Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > General Forum
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 05-14-2005, 01:31 AM
orangutang orangutang is offline
Member
 
Join Date: May 2005
Posts: 20
Default

This isn't reverse engineering but I thought everyone here has to be super good with computers so I thought I'd ask. Does anyone know how to modify explorer.exe in Windows XP, without restarting Windows? I tried to end the task but it still wasn't writeable for even a millisecond.
Reply With Quote
  #2  
Old 07-29-2005, 10:37 AM
TRY_THIS TRY_THIS is offline
Junior Member
 
Join Date: Jul 2005
Posts: 1
Default


A:

1. Copy "Explorer.exe".
2. Edit the copy.
3. Use a boot disk to start your PC.
4. Delete "Explorer.exe" & Rename the modified copy to "Explorer.exe"
5. Remove the boot disk & restart your PC.
or
B:

1. Copy "Explorer.exe".
2. Edit the copy.
3. Copy the modified file to floppy or CR-RW.
4. Use a boot disk to start your PC.
5. Copy the modified file over "Explorer.exe" on your HDD.
6. Remove the boot disk & restart your PC.

Reply With Quote
  #3  
Old 07-30-2005, 11:18 AM
Devine9 Devine9 is offline
Administrator
 
Join Date: Dec 2002
Posts: 180
Default

I don't think you can get explorer.exe writable while windows is booted without a boot disk. Other option of course is to throw hard drive 1 into computer 2 and edit the file. I think that would probably be the easiest route..

-DR
Reply With Quote
  #4  
Old 08-05-2005, 05:13 PM
Darawk Darawk is offline
Junior Member
 
Join Date: Aug 2004
Posts: 4
Default

http://www.rootkit.com/newsread.php?newsid=212 "Windows file protection: How to disable it on the fly"

I believe that's what your looking for, though it's a more general solution than applicable only to explorer...also it completely disables *all* forms of file protection, so do be careful when you've patched it in.
Reply With Quote
  #5  
Old 08-08-2005, 09:40 PM
Devine9 Devine9 is offline
Administrator
 
Join Date: Dec 2002
Posts: 180
Default

Very nice, thanks Darawk

-DR
Reply With Quote
  #6  
Old 08-10-2005, 10:54 AM
_d_ _d_ is offline
Junior Member
 
Join Date: Aug 2005
Posts: 2
Default

http://www.delikon.de/

[SFPDisable]. With this tool you can disable the Windows File Protection, by patching winlogon in memory.
Reply With Quote
  #7  
Old 08-15-2005, 04:14 PM
quitsendingmetrash quitsendingmetrash is offline
Member
 
Join Date: Dec 2003
Posts: 29
Default

1)Make a copy of explorer.exe and rename it to explorer2.exe. (same location as explorer.exe)
2)Edit explorer2.exe as you see fit.
2)Go into task manager, under processes and End Process explorer.exe (leave taskMan up)
3)In taskMan click File->New Task (Run...)
4)type in explorer2.exe and click ok (in create new task window)

The modified version of explorer will be running now. You can create as many different versions of explorer as you want and hotSwap between them without rebooting or using a boot disk. No need to disable File Protection using this method either.

Been along time since I played with this but it may even be possible to rename a explorer3.exe to explorer.exe once you are running explorer2.exe. Not sure if any of the servicePacks look to see if explorer.exe has been altered. (just make sure you have an original backUP) Come to think of it now that explorer.exe is not running you should be able to alter it directly. Then kill 2 and go back to 1.

I found it best just to leave Explorer.exe alone and just hot swap between them so there is no need for extra worry. takes no longer than 5 seconds to hot swap Explorers.

P.S. You can tell when you killed explorer.exe when the taskBar disappears. For instance if you change the start button to end on explorer2.exe. When you run Explorer2.exe the start button would now say end.

It has worked this way in the past!
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.