次の方法で共有


Release Directory File System Registry Settings (Windows Embedded CE 6.0)

1/6/2010

The Release Directory File System Driver (Relfsd) was created for development environments. Relfsd mounts the release directory on the development workstation to '\release' on the device, so that any I/O operations to the '\release' directory are routed to the 'release' directory on the development workstation.

In development environments, if the LoadLibrary function cannot find an executable module on the device; it searches for the module in the directories specified by a registry setting. By default, the directory is set to \release for development images.

The release file system must be auto-loaded. The registry settings for auto-loading the release file system in Storage Manager are located under the HKEY_LOCAL_MACHINE\System\StorageManager\AutoLoad\Relfsd registry key.

The following table shows the named values for the Relfsd registry key.

Value: type Description

LoadFlags: REG_DWORD

Controls how the file system is loaded.

  • 1 - Loads the file system synchronously
  • 2 - Loads the file system asynchronously on another thread (Default)

BootPhase: REG_DWORD

Controls the boot phase during which the file system is loaded.

  • 0 - Loads file system before initializing locale.
  • 1 - Loads file system after initializing locale, but before full registry is functional.
  • 2 - Loads file system after the registry is fully functional.

Mount: REG_SZ

Specifies the directory where relfsd mounts the _FLATRELEASEDIR.

If the OS image includes the Windows Embedded CE shell, the kernel loader automatically loads any modules from '\release' that are not found on the device.

Production images in which relfsd is included in the image (and shell is not), should be set to mount to some other directory than '\release'.

Secure: REG_DWORD

Determines access to release directory files.

  • 1 - Restricted Relfsd access. Allows \release directory files to be opened or read, but disallows writing to files and use of registry access functions. In this case, a displayed message such as "Opening a file from the desktop" is a RETAILMSG.
  • 0 - Unrestricted Relfsd access. In this case, "Opening a file from the desktop" is an NKDbgPrintfW message.

The following example shows default values for the Relfsd if shell is included in the run-time image.

[HKEY_LOCAL_MACHINE\System\StorageManager\AutoLoad\Relfsd]
    "Dll"="relfsd.dll"
    "Paging"=dword:0
    "LoadFlags"=dword:1
; @CESYSGEN IF CE_MODULES_SHELL 
    "mount"="Release"
    "secure"=dword:0

Security recommendations

Security issues can arise when Relfsd is implemented without the shell, that is, when the shell is not included in the run-time image. The issue occurs because the kernel loader, LoadLibrary, automatically loads any modules not found on the device from the '\release' directory; thus, if the system path specifies the same directory that the \release directory is mounted to, the kernel will automatically load any DLL in the \release directory that is not found on the device. In this way, arbitrary code might be executed on the device.

Although these issues occur when the shell is not included in the run-time image, security guidelines for Relfsd should be followed whenever Relfsd is present in a production image.

The following list shows guidelines to follow when the run-time image does not include the shell.

  • Mount Relfsd to a directory other than the system path

  • Set the secure value of the Relfsd registry key to 1 for restricted access.
    The following example shows registry settings for using Release File System when the shell is not included in the run-time image.

    [HKEY_LOCAL_MACHINE\System\StorageManager\AutoLoad\Relfsd]
        "Dll"="relfsd.dll"
        "Paging"=dword:0
        "LoadFlags"=dword:1
        "secure"=dword:1
        ;
        ;[HKEY_LOCAL_MACHINE\Loader]\SystemPath should **NOT** have the
        ;'mount' dir specified below
        "mount"="Desktop"
    

See Also

Other Resources

Settings for Specific File Systems
File Systems