Version 1.30 delayed

Due to some issues with Windows Vista again, I have to postpone the release of USB Image Tool 1.30. I had everything working fine on Windows XP, but when I tested it on Windows Vista, restoring device images didn’t work. After some research I found out, that Vista prevents writing special sectors to fix a security leak. It seems like you can poison other processes memory by modifying the pagefile and overwriting its sectors directly on the disk. For people, who are interested in the technical details, I can recommend Joanna Rutkowska’s blog entry.

As a workaround for this behaviour on Vista I have to split the restore funtionality for the device mode into 2 steps. The first step zeroes the old MBR. After reinserting the USB device it becomes completely writable for the device mode. I hope I can get the version ready by the end of September.

Tags:

2 Responses to “Version 1.30 delayed”

  1. Alex Says:

    Try

    DeviceIoControl (hDevice, FSCTL_LOCK_VOLUME, NULL, 0, NULL, 0, &nbWrite, NULL)

    before accessing the drive. As far as I remember, Vista doesn’t allow to lock volumes that contain pagefiles, so you should be able to lock usb sticks.

  2. Alex Says:

    Thanks,

    I’ll try it, but I’m working with physical drives in this mode. As far as I understand the MSDN entry, FSCTL_LOCK_VOLUME only works with volumes. Nevertheless I will give it a chance.

Leave a Reply