I’m disappointed it doesn’t work, but that’s not the first time I’m over optimistic. 
Another theory would be that you would have to be below the partition manager, since it is the piece of software that can tell you if you are (or not) within a mounted partition. The question is how low do you have to be? At some level the only thing that exists is writing zeros and ones to the block device.
–
Der E.
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:bounce-276985-
xxxxx@lists.osr.com] On Behalf Of xxxxx@stg.com
Sent: mardi 30 janvier 2007 19:15
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Re: RE: RE: RE:*** Vista RTM *** Writing to raw
disk sectors (Unsigned Mail)Edouard A. said:
> Methinks a piece of the puzzle is missing… My crystal ball says
“Signed drivers may write to the disk!”. You can check it in signing
the driver with a certificate present in your root certs store
(makecert, signtool).I just verified that release signing the driver does not workaround the
STATUS_ACCESS_DENIED response to an IRP_MJ_WRITE initiated by my disk
filter driver. (The driver does pass the x64 kernel mode code signing
checks.) I also rebuilt the driver with both DDK 3790 and WDK 6000
with no change in the problem, so it’s not a DDK issue.
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer