How to Hack Protected Windows XP Files - PendingFile RenameOperations

(Page 4 of 5 )

If you come to the conclusion that you’re stuck resorting to the reboot method—or just plain don’t feel like figuring out any alternative—then you’re going to need to use the Windows registry.

Windows understands that some program installations will be required to alter files that may be in use so it provides a method of doing just that.  It’s known as the PendingFileRenameOperations method.  It takes its name from the registry it uses to manage these pending changes.

Application developers should make use of the MoveFileEx() function in the Win32 API rather than editing the PendingFileRenameOperations key directly.

PendingFileRenameOperations is made available by the Windows Session Manager.  It is a multi-string (REG_MULTI_SZ) key that contains file name pairs for all files to be renamed (including move or deleted) upon the next reboot.

If this key does not exist, you can create it.  Enter regedit in the Run… dialog box to launch Registry Editor.  On the HKEY_LOCAL_MACHINE hive, navigate to CurrentControlSet, Control, Session Manager.

In the right pane, open the PendingFileRenameOperations key or create it by right-clicking and choosing New > Multi-String value.  Be sure that the key name does not contain any spaces.

Once you have the key open for editing, you can begin adding the changes that need to be made.  Each entry needs to be a two-line pair.  The first line should be the full path to the original file and the second should be the replacement, or what the file should be after the rename procedure.

To rename a file, simply enter the same full path with the new file name as the second entry.  Altering the path in the second entry will result in a move operation.  A new path AND file name would result in both a move AND a simultaneous rename.  Finally, to delete a file, simply use a blank line.

So an entry in this registry key might look something like the following:

C:\Windows\original.txt

C:\Windows\renamed.txt

C:\deleteme.txt

 

C:\original.file

C:\new directory\original.file

In the above example, I have the PendingFileRenameOperations key set to perform three actions.  The first two lines perform a simple file rename.  The second two—notice the blank line—perform a file delete.  And the last two lines perform a move operation.

Because each line is expected to contain only a single path, you may enter paths that contain spaces without having to enclose them in quotation marks.  Long file names are also supported.

If you are uncomfortable editing the registry, there are a couple of really nice command-line tools available that will create or edit the key for you.  You can get download details for PendMoves and MoveFile by visiting Microsoft’s TechNet site.

The operations in the PendingFileRenameOperations key will be performed at the next system startup, at which time they will be removed upon successful completion.  Note that this registry key is only supported on NT versions of Windows.  For older systems, you should use the Wininit.ini method.

Next: Using Wininit.ini on legacy systems. >>
 

More BrainDump Articles
More By Nilpo/Developer Shed Staff Writer

Comments On: How to Hack Protected Windows XP Files

· There seems to be quite a bit of bad advice going around about how to hack protected...   >>> Post your comment now!