flat assembler
Message board for the users of flat assembler.
Index
> DOS > File shredder |
Author |
|
Picnic 22 Nov 2012, 21:36
hi, i did a few quick changes and compile in fasm, at first glance it looks to work on my xp.
Code: ; SHRED.ASM Ver 1i B/W version ; ; Tasm code ; ***** FILE is NOT recoverable !!!! **** ; ; Supports Long Filenames ; Works in Win XP in a DOS box, with short or long filenames ; ; Shreds a 331 Meg file in 80 secs on an AMD K-6 475 MHz ; ; Overwrite a file with zero bytes, truncates it to zero bytes, ; set file time and date to 12:59:58 pm 1/1/80, ; renames it and then deletes it. ; Single files only. (For Safety) ; ; Use SHORT (8.3) FILENAME when file is a LFN ; Ex. C:\PROGRA~1\VERYLO~1.ASM ; ; Works across drives, handles periods in the path names ; ; Help from Stealth, Raymond, Bitrake, Rudy Weiser, Frank Kotler, ; Fauzan Mirza, Robert Redelmeier, QvasiModo, and others offset equ ptr equ format MZ stack 200h entry main:start segment main start: mov ah,15 ; clear the screen int 10h mov ah,0 int 10h mov ax,dataseg mov ds,ax mov es,ax ; need for LFN functions mov bx,00h ; write zeros into memory zero_out: ; Set memory to zero mov [random + bx],00h inc bx cmp bx,64000 jnz zero_out mov dx, offset prompt mov ah,9 int 21h mov byte [file_name],128 ; max characters in input mov dx,offset file_name; get filename mov ah,0ah ; ;mov al,128 ; max length of string int 21h mov cl,[file_name + 1] ; how many bytes read in add cl,2 ; find position after last character mov ch,00 mov si,cx ; move count to index register mov [name_size],cx ; save size mov [file_name+si],00 ; make into ASCII string ; Change any read-only attribute change: mov dx,file_name + 2 mov ax,4301h mov bl,01h ; set attributes ;Bitfields for file attributes: (CX register) ;Bit(s) Description (Table 01420) ; 7 shareable (Novell NetWare) ; 7 pending deleted files (Novell DOS, OpenDOS) ; 6 unused ; 5 archive ; 4 directory ; 3 volume label ; execute-only (Novell NetWare) ; 2 system ; 1 hidden ; 0 read-only mov cx,00000000b ; remove read-only attribute int 21h ;INT 21 - Windows95 - LONG FILENAME - CREATE OR OPEN FILE ; AX = 716Ch ; BX = access mode and sharing flags (see #01782,also AX=6C00h); ; CX = attributes ; DX = action (see #01781) ; DS:SI -> ASCIZ filename open_it: mov ax,716Ch ; create file xor cx,cx ; file attributes ; file access modes (bits) BX register ; 000 read-only ; 001 write-only ; 010 read-write ; 100 read-only, do not modify file's last-access time ; Bitfields for Windows95 long-name open action: DX Register ; Bit(s) Description (Table 01781) ; 0 open file (fail if file does not exist) ; 1 truncate file if it already exists (fail if file does not exist) ; 4 create new file if file does not already exist (fail if exists) ; Note: the only valid combinations of multiple flags are bits 4&0 and 4&1 mov bx,00000001b ; access mode - write only mov dx,00000001b ; open file mov si,file_name + 2 ; sets the file name int 21h mov [handle],ax ; Save file handle jnc short get_size ; No errors, go on no_file: mov dx,offset not_there; Get error message jmp error ; and go display/exit get_size: mov ax,4202h ; Set file pointer mov bx,[handle] ; for this file xor cx,cx ; relative to end of file xor dx,dx ; offset 0 bytes int 21h jnc save_size err2: mov dx,offset emsg2 ; Get error message jmp error ; and go display/exit save_size: mov word ptr [file_size],ax ; Save low word of file size mov word ptr [file_size + 2],dx ; Save high word mov ax,4200h ; Move file pointer mov bx,[handle] ; for this file xor cx,cx ; relative to beginning of file xor dx,dx ; offset 0 bytes int 21h jc err2 ; Errors: go handle next_bunch: mov cx,64000 ; Assume 64,000 bytes or more ; left to do sub word ptr [file_size],cx ; Is there ? - subtract it sbb word ptr [file_size + 2],0 ; from saved file size jae wipe ; There were 64,000 bytes or ; more left mov cx,word ptr [file_size] ; Get number of bytes left add cx,64000 ; back CX (undo subtraction) wipe: mov ah,40h ; Write file mov bx,[handle] ; Handle mov dx,random ; Write the random bytes int 21h jnc check_size ; No errors, go on err3: mov dx,offset emsg3 ; Get appropriate error message jmp error ; and go display/exit check_size: cmp ax,cx jnz err3 cmp ax,64000 ; Full 64,000 bytes written, je next_bunch ; yes, go check for more jmp SHORT $+2 ; short delay cuz sometimes ; file isn't renamed ; mov bx,[handle] ; close file mov ah,3eh int 21h trunc: ; Truncate file to zero bytes mov ah,3ch ; truncate file to zero bytes mov cx,0 mov dx,offset file_name + 2 int 21h mov bx,[handle] ; close file mov ah,3eh int 21h ; Store the path scan: mov si,file_name + 2 xor cx,cx mov di,si mov cx,[name_size] mov al,'\' add di,cx std ; scan from right to left dec di repne scasb jnz short no_path ; No slash is present add cx,1 ; no_path: mov di,offset storage cld ; change directions and scan rep movsb ; from left to right mov al,00 stosb ; make path ASCIZ ; Add on eraser_name to end of storage add_eraser: mov cx,[name_size] mov si,cx mov di,storage mov al,00 ; stops at the byte after the "00" repnz scasb dec di ; backup one xor cx,cx mov si,offset eraser_name mov cx,9 ; # of characters rep movsb ; Rename and delete file (LFN) rename: mov dx,offset file_name + 2 ; old file name mov di,offset storage mov ax,7156h ; LFN support int 21h ; Change file date and time mov ax,716Ch ; open file xor cx,cx ; file attributes ; file access modes (bits) FOR BX Register ; 000 read-only ; 001 write-only ; 010 read-write ; 100 read-only, do not modify file's last-access time ; set bit 14 - commit file after every write operation mov bx,00000000000000010b ; access mode (R/W) mov dx,1 ; open file mov si,storage ; sets the file name int 21h mov bx,ax ; save file handle push bx mov ax,5701h ; change file date ; BITS 5-10 are minutes, 11-15 are hours mov cx,677dh ; 12:59:58 pm 110011101111101b ; ; BITS 0-4 are day, 5-8 are month, 9-15 (year - 1980) mov dx,021h ; 1/1/80 0000000000100001b int 21h pop bx ;INT 21 U - DOS 4.0+ - COMMIT FILE ; AH = 6Ah ; BX = file handle mov ah,6ah ; make sure this file is written to disk int 21h mov ah,3eh ; close file int 21h ; INT 21 - Windows95 - LONG FILENAME - DELETE FILE ; AX = 7141h ; DS:DX -> ASCIZ long name of file to delete mov dx,offset storage ; delete file mov ax,7141h xor si,si int 21h ; idea from Fauzan Mirza xor ax,ax ; Zero out file_name mov di,offset storage + 2 mov cx,150 repnz stosb finito: mov ah,9 mov dx,offset done_msg int 21h mov ax,4c00h ; Set errorlevel to 0 int 21h error: mov ah,9 int 21h mov ax,4c01h ; Set errorlevel to 1 int 21h segment dataseg ; Direct video writes, shows right after Version number !! ; prompt db 13,10,13,10,9,'File Shredder Ver. 1h' ,13,10 db 13,10,9,'© Copyright 1996 - 2012',13,10 db 13,10,9,'IF YOU USE THIS PROGRAM, OVERWRITTEN FILES',13,10 db 13,10,9,'WILL BE GONE FOR GOOD. THIS PROGRAM CAUSES',13,10 db 13,10,9,'PERMANENT DATA LOSS. YOU HAVE BEEN WARNED!!',13,10 db 13,10,9,'Use SHORT (8.3) FILENAME when file is a LFN.',13,10 db 13,10,9,'Use full path when not in current DIR/DRIVE',13,10 db 13,10,9,'Usage: C:\PROGRA~1\FILENAME.ASM',13,10,13,10 db 13,10,9,'File name to SHRED --> $' not_there db 13,10,13,10,13,9,'File not present.',13,10,'$' emsg2 db 13,10,13,10,'Error moving file pointer.',13,10,'$' emsg3 db 13,10,13,10,'Error writing to file.',13,10,'$' done_msg db 13,10,13,10,'File has been shredded.',13,10,'$' eraser_name db 'àáâãäåæç.',0 handle dw ? file_size dd ? name_size dw ? random db 64000 dup(?) file_name db 128 dup(?) ; DOS maximum path length storage db 150 dup(?) Here are the changes: - made data and code segment - remove offset and ptr directive - replace all lea with mov - update line: mov file_name[si],00 ; make into ASCII string - update line: mov file_name,128 ; max characters in input |
|||
22 Nov 2012, 21:36 |
|
ACP 24 Nov 2012, 21:50
Unless you overwrite sectors allocated to hold your file you are not erasing file content completely - even than you can't be sure everything got erased since allocated sectors could change before the erasing operation. Secondly you should repeat write operation couple of times and always flush the disk cache. Finally using DOS interface under Windows XP or newer to erase a file is a very bad idea due to critical differences in handling of memory and filesystems. Just take a peek at CreateFile() Win32 function for example.
|
|||
24 Nov 2012, 21:50 |
|
Fixit 24 Nov 2012, 23:07
ACP wrote: Unless you overwrite sectors allocated to hold your file you are not erasing file content completely - even than you can't be sure everything got erased since allocated sectors could change before the erasing operation. Secondly you should repeat write operation couple of times and always flush the disk cache. Finally using DOS interface under Windows XP or newer to erase a file is a very bad idea due to critical differences in handling of memory and filesystems. Just take a peek at CreateFile() Win32 function for example. I will look into it. I have used file restore programs and they can't even find any file that has been erased. Would you like me to send you the executable so you can try it ? Andy |
|||
24 Nov 2012, 23:07 |
|
rugxulo 25 Nov 2012, 02:00
IIRC, DOS delete only changes the first letter of the file name itself to 0xE5. Until further allocation and use of disk space is done, the file data is still there and can be recovered by "undelete" or similar.
|
|||
25 Nov 2012, 02:00 |
|
ACP 25 Nov 2012, 11:28
rugxulo wrote: IIRC, DOS delete only changes the first letter of the file name itself to 0xE5. Until further allocation and use of disk space is done, the file data is still there and can be recovered by "undelete" or similar. Exactly. In my post I've been referring to forensic class disk imaging software that analyze whole disk image - not just filesystem entries. Removing files completely from digital media is more tricky than one might think and is tightly connected with underlying filesystem, media hardware. Relaying on operating system file handling API is not the right direction in this case. Get some good book on filesystem internals and forensic analysis to better understand the topic. However you code will work well if used for only deleting file content partially. In most cases this is more than enough for most users. For complete and safe removal you still need to do a lot more coding. At this stage at least add a loop to write random data over and over (why not add switch for controlling loop count). |
|||
25 Nov 2012, 11:28 |
|
DOS386 16 Dec 2012, 07:44
Quote:
This looks unfinished ... is the result really random ??? Quote: at first glance it looks to work on my xp Write caches are your enemy when erasing. Overwriting the file data (even multiple times) only makes sense if in every pass all data is really being transfered to the lowest level (HD head) and written to the disk. Another problem is remapping of sectors. HD's and even more non-mechanical devices may remap sectors between writing sensitive data and writing wipe data. The sensitive data is impossible to find or delete using file I/O, but it is still recoverable using forensic technologies. Solution: burn down or melt the device at at least 911F . |
|||
16 Dec 2012, 07:44 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.