(Almost) Destroying Explorer.exe, AGAIN

07Sep09

Today, somehow or other, I stumbled upon the distributed processing app called GIGRIB. Developed by Pingdom, “Pingdom GIGRIB is a unique, distributed website monitoring service. GIGRIB users can add websites they want monitored, and in return their computers become a part of the GIGRIB monitoring network.”

So, I fired it up, inputed the domains I wanted it to monitor for me, and let it run. Of course, I became curious in how the app is uploading data back to Pingdom, how it’s checking uptimes (well, duh, it’s just going to the page and looking for a response), and more, so I opened my HTTP packet sniffer/web debugging proxy of choice: Fiddler. However, GIGRIB’s requests weren’t displaying there and I was too lazy to change the configuration to avoid this problem, so I decided to take revenge on GIGRIB. Naturally, when wanting to make a mild impact (meant for hilarity) on an application, the tool of choice is Resource Hacker (not that it only does mild impacts, it can do LOTS of stuff – I love ResHacker, it rocks!).

I hadn’t used ResHacker in some time, so I didn’t bother trying to find it on my drive. Instead, I got the latest version, which turned out to have some cool new features – it visualizes the GUI of the app you’re editing and lets you change all aspects of the layout with ease, it provides a more streamlined “compile scripts” action to quickly apply changes to the file, and more! I was intrigued by these new additions, so I decided to try them out.

After changing some of the text, GUI positioning, icons, and more in GIGRIB, I got a little bored, because GIGRIB doesn’t have too big a UI (really, there’s only like two windows that have info in them – settings and about). For some reason, I had a sudden urge to mess around with some Windows configuration files. My (first) target of choice: the text of the Start button on the taskbar.

Yes, that may sound lame, but I guess I was just playing around with Start Menu customization before the hack, which is probably where the idea came from. I opened up %windir%\explorer.exe in ResHacker, and browsed to “String Tables –> 37 –> 538″ and changed the string from “start” first to “ocrap”, and then decided to switch it to a 6-letter phrase instead. After saving this final version (“ocrap” worked perfectly), I killed explorer.exe and tried to restart it thru Task Manager, when I get an error: “C:\Windows\explorer.exe in not a valid Win32 executable.” I tried re-saving, switching it back to “start” and saving again, but it did not help. Thankfully, I knew that ResHacker saves backups automatically, so I had a backup called C:\Windows\explorer_original.exe. I ran this one to fix the problem. In the C:\Windows directory, I tried again and again to undo the changes and restore to the backup, but Windows would keep resisting. After a few attempts, I thought that changing the files around in Safe Mode would do the trick, but as I was rebooting, I had a thought: Windows has many fail-safes, so why can’t this be one of them? If explorer.exe gets corrupted, would it be restored with a restart?

Well, it worked! This is why I love Windows – if something is messed up, there’s always a way to recover it, however simple or difficult.

Start menu button string location in %windir%\explorer.exe:

String Table –> 37 –> 1033 –> 578 = Windows XP default theme

or

String Table –> 38 –> 1033 –> 595 = Windows Classic theme

Note: I have nothing against GIGRIB or Pingdom, as I believe that both company and product are useful, intriguing, and helpful. I am an avid user of GIGRIB, and my experimentation with it was in no way a signal of protest against it, nor does it affect its functionality in any way. GIGRIB is a very generous program that I enjoy, so I must thank Pingdom for creating it.

Disclaimer: I am not in any way responsible for any uses (and their consequences) of the method outlined above. This is for informational use only.

Filed under: Feature, Technology   |  Leave a Comment
Tags: corrupt, corrupt file, corrupted explorer.exe, corrupted file, corrupted system file, explorer.exe, fail, hack, reshacker, resource hacker, safe mode, Technology, windows, windows corrupted file