Replacing Windows protected system files (XP/Vista)
December 19th, 2007
Windows tries very hard to prevent you from replacing or deleting critical system files, even something as mundane as notepad.exe.
Note that this behavior is designed to keep your system functional whenever a critical file is accidentally (or maliciously) deleted or modified, and any actions you take to modify your system at this level, even with the best of intentions and what may seem like reliable information, may very well cause unexpected results to occur, such as an unstable or unbootable computer, or even lost data. BACK UP YOUR DATA REGULARLY, especially before attempting modifications to your operating system files, and make sure you have a backup of your operating system to fall back on in case something goes wrong.
Suffice to say, there is a relatively simple way to bypass Windows file protection. In fact, there are two very different methods for XP and Vista due to the way they protect operating system files:
The XP Method
(scroll down for the Vista Method)
1. First off, copy and paste the following code into a new text file, and save it as wsfr-xp.bat in an easy-to-find location (such as C:\ for this example for the sake of clarity):
@echo off rem Windows XP batch file rem Safely replaces a Windows protected operating system file. rem 1. Deletes any references in the Prefetch folder rem 2. Renames existing files with "-YEAR-MONTH-DAY-HHMMSS.backup" rem appended to the end of the filename (in case you need to restore rem the original file) rem 3. Copies source file to target destination, effectively replacing rem original file rem Must be run from command prompt drag and drop target file onto rem this file in Explorer throws an error due to full path being rem embedded in parameter rem Target file MUST BE IN SAME FOLDER AS SCRIPT rem Pointing to a different folder will throw as error rem USAGE (at command prompt) rem wsfr-xp FILENAME for /f "delims=/ tokens=1-3" %%a in ("%DATE:~4%") do ( for /f "delims=:. tokens=1-4" %%m in ("%TIME: =0%") do ( set BACKUPTAG=%%c-%%b-%%a-%%m%%n%%o%%p ) ) echo Removing windows\prefetch file... if exist "c:\windows\prefetch\%1*.*" del "c:\windows\prefetch\%1*.*" echo __________ echo. echo Replacing windows\servicepackfiles\i386 file... if exist "c:\windows\servicepackfiles\i386\%1" ( ren "c:\windows\servicepackfiles\i386\%1" "%1-%BACKUPTAG%.backup" copy /y "%1" "c:\windows\servicepackfiles\i386\%1" ) echo __________ echo. echo Replacing windows\system32\dllcache file... if exist "c:\windows\system32\dllcache\%1" ( ren "c:\windows\system32\dllcache\%1" "%1-%BACKUPTAG%.backup" copy /y "%1" "c:\windows\system32\dllcache\%1" ) echo __________ echo. echo Replacing windows\system32 file... if exist "c:\windows\system32\%1" ( ren "c:\windows\system32\%1" "%1-%BACKUPTAG%.backup" copy /y "%1" "c:\windows\system32\%1" ) echo __________ echo. echo Replacing windows file... if exist "c:\windows\%1" ( ren "c:\windows\%1" "%1-%BACKUPTAG%.backup" copy /y "%1" "c:\windows\%1" ) echo. pause2. Copy your source file (the new file you will use to replace the original protected Windows file) into the same location as the batch file above (C:\ in this example). Make sure that your source file has exactly the same file name as your target file (the original, protected file). NOTE: This method will not work if your source file and batch file are in different folders, due to the way the parameters are passed at the command line (sure, there’s gotta be a better way, but I just haven’t dug that deep).
3. Open a command prompt wherever your files from the previous steps are located (C:\ in this example).
4. At the command prompt, enter the following and press Enter:
wsfr-xp notepad.exeSubstituting the name of your file in place of “notepad.exe” as seen above.
The Vista Method
1. First off, copy and paste the following code into a new text file, and save it as wsfr-xp.bat in an easy-to-find location (such as C:\ for this example for the sake of clarity):
@echo off rem Windows Vista batch file rem Safely replaces a Windows protected operating system file. rem 1. Deletes any references in the Prefetch folder rem 2. Takes ownership of existing target file(s) rem 3. Renames existing files with "-YEAR-MONTH-DAY-HHMMSS.backup" rem appended to the end of the filename (in case you need to restore rem the original file) rem 4. Copies source file to target destination, effectively replacing rem original file rem Must be run from command prompt AS ADMINISTRATOR (right-click, rem run as Administrator); drag and drop target file onto this file rem in Explorer throws an error due to full path being embedded in rem parameter rem Target file MUST BE IN SAME FOLDER AS SCRIPT rem Pointing to a different folder will throw as error rem USAGE (at command prompt) rem wsfr-vista USERNAME FILENAME for /f "delims=/ tokens=1-3" %%a in ("%DATE:~4%") do ( for /f "delims=:. tokens=1-4" %%m in ("%TIME: =0%") do ( set BACKUPTAG=%%c-%%b-%%a-%%m%%n%%o%%p ) ) echo Removing windows\prefetch file... if exist "c:\windows\prefetch\%2*.*" ( takeown /f "c:\windows\prefetch\%2*.*" icacls "c:\windows\prefetch\%2*.*" /grant %1:f del "c:\windows\prefetch\%2*.*" ) echo __________ echo. echo Replacing windows\system32 file... if exist "c:\windows\system32\%2" ( takeown /f "c:\windows\system32\%2" icacls "c:\windows\system32\%2" /grant %1:f ren "c:\windows\system32\%2" "%2-%BACKUPTAG%.backup" copy /y "%2" "c:\windows\system32" ) echo __________ echo. echo Replacing windows file... if exist "c:\windows\%2" ( takeown /f "c:\windows\%2" icacls "c:\windows\%2" /grant %1:f ren "c:\windows\%2" "%2-%BACKUPTAG%.backup" copy /y "%2" "c:\windows" ) echo __________ echo. pause2. Copy your source file (the new file you will use to replace the original protected Windows file) into the same location as the batch file above (C:\ in this example). Make sure that your source file has exactly the same file name as your target file (the original, protected file). NOTE: This method will not work if your source file and batch file are in different folders, due to the way the parameters are passed at the command line (sure, there’s gotta be a better way, but I just haven’t dug that deep).
3. Open a command prompt wherever your files from the previous steps are located (C:\ in this example).
4. At the command prompt, enter the following and press Enter:
wsfr-vista username notepad.exeSubstituting your Windows user name for “username” and the name of your file in place of “notepad.exe” in the example above.
Be aware that the batch files for XP and Vista are quite different, in that Vista requires you to take ownership of a protected file and grant yourself permissions before you can do much of anything with it.
If you run into trouble, try the following:
- If all else fails, remember that you can always go back to your original file: every time you run these scripts, they will first save your original target file as a time-stamped backup in the same location, with a filename such as “notepad.exe-2007-12-19-123456.backup” - essentially the original filename plus a unique marker to indicate the date and time that the file was backed up.
- If you get an error message about Windows File Protection, and your replacement file doesn’t “stick” (it is itself replaced by the original file within a few moments), then search your system for a copy of the original file that isn’t referenced by the script above. Sometimes a new computer that came with Windows preinstalled may store backups of operating system files in a special folder or partition, which Windows will be able to recover its original files from when you try to overwrite them. If you find the original file located elsewhere, add an appropriate entry to the relevant script above to include it in the backup/overwrite process.
Leave a Reply