Windows Resource Protection API call and PowerShell 2.0



A month ago, I was lucky enough to give a presentation on Isolated Applications and Side-by-side Assemblies to an ISV. Later, Maarten asked me if the side-by-side cache was protected by Windows Resource Protection. I checked and answered (“Yes”) but still wished I had a tool to quickly check if a file was protected or not. So I took this opportunity to learn a bit more about Boost:



#include <wtypes.h>


#include <boost/filesystem.hpp>


#include <iostream>


#include <Sfc.h>


 


#pragma comment(lib, “sfc”)


 


using namespace boost::filesystem;


using namespace std;


 


int wmain() {


   basic_recursive_directory_iterator<wpath> end_iterator;


   basic_recursive_directory_iterator<wpath> iterator(L“C:\\Windows”);


   while (iterator != end_iterator) {


      if (is_regular(iterator->status())) {


         if (!SfcIsFileProtected(NULL, iterator->path().string().c_str()))


            wcout << iterator->path() << endl;


      }


      try {


         ++iterator;


      } catch (basic_filesystem_error<wpath> & e) {


         wcout << L“\n\nException!” << endl


               << e.what() << endl


               << e.path1() << endl;


      }


   }


 


   return 0;


}


 


But as Maarten doesn’t like C++, I decided to look at how to do this with PowerShell 2.0:


 



Add-Type -MemberDefinition ‘[DllImport(“sfc.dll”, CharSet = CharSet.Unicode, EntryPoint = “SfcIsFileProtected”)] public static extern bool IsFileProtected(IntPtr zero, String filename);’ -Name ‘WindowsResourceProtection’ -Namespace ‘Win32’


 


function IsFileProtected {


param([string] $f = $(throw ‘Please specify a file’))


return [Win32.WindowsResourceProtection]::IsFileProtected([IntPtr]::Zero, $f)


}


 


gci \Windows -r | ? {!(IsFileProtected($_))}


 


Of course, I guess I could have used SFC.EXE /VERIFYFILE=


But how would I have learned about those other topics then? Eh Maarten?

Comments (0)