{ "id": "df6ffd4b-ab6d-4724-b322-62ea552435a3", "created_at": "2026-04-06T00:14:04.508015Z", "updated_at": "2026-04-10T03:20:04.639429Z", "deleted_at": null, "sha1_hash": "f75336e96ae80c0ac5b44aa7168cd185a36f20ff", "title": "EldoS Provides Raw Disk Access for Vista and XP", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 32322, "plain_text": "EldoS Provides Raw Disk Access for Vista and XP\r\nBy ITPro Today\r\nPublished: 2007-03-14 ยท Archived: 2026-04-05 18:36:35 UTC\r\nSecurity component maker EldoS announced the availability of RawDisk, a raw disk access driver for Windows\r\nVista and Windows XP systems. Fortunately, the company won't make the product publicly available.\r\nWith the advent of XP, Microsoft introduced restrictions that prevent raw disk access for applications that aren't\r\nrun with administrator-level authority. The company went a step further with Vista by preventing raw disk access\r\nfor all user-mode processes. The change effectively prohibits people from editing disk sectors to change content.\r\nThat sort of protection is useful in some cases. For example, in 2006, security researcher Joanna Rutkowska\r\nfigured out a way to inject a rootkit into Vista. Rutkowska's technique, called Blue Pill, basically forces Windows\r\nto page memory to disk where that memory can then be manipulated by editing raw disk sectors. After changes\r\nare made to the paged memory, Windows could be coaxed into calling instructions in that memory space, thereby\r\nallowing the changed code to begin executing--and Vista would be none the wiser that the exploit had occurred.\r\nLegitimate tools such as some disk defragmentation programs do need to have raw disk access. The developers of\r\nsuch tools for Vista need to provide their own methodology because the native ability for raw disk access is no\r\nlonger present as it was in Windows versions prior to Vista.\r\nEldoS said its new raw disk access driver allows raw disk access for both administrative-level and limited-access\r\nuser accounts.\r\n\"We have developed kernel-mode drivers for both 32-bit and 64-bit versions of Windows. Demand for such a\r\nsolution is high, because preparing the applications for Windows Vista appeared to be a daunting task for many\r\ndevelopers,\" said Eugene Mayevski, EldoS CTO. \"Many system utilities stopped working under the new operating\r\nsystem. No solution for the problem was yet offered by Microsoft. For the majority of developers of various utility\r\napplications, creation of their own kernel-mode driver is not possible, as it requires the presence of special\r\nqualifications and investment of time.\"\r\nEntities that want to obtain a copy of the EldoS RawDisk driver must contact EldoS directly. The requesting\r\ncompany must have an established business with software already on the market and must explain to EldoS how it\r\nintends to use the driver with the product.\r\nEldoS provides a downloadable demo program that allows a person to verify that the driver does work as\r\nadvertised. However, the company said that the driver in the demo can't be used with any other application.\r\nSource: https://www.itprotoday.com/windows-78/eldos-provides-raw-disk-access-vista-and-xp\r\nhttps://www.itprotoday.com/windows-78/eldos-provides-raw-disk-access-vista-and-xp\r\nPage 1 of 1", "extraction_quality": 1, "language": "EN", "sources": [ "MITRE", "ETDA" ], "references": [ "https://www.itprotoday.com/windows-78/eldos-provides-raw-disk-access-vista-and-xp" ], "report_names": [ "eldos-provides-raw-disk-access-vista-and-xp" ], "threat_actors": [], "ts_created_at": 1775434444, "ts_updated_at": 1775791204, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/f75336e96ae80c0ac5b44aa7168cd185a36f20ff.pdf", "text": "https://archive.orkl.eu/f75336e96ae80c0ac5b44aa7168cd185a36f20ff.txt", "img": "https://archive.orkl.eu/f75336e96ae80c0ac5b44aa7168cd185a36f20ff.jpg" } }