Announcement

Collapse
No announcement yet.

If I were to write a Virtual Drive detector...

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • If I were to write a Virtual Drive detector...

    If I were to write a Virtual Drive detector, I would check the the registry of the drive controller. If the controller doesn't use ANY I/O ports or ANY assigned IRQs, the controller is a virtual device, and so does the drive it controls.

    While the registry data is only accessible by administrators, most Windows XP users are still using an Administrator group. Even when creating a new user via the User Accounts control panel, the default group is Administrator. And I bet most user ignore this and be an Administrator anyway.

    System-only registry data can easily be modified by Administrators and SysInternals-style hidden registry method is already available for public.

    My suggestion is, provide a virtually assigned I/O port(s) AND virtually assigned IRQ. Add a virtually used hardware memory (eg. BIOS) also helps. Read-locking the above registry data is impossible and useless since the data is required by the system itself.

    Hope that helps and hope it get virtually real.

  • #2
    Ever heared anything about Daemon Tools v4?
    Everybody be cool! You, be cool!
    They'll keep fighting! And they'll win!

    Comment


    • #3
      The registry data isnt only accessible by admins.. infact pretty much any user can read it (apart from the sptd data etc.. but thats another story)...

      nice idea though, if you had a time machine you could probably go back in time and say you thought of it... sadly as Copytrooper states, its already done.. and virtual drive detection isn't just registry data analysis... theres LOTS of different ways...
      my views are 100% personal views..

      Comment


      • #4
        Originally Posted by Copytrooper
        Ever heared anything about Daemon Tools v4?
        Duh! It seems that I forgot to actually inspect the DT registry data. It already has them. Silly me... :P

        But, wait a minute... The SCSI controller's service is bogus! Its active service name (the device driver) is random (which is okay), but doesn't exist neither in the registry, system, nor disk (not okay). It should have updated the name to SPTD (single driver for many device is okay). I guess it didn't cover its tracks properly.

        Comment


        • #5
          you should really build an understanding of the os and dt and spti before commenting on it...
          it does exist in the registry, the keys are protected as i stated..
          my views are 100% personal views..

          Comment

          Working...
          X