Re: Windows XP Disinformation
- From: "Wesley Vogel" <123WVogel955@xxxxxxxxxxx>
- Date: Sun, 3 Sep 2006 22:20:03 -0600
<quote>
Windows Help (WinHlp32.exe) is a help program that has been included with
Microsoft Windows versions starting with the Microsoft Windows 3.1 operating
system. The Windows Help program (WinHlp32.exe) is required to display
32-bit help content files that have the ".hlp" file name extension.
<quote>
Windows Help program (WinHlp32.exe) is no longer included with Windows
http://support.microsoft.com/kb/917607
Too many security exploits I imagine.
I have XP Pro SP1. SP1 was installed with XP from the CD, not as an
upgrade.
The winhlp32.exe file that is in C:\WINDOWS is the one that is protected by
Windows File Protection (WFP), because there is also a copy in
C:\WINDOWS\system32\dllcache.
The copy in C:\WINDOWS\system32\dllcache replaces the one in
C:\WINDOWS\system32 if it is messed with in any way by. WFP does the
replacing.
C:\WINDOWS\system32\dllcache only function is file replacement for WFP.
The winhlp32.exe file in
C:\WINDOWS
and
C:\WINDOWS\system32\dllcache
are both 260 KB and their names are Microsoft® Help.
The winhlp32.exe file in
C:\WINDOWS\system32
is 8.00 KB and its name is Windows Winhlp32 Stub.
It *sort* of makes sense that the Windows Winhlp32 Stub starts Microsoft®
Help.
HKEY_CLASSES_ROOT\.hlp
hlpfile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\helpfile\shell\open\command
winhlp32.exe %1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hlpfile\shell\open\command
%SystemRoot%\System32\winhlp32.exe %1
The WINHLP32.EX_ on my XP Pro CD is 125 KB. It's a compressed version of
winhlp32.exe, the 260 KB one, Microsoft® Help. The WINHLP32.EX_ on my XP
Home CD is also 125 KB.
I dragged the winhlp32.exe from C:\WINDOWS to my Desktop and WFP created a
new one.
Event Type: Information
Event Source: Windows File Protection
Event Category: None
Event ID: 64002
Date: 03-Sep-06
Time: 9:53:17 PM
User: N/A
Computer: MYPENTIUM450
Description:
File replacement was attempted on the protected system file
c:\windows\winhlp32.exe. This file was restored to the original version to
maintain system stability. The file version of the system file is
5.1.2600.1106.
I dragged the winhlp32.exe from C:\WINDOWS\System32 to my Desktop expecting
it to NOT get replaced and to my amazement WFP created a new one. So a
statement that I made earlier was incorrect. Probably many incorrect things
here. ;-)
Event Type: Information
Event Source: Windows File Protection
Event Category: None
Event ID: 64002
Date: 03-Sep-06
Time: 9:55:11 PM
User: N/A
Computer: MYPENTIUM450
Description:
File replacement was attempted on the protected system file
c:\windows\system32\winhlp32.exe. This file was restored to the original
version to maintain system stability. The file version of the system file is
5.1.2600.0.
I wonder where WFP got that one? There are only three total on my machine
and two of them are the same file and one is different.
winhlp32.exe ver 5.1.2600.1106
Package: WINHLP32.EX_
File Path: \I386
File Date 8/29/2002
File Size 266752
http://support.microsoft.com/dllhelp/default.aspx?l=55&fid=56128
winhlp32.exe ver 5.1.2600.0
Package: WINHLP32.EX_
File Path: \I386
File Date 8/17/2001
File Size 266752
http://support.microsoft.com/dllhelp/default.aspx?l=55&fid=43075
How the heck does WFP create an 8.00 KB copy of a 260 KB file?
More Microsoft smoke and mirrors just like the Temporary Internet Files.
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In news:e4jfDj8zGHA.1300@xxxxxxxxxxxxxxxxxxxx,
Jim Carlock <anonymous@localhost> hunted and pecked:
There's some disinformation on the following page:
http://www.kellys-korner-xp.com/top10faqs2.htm
I'm not watching nor reading this newsgroup, beg my pardon,
just search for the following string.
"win32hlp.exe is not properly placed in the System32 folder"
[MIS]
The "winhlp32.exe" file in the system32 folder seems to redirect
and call the one in the %systemroot% folder (guessing). The mis-
spelling is not the only problem there. The whole sentence reads
incorrectly (or possibly taken to read incorrect). Two files exist on
a Windows XP system. Note the file sizes of each below. Only
that one sentence caused discomfort <g>. It just doesn't read well
for me (a completely untrue statement?). The rest of it reads okay.
I'm showing the following for the two files (Windows XP/SP2):
%systemroot%\winhlp32.exe, 283648 bytes, Aug 04, 2004, 12:56:58 AM
%systemroot%\system32\winhlp32.exe, 8192 bytes, Aug 23, 2001, 8:00:00 AM
I believe the 8192 byte file in the system32 folder is the original one
shipped with Windows XP and simply redirects and runs the one in
the %systemroot% folder. Because the original in the system32 never
gets updated (which leads me to the conclusion that it's simply a file
which runs another file), it's easy to see where the confusion comes
from. (I could be wrong). <g>
Hope this helps.
--
Jim Carlock
NOTE: I don't read the windowsxp.general group.
.
- References:
- Windows XP Disinformation
- From: Jim Carlock
- Windows XP Disinformation
- Prev by Date: Re: Computer Clean Up
- Next by Date: Re: Mystery folders in C\Documents and Settings
- Previous by thread: Windows XP Disinformation
- Next by thread: Re: Multiple WinXP Pro installations?
- Index(es):
Relevant Pages
|
