Iain Posted January 27, 2009 Share Posted January 27, 2009 I've been looking into WFP recently: how to disable it for a specific file and how to add a file that I'd like to be protected. I have XP Pro SP3 and understand that those files which are protected are listed in a .dll in c:\windows\system32. The .dll can be hex edited to alter one of the file names which will remove it's protection. However, I came across some comments about the PE Header checksum of the .dll requiring modification. I'm happy to use a hex editor to make the changes to the file name then use a live cd to move the .dll because I suspect that I can't do that whilst Windows is running. I'm afraid that editing the checksum in the PE Header is beyond me. Can anyone give any tips about how to do that? The other side of my experiment is to add a file that I might want to protect. Does anyone have any ideas about that? I hasten to add that I do not have any malicious intent (though I realise that any techniques used could be adapted for wrongdoing) but I simply want to investigate how WFP works. Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.