Sign in to follow this  
JSKY

Vista's File System Virtualization

Recommended Posts

One of the new security features within Windows Vista that is not visually evident, is file system virtualization. This type of virtualization allows an application to create a virtual file where it can read and write to without compromising the system.

(this could also give you "ACCESS DENIED" on some folders, if you un-hide "files and Folders" and then try to open them)

OK. Let's say you have an application that attempts to write to your System32. Instead of allowing the application to do so, Vista creates a virtual System32 folder in the user's profile that the application will use.

"Example" Here, IE7 running in protected mode utilizes this functionality so when you visit a webpage that tries to insert a file into the Startup folder, it instead is placed in the virtual startup folder and will not execute upon the next boot.

Here, let's look at a demonstration on how virtualization works.

Open up a command prompt as a standard user and CMD to Windows\System32 and then enter the following:

echo hello > hello.txt

post-60-1180235205_thumb.png

Here you can see we get an Access Denied error. If we open up Task Manager and look at the Virtualization column we can see that it is disabled for CMD.EXE. Right click the EXE and we can see an option called Virtualization.

Note: You may have to show the Virtualization column by clicking View --> Select Columns --> Virtualization

post-60-1180235331_thumb.jpg

Enabling this will brings up a warning message, but for now we can ignore this for this test.

post-60-1180235420_thumb.jpg

We can now run the command in CMD.EXE and this time we will see that it completes successfully.

post-60-1180235476_thumb.png

Now open Explorer and browse to Windows\System32 and we can see that there is no hello.txt file. What we do see is a button called Compatibility Files.

post-60-1180235546_thumb.png

Now if we click this we are taken to a folder that does contain the hello.txt file. If we look at the path we can see that this has been created in the user profile with the same path under the VirtualStore directory.

post-60-1180235623_thumb.png

Now you have a idea on how Virtualization uses Virtual Folders in Vista. And how it is helpful in detouring unwanted melware to cause problems within your system.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this