J
JavadBayat
Guest
When I was examining the open handles to the internal hard drive E: using Process Explorer, it turned out that svchost.exe always has an open handle to $Extend\$ObjID. I coudn't gain access to $Extend in any ways, and I was looking for a way to forcibly gain access to it.
I thought, however, accessing this through a usual application is impossible, core operating system components like svchost.exe can.
I did the following:
1. I gained access to System Volume Information folder. Because there wasn't a security tab visible in its properties due to security reasons in Windows XP, I created a virtual drive with the following command:
subst X: "E:\System Volume Information"
I then modified the permission in the security tab of the properties window of the created virtual drive.
2. I deleted System Volume Information using Command Prompt.
3. Immediately I created a junction point using SysInternals junction utility, as follows:
junction "E:\System Volume Information" E:\$Extend
4. I restarted the system to take effect. While the system was shutting down, I saw an error message that appeared to be from svchost.exe:
"The instruction at [some number] referenced memory at [some number]. The memory could not be "read". Click OK to terminate the application."
Although I don't remember the error message accurately, the system was shut down even before I click OK. After the reboot, the system never booted up; it just got stuck at "Windows is starting up...".
Is there a way to solve the problem? Note that Safe Mode and Debugging Mode are not working for me eather.
Continue reading...
I thought, however, accessing this through a usual application is impossible, core operating system components like svchost.exe can.
I did the following:
1. I gained access to System Volume Information folder. Because there wasn't a security tab visible in its properties due to security reasons in Windows XP, I created a virtual drive with the following command:
subst X: "E:\System Volume Information"
I then modified the permission in the security tab of the properties window of the created virtual drive.
2. I deleted System Volume Information using Command Prompt.
3. Immediately I created a junction point using SysInternals junction utility, as follows:
junction "E:\System Volume Information" E:\$Extend
4. I restarted the system to take effect. While the system was shutting down, I saw an error message that appeared to be from svchost.exe:
"The instruction at [some number] referenced memory at [some number]. The memory could not be "read". Click OK to terminate the application."
Although I don't remember the error message accurately, the system was shut down even before I click OK. After the reboot, the system never booted up; it just got stuck at "Windows is starting up...".
Is there a way to solve the problem? Note that Safe Mode and Debugging Mode are not working for me eather.
Continue reading...