flat assembler
Message board for the users of flat assembler.
Index
> Windows > Lock files ? |
Author |
|
vid 27 Jun 2011, 12:56
You really should start doing something proper, working on malware isn't very respectable.
|
|||
27 Jun 2011, 12:56 |
|
Overflowz 27 Jun 2011, 19:26
Why you're saying that ? I'm working how to lock opera's "wand.dat" so, malwares can't grab it.. I'm working for anti-malware things.. I don't understand what I'm saying wrong..
|
|||
27 Jun 2011, 19:26 |
|
bitshifter 27 Jun 2011, 20:14
http://msdn.microsoft.com/en-us/library/aa364399(v=VS.85).aspx
How i get the link to display properly? |
|||
27 Jun 2011, 20:14 |
|
Overflowz 27 Jun 2011, 20:26
bitshifter
I tried that already, CreateFile with dwShare value of NULL. but I was still able to read,write and copy.. I don't know what's problem, it works with another files but not with EXACT that file.. |
|||
27 Jun 2011, 20:26 |
|
vid 27 Jun 2011, 20:36
Quote: How i get the link to display properly? Use some link shortener, eg. goo.gl |
|||
27 Jun 2011, 20:36 |
|
typedef 27 Jun 2011, 21:36
Overflowz wrote: Hello everyone! I'm interested how can I lock files to deny acces on it from users ? For example I have file called "file.doc" and user tries to open it, but it says "Error access denied" or something like that.. Encrypt the file.... From 0 to it's end. If you use MS file security stuff, they can be changed again. The drawback is, if the file is a system file, then you are f**d. |
|||
27 Jun 2011, 21:36 |
|
garystampa 27 Jun 2011, 21:45
You're not going to be able to do that exactly like you're wanting.
Typedef's reply is the only sure way to protect a file from viewing. But there's no way to keep it from being edited - even if they don't know what they're editing. |
|||
27 Jun 2011, 21:45 |
|
Overflowz 27 Jun 2011, 22:14
If I'll encrypt it, than opera won't perceive it as valid file.. How about SAM file which is located at C:\Windows\System32\config ? It says always access denied when I'm copying, moving or editing it.. It's driver file job ?
|
|||
27 Jun 2011, 22:14 |
|
typedef 28 Jun 2011, 00:12
Overflowz wrote: If I'll encrypt it, than opera won't perceive it as valid file.. How about SAM file which is located at C:\Windows\System32\config ? It says always access denied when I'm copying, moving or editing it.. It's driver file job ? Only the system can view that file. It uses Windows File Security to stop you from messing with it. If you want the file encrypted by you and that you also want the system to be able to read it, then I suggest you go with hooking. Inject your code before the system loads the file then decrypt it and jump to the code where the system reads it. But that's another story. |
|||
28 Jun 2011, 00:12 |
|
typedef 28 Jun 2011, 00:53
Here's a simple start.
Make sure you have a file named file.txt Code: format pe gui 4.0 include 'win32ax.inc' entry main section '.txt' code executable readable writeable w dd 0 db 'Read a file for encrypting',0 db 11111111b dup(0),0 db 'file.txt',0 proc main pushad push 0 push $-100001100b;Not used for now push $-100101100b; push 0 call [MessageBox] push 0 push FILE_ATTRIBUTE_NORMAL push OPEN_EXISTING push 0 push FILE_SHARE_READ push GENERIC_READ push $-110000b call [CreateFile] push eax push 0 push w push 11111111b push $-101001000b push eax call [ReadFile] pop eax push eax call [CloseHandle] ; ; Encrypt data here, ie using XOR,etc ; push MB_OK+MB_ICONINFORMATION push $+10100b push $-101100011b push 0 call [MessageBox] popad ret endp db 'Text read from file',0 section '.idata' import data readable library user32,'user32.dll',kernel32,'kernel32.dll' include 'api/user32.inc' include 'api/kernel32.inc' |
|||
28 Jun 2011, 00:53 |
|
Overflowz 28 Jun 2011, 07:22
Dude... I know how to encrypt file but I told already, It won't work if I'll crypt it.. If there is no other ways then I'll try to think myself. Thank you all.
|
|||
28 Jun 2011, 07:22 |
|
s0rg 28 Jun 2011, 12:13
|
|||
28 Jun 2011, 12:13 |
|
Overflowz 28 Jun 2011, 12:46
s0rg
Wow! I don't knew that! I'll try, thank you very much! |
|||
28 Jun 2011, 12:46 |
|
garystampa 28 Jun 2011, 14:50
Locking the file is temporary. What you want to do is take complete ownership of the file so no one but your app can read it, right?
The problem is that if a program can set restrictions there is always going to be another program that can undo them. Knowledgeable programmers or power users know how to lift any restriction on a file. Therefore, encryption is the only way. As typedef describes you need to set up a registry entry to take association of the file extension and have Windows consult you whenever someone clicks the file. You can then decrypt it on-the-fly on request. If it's not one of your files, pass it thru untouched. |
|||
28 Jun 2011, 14:50 |
|
Overflowz 28 Jun 2011, 19:33
Thanks, I'll try that if there's no way ))
|
|||
28 Jun 2011, 19:33 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.