使用fbwf保護ssd寫入
原始: http://lookers-on.blogspot.tw/2014/12/fbwfssd.html
fbwf利用ram製作影子系統覆蓋實體磁碟,寫入的時候寫在ram裡,等檔案移除的時候釋放掉,32bit系統限制最大1G,64bit可以設到128G。
安裝檔案只有五個, fbwf.sys複製到C:\Windows\System32\drivers, 其它放入C:\Windows\System32\,
x86 註冊登錄檔
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fbwf]
"EnabledOnAllSkus"=dword:00000001
"DebugFlags"=dword:00000000
"DisplayName"=""
"ErrorControl"=dword:00000001
"Group"="FSFilter System Recovery"
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,\
72,00,69,00,76,00,65,00,72,00,73,00,5c,00,66,00,62,00,77,00,66,00,2e,00,73,\
00,79,00,73,00,00,00
"Start"=dword:00000000
"Tag"=dword:00000002
"Type"=dword:00000002
"DependOnService"=hex(7):46,00,6c,00,74,00,4d,00,67,00,72,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fbwf\Instances]
"DefaultInstance"="Fbwf Instance"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fbwf\Instances\Fbwf Instance]
"Altitude"="226000"
"Flags"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fbwf\Enum]
"0"="Root\\LEGACY_FBWF\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001x64 登錄檔
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FBWF]
"Start"=dword:00000000
"Type"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,\
72,00,69,00,76,00,65,00,72,00,73,00,5c,00,46,00,62,00,77,00,66,00,2e,00,73,\
00,79,00,73,00,00,00
"Group"="FSFilter System Recovery"
"DisplayName"="File-Based Write Filter"
"Description"="File-Based Write Filter driver"
"DependOnService"=hex(7):46,00,6c,00,74,00,4d,00,67,00,72,00,00,00,00,00
"DebugFlags"=dword:00000000
"EnabledOnAllSkus"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FBWF\FBA]
"ProtectRegistryRamdisk"="\\RegfData"
"EnablePostFBA"=dword:00000000
"ThresholdSize"=dword:00000000
"CacheType"=dword:00000003
"VirtualSizeDisplay"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FBWF\FBA\Exclusion]
"Protection1"=hex(7):
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FBWF\Instances]
"DefaultInstance"="Fbwf Instance"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FBWF\Instances\Fbwf Instance]
"Flags"=dword:00000000
"Altitude"="226000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FBWF\Enum]
"0"="Root\\LEGACY_FBWF\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FBWF]
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FBWF\0000]
"Service"="FBWF"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="File-Based Write Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FBWF\0000\Control]
"ActiveService"="FBWF"重開機,輸入
fbwfmgr /enable
fbwfmgr /addvolume c:這樣子整個C槽就會在動態系統下,
排除例外
fbwfmgr /addexclusion c: \Windows
fbwfmgr /addexclusion c: \users
fbwfmgr /addexclusion c: \ProgramData
fbwfmgr /addexclusion c: "\Program Files (x86)"
fbwfmgr /addexclusion c: "\Program Files"設定動態系統大小(M)
fbwfmgr /setthreshold 1024重開機
最後設定完查看狀態
fbwfmgr /displayconfig系統更新時停用FBWF
fbwfmgr /disable重開機就會停用。
顯示虛擬模式容量
fbwfmgr /setsizedisplay 1接著用VHD弄了一個分割讓win開機掛載,讓FBWF覆蓋就可以當ramdisk用了。
attach_drive.bat
diskpart /s X:\attach_drive.txt
attach_drive.txt
select vdisk file="X:\systemp.vhd"
attach vdisk注意要把UAC關閉不然會卡住。
修改firefox暫存
about:config > browser.cache.disk.parent_directory修改chrome暫存
捷徑右鍵>目標> --disk-cache-dir="X:\temp"執行時間: 0.0493 秒, 瀏覽次數: 6425
© 2014 ASPLord.com 贊助本站
