How to Mess with the
Msdos.sys file -- and Live!
What if you wish to disable the boot keys on your computer
in order to be a teeny bit more secure? It's phun to show your
friends how to use the boot keys and then secretly disable these
so when they try to mess with your computer they will discover
you've locked them out.
The easiest -- but slowest -- way to either activate or disable
the boot keys is to pick the proper settings while installing
Win 95/98. But we're hackers, so we can pull a fast trick to
do the same thing. We are going to learn how to edit the Win
95/98 msdos.sys file, which controls the boot sequence.
1) We are about to play with fire! Back up your computer completely,
especially the system files. Make sure you have a Windows 95
or Windows 98 (depending on which operating system you run) installation
disk, or at least a startup disk so you can repair the msdos.sys
file if you make a mistake. If you are doing this on someone
else's computer, let's just hope either you have permission to
destroy the operating system, or else you are so good you couldn't
possibly make a serious mistake.
Newbie note: You don't have a boot
disk? Shame, shame, shame! Everyone ought to have a boot disk
for their computer just in case you or your buddies do something
really horrible. If you don't already have a Win 95/98 boot disk,
here's how to make one. You'll need an empty floppy disk drive
and your Win 95 installation disk(s). Click on Start, then Settings,
then Control Panel, then Add/Remove Programs, then Startup Disk.
From here just follow the instructions on the screen.
2) This only works for Win 95. Find the file msdos.sys. It
is in the root directory (usually C:\). Since this is a hidden
system file, the easiest way to find it is to click on My Computer,
right click the icon for your boot drive (usually C:), left click
Explore, then scroll down the right side frame until you find
the file "msdos.sys."
3) Make msdos.sys writeable so you can mess with it. To do
this, right click on msdos.sys, then left click "properties."
This brings up a screen on which you uncheck the "read only"
and "hidden" boxes.
4) Do you have Win98? Microsoft got really sneaky with msdos.sys
(see Figure 1). It refuses to let you unhide the file or make
it writable! Alert reader Dave Humphrey points out that you can
get around this by specifying multiple attributes in the DOS
attrib -r -h -s MSDOS.SYS
The way we were telling bpeople to do it earlier was to boot
your computer with a Windows 98 startup floppy and edit it from
there after giving the command "attrib -r". Also, while
Win98 is running, you can open msdos.sys in any word processor
so you can at least see what it looks like.
Figure 1. Msdos.sys refusing to cooperate under Win98.
Just wait until I get at that file with a startup floppy!
5) Bring msdos.sys up in Word Pad -- it's c:\msdos.sys. (This
only works with Win95.)
6) You will see something that looks like this:
;The following lines are required for compatibility
with other programs.
;Do not remove them (MSDOS.SYS needs to be >1024
To disable the function keys during bootup, directly below
[Options] you should insert the command "BootKeys=0."
Or, another way to disable the boot keys is to insert the
command BootDelay=0. You can really mess up your snoopy hacker
wannabe friends by putting in both statements and hope they don't
know about BootDelay. Then save msdos.sys.
7) Since msdos.sys is absolutely essential to your computer,
you'd better write protect it like it was before you edited it.
If you want to be nerdy about this, in MSDOS give the command
"attrib +r msdos.sys. Otherwise, the easy (???) hand-holding
way is to click on My Computer, then Explore, then click the
icon for your boot drive. Then scroll down the right side until
you find the file "msdos.sys." Right click on it, then
on the drop down menu left click "properties." This
brings back that screen with the "read only" and "hidden"
boxes. Check "read only." You don't need to make it
hidden again because that's just in there to make people think
system files are hidden in the cabbage patch.
8) You are running a virus scanner, right? You never know
what your phriends might do to your computer while your back
is turned. When you next boot up, your virus scanner will see
that msdos.sys has changed. It will assume the worst and want
to make your msdos.sys file look just like it did before. You
have to stop it from doing this. How you stop it depends on your
Hard Way to Edit your
(or someone else's) Msdos.sys File
Why learn the hard way to edit the msdos.sys file? Guess what,
this technique can come in handy for serious Windows hacking.
So now is as good a time as any to uncover this secret.
1) Put a Win 95/98 startup floppy in the a: drive. Boot up.
This gives you a DOS prompt. It looks like "A:/".
Evil genius tip: Learn how to do
DOS and you are master of the Windows NT universe. But, but,
the Super Duper hacker sputters, Win NT is running the NTFS file
system! How can a Win 95 box allow me to run rampant! Ah, but
a free program you may download from http://www.ntinternals.com/ntfsdos.htm allows Win 95/98 and DOS to recognize and mount
NTFS drives for transparent access. If you are a serious evil
genius, you'll always keep a Linux boot floppy on hand with utilities
to read all file systems...
2) Make msdos.sys visible, writeable, and non-system. Give
the command "attrib -h -r -s c:\msdos.sys"
3) Give the command "edit msdos.sys" This brings
this file up into a DOS word processor.
4) Use this Edit program to alter msdos.sys. Save it. Exit
the edit program.
5) At the DOS prompt, give the command "attrib +r +h
+s c:\msdos.sys" to return the msdos.sys file to the status
of hidden, read-only system file.
Startup Disk Magic
So now your computer's boot keys are disabled. Does this mean
no one can break in? Maybe your friends can't break in any more,
but you can. Guaranteed.
As you may have guessed from the "Hard Way to Edit Your
Msdos.sys" instructions, your next option for Win 95/98
break- ins is to use a startup disk.
1) Shut down your computer.
2) Put the startup disk into the A: drive.
3) Boot up.
4) At the A:\ prompt, give the command: rename c:\windows\*.pwl
5) Take out the boot disk and boot up again. You can enter
anything or nothing at the password prompt and get in.
6) Cover your tracks by renaming the password files back to
what they were.
More how to break into Win95/98