EWF Module

From LEXWiKi

Jump to: navigation, search

Contents

Why to use EWF?

Enhanced Write Filter (EWF) provides the ability to write-protect a run-time image. By redirecting all write requests to either a separate disk partition(Disk mode) or RAM(Ram-Reg mode).

How many modes does EWF has?

There are Disk mode and Ram-Reg mode.

What's different about the modes?

Ram-Reg mode works by clear all the write requests when reboot.

1.System will restore when reboot.
2.Doesn't need any other invisible partition.

Disk mode works by the check point and restore.So Disk mode needs an invisible partition to save the write request of the check points.

1.Can set 9 check points.
2.Doesn't restore when reboot only if enter a restore commend.
3.Need an invisible partition in storage.
4.If you will do a big write request , ex:download some file , please disable the EWF first. 
  If the size of the write request is bigger than the size of the invisible partition. The WES will be crash.
5.There are no Disk mode in WES7.

The Sample code source you can download form

<Google Drive>

Source file: EWF_Manager_Src_v1.5

Binary file: EWF_Manager_Bin_v1.5

<FTP>

Source file: EWF_Manager_Src_v1.5

Binary file: EWF_Manager_Bin_v1.5

How to use the DEMO application

Image:EWF.jpg

1&2.Choose the EWF partition.

3.Enable EWF.

4.Disable EWF.

5.Commit EWF-In RAM-Reg mod:Can do change on OS without reboot.In DISK mode,the layer will set to 1.

6.Clear the command which you chose.

7.Show the drive information.

8.Show the EWF information.

9.Reboot.

10.After choose the EWF partition,here will show the EWF infomation.

11.You can set checkpoint when DISK mode.

12.Choose the layer which you want to restore.

13.You can restore the system when DISK mode.

14.Go to layer1 , and the other layer will disappear.


Sample code Introduction

Do EWF Enable

DWORD CEWF::DoEwfEnable(LPCWSTR szProVolName,BOOL bReboot) 
{
    DWORD dwStatus = ERROR_SUCCESS;
    HANDLE hProVol = INVALID_HANDLE_VALUE;
    BOOL bResult = FALSE;
 
    // Use the volume name to open a handle to this protected volume.
    hProVol = EwfMgrOpenProtected(szProVolName);

    EwfMgrEnable(hProVol);
	
    // This command requires a reboot to take effect.
    if (bReboot) DoReboot();
 	
    return dwStatus;	
}

Do EWF Disable

DWORD CEWF::DoEwfDisable(LPCWSTR szProVolName , BOOL fCommit, BOOL bReboot) 
{	
    DWORD dwStatus = ERROR_SUCCESS;
    HANDLE hProVol = INVALID_HANDLE_VALUE;
    BOOL bResult = FALSE;

    // Use the volume name to open a handle to this protected volume.
    hProVol = EwfMgrOpenProtected(szProVolName);

    EwfMgrDisable(hProVol,fCommit);

    // This command requires a reboot to take effect.
    if (bReboot) DoReboot();

    return dwStatus;
}

Do EWF Commit

DWORD CEWF::DoEwfCommit (LPCWSTR szProVolName , BOOL bReboot) 
{
    DWORD dwStatus = ERROR_SUCCESS;
    HANDLE hProVol = INVALID_HANDLE_VALUE;
    BOOL bResult = FALSE;

    // Use the volume name to open a handle to this protected volume.
    hProVol = EwfMgrOpenProtected(szProVolName);

    EwfMgrCommit(hProVol);
	    
    // This command requires a reboot to take effect.
    if (bReboot) DoReboot();
	
    return dwStatus;
}

Do Set checkpoint

DWORD CEWF::DoEwfCheckPoint (LPCWSTR szProVolName, BOOL bReboot) 
{
    DWORD dwStatus = ERROR_SUCCESS;
    HANDLE hProVol = INVALID_HANDLE_VALUE;
    BOOL bResult = FALSE;
	
    // Use the volume name to open a handle to this protected volume.
    hProVol = EwfMgrOpenProtected(szProVolName);

    EwfMgrCheckpoint(hProVol,L"Optional description");

    // This command requires a reboot to take effect.
    if (bReboot) DoReboot();

    return dwStatus;
}

Do Restore

DWORD CEWF::DoEwfRestore(LPCWSTR szProVolName, BOOL bReboot) 
{
    DWORD dwStatus = ERROR_SUCCESS;
    HANDLE hProVol = INVALID_HANDLE_VALUE;
    BOOL bResult = FALSE;

    // Use the volume name to open a handle to this protected volume.
    hProVol = EwfMgrOpenProtected(szProVolName);
	
    EwfMgrRestore(hProVol);
    
    // This command requires a reboot to take effect.
    if (bReboot) DoReboot();
	
    return dwStatus;
}

Do EWF SetLevel

DWORD CEWF::DoEwfSetLevel(LPCWSTR szProVolName , BOOL bReboot) 
{
    DWORD dwStatus = ERROR_SUCCESS;
    HANDLE hProVol = INVALID_HANDLE_VALUE;
    BOOL bResult = FALSE;

    // Use the volume name to open a handle to this protected volume.
    hProVol = EwfMgrOpenProtected(szProVolName);

    EwfMgrSetLevel(
               hProVol,
               L"Optional Description",
               0,        // Level zero to be restored back to the protected volume.
               FALSE);   // Cannot delete the protected volumes data.
    // This command requires a reboot to take effect.
    if (bReboot) DoReboot();

    return dwStatus;
}
Personal tools