1)

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

Something like

DllCall("user32.dll", "dword", "SfcFileException", "dword", 0, "str", "C:\WINDOWS\notepad.exe", "dword", -1)

EDIT::

Though, Dont know if it works. As for me it returns 0 for notepad, and autoit3.exe.

Edited by AzKay

# MY LOVE FOR YOU... IS LIKE A TRUCK- #

Share this post


Link to post
Share on other sites

Well, the function supposedly isn't in User32.dll.... It's in SFC_OS.dll. Looking at the help file, I realized that I had written it wrong. It would be:

$Result = DllCall("sfc_os.dll", "dword", "SfcFileException", "dword", 0, "str", "C:\WINDOWS\notepad.exe", "dword", -1)
MsgBox( 0, "", $Result & "//" & @error)
This code returns 0//3, 0 being the return value and 3 being the code for "function" not found in the DLL file.. I'm running XP SP3, maybe something changed between the OS that article was written for and SP3.... Oh, well... Here I thought I had a good lead on something....

Share this post


Link to post
Share on other sites

Meh, I just assumed DWORD WINAPI SfcFileException(DWORD dwUnknown0, PWCHAR pwszFile, DWORD dwUnknown1);, the WINAPI part, would have it user32.dll or something of the sort.


# MY LOVE FOR YOU... IS LIKE A TRUCK- #

Share this post


Link to post
Share on other sites

You have to call it with ordinal number: (Ordinal 5)

$Result = DllCall("sfc_os.dll", "dword", 5, "dword", 0, "str", "C:\WINDOWS\notepad.exe", "dword", -1)
Switch @error
    Case 0
        MsgBox( 0, "h", $Result[0])
    Case Else
        MsgBox( 0, "h", @error)
EndSwitch

*GERMAN* [note: you are not allowed to remove author / modified info from my UDFs]My UDFs:[_SetImageBinaryToCtrl] [_TaskDialog] [AutoItObject] [Animated GIF (GDI+)] [ClipPut for Image] [FreeImage] [GDI32 UDFs] [GDIPlus Progressbar] [Hotkey-Selector] [Multiline Inputbox] [MySQL without ODBC] [RichEdit UDFs] [SpeechAPI Example] [WinHTTP]UDFs included in AutoIt: FTP_Ex (as FTPEx), _WinAPI_SetLayeredWindowAttributes

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0