[9fans] bind on windows?

Discussion:

(too old to reply)

Nick LaForge

2012-04-01 20:12:59 UTC

On Windows, I often want to plop a single file into some admin-owned
directory. E.g., I have +rx perms but not write, and some
admin-installed program insists on writing to or reading/executing a
plugin of mine in its own u-w directory. Has anybody used something
like bind on Windows? I found this, but it looks like overkill:
http://dokan.googlecode.com/svn/trunk/dokan/readme.txt

Nick LaForge

2012-04-01 20:14:55 UTC

Permalink

(should have said o-w and not u-w)

Post by Nick LaForge
On Windows, I often want to plop a single file into some admin-owned
directory. E.g., I have +rx perms but not write, and some
admin-installed program insists on writing to or reading/executing a
plugin of mine in its own u-w directory. Has anybody used something
http://dokan.googlecode.com/svn/trunk/dokan/readme.txt

Aram Hăvărneanu

2012-04-01 20:41:39 UTC

Permalink

When I was writing Windows file systems for living, I played with the
Dokan library. Played is a very good word, it's a toy, at best. And
maybe even that's an overstatement.

Implementing bind in a file system filter is easy, as far as writing
Windows filesystems goes, but unfortunately to be able to hand it to
people you need to pay around $400 to some certificate authority to
sign your kernel mode driver, else Windows won't load it.

If you're the only user you can add yourself as a certificate
authority, and you can use your own work for free.

Nick LaForge

2012-04-01 21:05:20 UTC

Permalink

Thanks; it's for my own convenience and not for others, so
certificates aren't an issue.

Post by Aram HÄvÄrneanu
When I was writing Windows file systems for living, I played with the
Dokan library. Played is a very good word, it's a toy, at best. And
maybe even that's an overstatement.
Implementing bind in a file system filter is easy, as far as writing
Windows filesystems goes, but unfortunately to be able to hand it to
people you need to pay around $400 to some certificate authority to
sign your kernel mode driver, else Windows won't load it.
If you're the only user you can add yourself as a certificate
authority, and you can use your own work for free.

erik quanstrom

2012-04-02 01:19:16 UTC

Permalink

Post by Aram HÄvÄrneanu
Implementing bind in a file system filter is easy, as far as writing
Windows filesystems goes, but unfortunately to be able to hand it to
people you need to pay around $400 to some certificate authority to
sign your kernel mode driver, else Windows won't load it.

iirc, you can load it, but it requires some hoops. getting a hoop-free
version requires a whcl sig, and that costs $75 and a few days of tests.

- erik

Aram Hăvărneanu

2012-04-02 10:05:14 UTC

Permalink

iirc, you can load it, but it requires some hoops. getting a hoop-free
version requires a whcl sig, and that costs $75 and a few days of tests.

You can load it in either two ways, you can boot into test mode, which
disables signature checking and writes "Test mode" in the bottom right
corner of the screen, or you can properly sign the binary yourself and
add yourself as a root CA in the certificate store.

Loading a kernel mode binary doesn't require a WHQL cross-signature,
but WHQL will disable some yellow warnings otherwise shown to the
user. WHQL is very expensive, depends on the type of driver, for what
I was doing it was in the order of $2k/test. Every new version of the
binary required a new test. Other types of drivers are cheaper or more
expensive, we never bothered with WHQL, it was too expensive for us.
There was no WHQL option for file system and I believe that stands
true today as well.

Regular, non-WHQL signature you can use are much expensive than $75,
they are in the order of $500/year:
http://www.symantec.com/verisign/code-signing/microsoft-authenticode/buy

--
Aram Hăvărneanu

erik quanstrom

2012-04-02 14:34:16 UTC

Permalink

Post by Aram HÄvÄrneanu
Loading a kernel mode binary doesn't require a WHQL cross-signature,
but WHQL will disable some yellow warnings otherwise shown to the
user. WHQL is very expensive, depends on the type of driver, for what
I was doing it was in the order of $2k/test. Every new version of the
binary required a new test. Other types of drivers are cheaper or more
expensive, we never bothered with WHQL, it was too expensive for us.
There was no WHQL option for file system and I believe that stands
true today as well.

i have no explaination for the differences you see, but this is even more
pointless than a bike shed argument. since in the end, the ms machinery
painted the shed whatever color it wanted and now even it itself is locked in for
eternity. :-)

- erik

Continue reading on narkive:

Search results for '[9fans] bind on windows?' (Questions and Answers)

replies

How Do I Use My Free Upgrade To Windows 10 On A New Computer?

started 2015-07-30 12:52:33 UTC

software

replies

How to fix my car window?

started 2010-12-04 23:20:17 UTC

maintenance & repairs

replies

is it suitable to secure a upvc window frame with foam filler?