How does Windows OS protect system files?

The story also goes back to the university, where the course is compiled. The teacher taught us how to use the DEBUG command. Many of you have played pranks (including me) and copied, dir and other common commands are changed to aggressive commands such as format and delete. In this way, if DIR is run, it is actually the format and delete executed, and the operating system is destroyed accidentally. At that time, I was wondering why these files are not protected, I put it down, and I forgot after graduation for so many years.

 

I recently read some Windows 2003 Server documents and suddenly saw the term Windows File Protection. Why? From the perspective of name, it is to protect the Windows file system. Think about it. A Windows operating system has many files defined by Microsoft. If we replace all the files in it, the file name is the same. What will happen to the operating system? Obviously, you cannot work anymore.

 

So how does Microsoft protect system files? I checked a bit of information, but the principle is like this. I don't know how to implement it. In a word, Microsoft uses a digital signature.

 

 

• Windows File Protection

It is a component that runs in the background and prevents replacement of system files. to verify a file, Windows File Protection checks its digital signature. if the file is not of the correct version, Windows File Protection replaces it with a copy from the Windows Server 2003 CD or the backup maintained in the dllcache folder on the hard disk. if the correct file cannot be found, Windows File Protection will promote the user for the file location.

 

• System File Checker

It is a part of the Windows File Protection component. It is a command-line utility that scans and verifies all system files and device drivers. The command isSFC.

 

• File Signature Verification

It is also a command-line utility, and the command isSigverif.

You can use the File signature verification tool to identify the signed and unsigned files on your computer. you can use this tool to view the name, location, date of modification, type, and version number of each file.

 

If you are interested, try the above two cmd commands.SFCAndSigverifHaha, fun!