FBWF Question: What files are protected

[el__be]

Hi,

I've done some embedded development a few years ago. Since then I had
other projects but now I have to investigate an issue with Windows
Emdedded on an SD Card: Sometimes file data is lost and sometimes the
image doesn't boot any more. The whole card uses Safeguard to encrypt
data.
Sometimes file data is lost when system is turned off - sometimes the
system doesn't boot. I found that in the meantime there is a new way
to protect files on the SC card: FBWF. I found that XP uses FBWF and
not EWF to protect the SC card. I would like to find out which files/
directories are protected on the system. For some reason I cannot use
the FBWF manager but maybe the information is in an .ini file, in the
registry or someware else.
Any help is more than welcome!
Regards,
Lothar

 

[Sean Liming]

FBWF protects the whole partition, but allows uses to define write-through
sections.

http://www.seanliming.com/Docs/Articles/FBWF.pdf

--
Regards,

Sean Liming
www.sjjmicro.com / www.seanliming.com
Book Author - XP Embedded Advanced, XP Embedded Supplemental Toolkit

 

[el__be]

FBWFprotects the whole partition, but allows uses to define write-through
sections.

http://www.seanliming.com/Docs/Articles/FBWF.pdf

--
Regards,

Sean Limingwww.sjjmicro.com/www.seanliming.com
Book Author - XP Embedded Advanced, XP Embedded Supplemental Toolkit






- Zitierten Text anzeigen -

Sean,

thank you for your answer.
Meantime I noticed that my question was incorrect - Sorry!!!
I wanted to know how to find out what files are NOT protected (are
write through). I need to find this out on an system which runs XP
embedded with FBWF.
Thanks, Lothar

 

[Sean Liming]

Use FBWFMGR to provide a list of the write-through. displayconfig option
should provide the information.



Regards,

Sean Liming
www.sjjmicro.com / www.seanliming.com
Book Author - XP Embedded Advanced, XP Embedded Supplemental Toolkit

 

[el__be]

Use FBWFMGR to provide a list of the write-through. displayconfig option
should provide the information.

Regards,

Sean Limingwww.sjjmicro.com/www.seanliming.com
Book Author - XP Embedded Advanced, XP Embedded Supplemental Toolkit





- Zitierten Text anzeigen -

As I mentioned in my first post - the FBWF-Manager will not run.
This is the reason for my question. There should be a place - registry
or file - where this information is stored.

The SD card is completly encryped via SafeGuard so it is impossible to
"see anything" when using the card on a PC.
Since we have the Windows Embedded Studio and the SP2 feature pack
2007 we try to move the FBMW Manager files "somehow" to
the system in order to make the FBWF-Manager run. But I'm not sure if
the system is configured to let me do so.
The whole thing is "very secret" because it is a passport reader.

The whole problem is as follows. There is no shutdown command which is
normal for embedded systems - the power may be turned off any time. We
found that Log-Files have been written to the SD card. According to a
time-stamp this is done every 30 second. We have no idea how ofter
they commit the changes and we assume that turning the system off
"anytime" may - together with SafeGuard - destroy the (encryped) file
system on the SD card.
As a result - the system will not boot XP or XP reports that a file
cannot be accessed. I this case XP is able to repair the file system
most of the time.

Regards,
Lothar

 

[Sean Liming]

FBWFMGR is the only way to get a list of cached files. They may have created
a custom security template to lock users out or they may boot the system into
a power user account where FBWFMGR cannot run. FBWFMGR can only run in
administrator.

How did you determine FBWF was in the system? You only have the system? you
don't have the build files? Are you investigaing a system that is not your
companies?

Regards,

Sean Limingwww.sjjmicro.com/www.seanliming.com
Book Author - XP Embedded Advanced, XP Embedded Supplemental Toolkit

 

[el__be]

FBWFMGR is the only way to get a list of cached files. They may have created
a custom security template to lock users out or they may boot the system into
a power user account where FBWFMGR cannot run. FBWFMGR can only run in
administrator.

How did you determineFBWFwas in the system? You only have the system? you
don't have the build files? Are you investigaing a system that is not your
companies?

Regards,

Sean Limingwww.sjjmicro.com/www.seanliming.com
Book Author - XP Embedded Advanced, XP Embedded Supplemental Toolkit









- Zitierten Text anzeigen -

Hi Sean,

first of all - don't worry!!! We are NOT doing anything that is
against any law. And we are NOT trying to crack any kind of software.
Our company is the manufaturer of the system hardware. And our
customer has got the SW from a third company.

The reason why we are investigating the whole thing is, that the
customer blames us for the defect file system on the SD card. We have
got the account information of a "support user" - this is why we
cannot run FBWFMGR. Since we get many "defect" SD Cards back we
assumed that the system is turned off during a commit statement and
therefore the file system (which is encrypted via SafeGuard) becomes
defect. Furthermore we assume that they write "very often" to the SD
card. This has been prooved in the meantine since we found two
directories with very large log files and where we have been able to
cerate a file. On one attempt we created a .txt file and turned the
system off after 10 seconds. After reboot the file was still there.
Therefore we think that do a submitt pretty often. And we also think,
that this should not be done to a SD card.

We know that FBWF is used because we can see all the required files in
the Windows directory and in the registry and there is nothing that
points to EWF.

Needless to say that the SD cards are not defect. We run a lot of read/
write tests without any problem.

Regards,
Lothar