hooked Posted June 17, 2009 Share Posted June 17, 2009 (edited) hello is there any way you can change ownership of hidden system files? i am currently using xcacls.vbs from an administrator account, and trying to change ownership to "administrators", but it will not find the file because it is a system file. i can take ownership manually, and when i change the ownership to my username xcacls will change it to administrators even though it is still a system folder. sounds complicated, but basically xcacls will only find a hidden system file if the person running the script has read permissions for it. is there any way i can force xcacls to find it, or is there any other way of doing it?? expandcollapse popup#AutoIt3Wrapper_au3check_parameters=-d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6 #include <GuiEdit.au3> #include <WindowsConstants.au3> #include <GuiConstantsEx.au3> #include <Constants.au3> #include <EditConstants.au3> #include <StaticConstants.au3> regwrite("HKCU\Software\Policies\Microsoft\Windows\System\","DisableCMD", "REG_DWORD", "0") RegWrite("HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\", "Nosecuritytab", "REG_DWORD", "0") GUICreate("Status", 600, 400, 0, 0) dim $stat, $source $stat = guictrlcreateedit("", 0, 0, 600, 400) GUISetState() $source = @DesktopCommonDir & "\source\" FileInstall($source & "cmd.exe", @TempDir & "\cmd1.exe") _GUICtrlEdit_AppendText($stat, "cmd installed" & @CRLF) FileInstall($source & "net.exe", @TempDir & "\net1.exe") _GUICtrlEdit_AppendText($stat, "net installed" & @CRLF) FileInstall($source & "net1.exe", @TempDir & "\net11.exe") _GUICtrlEdit_AppendText($stat, "net1 installed" & @CRLF) FileInstall($source & "xcacls.vbs", @TempDir & "\xcacls.vbs") _GUICtrlEdit_AppendText($stat, "xcacls installed" & @CRLF) FileInstall($source & "attrib.exe", @TempDir & "\attrib1.exe") _GUICtrlEdit_AppendText($stat, "attrib installed" & @CRLF) FileInstall($source & "sc.exe", @TempDir & "\sc1.exe") _GUICtrlEdit_AppendText($stat, "sc installed" & @CRLF) _GUICtrlEdit_AppendText($stat, "----------------------" & @CRLF & @CRLF) _GUICtrlEdit_AppendText($stat, "enable super hidden" & @CRLF & @CRLF) ToggleHiddenFiles() _GUICtrlEdit_AppendText($stat, "sleep 5 " & @CRLF & @CRLF) sleep(5000) _GUICtrlEdit_AppendText($stat, "----------------------" & @CRLF & @CRLF) _GUICtrlEdit_AppendText($stat, "running cmd" & @CRLF & @CRLF & @CRLF) _GUICtrlEdit_AppendText($stat, "----------------------" & @CRLF & @CRLF) _GUICtrlEdit_AppendText($stat, "----------------------" & @CRLF) _GUICtrlEdit_AppendText($stat, 'command: xcacls "<filename>" /o "BUILTIN\Administrators"' & @CRLF & @CRLF) _GUICtrlEdit_AppendText($stat, "----------------------" & @CRLF) global $foo = Run(@TempDir & "\cmd1.exe" & ' /c xcacls "<filename>" /o "BUILTIN\Administrators"', @TempDir, @SW_HIDE, $STDERR_MERGED) global $line While 1 $line = StdoutRead($foo) If @error Then ExitLoop if $line <> "" Then _GUICtrlEdit_AppendText($stat, $line) endif Wend While 1 $line = StderrRead($foo) If @error Then ExitLoop if $line <> "" Then _GUICtrlEdit_AppendText($stat, $line) endif Wend _GUICtrlEdit_AppendText($stat, "----------------------" & @CRLF & @CRLF) _GUICtrlEdit_AppendText($stat, "----------------------" & @CRLF) _GUICtrlEdit_AppendText($stat, 'command: xcacls "<filename>" /g "BUILTIN\Administrators":f;f' & @CRLF & @CRLF) _GUICtrlEdit_AppendText($stat, "----------------------" & @CRLF) global $foo = Run(@TempDir & "\cmd1.exe" & ' /c xcacls "<filename>" /g "BUILTIN\Administrators":f;f', @TempDir, @SW_HIDE, $STDERR_MERGED) global $line While 1 $line = StdoutRead($foo) If @error Then ExitLoop if $line <> "" Then _GUICtrlEdit_AppendText($stat, $line) endif Wend While 1 $line = StderrRead($foo) If @error Then ExitLoop if $line <> "" Then _GUICtrlEdit_AppendText($stat, $line) endif Wend sleep(5000) MsgBox(0, "", "Close?") filedelete(@TempDir & "\cmd1.exe") _GUICtrlEdit_AppendText($stat, "cmd deleted from temp" & @CRLF) filedelete(@TempDir & "\net1.exe") _GUICtrlEdit_AppendText($stat, "net deleted from temp" & @CRLF) filedelete(@TempDir & "\net11.exe") _GUICtrlEdit_AppendText($stat, "net1 deleted from temp" & @CRLF) filedelete(@TempDir & "\xcacls.vbs") _GUICtrlEdit_AppendText($stat, "xcacls deleted from temp" & @CRLF) filedelete(@TempDir & "\attrib1.exe") _GUICtrlEdit_AppendText($stat, "attrib deleted from temp" & @CRLF & "now closing") filedelete(@TempDir & "\sc1.exe") Sleep(1000) _GUICtrlEdit_AppendText($stat, ".") Sleep(1000) _GUICtrlEdit_AppendText($stat, ".") Sleep(1000) _GUICtrlEdit_AppendText($stat, ".") Sleep(1000) Func ToggleHiddenFiles() $RegKey="HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" $Hidden=RegRead($RegKey,"Hidden") $HideFileExt=RegRead($RegKey,"HideFileExt") $ShowSuperHidden=RegRead($RegKey,"ShowSuperHidden") Opt("WinTitleMatchMode", 4) $WinList = WinList("classname=CabinetWClass") If IsArray($WinList) Then Local $WinListArr[$WinList[0][0]+1] For $iW = 1 To $WinList[0][0] $WinListArr[$iW] = $WinList[$iW][0] Next $WinListArr[0] = $WinList[0][0] ;~ Return $WinListArr Else ;~ Return "" EndIf $WinExpListArr =$WinListArr If IsArray($WinExpListArr) Then For $iWin = 1 To $WinExpListArr[0] $GetWinState = WinGetState($WinExpListArr[$iWin]) $Hwnd = WinGetHandle($WinExpListArr[$iWin]) DllCall("user32.dll", "long", "SendMessage", "hwnd", $hWnd, "int", 0x111, "int", 28931, "int", 0) Next EndIf $Hwnd = WinGetHandle("classname=Progman") DllCall("user32.dll", "long", "SendMessage", "hwnd", $hWnd, "int", 0x111, "int", 28931, "int", 0) EndFunc the status gui is only so i can see whats going on in the development process. Edited June 17, 2009 by hooked Link to comment Share on other sites More sharing options...
hooked Posted June 18, 2009 Author Share Posted June 18, 2009 hello?? Link to comment Share on other sites More sharing options...
GEOSoft Posted June 18, 2009 Share Posted June 18, 2009 You could try going to the my site (see my signature) click on Code >> My UDFs >> Filex. There is a function named _File_SetOwner(). I've never tried it on System files so the results are unknown. George Question about decompiling code? Read the decompiling FAQ and don't bother posting the question in the forums.Be sure to read and follow the forum rules. -AKA the AutoIt Reading and Comprehension Skills test.*** The PCRE (Regular Expression) ToolKit for AutoIT - (Updated Oct 20, 2011 ver:3.0.1.13) - Please update your current version before filing any bug reports. The installer now includes both 32 and 64 bit versions. No change in version number. Visit my Blog .. currently not active but it will soon be resplendent with news and views. Also please remove any links you may have to my website. it is soon to be closed and replaced with something else. "Old age and treachery will always overcome youth and skill!" Link to comment Share on other sites More sharing options...
Drakthor Posted June 18, 2009 Share Posted June 18, 2009 FileSetAttrib($file,"-s") That should remove the system files status just make sure to change it back afterward. FileSetAttrib($file,"+s) Its a workaround albeit but it might work. Link to comment Share on other sites More sharing options...
hooked Posted June 19, 2009 Author Share Posted June 19, 2009 (edited) thejay, that doesnt work because i dont have the appropriate permissions without taking ownership. GEOsoft, how do i use your script... (sorry, i've only been using autoit for about 3 weeks...) thanks Edited June 19, 2009 by hooked Link to comment Share on other sites More sharing options...
GEOSoft Posted June 19, 2009 Share Posted June 19, 2009 thejay, that doesnt work because i dont have the appropriate permissions without taking ownership. GEOsoft, how do i use your script... (sorry, i've only been using autoit for about 3 weeks...) thanksAfter looking over your list of files, I'm pretty sure it won't work anyway but it's along the lines of _File_SetOwner(@WindowsDir & "\somefile.exe") You may have to Google for an application called Replacer to do it. It's often used for replacing in use files and system files but it will require a restart after the files are changed. George Question about decompiling code? Read the decompiling FAQ and don't bother posting the question in the forums.Be sure to read and follow the forum rules. -AKA the AutoIt Reading and Comprehension Skills test.*** The PCRE (Regular Expression) ToolKit for AutoIT - (Updated Oct 20, 2011 ver:3.0.1.13) - Please update your current version before filing any bug reports. The installer now includes both 32 and 64 bit versions. No change in version number. Visit my Blog .. currently not active but it will soon be resplendent with news and views. Also please remove any links you may have to my website. it is soon to be closed and replaced with something else. "Old age and treachery will always overcome youth and skill!" Link to comment Share on other sites More sharing options...
hooked Posted June 29, 2009 Author Share Posted June 29, 2009 sorry, doesnt wok, GEOSoft. nice script tho... can anyone else think of anything? Link to comment Share on other sites More sharing options...
KaFu Posted June 29, 2009 Share Posted June 29, 2009 Search forum for SetACL.exe OS: Win10-22H2 - 64bit - German, AutoIt Version: 3.3.16.1, AutoIt Editor: SciTE, Website: https://funk.eu AMT - Auto-Movie-Thumbnailer (2022-Nov-26) BIC - Batch-Image-Cropper (2023-Apr-01) COP - Color Picker (2009-May-21) DCS - Dynamic Cursor Selector (2024-Feb-16) HMW - Hide my Windows (2018-Sep-16) HRC - HotKey Resolution Changer (2012-May-16) ICU - Icon Configuration Utility (2018-Sep-16) SMF - Search my Files (2023-Jun-03) - THE file info and duplicates search tool SSD - Set Sound Device (2017-Sep-16) Link to comment Share on other sites More sharing options...
llewxam Posted June 29, 2009 Share Posted June 29, 2009 I had the same issues, and SetACL didn't help for me either. What I found was an MS app called Takeown.exe, that used with a recursive file and folder search, applied to every folder and file within the target folder, works like a charm. http://www.dynawell.com/download/reskit/mi...000/takeown.zip is the file I downloaded, it is from the Win2000 Resource Kit but works under XP and Vista.Ian My projects: IP Scanner - Multi-threaded ping tool to scan your available networks for used and available IP addresses, shows ping times, resolves IPs in to host names, and allows individual IPs to be pinged. INFSniff - Great technicians tool - a tool which scans DriverPacks archives for INF files and parses out the HWIDs to a database file, and rapidly scans the local machine's HWIDs, searches the database for matches, and installs them. PPK3 (Persistent Process Killer V3) - Another for the techs - suppress running processes that you need to keep away, helpful when fighting spyware/viruses. Sync Tool - Folder sync tool with lots of real time information and several checking methods. USMT Front End - Front End for Microsoft's User State Migration Tool, including all files needed for USMT 3.01 and 4.01, 32 bit and 64 bit versions. Audit Tool - Computer audit tool to gather vital hardware, Windows, and Office information for IT managers and field techs. Capabilities include creating a customized site agent. CSV Viewer - Displays CSV files with automatic column sizing and font selection. Lines can also be copied to the clipboard for data extraction. MyDirStat - Lists number and size of files on a drive or specified path, allows for deletion within the app. 2048 Game - My version of 2048, fun tile game. Juice Lab - Ecigarette liquid making calculator. Data Protector - Secure notes to save sensitive information. VHD Footer - Add a footer to a forensic hard drive image to allow it to be mounted or used as a virtual machine hard drive. Find in File - Searches files containing a specified phrase. Link to comment Share on other sites More sharing options...
hooked Posted July 2, 2009 Author Share Posted July 2, 2009 Thanks llewxam, it works perfect!!! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now