Archives

• September 2008
• April 2008
• October 2007
• September 2007
• August 2007
• July 2007
• June 2007
• May 2007
• April 2007
• March 2007
• February 2007
• January 2007
• December 2006
• November 2006
• October 2006
• September 2006
• August 2006
• July 2006
• June 2006
• May 2006
• April 2006
• March 2006
• February 2006
• January 2006
• December 2005
• November 2005

Categories

• AI (1)
• authentication (4)
• Blogging (38)
• Culture (27)
• DDK (89)
• General nonsense (29)
• Intellectual Property (9)
• Microsoft (52)
• Networking (23)
• PhoneFactor (5)
• Positive Networks (8)
• Programming (115)
• Security (46)
• two-factor (4)
• Uncategorized (38)
• Vista (34)
• WDK (26)
• Windows (56)

Links

• A Hole In My Head
• Alex Ionescu's Blog
• Antimail
• Buggin' My Life Away
• craigrow: blogging about developing, testing and getting a logo for your drivers using the Windows Driver Kit and the Driver Test Manager
• Dana Epp's ramblings at the Sanctuary
• DebugInfo.com - Oleg Starodumov
• Fabulous Adventures In Coding
• Joel on Software
• Larry Osterman's WebLog
• Lori Pearce's WebLog
• Mark's Sysinternals Blog
• Metasploit
• Michael Howard's Web Log
• Nynaeve
• Pointless Blathering
• Positive Networks
• Positive Networks Blog
• Q & Stuff
• Schneier on Security
• Schwieb
• Sorting It All Out
• The Old New Thing
• Under The Hood - Matt Pietrek

Meta

• Register
• Login
• Valid XHTML
• XFN
• WordPress
• Domain
• Website Design
• Web Hosting

The death of WFP

One of the nicer little changes to Vista is the re-engineering of Windows File Protection into Windows Resource Protection (WRP). As everyone who’s ever tried to construct a partial checked build knows, replacing a file like ndis.sys in older OSes was a pain - you had to edit the registry and boot with the debugger to keep windows from silently clobbering your replaced file.

Windows Vista takes a much more intelligent approach to the problem: it prevents users from deleting these files in the first place, using the built-in security mechanisms of the OS. Protected resources get an ACL that prevents writes/deletes/etc, and the files are owned by a special user.

Now, if you want to replace a file for testing purposes, life is a lot easier - just take ownership of the file, give yourself full control, and re-name the old file. Drop in the new file and you’re done - no need to worry about the watchdog thread any more.

WRP also protects registry keys now using the same mechanism. More info is available at http://msdn2.microsoft.com/en-us/library/aa382503.aspx

This entry was posted on Tuesday, March 27th, 2007 at 10:30 am and is filed under Vista, Microsoft, WDK. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

No Responses to “The death of WFP”

No comments yet

Leave a Reply

Name

Mail (will not be published)

Website

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

Recent Posts

• Windows 7 Server == Windows Server 2008 R2
• Bad Idea: Making assumptions about CPU number
• At Driver DevCon
• Free advice (being worth what you pay for it, of course)
• PhoneFactor video
• Interesting peek at Win7
• No more single-core chips
• I guess it depends on what you’re hex editing
• Metasploit as the security Mendoza line
• The return of err.exe

Recent Comments

• Manny
• dispensa
• doug
• dispensa
• Yossi