How does Windows File Protection prevent file overrides in XP?

  • Thread starter Thread starter Krismosy
  • Start date Start date
Click For Summary
The discussion revolves around the behavior of the ntoskrnl.exe file in Windows XP SP3, particularly its ability to seemingly clone itself when overridden. The original explanation given was that this behavior is a protective feature implemented by Microsoft through the Windows File Protection (WFP) mechanism. However, a customer challenged this explanation, stating that their version of XP Home did not exhibit similar behavior. Despite attempts to log in under safe mode, the file continued to clone itself. It is important to note that with Windows File Protection enabled, any attempt to replace or delete a system file without a file lock results in Windows automatically restoring the original file from a cached backup. This mechanism aims to protect the integrity of system files, which may explain the observed cloning behavior. Further evidence or clarification on this topic could assist in addressing customer inquiries effectively.
Krismosy
Messages
2
Reaction score
0
Thanks for reading,
This morning, a customer complains my explanation as to why the ntoskrnl.exe in XP SP3 seems able to clone itself if overriden. I stated that it was a feature MS people tried their best to protect their genuine version via WPF mechanism. He convinced me that his XP Home hadn't ever been doing something similar with examples. The problem is that it still clones even though I logged on my computer in safe-mode already. I was blushed! :blushing:
Long story short, someone could offer me a convincing evidence or explanation I would need to consider for, perhaps, next customers ? :cool:
 
Computer science news on Phys.org
Krismosy said:
Thanks for reading,
This morning, a customer complains my explanation as to why the ntoskrnl.exe in XP SP3 seems able to clone itself if overriden. I stated that it was a feature MS people tried their best to protect their genuine version via WPF mechanism. He convinced me that his XP Home hadn't ever been doing something similar with examples. The problem is that it still clones even though I logged on my computer in safe-mode already. I was blushed! :blushing:
Long story short, someone could offer me a convincing evidence or explanation I would need to consider for, perhaps, next customers ? :cool:
http://en.wikipedia.org/wiki/Ntoskrnl" .

With Windows File Protection active, replacing or deleting a system file that has no file lock to prevent it getting overwritten causes Windows to immediately and silently restore the original copy of the file. The original version of the file is restored from a cached folder which contains backup copies of these files.
 
Last edited by a moderator:
Thread 'ChatGPT Examples, Good and Bad'

Thread 'ChatGPT Examples, Good and Bad'

I've been experimenting with ChatGPT. Some results are good, some very very bad. I think examples can help expose the properties of this AI. Maybe you can post some of your favorite examples and tell us what they reveal about the properties of this AI. (I had problems with copy/paste of text and formatting, so I'm posting my examples as screen shots. That is a promising start. :smile: But then I provided values V=1, R1=1, R2=2, R3=3 and asked for the value of I. At first, it said...
View full post »

Similar threads

BRS: PKI Cryptosystems for SA/Ms: A Tutorial
  • · Replies 13 ·
Replies
13
Views
4K