請先看『使用說明』
EWF Module
From LEXWiKi
Contents |
Why to use EWF?
Enhanced Write Filter (EWF) provides the ability to write-protect a run-time image. By redirecting all write requests to either a separate disk partition(Disk mode) or RAM(Ram-Reg mode).
How many modes does EWF has?
There are Disk mode and Ram-Reg mode.
What's different about the modes?
Ram-Reg mode works by clear all the write requests when reboot.
1.System will restore when reboot. 2.Doesn't need any other invisible partition.
Disk mode works by the check point and restore.So Disk mode needs an invisible partition to save the write request of the check points.
1.Can set 9 check points. 2.Doesn't restore when reboot only if enter a restore commend. 3.Need an invisible partition in storage. 4.If you will do a big write request , ex:download some file , please disable the EWF first. If the size of the write request is bigger than the size of the invisible partition. The WES will be crash. 5.There are no Disk mode in WES7.
The Sample code source you can download form
Source file: EWF_Manager_v1.5_Src.rar
Binary file: EWF_Manager_v1.5_Bin.rar
How to use the DEMO application
1&2.Choose the EWF partition.
3.Enable EWF.
4.Disable EWF.
5.Commit EWF-In RAM-Reg mod:Can do change on OS without reboot.In DISK mode,the layer will set to 1.
6.Clear the command which you chose.
7.Show the drive information.
8.Show the EWF information.
9.Reboot.
10.After choose the EWF partition,here will show the EWF infomation.
11.You can set checkpoint when DISK mode.
12.Choose the layer which you want to restore.
13.You can restore the system when DISK mode.
14.Go to layer1 , and the other layer will disappear.
Sample code Introduction
Do EWF Enable
DWORD CEWF::DoEwfEnable(LPCWSTR szProVolName,BOOL bReboot) { DWORD dwStatus = ERROR_SUCCESS; HANDLE hProVol = INVALID_HANDLE_VALUE; BOOL bResult = FALSE; // Use the volume name to open a handle to this protected volume. hProVol = EwfMgrOpenProtected(szProVolName); EwfMgrEnable(hProVol); // This command requires a reboot to take effect. if (bReboot) DoReboot(); return dwStatus; }
Do EWF Disable
DWORD CEWF::DoEwfDisable(LPCWSTR szProVolName , BOOL fCommit, BOOL bReboot) { DWORD dwStatus = ERROR_SUCCESS; HANDLE hProVol = INVALID_HANDLE_VALUE; BOOL bResult = FALSE; // Use the volume name to open a handle to this protected volume. hProVol = EwfMgrOpenProtected(szProVolName); EwfMgrDisable(hProVol,fCommit); // This command requires a reboot to take effect. if (bReboot) DoReboot(); return dwStatus; }
Do EWF Commit
DWORD CEWF::DoEwfCommit (LPCWSTR szProVolName , BOOL bReboot) { DWORD dwStatus = ERROR_SUCCESS; HANDLE hProVol = INVALID_HANDLE_VALUE; BOOL bResult = FALSE; // Use the volume name to open a handle to this protected volume. hProVol = EwfMgrOpenProtected(szProVolName); EwfMgrCommit(hProVol); // This command requires a reboot to take effect. if (bReboot) DoReboot(); return dwStatus; }
Do Set checkpoint
DWORD CEWF::DoEwfCheckPoint (LPCWSTR szProVolName, BOOL bReboot) { DWORD dwStatus = ERROR_SUCCESS; HANDLE hProVol = INVALID_HANDLE_VALUE; BOOL bResult = FALSE; // Use the volume name to open a handle to this protected volume. hProVol = EwfMgrOpenProtected(szProVolName); EwfMgrCheckpoint(hProVol,L"Optional description"); // This command requires a reboot to take effect. if (bReboot) DoReboot(); return dwStatus; }
Do Restore
DWORD CEWF::DoEwfRestore(LPCWSTR szProVolName, BOOL bReboot) { DWORD dwStatus = ERROR_SUCCESS; HANDLE hProVol = INVALID_HANDLE_VALUE; BOOL bResult = FALSE; // Use the volume name to open a handle to this protected volume. hProVol = EwfMgrOpenProtected(szProVolName); EwfMgrRestore(hProVol); // This command requires a reboot to take effect. if (bReboot) DoReboot(); return dwStatus; }
Do EWF SetLevel
DWORD CEWF::DoEwfSetLevel(LPCWSTR szProVolName , BOOL bReboot) { DWORD dwStatus = ERROR_SUCCESS; HANDLE hProVol = INVALID_HANDLE_VALUE; BOOL bResult = FALSE; // Use the volume name to open a handle to this protected volume. hProVol = EwfMgrOpenProtected(szProVolName); EwfMgrSetLevel( hProVol, L"Optional Description", 0, // Level zero to be restored back to the protected volume. FALSE); // Cannot delete the protected volumes data. // This command requires a reboot to take effect. if (bReboot) DoReboot(); return dwStatus; }