Replace in use files protected by WFP

G

Guest

Hi,
This isn't really a security question, but I think that the answer may
come from how security patches are deployed.

I need to replace a system file (C:\Winnt\System32\dbghelp.dll) that is
protected by Windows File Protection on a Windows 2000 SP 4 server. While
the OS is up, the file is locked. I've tried several different ways to do
it, but the WFP seems to throw most of them off. I know that some patches
and service packs replace in use files, so I know that there is a way to do
it. Here are some of the things I've tried:

inuse.exe
http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/inuse-o.asp
inuse.exe C:\temp\dbghelp.dll c:\winnt\system32\dbghelp.dll /y
c:\winnt\system32\dbghelp.dll is protected by WFP

mv.exe
mv.exe /x /d C:\temp\dbghelp.dll c:\winnt\system32\dbghelp.dll
Seems to work, but on reboot, the old file is still there (I think because
of WFP)

Registry Change
http://support.microsoft.com/?kbid=181345
On reboot the old file is still there (I think because of WFP)

Any help would be greatly appreciated!
Thanks,
Ishmeal
 
K

Karl Levinson, mvp

When trying to defeat WFP, the first thing you have to do is replace the
copy of the file in the hidden %windir%\system32\dllcache\ folder. After
that, at least one the things you already tried should hopefully work, such
as mv.exe
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Include files into wfp? 2
WFP Errors 4
How to replace msvcrt.dll? 21
Conflict with Patch MS04-038 (834707) and MS04-037 (841356) 2
Virus on 2000 machine 2
Have I been hacked? How do I fix it? 2
accessing file protected by wfp 1
Deadlocks in MAPI 1

Top