Hi all,
I developed minifilter driver,that working fine for all windows operating system, but I want this to run in Safe Mode.
How I can make this for safe mode, if anybody knows let me know.
Thanks,
Perhaps you should explain why you want to do this. I could tell you, but it
sounds like
malware to me, so I’m not going to… And I hope no one else will until you
explain this
requirement.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@yahoo.com
Sent: Monday, April 06, 2009 3:11 AM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] Driver in Safe Mode
Hi all,
I developed minifilter driver,that working fine for all windows operating
system, but I want this to run in Safe Mode.
How I can make this for safe mode, if anybody knows let me know.
Thanks,
NTFSD is sponsored by OSR
For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Hi Matt,
Yes, actually I want to secure my data in safe mode also as well as in Normal mode.
My driver protect my data.
Thanks,
The whole purpose of ‘safe mode’ is to load a minimal set of drivers.
Anyways, the boot time drivers get loaded automatically. But you need to know the restrictions imposed in safe mode.
Your driver can detect booting in safe mode by checking the value of *InitSafeBootMode variable exported by the kernel and decide whether to load or not.
Refer to http://support.microsoft.com/kb/837643 for more details.
Regards,
Ayush Gupta
http://windows-internals.blogspot.com
— On Mon, 6/4/09, xxxxx@yahoo.com wrote:
> From: xxxxx@yahoo.com
> Subject: RE:[ntfsd] Driver in Safe Mode
> To: “Windows File Systems Devs Interest List”
> Date: Monday, 6 April, 2009, 2:29 PM
> Hi Matt,
>
> Yes, actually I want to secure my data in safe mode also as
> well as in Normal mode.
>
>
> My driver protect my data.
>
> Thanks,
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule of debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online
> at http://www.osronline.com/page.cfm?name=ListServer
>
Check out the all-new face of Yahoo! India. Go to http://in.yahoo.com/
Hi,
I did not get any positive thing how to run filter driver in Safe mode, Is there any possibilities then let me know.
Thanks
NO. You were asked for justification and ‘I want to’ is not adequate.
Sounds too much like someone writing a virus.
wrote in message news:xxxxx@ntfsd…
> Hi,
>
> I did not get any positive thing how to run filter driver in Safe mode, Is
> there any possibilities then let me know.
>
>
> Thanks
>
On Mon, 6 Apr 2009, xxxxx@yahoo.com wrote:
I did not get any positive thing how to run filter driver in Safe mode, Is there any possibilities then let me know.
There has been some bull shit posts about malware and virus in this thread
but to answer your question: In safe mode all boot start drivers are
loaded AND the drivers listed in
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
so you have two methods to make sure youre filter is loaded in safe mode,
if you can’t make it a boot start driver you can enter it in that list.
Bo Branten
> There has been some bull shit posts about malware and virus
in this thread but to answer your question:
Not to sound offensive, but this is not bullshit. Malwares CAN actually try to do these stuff so that they cant be removed even by booting the system in safe mode. Just so you know, I already told him that all boot time drivers get loaded. An ya, you added the ones that are placed under the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot.
The answer was definitely not hard; infact most of the ppl would have known about safe mode thing. BUT! people really want to know whether there is a genuine scenario or just some other malware writer trying to do some crappy thing. 
Again, no offense! Just wanted to support the views of other repliers.
Regards,
Ayush Gupta
http://windows-internals.blogspot.com/
Unlimited freedom, unlimited storage. Get it now, on http://help.yahoo.com/l/in/yahoo/mail/yahoomail/tools/tools-08.html/
Would you be so kind as to share with everyone what isn’t bullshit?
Real concerns about malware creation and copyright’s seem like
legitimate issues to me.
But then again, apparently your desire to take your malfeasance to a new
level is rather unique; then again that is only my opinion.
Matt
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Bo Brant?n
Sent: Monday, April 06, 2009 6:30 AM
To: Windows File Systems Devs Interest List
Subject: RE:[ntfsd] Driver in Safe Mode
On Mon, 6 Apr 2009, xxxxx@yahoo.com wrote:
I did not get any positive thing how to run filter driver in Safe mode, Is
there any possibilities then let me know.
There has been some bull shit posts about malware and virus in this thread
but to answer your question: In safe mode all boot start drivers are
loaded AND the drivers listed in
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
so you have two methods to make sure youre filter is loaded in safe mode,
if you can’t make it a boot start driver you can enter it in that list.
Bo Branten
NTFSD is sponsored by OSR
For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Another option - disable Safe Mode
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@yahoo.com
Sent: 06 April 2009 09:59
To: Windows File Systems Devs Interest List
Subject: RE:[ntfsd] Driver in Safe Mode
*** WARNING ***
This mail has originated outside your organization, either from an
external partner or the Global Internet.
Keep this in mind if you answer this message.
Hi Matt,
Yes, actually I want to secure my data in safe mode also as well as in
Normal mode.
My driver protect my data.
Thanks,
NTFSD is sponsored by OSR
For our schedule of debugging and file system seminars (including our
new fs mini-filter seminar) visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
********************************************************************
This email and any attachments are confidential to the intended
recipient and may also be privileged. If you are not the intended
recipient please delete it from your system and notify the sender.
You should not copy it or use it for any purpose nor disclose or
distribute its contents to any other person.
********************************************************************
>
Another option - disable Safe Mode
OH MY GOD! What an opinion!
Regards,
Ayush Gupta
http://windows-internals.blogspot.com/
Add more friends to your messenger and enjoy! Go to http://messenger.yahoo.com/invite/
Why laugh Ayush?
On some systems I’ve managed to disable boot threw some rather ingenious code.
Matt
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Ayush Gupta
Sent: Tuesday, April 07, 2009 2:00 AM
To: Windows File Systems Devs Interest List
Subject: RE: [ntfsd] Driver in Safe Mode
Another option - disable Safe Mode
OH MY GOD! What an opinion!
Regards,
Ayush Gupta
http://windows-internals.blogspot.com/
Add more friends to your messenger and enjoy! Go to http://messenger.yahoo.com/invite/
NTFSD is sponsored by OSR
For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
I am not saying that you can’t do. The point is that you should not do. Many a times, safe boot is the only option left to boot the system.
Regards,
Ayush Gupta
http://windows-internals.blogspot.com/
— On Tue, 7/4/09, Matt wrote:
> From: Matt
> Subject: RE: [ntfsd] Driver in Safe Mode
> To: “Windows File Systems Devs Interest List”
> Date: Tuesday, 7 April, 2009, 12:39 PM
> Why laugh Ayush?
>
> On some systems I’ve managed to disable boot threw some
> rather ingenious code.
>
> Matt
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com]
> On Behalf Of Ayush Gupta
> Sent: Tuesday, April 07, 2009 2:00 AM
> To: Windows File Systems Devs Interest List
> Subject: RE: [ntfsd] Driver in Safe Mode
>
>
>
> >
> > Another option - disable Safe Mode
>
> OH MY GOD! What an opinion!
>
> Regards,
> Ayush Gupta
> http://windows-internals.blogspot.com/
>
>
>
> ? ? ? Add more friends to your messenger and
> enjoy! Go to http://messenger.yahoo.com/invite/
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule of debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online
> at http://www.osronline.com/page.cfm?name=ListServer
>
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule of debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online
> at http://www.osronline.com/page.cfm?name=ListServer
>
Add more friends to your messenger and enjoy! Go to http://messenger.yahoo.com/invite/
Bad joke… disable boot…
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ayush Gupta
Sent: Tuesday, April 07, 2009 2:11 AM
To: Windows File Systems Devs Interest List
Subject: RE: [ntfsd] Driver in Safe Mode
I am not saying that you can’t do. The point is that you should not do. Many
a times, safe boot is the only option left to boot the system.
Regards,
Ayush Gupta
http://windows-internals.blogspot.com/
— On Tue, 7/4/09, Matt wrote:
> From: Matt
> Subject: RE: [ntfsd] Driver in Safe Mode
> To: “Windows File Systems Devs Interest List”
> Date: Tuesday, 7 April, 2009, 12:39 PM
> Why laugh Ayush?
>
> On some systems I’ve managed to disable boot threw some
> rather ingenious code.
>
> Matt
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com]
> On Behalf Of Ayush Gupta
> Sent: Tuesday, April 07, 2009 2:00 AM
> To: Windows File Systems Devs Interest List
> Subject: RE: [ntfsd] Driver in Safe Mode
>
>
>
> >
> > Another option - disable Safe Mode
>
> OH MY GOD! What an opinion!
>
> Regards,
> Ayush Gupta
> http://windows-internals.blogspot.com/
>
>
>
> ? ? ? Add more friends to your messenger and
> enjoy! Go to http://messenger.yahoo.com/invite/
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule of debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online
> at http://www.osronline.com/page.cfm?name=ListServer
>
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule of debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online
> at http://www.osronline.com/page.cfm?name=ListServer
>
Add more friends to your messenger and enjoy! Go to
http://messenger.yahoo.com/invite/
—
NTFSD is sponsored by OSR
For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
The OP suggested he didn’t want users to be able to use safe mode to
access data. On a secure system should users be able to access safe mode
at all?
Obviously disabling safe mode isnt useful for driver development (or
system administration), but for building a system for delivery to a
customer the user doesn’t then have the ability to do things that safe
mode allows you to do.
On a system I am aware of safe mode is disabled on workstations for
security reasons. By renaming the required registry keys an
administrator can regain access to safe mode if needed.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ayush Gupta
Sent: 07 April 2009 08:00
To: Windows File Systems Devs Interest List
Subject: RE: [ntfsd] Driver in Safe Mode
*** WARNING ***
This mail has originated outside your organization, either from an
external partner or the Global Internet.
Keep this in mind if you answer this message.
Another option - disable Safe Mode
OH MY GOD! What an opinion!
Regards,
Ayush Gupta
http://windows-internals.blogspot.com/
Add more friends to your messenger and enjoy! Go to
http://messenger.yahoo.com/invite/
NTFSD is sponsored by OSR
For our schedule of debugging and file system seminars (including our
new fs mini-filter seminar) visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
********************************************************************
This email and any attachments are confidential to the intended
recipient and may also be privileged. If you are not the intended
recipient please delete it from your system and notify the sender.
You should not copy it or use it for any purpose nor disclose or
distribute its contents to any other person.
********************************************************************