0

Is there any way to modify a system file when the reboot/shutdown button is pressed without using an external tool like a Linux live CD?

I came across a post that suggested modifying a registry value to achieve this, but unfortunately, it didn't work for me. How can I tell Windows to overwrite a system file on the next reboot?

I am solely focused on finding a solution within the current parameters and do not wish to explore alternative methods at the moment.

Edit: I am working on a OS make bypass windows login, so once user boots in OS it find partition in which windows is installed then goes to dir where SAM file exists remove password using "chntpw" (before removing it it backup it in root of windows file system)

Here come the reason why I want to do what title says is to replace backuped SAM file with the modified one (the one which is being used by windows), so that once reboot everything goes normal.

shashankx86
  • 1
  • 3
  • 1
    Please clarify your specific problem or provide additional details to highlight exactly what you need. As it's currently written, it's hard to tell exactly what you're asking. – Community Jul 09 '23 at 10:30
  • 1
    Use the local Group Policies to run a script at logoff (C:\Windows\System32\GroupPolicy\User\Scripts\Shutdown) and do your changes in a local .bat file. – John Jul 09 '23 at 10:52
  • @John I don't want to get press Yes or No – shashankx86 Jul 09 '23 at 11:01
  • I have a local group policy file and it does not ask any questions - just runs – John Jul 09 '23 at 11:02
  • @John won't it ask because it will be modifying system file and running with administrator access – shashankx86 Jul 09 '23 at 11:06
  • I am not sure partly because I don't what your process is. The Group Policy way is the most common native way to do these things. – John Jul 09 '23 at 11:16
  • @John the idea is to replace a generated SAM file (took the original one removed password using chntpw) with original one – shashankx86 Jul 09 '23 at 11:26
  • Good luck with altering the registry like that during shutdown. Not something I would do. It seems possible the password could be messed up. – John Jul 09 '23 at 11:26
  • @John i have tested it (by booting in linux then manually replacing SAM file), now i want to do it on windows itself without needing to boot in linux – shashankx86 Jul 09 '23 at 11:44

1 Answers1

0

Modifying a system file directly during the reboot or shutdown process without using an external tool or a Linux live CD is not a straightforward task. System files are typically protected by the operating system to maintain stability and security, and modifying them while the system is running can lead to unpredictable behavior.

However, if you specifically want to overwrite a system file on the next reboot, there is a built-in Windows feature called "PendingFileRenameOperations" that can be utilized. This feature allows you to specify files to be replaced during the next system boot.

To make use of this feature, you'll need to modify the Windows Registry. Here's a step-by-step guide:

  1. Press the Windows key + R to open the Run dialog box.
  2. Type "regedit" and press Enter to open the Registry Editor. Note: Modifying the registry can have unintended consequences if not done properly, so proceed with caution and make a backup of the registry before making any changes.
  3. In the Registry Editor, navigate to the following path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
  4. Right-click on the "Session Manager" key, select New, and then click on "Multi-String Value".
  5. Rename the newly created value to "PendingFileRenameOperations" (without quotes).
  6. Double-click on the "PendingFileRenameOperations" value and add the file paths you want to replace. Each file path should be entered on a separate line, with the first line being the source file and the second line being the destination file. For example: 
    C:\Path\to\source\file.txt
C:\Path\to\destination\file.txt
    You can specify multiple file replacements by adding additional pairs of lines.
  7. Click OK to save the changes.
  8. Close the Registry Editor.

After following these steps, the specified files will be replaced during the next system reboot. Please keep in mind that modifying system files can have serious consequences, so it's important to exercise caution and have a backup of any critical files before proceeding.

Mastaxx
  • 1,040
  • 8
  • 19
  • can it modify system files without tasking that Yes and No (shows when running with administrator access) – shashankx86 Jul 11 '23 at 07:46
  • Are you referring to the UAC Prompt? If so, no, modifying system files typically requires administrative access. When you attempt to modify system files using the method described above, you would need to run the Registry Editor (regedit) with administrator privileges. This is necessary to make changes to the Windows Registry and modify system settings. When you run regedit as an administrator, you may encounter a UAC (User Account Control) prompt that asks for your confirmation to proceed. You would need to click "Yes" on the UAC prompt to grant the necessary administrative privileges. – Mastaxx Jul 11 '23 at 07:51
  • Thank for reply man have been searching for weeks; Read Edit I made; The Idea after OS is used to remove password i am going to use a LOLBin (not good at explaing plz google it if you don't know) technique to do all registry modification and set to replace backuped SAM file; ### and Is there way to modify windows registry using linux???? – shashankx86 Jul 11 '23 at 07:57
  • its not working – shashankx86 Jul 12 '23 at 05:14