Closed Bug 315362 Opened 19 years ago Closed 8 years ago

RootkitRevealer states that "parent.lock" is hidden from the API

Categories

(Core Graveyard :: Profile: BackEnd, defect)

Product:
Core Graveyard
Component:
Profile: BackEnd
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: bugzilla, Unassigned)

References

(
URL
)

Details

RootkitRevealer from http://www.sysinternals.com/Utilities/RootkitRevealer.html indicates that parent.lock is the only file in my system that's is hidden from the API.

I'm not sure we can or should do anything about it. I just wanted to report it.
I can't reproduce this with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20051106 SeaMonkey/1.5a and RootkitRevealer v1.56 and I can see the parental.lock file in Explorer.
(In reply to comment #0)
> RootkitRevealer from http://www.sysinternals.com/Utilities/RootkitRevealer.html
> indicates that parent.lock is the only file in my system that's is hidden from
> the API.
> 
> I'm not sure we can or should do anything about it. I just wanted to report it.

I had to look at the top to see that this bug is filed for WinXP. Some are filed for ALL, if not at start, some time later.

Excerpt from your link:
...
A file system scan consists of three components: the Windows API, the NTFS Master File Table (MFT), and the NTFS on-disk directory index structures. These discrepancies indicate that a file appears in only one or two of the scans. A common reason is that a file is either created or deleted during the scans. This is an example of RootkitRevealer's discrepancy report for a file created during the scanning:
C:\newfile.txt
3/1/2005 5:26 PM
8 bytes
Visible in Windows API, but not in MFT or directory index.

What do you see as message?
Do you use NTFS as filesystem on the partition where your profile resides, or do you use a dualboot configuration with a FAT partition to facilitate access for your linux?



I have attempted to confirm this on current versions of Windows XP SP2 and Rootkit Revealer v1.7.  Doing a thorough scan with RR v1.7 turned up a number of warnings including "hidden from the API" warnings on other files, but not on the Firefox parent.lock file.

Note that I was running Firefox at the time [i.e. this wasn't observed on a quiet system, but rather under the more likely circumstance for this issue to occur - when the app is running and has an active lock on this file], and I confirmed that FF (v2.0.0.11) had a handle open to the parent.lock file (using sysinternals' Process Explorer).
This bug is filed in a bugzilla component related to pre-Firefox code which no longer exists. I believe it is no longer relevant and I am therefore closing it INCOMPLETE.

If you believe that this bug is still valid and needs to be fixed, please reopen it and move it to the Toolkit:Startup and Profile System product/component.
No longer blocks: 1243899
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → INCOMPLETE
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.