LOL
It doesn't work the way you think. It never asks for a CD.
;-)
::The Unknown P... wrote:::::
If you go>start\run and type in sfc /scannow
I run it from the Command prompt. No need for the extra clicking.
the system will do a System File Check.
Well, what does it check? I ran sfc /purgecache first. That is one
question that needs an answer.
You will need your XP CD or your Recovery CD if an
OEM of XP.
That is untrue. It does not ask for a CD anymore.
This compares the present os files with the originals
That is untrue, the originals are themselves and there is nothing to
compare against. I'm not sure "what" YOU are referring to. Why
compare an ntdll.dll thats been updated 2 or 3 times, with an
original ntdll.dll on a CD that is 3 years outdated? There is no use
in such behaviors. And it doesn't ask for a CD or even look for
a CD anymore.
and replaces any missing or corrupt files with the ones found
on the disk.
It is NOT doing what you say it should do. I don't think it likes
you.
If you need any other parameters you go>start\run and type in
cmd and hit ok.
I just click on the Cmd.exe shortcut. You know how you can
place a cmd.exe shortcut in the right click menu? I have done
similar things in the past, but I really would like to place it at
the top of the Explorer list for right clicks. That way I don't
have to move down to the taskbar.
Now type in sfc /? and you will get all the parameters
LOL Really? See my previous post about pulling functions out
of sfc.dll. Very interesting. Take a look at this:
File Name: SFC.EXE
File Type: EXECUTABLE IMAGE
Section Examined: IMPORTS
Section contains the following imports:
msvcrt.dll
77C33632 98 __set_app_type
77C1EB68 85 __p__fmode
77C1EB4A 80 __p__commode
77C5D388 B6 _adjust_fdiv
77C48F60 9A __setusermatherr
77C379DB 13A _initterm
77C1E8AF A4 __wgetmainargs
77C5C9EC A5 __winitenv
77C33EB0 ED _except_handler3
77C37B00 C8 _cexit
77C31269 4E _XcptFilter
77C37AEE F6 _exit
77C37B11 C5 _c_exit
77C31F83 2F3 setlocale
77C426B8 228 _wcsicmp
77C4299A 22C _wcsnicmp
77C1D7F9 338 wcstoul
77C5AC80 13E _iob
77C3CD6E 323 vswprintf
77C37ADC 28F exit
77C4A658 D6 _controlfp
77C43DBC 32C wcslen
77C3EE11 320 vfwprintf
ADVAPI32.dll
77DD609C DF FreeSid
77DD1EB4 38 CheckTokenMembership
77DD60A2 1D AllocateAndInitializeSid
KERNEL32.dll
77F5157D 15A GetLastError
77E7F295 E1 FormatMessageW
77E79A45 238 LocalFree
77E707A7 275 ProcessIdToSessionId
77E78406 150 GetFileType
77E76052 375 WriteConsoleW
77E80656 130 GetCurrentProcessId
77E79F93 167 GetModuleHandleA
77E79881 234 LocalAlloc
77E79C3D 19E GetStdHandle
RPCRT4.dll
77D28400 7A NdrClientCall2
USER32.dll
77D4A92C 2D9 wsprintfW
sfc_os.dll
10010AC Import Address Table
1001CE8 Import Name Table
FFFFFFFF time date stamp
FFFFFFFF Index of first forwarder reference
76C693D6 Ordinal 4
76C69471 Ordinal 6
76C69395 Ordinal 3
Header contains the following bound import information:
Bound to msvcrt.dll [3B7DFE0E] Sat Aug 18 01:33:02 2001
Bound to ADVAPI32.dll [3B7DFE0E] Sat Aug 18 01:33:02 2001
Bound to KERNEL32.dll [3B7DFE0E] Sat Aug 18 01:33:02 2001
Contained forwarders bound to NTDLL.DLL [3B7DE01E] Fri Aug 17 23:25:18
2001
Bound to RPCRT4.dll [3B7DFE0E] Sat Aug 18 01:33:02 2001
Bound to USER32.dll [3B7DFE0E] Sat Aug 18 01:33:02 2001
Bound to sfc_os.dll [3B7DFE12] Sat Aug 18 01:33:06 2001
'-----------------------------------------------
It is very interesting to note that it is bound to sfc_os.dll. And it is
not bound to sfc.dll, which holds the two functions that I previously
was inquiring about. And I don't see the connections to sfc_os.dll.
So the connections are hidden? Do you know what the deal is with
that? I'm wondering if it is plain data that is held in that file?
I see the following for sfc_os.dll:
File Name: sfc_os.dll
File Type: DLL
Section contains the following exports for sfc_os.dll
0 characteristics
3D6D9F5D time date stamp Thu Aug 29 00:13:17 2002
0.00 version
1 ordinal base
11 number of functions
4 number of names
ordinal hint RVA name
8 0 00009736 SfcGetNextProtectedFile
9 1 00009841 SfcIsFileProtected
10 2 00012D40 SfcWLEventLogoff
11 3 000137F9 SfcWLEventLogon
1 0000EB10 [NONAME]
2 0000E9CE [NONAME]
3 00009345 [NONAME]
4 00009386 [NONAME]
5 000093A0 [NONAME]
6 00009421 [NONAME]
7 00009463 [NONAME]
That is very interesting there, as well. I will need to explore what
is in the NONAME things.
Oh, it looks like they are internally called functions, maybe
jumped to through certain conditions. T
I hope this is what you want. Welcome to the eXPeriance. {:~)
Thanks, but you were way off target. Feel free to read along. I
meant to post this information to the VB newsgroup, but had a
little too much too drink last night. ;-)
By the way, the list of files that are protected by the system is
contained inside sfcfiles.dll.
There is one exported function inside sfcfiles.dll:
SfcGetFiles
And there is no documentation about it in the Platform SDK.
There is documentation about the other two functions which
is found in both sfc.dll and sfc_os.dll.
The sfc.dll is a small wrapper. It holds the functions listed in
sfc_os.dll and forwards those function calls to sfc_os.dll.
There are also a couple extra functions inside sfc.dll which
forward the calls to sfc_os.dll:
SfcGetNextProtectedFile (forwarded to sfc_os.SfcGetNextProtectedFile)
SfcIsFileProtected (forwarded to sfc_os.SfcIsFileProtected)
SfcWLEventLogoff (forwarded to sfc_os.SfcWLEventLogoff)
SfcWLEventLogon (forwarded to sfc_os.SfcWLEventLogon)
And the functions inside of sfc.dll that are NOT forwarded:
SRSetRestorePoint
SRSetRestorePointA
SRSetRestorePointW
SfpVerifyFile
I still have to did deeper unless someone else knows more.
Thanks for your comments!