Windows Resource Protection API call and PowerShell 2.0

A month ago, I was lucky enough to give a presentation on Isolated Applications and Side-by-side Assemblies to an ISV. Later, Maarten asked me if the side-by-side cache was protected by Windows Resource Protection. I checked and answered (“Yes”) but still wished I had a tool to quickly check if a file was protected or not. So I took this opportunity to learn a bit more about Boost:

#include <wtypes.h>

#include <boost/filesystem.hpp>

#include <iostream>

#include <Sfc.h>


#pragma comment(lib, “sfc”)


using namespace boost::filesystem;

using namespace std;


int wmain() {

   basic_recursive_directory_iterator<wpath> end_iterator;

   basic_recursive_directory_iterator<wpath> iterator(L“C:\\Windows”);

   while (iterator != end_iterator) {

      if (is_regular(iterator->status())) {

         if (!SfcIsFileProtected(NULL, iterator->path().string().c_str()))

            wcout << iterator->path() << endl;


      try {


      } catch (basic_filesystem_error<wpath> & e) {

         wcout << L“\n\nException!” << endl

               << e.what() << endl

               << e.path1() << endl;




   return 0;



But as Maarten doesn’t like C++, I decided to look at how to do this with PowerShell 2.0:


Add-Type -MemberDefinition ‘[DllImport(“sfc.dll”, CharSet = CharSet.Unicode, EntryPoint = “SfcIsFileProtected”)] public static extern bool IsFileProtected(IntPtr zero, String filename);’ -Name ‘WindowsResourceProtection’ -Namespace ‘Win32’


function IsFileProtected {

param([string] $f = $(throw ‘Please specify a file’))

return [Win32.WindowsResourceProtection]::IsFileProtected([IntPtr]::Zero, $f)



gci \Windows -r | ? {!(IsFileProtected($_))}


Of course, I guess I could have used SFC.EXE /VERIFYFILE=

But how would I have learned about those other topics then? Eh Maarten?

Comments (0)