Installation, updates, general problem solving and assistance.
User avatar
PROBLEMCHYLD
VIP
Posts: 619
Joined: 2013-03-22 12:55

2013-07-12 15:24 »

Here we go guys. I have been working on this project for many years and have asked for help in many other forums. I didn't get the assistance I needed due to lack of interest. I am not giving up on this because I'm not a quitter. I have most of the work done and all I need to do is find the proper offset to patch. Here is the big problem, I don't know how to hex and find the right offsets. I do know how to use hex edit tools though. What I have here is two dumps and hoping one of you guys can help me. What we are looking to patch is the hash check, timestamps, version check etc... so SR can replace the necessary files. I have learned, system restore does a unique check from the catalog file and if the files doNOT match the catalog file hashes, timestamps, version, it fails. That's all folks!

SFCDLL.DOC
(530.85 KiB) Downloaded 244 times
SFPDLL.DOC
(2.35 MiB) Downloaded 222 times

User avatar
!
25%
Posts: 2528
Joined: 2013-02-25 18:36

2013-07-12 18:43 »

Wow, this is so much beyond my knowledge, it's not even funny. :oops:

Drugwash

2013-07-15 15:22 »

I'll try and take a look at that, but first of all I need to understand how it works, because I never cared about this system, it actually annoyed the heck outta me when trying to replace Notepad with Metapad in XP. It may be of help at times, however. Please do not get your hopes too high though. :oops:

User avatar
PROBLEMCHYLD
VIP
Posts: 619
Joined: 2013-03-22 12:55

2013-07-16 01:48 »

Thanks friend. Its a great tool and it can be tweaked and used for a full system backup tool. I just need to bypass it when it does all them checks (timestamps, file version, hash etc....)

User avatar
EMPTORXC
0%
Posts: 42
Joined: 2013-07-11 23:32

2013-08-05 15:14 »

If you could say the versions of those files, which OS install you sourced them from
(before you dropped them into 98)

User avatar
EMPTORXC
0%
Posts: 42
Joined: 2013-07-11 23:32

2013-08-07 17:40 »

OK, read all this then come back....
viewtopic.php?f=1&t=71&start=10
So the files are sourced from WinME.
So it's placing the System Restore capability from ME into 98, specifically the
capability to do SR, - BUT wants to disable the System File Protection (SFP)
feature (also called Windows File Protection in later OSes).
_
(P.S. Hey, but didn't non-OEM Windows ME CD's have MSBACKUP on them...
I guess the SFP feature still has to be disabled; assuming that's achieved, then
Msbexp.exe not suitable for backups because... __ ?)

User avatar
EMPTORXC
0%
Posts: 42
Joined: 2013-07-11 23:32

2013-08-19 15:51 »

SFC.DLL, size 41232 bytes, viewed in notepad has version 4.90.0.2533
and that file opened in Borg Disassembler v2.28 as PE Executable,
Resources & Debug & Data & 32-bit Disassembly & Demangle selected,
shows the following...

1000:761142e4--DisableSFP:
1000:761142e4--55---------------------push----ebp
1000:761142e5--8bec------------------mov-----ebp, esp
1000:761142e7--6aff-------------------push----0ffh
1000:761142e9--6890231176--------push----offset loc_76112390
1000:761142ee--6810591176--------push----offset loc_76115910
1000:761142f3--64a100000000------mov-----eax, fs:dword ptr [00h]
1000:761142f9--50----------------------push----eax
1000:761142fa--64892500000000---mov-----dword ptr fs:[00h], esp
1000:76114301--83ec14---------------sub------esp, 14h
1000:76114304--53---------------------push----ebx
1000:76114305--56---------------------push----esi
1000:76114306--57---------------------push----edi
1000:76114307--8965e8---------------mov-----[ebp-18h], esp
1000:7611430a--68e4791176--------push-----offset loc_761179e4
1000:7611430f--e8fdf5ffff--------------call------loc_76113911
1000:76114314--87c0-------------------test-----eax, eax
1000:76114316--7537------------------jnz-------loc_7611434f
etc...
any use?

User avatar
Steven W
VIP
Posts: 1128
Joined: 2013-08-10 22:40

2013-10-04 04:28 »

Okay, maybe way off base here, but what did you do with sfc.exe in 98 SE? Did you remove or disable it somehow?

Post Reply