The reason Windows overwrites new versions is because of system file protection. We need to deactivate it in a few steps. While only one Registry entry needs to be changed under Vista, it is necessary to modify two bytes of code in a DLL file under Windows 2000 and XP. We shall use the free 'Hex editor MX', available on the CHIP DVD or the website (nextsoft.de: NEXT-Soft Online). to make these changes in the DLL file.

The first step, necessary for all versions of Windows, is to open the Registry Editor using 'Start I Run I regedit' and click 'OK'. Search for the DWORD value 'SFCDisable' to the right in the 'H KEY _LOCAL_MACH I NE\SOFTWARE\ Microsoft\Windows NT\CurrentVersion\ Win logon' key and double click it. Make sure that the 'Basis" option is set to "Hexadecimal'. Now enter 'FFFFFF9D' as the value and confirm with 'OK'. Close the registry.

If you are a Vista user this is all you have to do. Windows 2000 and XP users, however, have an additional step as they have to make changes to a system file. In case of Windows XP with Service Pack 2, start the hex editor and select 'File I Open'. Search for the 'sfc_os.dll' file in the 'C:\Windows\ System32' folder and open it. Next, select 'Search I Go to', enter the 'ECE9' hex position in the dialog and click on 'OK'. Overwrite both the bytes available there, '33 CO' with 'EB 01 '. Save the changes under a new file name, for instance, 'sfc_os_neu.dll' and close the editor.



Now check whether the 'sfc_os.dll' file is available in the hidden 'C:\Windows\ system32\dllcache' folder. Create a back-up copy and overwrite the original with the patched version. Repeat this procedure in the 'C:\Windows\ ServicePackFiles\1386' folder.

To change files in the 'C:\Windows\ system32' folder, start your computer
with the Windows setup CD and press the [Rl key in the welcome screen in order to start the Recovery console. Sign in with your administrator password and browse to the sub-folder using the 'cd system32' command. Overwrite the original file here using the command 'copy sfc_os_neu. dll sfc_os.dll'. Now, 'Exit' the console and restar~ the computer.

If you use Windows 2000 with Service Pack 4, the procedure is similar except the file to be modified is the 'sfc.dll' file in the 'C:\Winnt\System32' folder. Open the file using the hex editor and navigate to the hex position '62DB' and change the two bytes '8B C6' to '90 90'. Save the file as 'sfc_neu.dll' and overwrite the original file at different memory locations exactly in the same way as described for the XP case. It goes without saying that a backup copy of 'sfc.dll' has to be created.

NOTE: The system file protection prevents changes to important system files. You should only switch it off if you are an experienced user. Reactivate it later by first copying back the old data version, and by setting the value for 'SFCDisable' to '0' in the registry. This protection is not really necessary because it neither deters pests reliably nor offers any adequate mechanism for system recovery. Protection is also taken care by special security tools and restore points.