Jump to content











is 'Device Manager' mounting your drive?

winfe write protect tool

  • Please log in to reply
6 replies to this topic

#1 Guest_Boot_Monkey_*

Guest_Boot_Monkey_*
  • Guests

Posted 25 June 2012 - 06:26 AM

Hello Fellow users of WinFE,

I'm getting a serious issue with the AutoMounting of disks and I was wondering if some of you can perform a test for me?


Boot up from your WinFE Boot disk and make sure your Disk 0 is *not* mounted and is set to *read-only*
Go into device manager and Scan for hardware changes several times
Then go back to the write protect tool and click on "Rescan" and then see if your Disk 0 is either mounted or not mounted.

I'm finding that my gets not only gets mounted but it's read/write too.

At first I thought it was because I had the proper driver sitting in the system and that was getting installed, but it wasn't.
I deliberately removed the driver so the system would use the generic SATA driver and I still get the problem

#2 tbd879

tbd879
  • Members
  • 7 posts
  •  
    United Kingdom

Posted 27 June 2012 - 08:20 AM

My understanding is that this is a limitation of Windows, in that the first disk recognised by the BIOS will always be mounted. The assumption being you'd always need your boot disk, right? :)

What you shouldn't see however, is any volumes on this disk mounted - and certainly not writeable. Is that the case?

I'm sure someone more knowledgeable will chip in and confirm or refute what I've said!

#3 Guest_Boot_Monkey_*

Guest_Boot_Monkey_*
  • Guests

Posted 27 June 2012 - 09:32 AM

As I've written, pretty much.

Yes, its getting mounted.

#4 cramsden

cramsden

    Member

  • Members
  • 43 posts
  •  
    United Kingdom

Posted 30 June 2012 - 04:37 PM

I've spoken to Boot_Monkey directly regarding this issue.

I suspect it is the action of scanning for hadware changes that is causing the problem.

Probably best not to use device manager, or even better, omit that MMC from the WinFE build.

WinFE will NEVER be perfect unless a a Kernel level filter driver is written (like SAFE).

If it is used as intended, and disks are managed from my application, it should work OK.

#5 Guest_Boot_Monkey_*

Guest_Boot_Monkey_*
  • Guests

Posted 01 July 2012 - 02:30 AM

I'm making people aware that there is potential to accidently write over a drive if they are not careful or aware of what can happen if they start mucking around with the sata controller.

Don't want people to blame your tool. Your tool is working as it should.

Simply removing Device Manager won't remove the problem, because most projects use many other forms of device enumeration and driver management that will do the same thing as having Device Manger enabled.

We need to find out why windows is getting all exciting when the controller has been reset.

Edited by Boot_Monkey, 01 July 2012 - 02:31 AM.


#6 bshavers

bshavers

    Frequent Member

  • Developer
  • 130 posts
  •  
    United States

Posted 18 July 2012 - 10:31 PM

Points well taken, all of them. The use of WinFE as built with Winbuilder does require knowing which selected options will behave when booted. MMC is an extremely powerful feature to have in WinFE, much too more powerful to have at all. The main point of building a WinFE with Winbuilder is having the easiest method of point and click straight to an ISO. The apps run under WinFE should also strictly be forensically sound applications, such as FTK Imager, or X-Ways Forensics. Booting to WinFE and using it only for the intended purpose will be solid. Packing the build full of apps and features without testing them is not the best method.

Alternatively, Colin Ramsden's Lite build method of WinFE does provide the minimum resources on a solid build without Winbuilder. But it is up to the desires of the user as to which method to build.

Keep in mind that any forensic boot system, whether it is *nix or Windows is software based. Be careful and know what you are doing.

#7 cramsden

cramsden

    Member

  • Members
  • 43 posts
  •  
    United Kingdom

Posted 22 July 2012 - 04:01 PM

I've updated my site, www.ramsdens.org.uk with a new version of the WinBuilder script, it does not prevent the mounting happening, just adds a spash screen during boot to warn users not to mess about with certain applications.

I'm going attempt to work on a filter driver which should be the best solution available, however, it's a complicated subject andI'm rather busy writing a thesis at the moment so it's on the back burner at the moment.

Colin.





Also tagged with one or more of these keywords: winfe, write protect tool

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users