The command prompt has been disabled by your administrator?

Save on DeliciousDigg This
Share on Facebook+1Share on LinkedInPin it on PinterestSubmit to redditSubmit to StumbleUponShare on TumblrShare on Twitter

I came across an old enough post on Didier’s blog about Group policies that have disabled cmd.exe from running. Didier mentions a few ways to get cmd.exe to run. The suggestion I like the most is to find the DisableCMD string in cmd.exe and change it to DisableAMD using a hex editor. Thankfully there is a tool which will allow us to patch cmd.exe in one tiny line.

The tool is Swiss File Knife and it is fantabulous. Luckily it is available on Windows as well as Linux. Oh yeah, the command!Well first make a copy of your cmd.exe (%SYSTEMROOT%\System32\cmd.exe) file, mine is called cmd2.exe.

sfk replace cmd2.exe -binary /440069007300610062006c00650043004D004400/440069007300610062006c00650041004D004400/

A quick explanation of what is being changed

  D   i   s   a   b   l   e   C   M  D           ... to...
 440069007300610062006c00650043004D004400
  D   i   s   a   b   l   e   A   M  D    
 440069007300610062006c00650043004D004400

You can check your changes are all right if you see the following.

xxd cmd2.exe | egrep  -A1 “D.i.s.a”
00040d0: 4400 6900 7300 6100 6200 6c00 6500 5500  D.i.s.a.b.l.e.U.
00040e0: 4e00 4300 4300 6800 6500 6300 6b00 0000  N.C.C.h.e.c.k...
--
0013d40: 7e05 ffff 4400 6900 7300 6100 6200 6c00  ~...D.i.s.a.b.l.
0013d50: 6500 4100 4d00 4400 0000 6689 18e9 def4  e.A.M.D...f.....
--
004a400: 2000 2000 2000 4400 6900 7300 6100 6200   . . .D.i.s.a.b.
004a410: 6c00 6500 2000 6500 7800 6500 6300 7500  l.e. .e.x.e.c.u.
--
004aad0: 2000 4400 6900 7300 6100 6200 6c00 6500   .D.i.s.a.b.l.e.
004aae0: 2000 6400 6500 6c00 6100 7900 6500 6400   .d.e.l.a.y.e.d.
Save on DeliciousDigg This
Share on Facebook+1Share on LinkedInPin it on PinterestSubmit to redditSubmit to StumbleUponShare on TumblrShare on Twitter
Tagged with: , , , , , , , ,
Posted in Stuff

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>