What for to replace system files? The system
files are special files used by the Operative System (OS) for
several things; some of them are containers of icons, others contain
window dialogs, etc. Some people (like me) use to tweak these
files in order to modify the Windows GUI appearance or behavior,
changing the icons embedded in the files or modifying the dialog
boxes changing, adding or removing stuff of them.
There are some few different techniques to accomplish this mission,
all of them secure and fast, but some are faster (or safer) than
others. I’ll cover at least three of them so you’ll
be able to choose the best for you. In one of them, you’ll
need to use your Windows XP installation disc, so please get it
handy. Ok, here we go.
WFP (Windows File Protection). These special
files are stored mainly in two system folders, called System32
and Dllcache. In the System32 folder are stored
all the files that are being used by the OS (with some exceptions),
and they’re “untouchables” if the system is
running in normal way, because Windows is doing use of this files
to work. In the Dllcache are stored the files used as
back-up by the OS. These folders are located here (where “X”
is your XP installation drive letter):
X:\Windows\System32\
X:\Windows\System32\Dllcache\
In order to properly understand the function of these folders,
you must understand what the WFP (Windows File
Protection) system is and how it works. Well, WFP
is a trick used by the OS in order to prevent possible attacks
to the system from external sources, for example viruses, trojans
or malicious programs. The system protects itself keeping “healthy”
copies of the main files used by the OS in a hidden folder (Dllcache)
and using them when a system file is overwritten by an unknown
process, in this way, when you replace a file used by the OS and
recognized as a “system file” the OS automatically
will replace it with its “healthy” copy, making impossible
a virus propagation and stopping any possible attack.
So, WFP is something very good when we’re
talking about security, but it’s a real pain in the ass
when you want to update your system manually, because, unless
you coax WFP, you won’t be able to do it.
In the next steps we’ll learn some tricks in order to temporary
coax WFP and, in other cases, deactivate it at
all.
Dealing with hidden files and folders and with system
protected files. Another possible obstacle will be an
inherent property to all the system files in Windows. Microsoft
think that, if you’re unable to see the “dangerous”
files in your system, you’ll be unable to break down their
nice OS, so they use a feature in the OS that hide some important
files and folders, and we’ll need to disable it in order
to replace our system files. We’ve talked before about two
system folders (System32 and Dllcache) where
our system files are stored. Well, one of them is a “system
protected folder”, so you’ll be unable to see it unless
you disable this property. Power and advanced users surely have
disabled it ages ago, but for the newbies, here is the way to
do it:
Open any explorer window (such as My Computer). Select "Tools
-> Folder options" from the main menu. Select
the "View" tab, search in
the list the option "Hidden files and folders"
and check "Show hidden files and folders".
Now scroll down a bit through the list and you'll see the option
"Hide protected operating system files".
If it's checked, please uncheck it and click "Ok".
That's all, now you'll see all the existing files in your system.
Ok, first obstacle saved. Now for the fun!
First
Technique (the good)
