Sunday, August 15, 2010

File Redirection using driver (fsredir)

Here is my File Redirection (fsredir) that I write to solve problem with WinPE 3.0
This driver also works on normal windows.

This is my first driver and it is based on Simrep Minifilter Sample by Microsoft.

Download Here: http://www.fileserve.com/file/QCMUp3c
(Tested with windows 7 and WinPE 3.0 only)

Forum post: http://www.boot-land.net/forums/index.php?showtopic=12289

What does file redirection do?

To answer this, lets see what is WinPE:
Windows PE is a lightweight version of windows and was originally to deploy windows but useful to create rescue disk too. Not everything we have in windows is included in WinPE and it will fail to load some applications. Example is application that was written and compiled with VisualBasic 6.0 depends on msvbvm60.dll but msvbvm60.dll is not included and missing from WinPE. We can simply inject all dependencies and dlls into WIM Image but side-effect is the wim image will getting larger and larger and will give you error Ramdisk device creation failed due to insufficient memory.


This is because WinPE create a new ramdisk and put all wim image contents into ramdisk with drive letter x:\. We simply want to keep Wim image small so it will fit into memory and other application can use the rest of unused memory. Here how fsredir help us:
Instead of storing file into wim image, we can simply use our pendrive/harddisk/etc to store file outside the image while WinPE still thinking our file is in x: drive
  • When computer boot/or new media storage device attached, fsredir will find fsredir.marker on each device root directory and load it when found. Lets say your fsredir.marker is located on E:\fsredir.marker
  • The content of fsredir.marker represent the location of x:\ in your device. It can be blank or changed. Lets say fsredir.marker contain this: \MyWinPe
  • When for example, application tried to load x:\windows\system32\msvbvm60.dll but file is not there, fsredir will try to search msvbvm60.dll on your drive which contain fsredir.marker in E:\MyWinPe\Windows\System32\msvbvm60.dll. If your fsredir.marker has no content. It will search in E:\Windows\System32\msvbvm60.dll
  • If fsredir found the file, it will redirect the request to open that file into new location.
  • Your application load :)
Installation (Inserting the driver into wim image):
1) Inserting the driver into wim image:
  • Download the driver above and Extract all the content into new folder
  • Mount your wim image by using imagex or dism (eg imagex /mountrw PATH_TO_WIM 1 PATH_TO_MOUNT_DIR) Lets say PATH_TO_MOUNT_DIR is C:\WinPE\Mount\ (Tutorial can be found here or search using googles)
  • Copy \file\fsredir.inf to C:\WinPE\Mount\Windows\inf
  • Copy \file\fsredir.sys to C:\WinPE\Mount\Windows\system32\drivers
  • Copy \file\fsredir.marker to your pendrive or other external drive (outside, not in folder or subfolder)
2) Installing the driver
  • Open regedit.exe as administrator
  • Click HKEY_LOCAL_MACHINE and goto menu File\Load Hive
  • Browse and open C:\WinPE\Mount\Windows\System32\config\SYSTEM
  • Name it as WINPE
  • Double-click fsredir.reg
  • Click HKEY_LOCAL_MACHINE\WINPE and go to menu File\Unload Hive
  • Close Registry editor.
3) Modifying fsredir.marker and add files
  • By default, fsredir.marker contain \fsredir, you can change this to other path that will be merged with x:\, make sure to include slash \ in front of the path
  • Example to put files into system32 folder
    • If your fsredir.marker contain a path (e.g. \fsredir)
      • Create a new folder in pendrive and name it fsredir. Open the folder and make a new folder windows and open your windows folder and create a new folder again and name it system32 (?:\fsredir\windows\system32)
      • Now you can start copying files into \fsredir\windows\system32\ folder
    • If you want to put your files in other path, you can simply change in fsredir.marker
Installing driver in normal windows:
Installing this driver in windows is easy.
Copy fsredir.marker to appropriate location and right-click fsredir.inf and choose Install.

    Limitation:
    • FindFile API will not list the redirected files

      11 comments:

      1. Cool! With this driver I no longer need to copy required dlls to the folder of each external programs. (e.g. I keep differrent versions of HDTune and each HDTune folder requires the same dlls, so many dlls are duplicated). With Fsredir, only one copy of the dll is needed.

        I can imagine some possible problems though.

        1. It loads the wrong version of dll from hard drive (such as a x64 dll from C: when the running PE is x86)
        2. As it searches all drives whenever a file is missing, performance may not be good.
        3. It may hang while accessing removable card reader/floppy drives without a card/floppy inserted in.
        4. Not suitable for wim booted over network.

        Sorry I don't mean to turn you down. I really truly love the idea! And actually I prefer it much more than my ugly for loop:

        for %%i in (C D E F G...) do @if exist some_folder set DriveLetter=%%i

        ReplyDelete
      2. Thanks for feedback!

        1. I will try to find solution for this.

        2. When the driver load, it searches for all drives and removable drive for fsredir.marker first. When device is found, it store it into memory then whenever file not found, it will only search in the drive that have fsredir.marker :)

        3. The driver will search only the available drive on driver startup and whenever the device is plugged in to computer.

        4. I didn't tested with wim booted over network yet.

        Thanks again for feedback.

        ReplyDelete
      3. Does FSRedir work with mounted shares? Say I map \\server\share to e:\ and I have the fsredir file in that folder, will it be able to find it and use the share? Is there any way to define the priorities of drives?

        I'm thinking if the drive priority was set right (in order of speed hdd>usb>network share>CD>Floppy), and it was able to detect when a network share was mapped, you could use this early in the PE boot process and keep most of the files on the network, with backups on the CD (incase the network connection drops).


        An idea for people making their own PE: After the driver loads, as soon as possible run a batch script to delete the contents of the RAM drive. Important files will be in use and not be deleted, all the rest will be found on your other source as soon as they are called again. That should keep the RAM disk down, and the OS should load the file into system RAM anyways, no matter where it comes from.

        ReplyDelete
      4. This comment has been removed by the author.

        ReplyDelete
      5. This comment has been removed by the author.

        ReplyDelete
      6. Hi Brent,

        Currently fsredir doesn't support network mapped drive and there is no way defining priority right now.

        I am still new in driver development and this is my first driver. Planning to support those might take a long time.

        Thanks for your input ;)

        ReplyDelete
      7. Hi Syahmi,

        Its such a great effort to write that driver.
        Hope you are still in tuned for this driver. I am an newbie in driver development and Im very curious about how did you do such a great job. Could you please share some info of how to modify a Simrep sample to fit your requirements or what kind of knowledge that i need to possess in order to write such a driver.
        Could you please share me some resource? Cause im in the urge to write such a driver.

        Could you please give me some advices via email thebangnguyen@gmail.com?

        Thank you very much in advance.
        Bang

        ReplyDelete
        Replies
        1. Hello anonymous,

          Thank you. The simrep example is pretty straight forward. You just need to add some feature and modify it a bit. For the first driver development, get used to the code. Read the example and get used to the API.

          Virtual kd can assist you in your driver development faster.
          http://virtualkd.sysprogs.org/

          Regards
          Syahmi

          Delete
        2. Oh, I forgot to mention some useful resource.

          If you want to go deeper, read fastfat or cdfs example.
          Another you can find on web includes:
          - osronline.com (NTFSD) is a great place to ask about driver development. It seems the web server is down now.
          - Dokan User Mode File system
          - TrueCrypt
          - MSDN of course

          I'm now still developing some minifilter driver.

          Delete