Hello Fellow users of WinFE,
I'm getting a serious issue with the AutoMounting of disks and I was wondering if some of you can perform a test for me?
Boot up from your WinFE Boot disk and make sure your Disk 0 is *not* mounted and is set to *read-only*
Go into device manager and Scan for hardware changes several times
Then go back to the write protect tool and click on "Rescan" and then see if your Disk 0 is either mounted or not mounted.
I'm finding that my gets not only gets mounted but it's read/write too.
At first I thought it was because I had the proper driver sitting in the system and that was getting installed, but it wasn't.
I deliberately removed the driver so the system would use the generic SATA driver and I still get the problem
is 'Device Manager' mounting your drive?
Started by
Guest_Boot_Monkey_*
, Jun 25 2012 06:26 AM
winfe write protect tool
6 replies to this topic
#1 Guest_Boot_Monkey_*
Posted 25 June 2012 - 06:26 AM
#2
Posted 27 June 2012 - 08:20 AM
My understanding is that this is a limitation of Windows, in that the first disk recognised by the BIOS will always be mounted. The assumption being you'd always need your boot disk, right?
What you shouldn't see however, is any volumes on this disk mounted - and certainly not writeable. Is that the case?
I'm sure someone more knowledgeable will chip in and confirm or refute what I've said!
What you shouldn't see however, is any volumes on this disk mounted - and certainly not writeable. Is that the case?
I'm sure someone more knowledgeable will chip in and confirm or refute what I've said!
#3 Guest_Boot_Monkey_*
Posted 27 June 2012 - 09:32 AM
As I've written, pretty much.
Yes, its getting mounted.
Yes, its getting mounted.
#4
Posted 30 June 2012 - 04:37 PM
I've spoken to Boot_Monkey directly regarding this issue.
I suspect it is the action of scanning for hadware changes that is causing the problem.
Probably best not to use device manager, or even better, omit that MMC from the WinFE build.
WinFE will NEVER be perfect unless a a Kernel level filter driver is written (like SAFE).
If it is used as intended, and disks are managed from my application, it should work OK.
I suspect it is the action of scanning for hadware changes that is causing the problem.
Probably best not to use device manager, or even better, omit that MMC from the WinFE build.
WinFE will NEVER be perfect unless a a Kernel level filter driver is written (like SAFE).
If it is used as intended, and disks are managed from my application, it should work OK.
#5 Guest_Boot_Monkey_*
Posted 01 July 2012 - 02:30 AM
I'm making people aware that there is potential to accidently write over a drive if they are not careful or aware of what can happen if they start mucking around with the sata controller.
Don't want people to blame your tool. Your tool is working as it should.
Simply removing Device Manager won't remove the problem, because most projects use many other forms of device enumeration and driver management that will do the same thing as having Device Manger enabled.
We need to find out why windows is getting all exciting when the controller has been reset.
Don't want people to blame your tool. Your tool is working as it should.
Simply removing Device Manager won't remove the problem, because most projects use many other forms of device enumeration and driver management that will do the same thing as having Device Manger enabled.
We need to find out why windows is getting all exciting when the controller has been reset.
Edited by Boot_Monkey, 01 July 2012 - 02:31 AM.
#6
Posted 18 July 2012 - 10:31 PM
Points well taken, all of them. The use of WinFE as built with Winbuilder does require knowing which selected options will behave when booted. MMC is an extremely powerful feature to have in WinFE, much too more powerful to have at all. The main point of building a WinFE with Winbuilder is having the easiest method of point and click straight to an ISO. The apps run under WinFE should also strictly be forensically sound applications, such as FTK Imager, or X-Ways Forensics. Booting to WinFE and using it only for the intended purpose will be solid. Packing the build full of apps and features without testing them is not the best method.
Alternatively, Colin Ramsden's Lite build method of WinFE does provide the minimum resources on a solid build without Winbuilder. But it is up to the desires of the user as to which method to build.
Keep in mind that any forensic boot system, whether it is *nix or Windows is software based. Be careful and know what you are doing.
Alternatively, Colin Ramsden's Lite build method of WinFE does provide the minimum resources on a solid build without Winbuilder. But it is up to the desires of the user as to which method to build.
Keep in mind that any forensic boot system, whether it is *nix or Windows is software based. Be careful and know what you are doing.
#7
Posted 22 July 2012 - 04:01 PM
I've updated my site, www.ramsdens.org.uk with a new version of the WinBuilder script, it does not prevent the mounting happening, just adds a spash screen during boot to warn users not to mess about with certain applications.
I'm going attempt to work on a filter driver which should be the best solution available, however, it's a complicated subject andI'm rather busy writing a thesis at the moment so it's on the back burner at the moment.
Colin.
I'm going attempt to work on a filter driver which should be the best solution available, however, it's a complicated subject andI'm rather busy writing a thesis at the moment so it's on the back burner at the moment.
Colin.
Also tagged with one or more of these keywords: winfe, write protect tool
Groups →
Windows Extreme →
Windows PE →
REG command not recognizingStarted by Blackbeauty , 24 Mar 2016 winpe, winfe |
|
|
||
Groups →
Windows Extreme →
Windows PE →
Speed of tools installed in WinFEStarted by Blackbeauty , 24 Jun 2015 winpe, winfe |
|
|
||
Groups →
Security →
Forensics →
WinFE →
Adding Drivers to WinFEStarted by llewis , 25 Oct 2013 drivers, winfe |
|
|
||
|
Boot methods & tools →
WinBuilder →
Projects →
Mini-WinFEStarted by misty , 14 Oct 2013 windows forensic environment and 1 more... |
|
|
|
Groups →
Community forum →
Hello world! →
Hello! Questions commence...Started by llewis , 12 Sep 2013 script, portable, build, winfe and 2 more... |
|
|
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users