//Last Update: Mar 28, 2012
Windows Embedded Standard 2009
This workaround is about ‘Writing on EWF partition” without knowing any API or paying attention of keeping the file-size the same. I created this workaround some years ago and never was sure to publish it (anywhere) or not. I never read about anything like this approach.
Background:
skip it if you don’t mind
[dropdown_box expand_text=”info” show_more=”show” show_less=”hide” start=”show”]
Many developers want to protect their Embedded Systems with a Write Filter usually it’s preferred to use EWF because of stability, none-faulting system after losing of power and so on.
In my case we had some critical 3rd party software that writes critical files to the a static path on the %systemdrive% partition. Providing a very secure and protected EWF system and writing to a protected partition seem to be a none-addressable issue if you can’t keep the file-size exactly the same. (If you can keep the size and know what you’re doing than you might take a look at option 1.)
After some brainstorming a fsutil.exe function came in mind. Hard-linking files on another unprotected partition should work and do the job. Changes on hard-linked files are instantly available and it wouldn’t matter if changes come from the %systemdrive% or another location as long as the instance is written on an unprotected partition.
Unfortunately hard-linking of files over partitions doesn’t work, but linking does. 🙂
But there is also a limitation: linkd.exe
only works with folders. – So if you need to store some sort of files in e.g. the Windows root-folder this workaround won’t be that much practical.
[/dropdown_box]
Workaround:
I wrote a little script which does little more (changing attributes, setting permissions, moving files, creating folders, if not exists and so on) but broken down the only command-line you need is:
linkd.exe %protectedpartition% %unprotectedpartition%
Example:linkd.exe %systemdrive%\privatfiles D:\Hiddenfolder
The %systemdrive%\privatfiles
folder is accessible, but the files are physically located on D:. You also can change permissions and attributes to secure your files even more. Of course you have to avoid any kind of clearing the partition, otherwise your data will be lost. I haven’t tested it in a HORM environment, only RAM(Reg)Mode on a UFD which works like a charm.
Requirements:
- Additional unprotected partition
- Windows Server 2003 Resource Kit Tools
Windows Embedded Standard 7/8
I’m pretty sure this Workaround will also work with Win7-Codebase, but I never tested it under real condition. With Windows Vista Microsoft implemented more commands into the native command-line. Instead of using linkd.exe
you can now use mklink
in cmd.exe
mklink /j %unprotectedpartition% %protectedpartition%
Example:mklink /j D:\Hiddenfolder %systemdrive%\privatfiles
Comments
Trackbacks