Windows Protected Files Listing Tool

Target Platform:

Windows 2000, Windows XP, Windows 2003, Windows Vista.

SFCList is the utility to enumerate files protected by SFC mechanism. Windows has introduced SFC technology (System File Checker) to protect core system files from being accidently or intentionally modified by third party programs. Whenever any such protected file is modified, SFC comes into action and replaces it with original system file.

SFCList tool helps to enumerate all those protected files. As there are thousands of such files, it has filter option which can be used to shorten down the search. Also one can verify if the particular file is protected by SFC or not.

Using SFCList:

Here is the brief description about usage of this tool.

SFCList [ -l [pattern] ] [ -p <filepath> ]

        -l [pattern]   List all system file protected through SFC which matches  
                       the string pattern (optional)
        -p <filepath>  Verify if the file is protected by SFC

Example:

        //List all the protected files having text 'win'
        sfclist -l win

        //List all the protected dll files
        sfclist -l .dll

        //Check if the file is protected by SFC
        sfclist -p "c:\windows\system32\kernel32.dll"

Screenshot of SFCList:

Click to view.