When we change any file extension, Windows always alerts us of the possibility that the file is unusable, which is certainly impossible. Let's see step by step how we can modify the behavior of the user interface parameters that do not like us.
Fixes the problems listed below may not be published in the form of a modified or Installer file, for thus the fourth point is would violate "LIMITATIONS ON REVERSE ENGINEERING, DECOMPILATION DISASSEMBLY." and the six point "SEPARATION OF COMPONENTS." the operating system license agreement Windowsaccepted at the time of installation. However, my idea is to show the ways in which could be repaired, in the form of general computer knowledge.
First thing first
The main thing is to find the file causing the unwanted behavior. This applies for any behavior, though in this case in particular, it will be for the following message:
To be a message from the Windows interface, it cannot be too far away from the Group of acquaintances Explorer.exe, Shell32.dll and other characters of the directory System32.
The simplest to find strings of text, is using an application that can perform searches of ASCII and Unicode strings within files as Hex Workshop (The image corresponds to a fragment of) Shell32.dll):
Now that we know the file, we should know how this behavior is generated. We opened the bookstore with a disassembler like W32Dasm or OllyDbghere with a minimum of Assembly language understand the sequence is logical. First, we look for the location of the respective string:
Although there are many coincidences that make reference to the searched string, we must keep looking until you find one that makes a PUSH to the title, message and message window type stack at the same time, this would mean something (though probably not in the same order) as:
The sequence that we must search is an operation similar to that used when programming in the HP calculators, where parameters are taken from the stack (or STACK), for example to cycle from one to one hundred FOR using a VAR variable would be "10 1 FOR VAR" Unlike what we usually know "FOR VAR = 1 TO 10" or more traditionally "for(VAR=1;) VAR < = 10; VAR ) "."
Just after some tests, we found a suspicious code. This code looks much better thanks to OllyDbg Code Analyzer:
If it is not clear enough, the code could be interpreted in a basic way, but enough to realise its operation:
Then, what would happen if we change that call for a NOP instruction which means not doing anything?
We probably solve the problem, however it would not be an elegant solution, because the battery would stay with unused arguments that could cause exceptions then. A better solution will be that we look for fork further up in the code where is made the jump to "the extension is changed" or "the expansion remains the same" to force this response always the second alternative.
Pictured sale highlighted the statement that we need to change:
An unconditional jump JMP that tells Windows that the extension was not modified, so it must rename file without warning us what will happen if we change the extension:
We keep the changes. If not used hubieramos OllyDbg should have been performed by an editor hexagesimal, but in OllyDbg is directly:
Applying your changes
Now replace the file using a utility such as ERD Commander 2005, and then restart the computer normally:
Finally we check the operation of the changes made to the library Shell32.dll:
It seems that this would be the farewell of the extension change warning. We'll probably never see it though, clear, it could return in future reinstallations of the system.
In a relatively simple way, we modify the behavior foundations of the system, without affecting its stability.
An important consideration is that the version used in this article was Windows XP Professional SP2. The internal addresses of files as libraries and other system files change between versions Home and Professional, as in the with or without SP2, SP1 and also other versions based on the core of Windows NT, as Windows 2000 o Windows 2003. Modifications can be applied in the same way, but the references will not be equal, for example jump to be amended in the version Home of Windows XP 7CAD1997 7CACFEBF, which is unlike will be that modify this article.