Reverse Engineering Team Board

Reverse Engineering Team Board (http://www.reteam.org/board/index.php)
-   General Forum (http://www.reteam.org/board/forumdisplay.php?f=21)
-   -   Modify EXPLORER.EXE (http://www.reteam.org/board/showthread.php?t=239)

orangutang 05-14-2005 01:31 AM

This isn't reverse engineering but I thought everyone here has to be super good with computers so I thought I'd ask. Does anyone know how to modify explorer.exe in Windows XP, without restarting Windows? I tried to end the task but it still wasn't writeable for even a millisecond.

TRY_THIS 07-29-2005 10:37 AM


A:

1. Copy "Explorer.exe".
2. Edit the copy.
3. Use a boot disk to start your PC.
4. Delete "Explorer.exe" & Rename the modified copy to "Explorer.exe"
5. Remove the boot disk & restart your PC.
or
B:

1. Copy "Explorer.exe".
2. Edit the copy.
3. Copy the modified file to floppy or CR-RW.
4. Use a boot disk to start your PC.
5. Copy the modified file over "Explorer.exe" on your HDD.
6. Remove the boot disk & restart your PC.


Devine9 07-30-2005 11:18 AM

I don't think you can get explorer.exe writable while windows is booted without a boot disk. Other option of course is to throw hard drive 1 into computer 2 and edit the file. I think that would probably be the easiest route..

-DR

Darawk 08-05-2005 05:13 PM

http://www.rootkit.com/newsread.php?newsid=212 "Windows file protection: How to disable it on the fly"

I believe that's what your looking for, though it's a more general solution than applicable only to explorer...also it completely disables *all* forms of file protection, so do be careful when you've patched it in.

Devine9 08-08-2005 09:40 PM

Very nice, thanks Darawk

-DR

_d_ 08-10-2005 10:54 AM

http://www.delikon.de/

[SFPDisable]. With this tool you can disable the Windows File Protection, by patching winlogon in memory.

quitsendingmetrash 08-15-2005 04:14 PM

1)Make a copy of explorer.exe and rename it to explorer2.exe. (same location as explorer.exe)
2)Edit explorer2.exe as you see fit.
2)Go into task manager, under processes and End Process explorer.exe (leave taskMan up)
3)In taskMan click File->New Task (Run...)
4)type in explorer2.exe and click ok (in create new task window)

The modified version of explorer will be running now. You can create as many different versions of explorer as you want and hotSwap between them without rebooting or using a boot disk. No need to disable File Protection using this method either.

Been along time since I played with this but it may even be possible to rename a explorer3.exe to explorer.exe once you are running explorer2.exe. Not sure if any of the servicePacks look to see if explorer.exe has been altered. (just make sure you have an original backUP) Come to think of it now that explorer.exe is not running you should be able to alter it directly. Then kill 2 and go back to 1.

I found it best just to leave Explorer.exe alone and just hot swap between them so there is no need for extra worry. takes no longer than 5 seconds to hot swap Explorers.

P.S. You can tell when you killed explorer.exe when the taskBar disappears. For instance if you change the start button to end on explorer2.exe. When you run Explorer2.exe the start button would now say end.

It has worked this way in the past!


All times are GMT -4. The time now is 04:48 PM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.