Hello,
I wonder if Can I create a protected OS file using Windows API in kernel mode?
I tried to use FILE_ATTRIBUTE_SYSTEM in ZwCreateFile, but doesn’t work.
Thanks…
can you please specify what doesn’t work? does th file get created? or does
it not get the desired characteristics?
it would be helpful if you dump the createfile section of ur code…
On Thu, Apr 14, 2011 at 8:17 PM, wrote:
> Hello,
>
> I wonder if Can I create a protected OS file using Windows API in kernel
> mode?
>
> I tried to use FILE_ATTRIBUTE_SYSTEM in ZwCreateFile, but doesn’t work.
>
> Thanks…
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
–
- amitr0
Are you confusing the DOS +s attribute with system file protection/trusted installer?
d
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Thursday, April 14, 2011 7:47 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Create a Protected Operating System Files
Hello,
I wonder if Can I create a protected OS file using Windows API in kernel mode?
I tried to use FILE_ATTRIBUTE_SYSTEM in ZwCreateFile, but doesn’t work.
Thanks…
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
xxxxx@gmail.com wrote:
I wonder if Can I create a protected OS file using Windows API in kernel mode?
The phrase “protected OS file” doesn’t mean anything. What are you
trying to protect against?
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
An along the way could you also explain what you mean by “using Windows API
in kernel mode”?
Does this mean:
- ZwCreateFile
- NtCreateFile
- CreateFile
Mark Roddy
On Thu, Apr 14, 2011 at 12:41 PM, Tim Roberts wrote:
> xxxxx@gmail.com wrote:
> > I wonder if Can I create a protected OS file using Windows API in kernel
> mode?
>
> The phrase “protected OS file” doesn’t mean anything. What are you
> trying to protect against?
>
> –
> Tim Roberts, xxxxx@probo.com
> Providenza & Boekelheide, Inc.
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
Sorry, when I said “protected OS file”, I mean files like pagefile.sys. I
tried to use ZwCreateFile with FILE_ATTRIBUTE_SYSTEM, but doesn’t work. The
file was created, but even with the option to hide system files turned on it
appears as a normal file.
s,
Thiago Fabre
UNESP / Bauru
(14) 91096114
On Thu, Apr 14, 2011 at 2:17 PM, Mark Roddy wrote:
> An along the way could you also explain what you mean by “using Windows API
> in kernel mode”?
>
> Does this mean:
> 1) ZwCreateFile
> 2) NtCreateFile
> 3) CreateFile
>
> Mark Roddy
>
>
>
> On Thu, Apr 14, 2011 at 12:41 PM, Tim Roberts wrote:
>
>> xxxxx@gmail.com wrote:
>> > I wonder if Can I create a protected OS file using Windows API in kernel
>> mode?
>>
>> The phrase “protected OS file” doesn’t mean anything. What are you
>> trying to protect against?
>>
>> –
>> Tim Roberts, xxxxx@probo.com
>> Providenza & Boekelheide, Inc.
>>
>>
>> —
>> NTDEV is sponsored by OSR
>>
>> For our schedule of WDF, WDM, debugging and other seminars visit:
>> http://www.osr.com/seminars
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>>
>
> — NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and
> other seminars visit: http://www.osr.com/seminars To unsubscribe, visit
> the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
Thiago Fabre wrote:
Sorry, when I said “protected OS file”, I mean files like
pagefile.sys. I tried to use ZwCreateFile with FILE_ATTRIBUTE_SYSTEM,
but doesn’t work. The file was created, but even with the option to
hide system files turned on it appears as a normal file.
pagefile.sys is created with both the system and hidden bits set.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
I was thinking it was a different attribute.
Thanks man
s,
Thiago Fabre