A wild question! Here is my idea, I came across about deepfreeze (www.faronics.com) and amazed how their system works. I find deepfreeze helpful and beneficial in protecting computers from spyware, virus and improper installation of programs since a simple reboot of the computer systems restores the original setup (in effect removing all virus and spywares). I conceptualize that maybe the system are manipulating the System's registry (by importing a backup registry file - maybe) during boot process .
Upon surfing the net, I came to learn how Windows XP boot process works (http://www.microsoft.com/technet/prodtechnol/winxppro/reskit/c29621675.mspx), and thinking to write (if possible) a bogus NTOSKRNL.EXE which copy or import a backup registry file (using reg.exe) and later calls the true NTOSKRNL.EXE using exec or spawn.
I don't really know if the idea would work.
A link or advice on how to write a kernel mode program or to import a backup registry file during boot process of windows OS would be of help.
Hoping for a reply soon. Thanks!
April 22, 2006 3:22 AM
May 7, 2006 7:37 AM