Here we go guys. I have been working on this project for many years and have asked for help in many other forums. I didn't get the assistance I needed due to lack of interest. I am not giving up on this because I'm not a quitter. I have most of the work done and all I need to do is find the proper offset to patch. Here is the big problem, I don't know how to hex and find the right offsets. I do know how to use hex edit tools though. What I have here is two dumps and hoping one of you guys can help me. What we are looking to patch is the hash check, timestamps, version check etc... so SR can replace the necessary files. I have learned, system restore does a unique check from the catalog file and if the files doNOT match the catalog file hashes, timestamps, version, it fails. That's all folks!
-
Drugwash
I'll try and take a look at that, but first of all I need to understand how it works, because I never cared about this system, it actually annoyed the heck outta me when trying to replace Notepad with Metapad in XP. It may be of help at times, however. Please do not get your hopes too high though. 
-
PROBLEMCHYLD
- Posts: 892
- Joined: 2013-03-22 12:55
Thanks friend. Its a great tool and it can be tweaked and used for a full system backup tool. I just need to bypass it when it does all them checks (timestamps, file version, hash etc....)
OK, read all this then come back....
viewtopic.php?f=1&t=71&start=10
So the files are sourced from WinME.
So it's placing the System Restore capability from ME into 98, specifically the
capability to do SR, - BUT wants to disable the System File Protection (SFP)
feature (also called Windows File Protection in later OSes).
_
(P.S. Hey, but didn't non-OEM Windows ME CD's have MSBACKUP on them...
I guess the SFP feature still has to be disabled; assuming that's achieved, then
Msbexp.exe not suitable for backups because... __ ?)
viewtopic.php?f=1&t=71&start=10
So the files are sourced from WinME.
So it's placing the System Restore capability from ME into 98, specifically the
capability to do SR, - BUT wants to disable the System File Protection (SFP)
feature (also called Windows File Protection in later OSes).
_
(P.S. Hey, but didn't non-OEM Windows ME CD's have MSBACKUP on them...
I guess the SFP feature still has to be disabled; assuming that's achieved, then
Msbexp.exe not suitable for backups because... __ ?)
SFC.DLL, size 41232 bytes, viewed in notepad has version 4.90.0.2533
and that file opened in Borg Disassembler v2.28 as PE Executable,
Resources & Debug & Data & 32-bit Disassembly & Demangle selected,
shows the following...
1000:761142e4--DisableSFP:
1000:761142e4--55---------------------push----ebp
1000:761142e5--8bec------------------mov-----ebp, esp
1000:761142e7--6aff-------------------push----0ffh
1000:761142e9--6890231176--------push----offset loc_76112390
1000:761142ee--6810591176--------push----offset loc_76115910
1000:761142f3--64a100000000------mov-----eax, fs:dword ptr [00h]
1000:761142f9--50----------------------push----eax
1000:761142fa--64892500000000---mov-----dword ptr fs:[00h], esp
1000:76114301--83ec14---------------sub------esp, 14h
1000:76114304--53---------------------push----ebx
1000:76114305--56---------------------push----esi
1000:76114306--57---------------------push----edi
1000:76114307--8965e8---------------mov-----[ebp-18h], esp
1000:7611430a--68e4791176--------push-----offset loc_761179e4
1000:7611430f--e8fdf5ffff--------------call------loc_76113911
1000:76114314--87c0-------------------test-----eax, eax
1000:76114316--7537------------------jnz-------loc_7611434f
etc...
any use?
and that file opened in Borg Disassembler v2.28 as PE Executable,
Resources & Debug & Data & 32-bit Disassembly & Demangle selected,
shows the following...
1000:761142e4--DisableSFP:
1000:761142e4--55---------------------push----ebp
1000:761142e5--8bec------------------mov-----ebp, esp
1000:761142e7--6aff-------------------push----0ffh
1000:761142e9--6890231176--------push----offset loc_76112390
1000:761142ee--6810591176--------push----offset loc_76115910
1000:761142f3--64a100000000------mov-----eax, fs:dword ptr [00h]
1000:761142f9--50----------------------push----eax
1000:761142fa--64892500000000---mov-----dword ptr fs:[00h], esp
1000:76114301--83ec14---------------sub------esp, 14h
1000:76114304--53---------------------push----ebx
1000:76114305--56---------------------push----esi
1000:76114306--57---------------------push----edi
1000:76114307--8965e8---------------mov-----[ebp-18h], esp
1000:7611430a--68e4791176--------push-----offset loc_761179e4
1000:7611430f--e8fdf5ffff--------------call------loc_76113911
1000:76114314--87c0-------------------test-----eax, eax
1000:76114316--7537------------------jnz-------loc_7611434f
etc...
any use?
