simple technique to Lock File

[mary]

I want to lock file using the same technique as Panda-USB-Vaccine .

It seams that this technique modify FS attributes by editing the file in hex mode.

I used winhex tools to edit the USB sector as shown on 'autorun.gif' file.

as you can notice that the actual attribute of 'autorun.inf' is '20' of hex value,

After you alter from '20' to 'E5' and saved, the 'autorun.inf' file cannot be deleted,

or contents of file cannot be view by others and cannot be autorun also, it just act as

a dummy autorun file.

You can reset back from 'E5' to '20' by winhex.

I used this method to protect my USB drive from autorun virus.

So my question is : how to do that with autoit ?

Thanks

Edited April 15, 2010 by mary

[Melba23]

mary,

how to do that with autoit ?

By using binary mode.

Open the file in binary mode (16 + whatever else you want) and read the contents. You get a string beginning "0x" followed by the hex bytes. Change the bytes you want using the string functions and then save it again.

I sometimes find that using Binary to force the contents into a binary variant before saving helps - once in a while AutoIt has begun believing that it is dealing with a string.

M23

[jchd]

@Melba23, he's patching the attribute of file entry in the FAT directory, not the file itself.

@Mary, this may work, as long as no tool will enforce FAT conventions. I believe this trick is non standard and could cause deception in some circunstances with conforming software. Setting System and Read-Only bits is fine, but bits 7 & 6 are reserved and undefined.

You should be able to set System and Read-Only bits with FileSetAttrib but I doubt it would allow you to patch undefined bits. BTW, I also doubt such a simple tactics will stop a determined malware. That's security theatre IMO.

Edited April 15, 2010 by jchd