Detecting WRP files and Registry on Windows Vista
2.39/5 (8 votes)
This program helps installers to check whether files and registry keys are included in WRP or not
Introduction
This article presents a program to determine if files and registry entries to be installed are protected by Windows Resource Protection (WRP)[^].
Background
There appears to be tremendous confusion among developers as to what resources are protected by Windows Resource Protection (WRP) and which are not. This becomes very important when applying for VistaTM logo compliance. Note that using this program will not guarantee certification, but it is just another tool to help detect WRP problems.
Using the code
The code is very simple C++ code. It makes use of windows API's SfcIsKeyProtected and SfcIsFileProtected from SFC.dll to determine whether a file is protected by WRP or not. Note that SfcIsKeyProtected definitely will not run on Windows XPTM since the function is not available in the XP version of sfc.dll. It does, however, run quite well in VistaTM. Here is the code
//
// To detect Keys
//
BOOL loadModule_RunSfcIsKeyProtected (HKEY keyRoot, wchar_t* keyPath)
{
HINSTANCE hinstLib;
MYPROC_IsKey ProcAdd;
REGSAM reg = 0;
BOOL retValue = 1;
hinstLib = LoadLibrary (L"sfc.dll");
if (hinstLib != NULL)
{
ProcAdd = (MYPROC_IsKey) GetProcAddress(hinstLib, "SfcIsKeyProtected");
if (ProcAdd != NULL)
{
retValue = ProcAdd (keyRoot, keyPath, 0);
}
else
printf ("Registry, Root: %ls, Key: %ls, SfcIsKeyProtected function cannot be found",
L"Root", keyPath);
BOOL fFreeResult = FreeLibrary(hinstLib);
}
else
printf ("Registry, Root: %ls, Key: %ls, SFC.DLL cannot be found", L"Root", keyPath);
return retValue;
}
// And to detect files
BOOL loadModule_RunSfcIsFileProtected (LPTSTR fileName)
{
HINSTANCE hinstLib;
MYPROC_IsFile ProcAdd;
BOOL retValue = 1;
hinstLib = LoadLibrary (L"sfc.dll");
if (hinstLib != NULL)
{
ProcAdd = (MYPROC_IsFile) GetProcAddress(hinstLib, "SfcIsFileProtected");
if (ProcAdd != NULL)
{
retValue = ProcAdd (0, fileName);
}
else
printf ("File, %ls, SfcIsFileProtected function cannot be found\n", fileName);
BOOL fFreeResult = FreeLibrary(hinstLib);
}
else
printf ("File, %ls, SFC.DLL cannot be found\n", fileName);
return retValue;
}
The above is the complete code, so just open Visual Studio, make a Win32 console application and copy and paste the code there. You can then compile it to make your own program file (.exe)
Points of Interest
To run the program use the command line:
WRPDetectionProgram.exe fileName
ORWRPDetectionProgram.exe RootKey
The program outputs "TRUE WRP" if the file or registry key is a WRP resource and may not be altered by an installer (of course, except when Trusted once is specified). If the file is not a WRP resource, the output is "FALSE WRP".
The output is comma separated, which is very useful. I generally make a list of all the registry keys and files to be installed using some other program. Sometimes I parse the output of appverifier and sometimes use a total uninstall application. Next I put the list into the following format in a batch file:
WRPDetectionProgram.exe filename1 >> Evaluation.csv WRPDetectionProgram.exe filename2 >> Evaluation.csv WRPDetectionProgram.exe ROOT1 KEY1 >> Evaluation.csv WRPDetectionProgram.exe ROOT2 KEY2 >> Evaluation.csv
With the executable and batch file in the same folder, running the .bat file append the results to the .csv file. The .csv file can then be opened in ExcelTM and sorted or organised as desired, then saved as an Excel worklbook and the job is done.
Isn't that simple?