Jump to content

Securely overwrite files and free space

wraithdu

By wraithdu,
in AutoIt Example Scripts

 Share

Recommended Posts

elektrongr Seeker

elektrongr

Posted
Posted

Yes, you are right.

Since it is a complicated problem while i was trying to isolate the useful routines to post here ,

i found out that a _Crypt_DecryptFile command , which keeps locked the output-file and cannot wipe , even do a simple filedelete it...

Thank you , i will now search how to unlock/close the file.

Link to comment
Share on other sites
KaFu Universalist

KaFu

Posted
Posted

Looks really, really nice :thumbsup:, one small remark on the posted example, maybe it would be good to add a call to _SD_FreeBuffers() at the end?

de.png OS: Win10-22H2 - 64bit - German, AutoIt Version: 3.3.16.1, AutoIt Editor: SciTE, Website: https://funk.eu
prog_icon_amt.png AMT - Auto-Movie-Thumbnailer (2022-Nov-26) prog_icon_bic.png BIC - Batch-Image-Cropper (2023-Apr-01) prog_icon_cop.png COP - Color Picker (2009-May-21)
prog_icon_dcs.png DCS - Dynamic Cursor Selector (2024-Feb-16) prog_icon_hmw.png HMW - Hide my Windows (2018-Sep-16) prog_icon_hrc.png HRC - HotKey Resolution Changer (2012-May-16) 
prog_icon_icu.png ICU - Icon Configuration Utility (2018-Sep-16) prog_icon_smf.png SMF - Search my Files (2023-Jun-03) - THE file info and duplicates search tool prog_icon_ssd.png SSD - Set Sound Device (2017-Sep-16)

Link to comment
Share on other sites
  • 2 weeks later...
  • 2 weeks later...
satmaniac Seeker

satmaniac

Posted
Posted (edited)

I am very confused.

I have used the latest version of SecureFileDelete in order to wipe the Prefetch folder and get error 0 : 4 and sometimes 0 : 5.

This error appears only when wiping the Prefetch folder , in other folders i get success (1 : 0) ...

The second function is a simple test delete func of the same folder which works and proves that the folder is not locked at this time.

This error appears only in my XP pc (where i code) .

I tested in other 2 pc's (XP and Win7) the same code gives me success (1 : 0) ...

Any idea ?

Thank you.

#RequireAdmin
#include <_SecureDelete.au3>

$wipefile = ""
$search = ""
$searchpath = ""
$ErrorResult = 0

WipePrefetchFiles()
; DeletePrefetchFiles()

; let's wipe a single file now ...
$wipefile = "C:test.exe"
$ErrorResult = _SecureFileDelete($wipefile, -1, true)
ConsoleWrite("Wiping " & $wipefile & " = " & $ErrorResult & " : " & @error & @CRLF) ; this files wipes succesfully ...
Exit

;-----------------------------------------------------------------------------------------------------

func WipePrefetchFiles()
$searchpath = @WindowsDir & 'Prefetch'
$search = FileFindFirstFile($searchpath & '*.pf')

If $search <> -1 Then
While 1
$foundfile = FileFindNextFile($search)
If @error Then ExitLoop

$wipefile = $searchpath & '' & $foundfile
$ErrorResult = _SecureFileDelete($wipefile, -1, true)
ConsoleWrite("Wiping " & $wipefile & " = " & $ErrorResult & " : " & @error & @CRLF)
WEnd
FileClose($search)
EndIf
EndFunc
;-------------------------------------------------------------------------------------------------------
func DeletePrefetchFiles()
$searchpath = @WindowsDir & 'Prefetch'
$search = FileFindFirstFile($searchpath & '*.pf')

If $search <> -1 Then
While 1
$foundfile = FileFindNextFile($search)
If @error Then ExitLoop

$errorresult = Filedelete($searchpath & '' & $foundfile)
consolewrite ("Deleting ..." & $searchpath & '' & $foundfile & " = " & $errorresult & @CRLF)
WEnd
FileClose($search)
EndIf
EndFunc
Edited by satmaniac
Link to comment
Share on other sites
wraithdu Universalist

wraithdu

Posted
  • Author
Posted

Those errors mean that AutoIt can't access the files for some reason. Do you have a different antivirus running on that PC than the others? Do you have full admin rights? Are you using the latest version of the UDF and have you tried the directory delete function (keep a copy of any files from the Prefetch folder you don't want deleted)?

Link to comment
Share on other sites
  • 4 weeks later...
KaFu Universalist

KaFu

Posted
Posted (edited)

I'm currently implementing this into SMF and noticed the following:

The function _SecureDirectoryDelete() will always fail to remove a directory (not the content), if the path is prefixed with "?" (to handle filenames longer MAX_PATH = 260 and containing illegal characters).

I tracked it down to _SD_DeleteDir(), where you use DirMove() and DirRemove(), both functions not supporting long filenames. I have replaced the two function calls with these custom ones to make it work for me.

Func _DirMoveEx_Empty($sDir, $newdir)
    Local $iRes = DllCall("kernel32.dll", "int", "MoveFileExW", "wstr", $sDir, "wstr", $newdir, "dword", 0x8)
    Return $iRes[0]
EndFunc

Func _DirRemoveEx_Empty($sPath)
    Local $iRes = DllCall("kernel32.dll", "int", "RemoveDirectoryW", "wstr", $sPath)
    Return $iRes[0]
EndFunc ;==>_DirRemoveEx_Empty
Edited by KaFu

de.png OS: Win10-22H2 - 64bit - German, AutoIt Version: 3.3.16.1, AutoIt Editor: SciTE, Website: https://funk.eu
prog_icon_amt.png AMT - Auto-Movie-Thumbnailer (2022-Nov-26) prog_icon_bic.png BIC - Batch-Image-Cropper (2023-Apr-01) prog_icon_cop.png COP - Color Picker (2009-May-21)
prog_icon_dcs.png DCS - Dynamic Cursor Selector (2024-Feb-16) prog_icon_hmw.png HMW - Hide my Windows (2018-Sep-16) prog_icon_hrc.png HRC - HotKey Resolution Changer (2012-May-16) 
prog_icon_icu.png ICU - Icon Configuration Utility (2018-Sep-16) prog_icon_smf.png SMF - Search my Files (2023-Jun-03) - THE file info and duplicates search tool prog_icon_ssd.png SSD - Set Sound Device (2017-Sep-16)

Link to comment
Share on other sites
wraithdu Universalist

wraithdu

Posted
  • Author
Posted (edited)

Good find. I'll make those adjustments in the UDF (and probably to the DeleteFile function as well). I'll be posting an update soon that also corrects a bug in the Freespace erase function where it was using the sector size for temp file writes instead of the cluster size (wouldn't cause failure, but would slow down the process). It will also add better support for UNC and network file names to the GetFileMapping UDF. I'm pretty sure it wasn't failing before, but was not querying the remote file system for cluster size properly. It also now explicitly restricts wiping of encrypted / compressed / and sparse files to local volumes with drive letters. You simply can't open a volume handle to a remote file system to do what is required for those file types. Also note that under UAC, full admin permission is required to open a volume handle and use the defrag API to wipe encrypted / compressed / and sparse files.

Edited by wraithdu
Link to comment
Share on other sites
  • 2 years later...
micr0shaft Seeker

micr0shaft

Posted
Posted (edited)

Hi first thanks for this very usefull script :)

 

I am having difficulty understanding how to use the callback function in your script because once the secure dir delete function has started no other functions/events will trigger until the secure dir delete function has completed at least this is my current understanding.

I am trying to wipe a directory and provide feedback in my gui to display the current progress via a GUICtrlCreateLabel I have tried setting the callback variable as GUICtrlCreateLabel($CRTL, Call($CALLBACK)) and ($CRTL, $CALLBACK) / ($CRTL, $CALLBACK[1]) But I am inexperienced and can not find any helpful documentation or am not using the correct search terms.

Please help enlighten me

Tia 

EDIT

Never Mind lol

I looked through your code and soon discovered it is a custom function I have to name and now have it displaying fine.

Thanks again for the code.

Edited by micr0shaft
Solved
Link to comment
Share on other sites
  • 4 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...