The command prompt has been disabled by your administrator?

Written by Tariq. Date: 2009-2-5

I came across an old enough post on Didier’s blog about Group policies that have disabled cmd.exe from running. Didier mentions a few ways to get cmd.exe to run. The suggestion I like the most is to find the DisableCMD string in cmd.exe and change it to DisableAMD using a hex editor. Thankfully there is a tool which will allow us to patch cmd.exe in one tiny line.

Details

The tool is Swiss File Knife and it is fantabulous. Luckily it is available on Windows as well as Linux. Oh yeah, the command! Well first make a copy of your cmd.exe (%SYSTEMROOT%\System32\cmd.exe) file, mine is called cmd2.exe.

sfk replace cmd2.exe -binary /440069007300610062006c00650043004D004400/440069007300610062006c00650041004D004400/

A quick explanation of what is being changed

D   i   s   a   b   l   e   C   M  D           ... to...
440069007300610062006c00650043004D004400
D   i   s   a   b   l   e   A   M  D    
440069007300610062006c00650043004D004400

You can check your changes are all right if you see the following.

xxd cmd2.exe | egrep  -A1 “D.i.s.a”

Which gives us:

00040d0: 4400 6900 7300 6100 6200 6c00 6500 5500  D.i.s.a.b.l.e.U.
00040e0: 4e00 4300 4300 6800 6500 6300 6b00 0000  N.C.C.h.e.c.k...
--
0013d40: 7e05 ffff 4400 6900 7300 6100 6200 6c00  ~...D.i.s.a.b.l.
0013d50: 6500 4100 4d00 4400 0000 6689 18e9 def4  e.A.M.D...f.....
--
004a400: 2000 2000 2000 4400 6900 7300 6100 6200   . . .D.i.s.a.b.
004a410: 6c00 6500 2000 6500 7800 6500 6300 7500  l.e. .e.x.e.c.u.
--
004aad0: 2000 4400 6900 7300 6100 6200 6c00 6500   .D.i.s.a.b.l.e.
004aae0: 2000 6400 6500 6c00 6100 7900 6500 6400   .d.e.l.a.y.e.d.