Detecting WRP files and Registry on Windows Vista

• Download WRPDetectionProgramcpp - 1.18 KB
• Download WRPDetectionProgramexe - 3.46 KB

Introduction

This article presents a program to determine if files and registry entries to be installed are protected by Windows Resource Protection (WRP)[^].

Background

There appears to be tremendous confusion among developers as to what resources are protected by Windows Resource Protection (WRP) and which are not. This becomes very important when applying for Vista^TM logo compliance. Note that using this program will not guarantee certification, but it is just another tool to help detect WRP problems.

Using the code

The code is very simple C++ code. It makes use of windows API's SfcIsKeyProtected and SfcIsFileProtected from SFC.dll to determine whether a file is protected by WRP or not. Note that SfcIsKeyProtected definitely will not run on Windows XP^TM since the function is not available in the XP version of sfc.dll. It does, however, run quite well in Vista^TM. Here is the code

//
// To detect Keys
//
BOOL loadModule_RunSfcIsKeyProtected (HKEY keyRoot, wchar_t* keyPath)
{
    HINSTANCE hinstLib;
    MYPROC_IsKey ProcAdd;
    REGSAM reg = 0;
    BOOL retValue = 1;

    hinstLib = LoadLibrary (L"sfc.dll");

    if (hinstLib != NULL)
    {
        ProcAdd = (MYPROC_IsKey) GetProcAddress(hinstLib, "SfcIsKeyProtected");

        if (ProcAdd != NULL)
        {
            retValue = ProcAdd (keyRoot, keyPath, 0);
        }
        else
            printf ("Registry, Root: %ls, Key: %ls, SfcIsKeyProtected function cannot be found",
                L"Root", keyPath);

        BOOL fFreeResult = FreeLibrary(hinstLib);

    }
    else
        printf ("Registry, Root: %ls, Key: %ls, SFC.DLL cannot be found", L"Root", keyPath);
    return retValue;
}

// And to detect files
BOOL loadModule_RunSfcIsFileProtected (LPTSTR fileName)
{
    HINSTANCE hinstLib;
    MYPROC_IsFile ProcAdd;
    BOOL retValue = 1;

    hinstLib = LoadLibrary (L"sfc.dll");

    if (hinstLib != NULL)
    {
        ProcAdd = (MYPROC_IsFile) GetProcAddress(hinstLib, "SfcIsFileProtected");

        if (ProcAdd != NULL)
        {
            retValue = ProcAdd (0, fileName);
        }
        else
            printf ("File, %ls, SfcIsFileProtected function cannot be found\n", fileName);

        BOOL fFreeResult = FreeLibrary(hinstLib);
    }
    else
        printf ("File, %ls, SFC.DLL cannot be found\n", fileName);
    return retValue;
}
 

The above is the complete code, so just open Visual Studio, make a Win32 console application and copy and paste the code there. You can then compile it to make your own program file (.exe)

Points of Interest

To run the program use the command line:

• WRPDetectionProgram.exe fileName
  OR
• WRPDetectionProgram.exe RootKey

The program outputs "TRUE WRP" if the file or registry key is a WRP resource and may not be altered by an installer (of course, except when Trusted once is specified). If the file is not a WRP resource, the output is "FALSE WRP".

The output is comma separated, which is very useful. I generally make a list of all the registry keys and files to be installed using some other program. Sometimes I parse the output of appverifier and sometimes use a total uninstall application. Next I put the list into the following format in a batch file:

WRPDetectionProgram.exe filename1 >> Evaluation.csv
WRPDetectionProgram.exe filename2 >> Evaluation.csv 
WRPDetectionProgram.exe ROOT1 KEY1 >> Evaluation.csv 
WRPDetectionProgram.exe ROOT2 KEY2 >> Evaluation.csv

With the executable and batch file in the same folder, running the .bat file append the results to the .csv file. The .csv file can then be opened in Excel^TM and sorted or organised as desired, then saved as an Excel worklbook and the job is done.

Isn't that simple?

This article, along with any associated source code and files, is licensed under A Public Domain dedication