The win xp system is to protect the system file

No matter when, the importance of the system file can not be ignored, although we usually do not pay attention to these files, but for such file system is also automatically protected Oh. When you install an application and unexpectedly cause Windows to crash, it is most likely because the application has rewritten the key Windows system files, causing the system to crash. After the file is modified, the results are often unpredictable. The system may be functioning properly, with some errors, or a complete crash. Fortunately, Windows 2000, XP, and Server 2003 use a mechanism called Windows File Protection (WFP) that prevents critical system files from being overwritten. In this article, I will explain what WFP is and how it works. I also want to tell you how to modify or ignore the behavior of WFP. (Note: Although there is no difference in the operation of WFP on Windows 2000, XP, and Server 2003, the information in this article, including registry related entries and SFC syntax, is for XP.)

How Windows File Protection Works

WFP is designed to protect the contents of Windows folders. WFP protects specific file types, such as SYS, EXE, DLL, OCX, FON, and TTF, rather than blocking any modifications to the entire folder. The registry key determines the file type protected by WFP.

When an application attempts to replace a protected file, WFP checks the digital signature of the replacement file to determine if the file is from Microsoft and is the correct version. If both of these conditions are met, then replacement is allowed. Under normal circumstances, the types of files that are allowed to replace system files include Windows service packs, patches, and operating system upgrades. System files can also be replaced by Windows Updater or Windows Device Manager/Class Installer.

If these two conditions are not met at the same time, the protected file will be replaced by the new file, but will soon be replaced by the correct file. When this happens, Windows will copy the correct version of the file from the Windows installation CD or from the DLLCache folder on your computer.

Windows File Protection does not only protect files by refusing to modify them, it can also refuse to delete them. Take a look at WFP's approach, open the \\WINDOWS\\SYSTEM32 folder and rename the CALC.EXE file to CALC.OLD. When you do this, a message will prompt you if changing the extension of this file may cause this file to be unavailable. Click the Yes button to confirm this warning. Now, wait a few minutes and press F5 to refresh the view of the file system. It may take some time to complete the replacement. When the file is eventually replaced, Windows will make a corresponding record in the event log.

One thing to note about WFP is that it is very tightly integrated with the Windows installer. Whenever the Windows installer needs to install a protected file, it will hand it over to WFP instead of trying to install it. Then WFP determines if the installation is allowed.

System File Checking

Although automatic file replacement saves time, there are situations where manual intervention is required. For example, you may not want to wait for WFP to determine if a protected file has been replaced. Fortunately, you can manually control WFP with a tool called System File Check (SFC).

SFC is a command line tool that needs to be run from a command prompt window. Its syntax is like this:

SFC [/SCANNOW] [/SCANONCE] [/SCANBOOT] [/REVERT] [/PURGECACHE] [/CACHESIZE=x]

/SCANNOW option to notify SFC Scan all protected system files immediately. If an incorrect file version is found during the scan, this wrong version will be replaced with the correct version of Microsoft. Of course, this means you may have to have a Windows installation CD, the latest service pack or an upgrade patch.