How to Make Any Process Work With Transactional NTFS: My First Step to Writing a Sandbox for Windows
One of the modules in the Windows kernel provides support for combining a set of file operations into an entity known as a transaction. Just like in databases, these entities are isolated and atomic. You can make some changes to the file system that won't be visible outside until you commit them. Or, as an alternative, you can always rollback everything. In any case, you act upon the group of operations as a whole. Precisely what needed to preserve consistency while installing software or updating our systems, right? If something goes wrong — the installer or even the whole system crashes — the transaction rolls back automatically.
From the very first time I saw an article about this incredible mechanism, I always wondered how the world would look like from the inside. And you know what? I just discovered a truly marvelous approach to force any process to operate within a predefined transaction,
which this margin is too narrow to contain. Furthermore, most of the time, it does not even require administrative privileges.
Let's then talk about Windows internals, try out a new tool, and answer one question: what does it have to do with sandboxes?