In Windows 2000 and higher, the Windows File Protection (WFP) feature prevents overwriting or replacement of certain system files. If a file is protected by this feature, any attempt to instrument it using the /replace option will fail. To find out if a file is protected, look for the filename in the winnt\system32\dllcache folder.
To see the folder:
1. Make sure your current login has administrative privileges.
2. In Windows Explorer, select Tools > Folder Options > View.
3. Select Show hidden files and folders.
4. Deselect Hide protected operating system files.
5. Click OK.
The following procedure uses notepad.exe to demonstrate how you can instrument a protected file using the /replace option:
1. Make sure the cache folder and product folder for your Rational Runtime Analysis tool is in your system environment PATH.
2. Rename notepad.exe to notepad.exe.save in winnt\system32\dllcache.
3. At the Windows command prompt, cd to winnt\system32 and run <productName> /run=no /replace=yes notepad.exe to instrument notepad.exe with the /replace option.
4. Windows will offer to restore notepad.exe, click Cancel.
5. Windows will ask if you want to continue, click Yes.
Now you have an instrumented version of notepad.exe and you don't have to worry about it being automatically replaced by WFP.
To restore notepad.exe:
1. Delete notepad.exe in winnt\system32.
2. Windows will offer to restore notepad.exe, click Cancel.
3. Windows will ask if you want to continue, click Yes.
4. Rename notepad.exe.original to notepad.exe in winnt\system32.
5. Rename notepad.exe.save to notepad.exe in winnt\system32\dllcache.
(C) Copyright IBM Corporation 1993, 2010.