"sytem restore" overrules replacing 2000 cmd.exe with xp

[Walter Briscoe]

In a Windows 2000 Professional SP3 system,
I want to replace cmd.exe with an XP version.
I save and overwrite %windir%\system32\dllcache\cmd.exe and
%windir%\system32\cmd.exe.

Along comes what I assume is "System Restore" and my work is undone.

How do I do what I want to do other than by writing a C program to do so
which seems like a sledgehammer to crack a nut?

Can somebody point to a document comparing the two programs?

The first significant difference is in their sizes:
2002/07/22 19:05 236,304 cmd.exe the 2000 SP3 file
2001/08/23 13:00 375,808 cmd.exe the XP file

Such a large difference in size ought to represent a large change in
functionality.

The 1st significant functional difference is in the maximum command
length which changes from about 2000 to about 8000. (I decided to make
the change rather than split a 6500 character for command into 4.)

A trivial difference is in the layout of dir command output. Data to the
right of the date has been pulled left by 3 bytes. (I confirmed the XP
behaviour on an XP system.) I had to tweak/improve a script which relied
on the 2000 format.
Is there a better method of distinguishing 2000 and XP than with ver?

C:\) ver

Microsoft Windows XP [Version 5.0.2195]

C:\) %windir%\system32\cmd /c ver

Microsoft Windows 2000 [Version 5.00.2195]

C:\) dir %windir%\system32\cmd.exe
Volume in drive C has no label.
Volume Serial Number is 7CF6-0E82

Directory of C:\winnt\system32

2002/07/22 19:05 236,304 cmd.exe
1 File(s) 236,304 bytes
0 Dir(s) 540,717,568 bytes free

C:\) %windir%\system32\cmd.exe /c dir %windir%\system32\cmd.exe
Volume in drive C has no label.
Volume Serial Number is 7CF6-0E82

Directory of C:\winnt\system32

2002/07/22 19:05 236,304 cmd.exe
1 File(s) 236,304 bytes
0 Dir(s) 540,717,568 bytes free

C:\)

 

[Marty List]

In a Windows 2000 Professional SP3 system,
I want to replace cmd.exe with an XP version.
I save and overwrite %windir%\system32\dllcache\cmd.exe and
%windir%\system32\cmd.exe.

Along comes what I assume is "System Restore" and my work is undone.

How do I do what I want to do other than by writing a C program to do so
which seems like a sledgehammer to crack a nut?

Can somebody point to a document comparing the two programs?

The first significant difference is in their sizes:
2002/07/22 19:05 236,304 cmd.exe the 2000 SP3 file
2001/08/23 13:00 375,808 cmd.exe the XP file

Such a large difference in size ought to represent a large change in
functionality.

The 1st significant functional difference is in the maximum command
length which changes from about 2000 to about 8000. (I decided to make
the change rather than split a 6500 character for command into 4.)

A trivial difference is in the layout of dir command output. Data to the
right of the date has been pulled left by 3 bytes. (I confirmed the XP
behaviour on an XP system.) I had to tweak/improve a script which relied
on the 2000 format.
Is there a better method of distinguishing 2000 and XP than with ver?

C:\) ver

Microsoft Windows XP [Version 5.0.2195]

C:\) %windir%\system32\cmd /c ver

Microsoft Windows 2000 [Version 5.00.2195]

C:\) dir %windir%\system32\cmd.exe
Volume in drive C has no label.
Volume Serial Number is 7CF6-0E82

Directory of C:\winnt\system32

2002/07/22 19:05 236,304 cmd.exe
1 File(s) 236,304 bytes
0 Dir(s) 540,717,568 bytes free

C:\) %windir%\system32\cmd.exe /c dir %windir%\system32\cmd.exe
Volume in drive C has no label.
Volume Serial Number is 7CF6-0E82

Directory of C:\winnt\system32

2002/07/22 19:05 236,304 cmd.exe
1 File(s) 236,304 bytes
0 Dir(s) 540,717,568 bytes free

C:\)

System Restore is a Windows XP/ME feature. I don't think it exists in
Windows 2000. Maybe you are thinking of Windows File Protection?

Replacing the file in %windir%\system32\dllcache should do it, unless your
domain group policy is pointing your system to a network location for the
dllcache.

 

[Ritchie]

Replacing the file in %windir%\system32\dllcache should do it, unless your
domain group policy is pointing your system to a network location for the
dllcache.

WFP is smarter than that. Replacing the cached version of cmd.exe and
deleting the original from %windir%\system32 has the desired effect but
only until WFP kicks-in. For all intents and purposes WFP cannot be
disabled, not without a kernel debugger anyway. There were claims that
setting SFCDisable to 0xffffff9d would work but I never heard anyone
say, "it worked for me".

It's probably a good thing it's so difficult to disable, virus writers
would have a field-day. It certainly accounts for Win2000's reliability
when compared with W9x/ME/NT.

Walter, I think your best bet is to rename the XP cmd.exe to something
like cmdxp.exe, stick somewhere in your path and update the COMSPEC
environment variable.

--
Ritchie, undo for mail

References
----------

Description of the Windows File Protection Feature
http://support.microsoft.com/default.aspx?scid=kb;EN-US;222193

http://msdn.microsoft.com/library/d.../setup/windows_file_protection_start_page.asp

http://www.microsoft.com/whdc/hwdev/driver/sfp/wfp.mspx

http://www.collakesoftware.com/WfpAdmin/CSWfpAdmin.htm

 

[Dean Wells [MVP]]

WFP is smarter than that. Replacing the cached version of cmd.exe and
deleting the original from %windir%\system32 has the desired effect
but
only until WFP kicks-in. For all intents and purposes WFP cannot be
disabled, not without a kernel debugger anyway. There were claims that
setting SFCDisable to 0xffffff9d would work but I never heard anyone
say, "it worked for me".

It's probably a good thing it's so difficult to disable, virus writers
would have a field-day. It certainly accounts for Win2000's
reliability
when compared with W9x/ME/NT.

Walter, I think your best bet is to rename the XP cmd.exe to something
like cmdxp.exe, stick somewhere in your path and update the COMSPEC
environment variable.

Merely replacing each and every available copy of the desired file
within a couple of seconds of one another has worked for me in the past
(an error will appear to which I believe "Ignore" is the desired
response within this context). By available copy I am referring to the
SYSTEM32 and DLLCACHE directories and any available, Windows-known
install paths.

To be clear though, I would tend to agree with Ritchie's comments in
that this feature is designed to protect the OS ... and it actually
works quite well. Where possible, try and find another means of
achieving the desired result.

Dean

 

[Marty List]

WFP is smarter than that. Replacing the cached version of cmd.exe and
deleting the original from %windir%\system32 has the desired effect but
only until WFP kicks-in. For all intents and purposes WFP cannot be
disabled, not without a kernel debugger anyway. There were claims that
setting SFCDisable to 0xffffff9d would work but I never heard anyone
say, "it worked for me".

It's probably a good thing it's so difficult to disable, virus writers
would have a field-day. It certainly accounts for Win2000's reliability
when compared with W9x/ME/NT.

Walter, I think your best bet is to rename the XP cmd.exe to something
like cmdxp.exe, stick somewhere in your path and update the COMSPEC
environment variable.

--
Ritchie, undo for mail

References
----------

Description of the Windows File Protection Feature
http://support.microsoft.com/default.aspx?scid=kb;EN-US;222193

http://msdn.microsoft.com/library/d.../setup/windows_file_protection_start_page.asp

http://www.microsoft.com/whdc/hwdev/driver/sfp/wfp.mspx

http://www.collakesoftware.com/WfpAdmin/CSWfpAdmin.htm

I agree with Ritchie, this is not the recommended way to use different
versions of a system file. The files are protected for a reason.

According to the docs WFP should be smarter than that, but replacing the
cached version of a file and deleting the protected file has worked for me
in the past (years ago). The next time a full scan was run (SFC.EXE
/SCANNOW) then it prompted me for the CD. That's what I've seen in the
original release and SP1, I haven't tried this in SP2 or later, maybe it has
changed or become "smarter".

This doesn't seem to work with CMD.EXE on Win2000sp4, but oddly enough I
didn't even have a CMD.EXE in the DLLCache folder until WFP kicked in. I
was disconnected from the network and WFP still found a backup copy of
CMD.EXE and copied it to both System32 and DLLCache. I'll have to do some
more reading on this, maybe there are protected files and "super protected
files".

 

[Ritchie]

Merely replacing each and every available copy of the desired file
within a couple of seconds of one another has worked for me in the past
(an error will appear to which I believe "Ignore" is the desired
response within this context). By available copy I am referring to the
SYSTEM32 and DLLCACHE directories and any available, Windows-known
install paths.

Yer I probably wasn't being quick enough.

Just guessing here, but I would have thought your method would result
in a magic number in the protected file catalog being out of sync, so
that the next time WFP did kick in, you'd be prompted for the location
of the original file.

 

[Walter Briscoe]

In message <[email protected]> of Mon, 20 Oct
2003 22:32:14 in microsoft.public.win2000.cmdprompt.admin, Ritchie

Yer I probably wasn't being quick enough.

Just guessing here, but I would have thought your method would result
in a magic number in the protected file catalog being out of sync, so
that the next time WFP did kick in, you'd be prompted for the location
of the original file.

I took Ritchie's advice b4 he gave it. I remember doing what I wanted
but may have used another OS to do the job. I think MS has made the job
hard enough to persuade me not to bother. Now I have attracted attention
from good people, what about a W2K/XP cmd.exe comparison?
I suppose I can start with a help comparison.
I was surprised they changed the dir output format. That is very brave.
I was happy with the change I had to make to my dir repackaging script.
(I lost a magic number which was different in W2K and 9X.)

 

[Dean Wells [MVP]]

Yer I probably wasn't being quick enough.

Just guessing here, but I would have thought your method would result
in a magic number in the protected file catalog being out of sync, so
that the next time WFP did kick in, you'd be prompted for the location
of the original file.

Not in my experience, it would seem that once you've ignored it the file
is no longer considered by WFP for replacement or WFP updates the file's
digest ... I don't actually know if one or either of those possibilities
is true as I've never encountered a problem that caused me to research
it more thoroughly.

 

[Michael Bednarek]

In a Windows 2000 Professional SP3 system,
I want to replace cmd.exe with an XP version.
I save and overwrite %windir%\system32\dllcache\cmd.exe and
%windir%\system32\cmd.exe.

Along comes what I assume is "System Restore" and my work is undone.

How do I do what I want to do other than by writing a C program to do so
which seems like a sledgehammer to crack a nut? [snip]
A trivial difference is in the layout of dir command output. Data to the
right of the date has been pulled left by 3 bytes.

[snip]

Thank you for illustrating once more the incompatibility between
Microsoft's own command line interpreters, even on the same platform.

In spite of this, people still demand to solve every batch problem with
"out-of-the-box" or "on-board" tools. CMD.EXE is a _free sample_ command
line interpreter which is to real CLIs what NOTEPAD is to a proper
wordprocessor.

 

[Ritchie]

Thank you for illustrating once more the incompatibility between
Microsoft's own command line interpreters, even on the same platform.

<LOSING THE WILL TO LIVE>
Someone please give that stuck record a kick<g>
</LOSING THE WILL TO LIVE>

Here, Walter illustrated poor scripting practices. Written 'properly' his
script would have worked fine on NT4/2000/XP/2003. After all, he's the only
one to have noticed this difference or deemed it significant enough to be
worthy of a mention.

In spite of this, people still demand to solve every batch problem with
"out-of-the-box" or "on-board" tools. CMD.EXE is a _free sample_ command
line interpreter which is to real CLIs what NOTEPAD is to a proper
wordprocessor.

What's that then, installed on every box?

 

[Ritchie]

I took Ritchie's advice b4 he gave it. I remember doing what I wanted
but may have used another OS to do the job. I think MS has made the job
hard enough to persuade me not to bother. Now I have attracted attention

There's nothing hard about it, just redefine %COMSPEC%.

from good people, what about a W2K/XP cmd.exe comparison?
I suppose I can start with a help comparison.
I was surprised they changed the dir output format. That is very brave.
I was happy with the change I had to make to my dir repackaging script.

Having never had any cause you use the XP CLI on anything but XP, the
only significant difference I'm aware of is the max commandline length.

(I lost a magic number which was different in W2K and 9X.)

That's one of the occupational hazards of poor scripting <g>