Jump to content
Sign in to follow this  
mary

Interesting Technique (Lock a file)

Recommended Posts

mary

My question is about technique used by Panda-USB-Vaccine to lock files ( as for autorun.inf in this tools)

the file remain locked (impossible to read, write or delete without formatting !!)

So, do you know how we can lock file for ever (and not just lock by a resident process) ?

Share this post


Link to post
Share on other sites
tmax

My question is about technique used by Panda-USB-Vaccine to lock files ( as for autorun.inf in this tools)

the file remain locked (impossible to read, write or delete without formatting !!)

So, do you know how we can lock file for ever (and not just lock by a resident process) ?

Hi,

There is another way to lock your 'autorun.inf' file.

I used winhex tools to edit the USB sector as shown on 'autorun.gif' file.

as you can notice that the actual attribute of 'autorun.inf' is '20' of hex value,

After you alter from '20' to 'E5' and saved, the 'autorun.inf' file cannot be deleted,

or contents of file cannot be view by others and cannot be autorun also, it just act as

a dummy autorun file.

You can reset back from 'E5' to '20' by winhex.

I used this method to protect my USB drive from autorun virus.

post-32105-1241012163_thumb.gif

Share this post


Link to post
Share on other sites
torels

My question is about technique used by Panda-USB-Vaccine to lock files ( as for autorun.inf in this tools)

the file remain locked (impossible to read, write or delete without formatting !!)

So, do you know how we can lock file for ever (and not just lock by a resident process) ?

what's the use in that ?

btw... Fileopen() "locks" the file


Some Projects:[list][*]ZIP UDF using no external files[*]iPod Music Transfer [*]iTunes UDF - fully integrate iTunes with au3[*]iTunes info (taskbar player hover)[*]Instant Run - run scripts without saving them before :)[*]Get Tube - YouTube Downloader[*]Lyric Finder 2 - Find Lyrics to any of your song[*]DeskBox - A Desktop Extension Tool[/list]indifference will ruin the world, but in the end... WHO CARES :P---------------http://torels.altervista.org

Share this post


Link to post
Share on other sites
mary

Ok, so the technique is to modify disk sector with an hex editor.

but how you know what byte to modify to lock a given file (not necessarly autorun.inf) ? and is it possible with autoit ?

Edited by mary

Share this post


Link to post
Share on other sites
tmax

Ok, so the technique is to modify disk sector with an hex editor.

but how you know what byte to modify to lock a given file (not necessarly autorun.inf) ? and is it possible with autoit ?

I just download and install 'Panda-USB-Vaccine', found that it uses same method

to lock file 'autorun.inf' alter attribute from '20' to '40' and rename the original to 'autorun_.inf'.

---- refer to 'auto_panda.gif' file

post-32105-1241102625_thumb.gif

From hex editor, search for the filename that need protect,

e.g 'mydoc.txt',search for 8 char ,"MYDOC TXT".

At the end of filename '20' of hex value is the attribute of file. Change to '40' to locked it.

---- refer to 'lock.gif' file

post-32105-1241102989_thumb.gif

I not sure with autoit file disc handling, but will try to solve it.

Share this post


Link to post
Share on other sites
ken82m

Is their a way to do this in the MBR? To write protect the entire FS.

-Kenny


My Contributions _StringMultiReplace PC Builders Console - Secure PDF Creator - Cisco VPN Installer MS DNS Server Backup Script - MS DHCP Backup Script IT Admin Console - Toggle Admin Mode - MyMovies-Add Discs Script - IT Help Desk and System Information Tool - Set On Lid Close Power Option - Streaming Media Server & Website "I believe that when we leave a place, part of it goes with us and part of us remains... Go anywhere, when it is quiet, and just listen.. After a while, you will hear the echoes of all our conversations, every thought and word we've exchanged.... Long after we are gone our voices will linger in these walls for as long as this place remains."

Share this post


Link to post
Share on other sites
ulzzang

They're different level, then I think it's No.

Protect/lock the certain file with Winhex is the method go down to sector level and raw editing the content in disk. When user try to touch that file in regular level (via file explorer/os shell), the action would fail 'coz in lower level the file system has modified/altered. But when you talk about MBR, itself exist in lowest digital level of disk content, so you can go deeper down and protect/lock it with a trick. Unless some physical read-only setup but it's another story, of course.

Share this post


Link to post
Share on other sites
ulzzang

..., so you can go deeper down and protect/lock it with a trick...

Sorry, mistyped... I mean can't :mellow:

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.