1

[the following is a rephrase of my previous question, which was deemed ambiguous].

I'm digging into creating a basic licensing mechanism for a demo application. What I have in mind goes like that: the application creates an empty "license file" called, say "0b1xa487x.ini" upon the first run, then expires 30 days after it has been first executed and can't be run anymore as long as that specific file is present on the system.

What I'm looking for is a method to protect that specific file in a way to deter deletion. Since it will be a blank file, devoid of any content, I wouldn't mind it to be corrupt, have corrupt headers, invalid date, whatever it takes to stay undeletable.

I've seen a similar approach somewhere based on file attributes (the file had the HX attributes set in place); however, the attribute approach lead me nowhere, as I can't find any documented feature on the existence of a file attribute X.

I also know that there are other approaches including rootkit drivers and system services launched as system user, but this particular one seems to fit best in this scenario. Again, I outline that the file's contents may as well be inaccessible, I'm not planning to use the approach in running any kind of malware from the file, as I've been accused below :)

Manuel Allenspach
  • 12,467
  • 14
  • 54
  • 76
Bogdan Botezatu
  • 579
  • 1
  • 9
  • 25
  • What are you trying to accomplish? For example, are you are trying to test error handling in your application? If so, what kinds of errors are you trying to handle? – Marek Jedliński Apr 27 '11 at 18:51
  • 4
    Voted to close. Question extremely unclear/vague. Looks more like a request for known Windows vulnerabilities, than a request for programming help. – Warren P Apr 27 '11 at 20:03
  • Well, this is what I call a start on the wrong foot. I wouldn't have expected to get so much negative feedback from the very first post on StackOverflow, especially when all that I asked is an idea on how to create an useless, inaccessible file on a system without installing a rootkit driver or running a service. I thought this was legit enough, given the fact that I am pretty much able to solve the issue with either of the two approaches but I'd like to keep things simple. You know what they say, we're innocent until proven otherwise. You may close the thread. – Bogdan Botezatu Apr 27 '11 at 20:13
  • 2
    @sphynx: You asked a nonsense question. What is a "corrupt blank file"? By definition, a blank file can't be corrupt, since it has no content. – Ken White Apr 27 '11 at 20:17
  • 5
    Welcome to Stack Overflow. (Really!) The question body is indeed nonsense. There's no such thing as a corrupt blank file. Your comments reveal that you really want not a corrupt file but an undeletable one, and your idea for achieving that is to make it corrupt. But whether it's deletable has nothing to do with the contents; it has to do with the integrity of the file system and the ability to access the file. Maybe you merely have to give a file a name such that it cannot be selected in Explorer and therefore cannot be deleted. Please update the question body to reflect your actual goal. – Rob Kennedy Apr 27 '11 at 20:37
  • 1
    @sphynx: SO has no shortage of unclear questions. Put a little effort an fore-thought in your questions and you'll find you can get a lot of help here. Note that amid the criticism there are also many valid requests for clarification. And note the [edit] link under your question. – H H Apr 27 '11 at 21:34
  • Hello @Rob, @Henk. Feels good not to be nailed as malware author form the very beginning. I've rephrased my question to add extra details about what I want to accomplish as well as some more info why I think this would qualify as a legit programming question. – Bogdan Botezatu Apr 27 '11 at 21:50
  • 5
    @sphynx: What you're asking for **is** malware, whether or not that's your intention. Creating an undeletable file in any halfway-thought-out operating system (including Windows) is impossible, by design. [It would be very bad if it was possible.](http://blogs.msdn.com/b/oldnewthing/archive/2004/02/16/73780.aspx) If you're trying to make a demo program, just make a demo version of your program that's missing some key features, and if the users want the full feature set, they can pay you for the full version. That simplifies things for everyone involved. – Mason Wheeler Apr 28 '11 at 00:00
  • Create the file inside a folder inside a folder and so on until the file itself and the whole root folder is undeletable. J/K. Don't do that. Creating an invisible application to protect a file is a bad idea and I would not like that in my computer. If you do something like that you should put it very clear to the potential users at least. – Averroes Apr 28 '11 at 15:39
  • 1
    @Mason: I'm trying to determine whether anything should be read into the phrase: "halfway-thought-out operating system (including Windows)" :D – Disillusioned Apr 28 '11 at 17:52

3 Answers3

5

Corrupt suggests not conforming to some standard. There are no standards for blank files.

H H
  • 263,252
  • 30
  • 330
  • 514
  • I need to lock down a folder and I'd like to create a file within that folder that the OS won't be able to treat "naturally", ie, not being able to delete that file. I know that there are other means of implementing this feature, such as enforcing NTFS privileges or even deploying a file filter driver, but I'd like something smooth and simple. – Bogdan Botezatu Apr 27 '11 at 19:12
  • 6
    you can't do this. Give up now. – David Heffernan Apr 27 '11 at 19:19
  • 2
    @sphynx, you are 3 words away from asking us how to write a root-kit. Please do not do that. – Cosmin Prund Apr 27 '11 at 19:39
  • I'm sorry, I know how to write a rootkit. I won't ask you to do that for me, especially not in Delphi :). I'm trying to create an un-deletable file, as I also explained in my comment to Radu's suggestion. All that I'm trying to achieve is to get a blank, non-functioning (maybe even unreadable) file that actually cannot be deleted. This can hardly be labeled as malicious intent, can it? – Bogdan Botezatu Apr 27 '11 at 19:48
  • 4
    Yes, that's a bad protection scheme (reminds me of old DOS days and non standard floppies). Such files are not well behaved, and can lead to problems with other tools (i.e. disk defragmenters or disk check) –  Apr 28 '11 at 07:04
  • 1
    @sphynx If I uninstall the demo you left the undeletable file in my computer? – Averroes Apr 28 '11 at 15:42
  • 4
    I would describe any software that put an undeletable file on my computer as malicious. It's my computer, not yours, and you have no idea how I use it. – Graham Apr 28 '11 at 15:48
  • Yes, you are all right, unfortunately for me. On the other side, most of the applications running in trial or demo mode will eventually leave a registry key behind telling the application that it has been there and probably expired already. You have to give me that. I was thinking of doing the same, except that I was to use a file, but after having slept over the idea, I also see this as a bad approach. – Bogdan Botezatu Apr 28 '11 at 18:19
3

Thanks everybody for your suggestions. I found a way to render my file inaccessible, namely by using fortunate combination of file permissions. The downside is that these things don't work on non-NTFS partitions. The good thing is that I can always clean up after my application by simply removing these permissions programatically and deleting everything afterwards.

Bogdan Botezatu
  • 579
  • 1
  • 9
  • 25
  • 1
    if you are able to delete this file then someone else can do. the main idea here is to lock for other solutions to protect your demo. as I remember there is components for delphi to do that job for you. – Najem Apr 28 '11 at 11:57
2

Regarding your last answer to Henk, I believe it is more easier to create a service, start it automatically with the OS, and open the file in the fmShareExclusive by using a TFileStream.

But, you can not force the kernel of the OS, or an antivirus to make your file 'undeletable'.

Best regards,
Radu

RBA
  • 12,337
  • 16
  • 79
  • 126
  • Hello, Radu. I'm currently trying out your suggestion. If the OS fails to process the "malformed" timestamp, then this is what I need. I'm trying to create a system check (some sort of licensing scheme) and I'd like the user not to be able to delete that file. I'll get back to you with an answer shortly. – Bogdan Botezatu Apr 27 '11 at 19:41
  • 3
    Please do not use such an approach. As a user I would not be very happy if you create undeletable files on my machine. How will you delete it after you do not need it anymore? I am sure there are better ways to solve licensing scheme. – Runner Apr 27 '11 at 21:06