Jump to content


Check out our Community Blogs

Register and join over 40,000 other developers!


Recent Status Updates

View All Updates

Photo
- - - - -

Looping until a user presses a key?

loop

  • Please log in to reply
18 replies to this topic

#1 mholt

mholt

    CC Regular

  • No Access
  • PipPipPip
  • 27 posts

Posted 18 January 2008 - 03:23 PM

Hello,

(My question is bolded down below if you don't want to know my story.)

I'm fairly new to C++ and am learning it in my spare time. Recently it has become more of a priority since a few weeks ago when I decided to start taking security more seriously with my computer activities.

I started using TrueCrypt and have an encrypted portion set up on my flash drive.

Unfortunately, when I went to a public network and plugged it in, about 4 GB of files were maliciously deleted, even the encrypted portion (which is just a file, like any other file, it can be moved/deleted/etc).

This frustrates me, and I couldn't find a good, free, simple "file locker" to prevent deleting files. So I decided to write one. I noticed that some files which I had currently in use were not deleted until a minute or so after I closed them.

So I figured to write a program myself that I could run to "open" and "occupy" these files so they can't be deleted (since Windows won't really let you).

My program works like a charm. But now I also consider those "unlocker" apps which someone can use to close the stream between an open file and a process using that file.

I'd like to know how to get around an unlockers' capabilities. Now I know that using a task killer, or even the TASKKILL batch file command can simply stop my protection program from running. But there's just no way to get around that, I guess. I do have one idea, and I haven't found any others online about this matter by Google...



My guess is that if the program loops while it is open (and while it has all the other specified files in an input stream), and checks constantly to make sure the stream is working (using is_open I suppose), I can re-establish a lost connection.



So my question is: how can I get the program to loop this "checker" portion of the code and then execute a shutdown procedure when the user either hits the X in the corner of the console or presses the Enter key, all while the loop is going?

Or: is there a way to detect interruptions in streams that are just sitting there, open, and not doing anything? Like an event that triggers some code execution in my program? (But... I assume I'd have to be constantly checking them....)

Thanks for any help; it seems complicated to me, but I'm sure to you it's not that bad. So I do appreciate it.
  • 1

#2 dargueta

dargueta

    I chown trolls.

  • Moderator
  • 4854 posts
  • Programming Language:C, Java, C++, PHP, Python, JavaScript, Perl, Assembly, Bash, Others
  • Learning:Objective-C

Posted 20 January 2008 - 05:36 PM

You're making this harder than you need to. Just use WinAPI's OpenFile() function with the OF_SHARE_EXCLUSIVE option. This'll lock out all other processes, even itself if necessary. For example:


HFILE myHandle;
OFSTRUCT fileData;
myHandle = OpenFile("C:\\myFile.txt",&fileData,OF_READ|OF_SHARE_EXCLUSIVE);
//just in case, lock every byte of the file.
LockFile(myFile,0,0,0xFFFFFFFF,0xFFFFFFFF);
//do whatever here
//now close the file
CloseHandle(myFile);


Be sure to include windows.h.

As for your original question, just use __getch() from conio.h to check for <ENTER>. You don't need a loop.
  • 0

#3 dargueta

dargueta

    I chown trolls.

  • Moderator
  • 4854 posts
  • Programming Language:C, Java, C++, PHP, Python, JavaScript, Perl, Assembly, Bash, Others
  • Learning:Objective-C

Posted 20 January 2008 - 05:40 PM

To get around TASKKILLER, just make the program open a copy of itself when it gets a close message. I don't know how to do that offhand, but I know there's a way. I'll check and let you know as soon as I find out.
  • 1

#4 dargueta

dargueta

    I chown trolls.

  • Moderator
  • 4854 posts
  • Programming Language:C, Java, C++, PHP, Python, JavaScript, Perl, Assembly, Bash, Others
  • Learning:Objective-C

Posted 20 January 2008 - 06:54 PM

There's a way if you use Visual Basic. As for C/C++, I'm beginning to think there isn't a way, but I'll keep looking.

Visual Basic: use the QueryClose() function. You'll have declare the WinAPI functions from kernel32.dll like so:

type OFSTRUCT
cBytes As Byte
fFixedDisk As Byte
errorCode As Int16
reserved1 As Int16
reserved2 As Int16
pathName As String * 128
end type

public declare function alias "OpenFileA" lib "kernel32.dll" OpenFile( _
ByRef fileName As String, ByRef data As OFSTRUCT, ByVal mode As Int32)

  • 0

#5 mholt

mholt

    CC Regular

  • No Access
  • PipPipPip
  • 27 posts

Posted 21 January 2008 - 08:28 AM

Hey - thanks dargueta. These are all helpful ^_^ Previously I was using the open() function, but OpenFile() (actually, CreateFile()) in windows.h is much better for this task. The first snippet you supplied works well. I've since modified it to do exactly what I want.

With this new knowledge, I've been looking more into the CreateFile function, to avoid a 128-character filepath length limitation and to have other control over opening the file. MSDN is a great resource all of a sudden.

This VB snippet would be great, but unfortunately this is meant to go on flash drives (portable), where .net framework may not be installed... I'd like a simple stand-alone app if possible.

Also, if it helps, I'm using Dev-Cpp on Windows Vista, writing this as a console app. (Again, I'm new to C++).

I appreciate this. I'll look around as well for a close message.
  • 0

#6 dargueta

dargueta

    I chown trolls.

  • Moderator
  • 4854 posts
  • Programming Language:C, Java, C++, PHP, Python, JavaScript, Perl, Assembly, Bash, Others
  • Learning:Objective-C

Posted 21 January 2008 - 11:00 AM

I just figured something out--a faster and more secure way to do things:

Use the CreateFile function to open the entire drive, then use LockFile to lock down the whole drive--boot sector and all--so that there's no way anyone can modify it. This protects against boot sector viruses too!

Let's say your flash drive is drive F:\ for this example. You'd do the following:


HANDLE f = CreateFile("\\\\.\\F:",GENERIC_READ,FILE_SHARE_WRITE,NULL,OPEN_EXISTING,0,NULL);
//the entire drive is locked now
LockFile(f,0,0,0xFFFFFFFF,0xFFFFFFFF);

//do your thing here

UnlockFile(f,0,0,0xFFFFFFFF,0xFFFFFFFF);
CloseHandle(f);


As for your idea that .NET wouldn't work on a flash drive--the program is run from the computer itself, not the flash drive, so chances are the .NET framework is installed. But I see your point.
  • 0

#7 mholt

mholt

    CC Regular

  • No Access
  • PipPipPip
  • 27 posts

Posted 21 January 2008 - 01:42 PM

hey dargueta,

I've been playing around. I acknowledge that I approached this too hastily and didn't do my research... so I appreciate your patience. This is a great learning experience.

- The lockFile function, to lock its bytes, should start at 0x00000000 and end at 0xFFFFFFFF, shouldn't it? I tried that and it write-protected the file, even though it was only opened with read/write permissions. So that works.

- As far as recovering from an interrupted stream (or, I'm assuming that just means "if you lose the connection to the open file, then get it back to save the file's safety") - I found here:

File Management Control Codes (Windows)

Scroll down halfway to "The following control codes are used with opportunistic locks."

The table right below that has some interesting control codes and descriptions. Is this something I want to look at deeper? I'll be honest, I don't know what some of it means, but I could guess. I don't know how to use those control codes.
  • 0

#8 dargueta

dargueta

    I chown trolls.

  • Moderator
  • 4854 posts
  • Programming Language:C, Java, C++, PHP, Python, JavaScript, Perl, Assembly, Bash, Others
  • Learning:Objective-C

Posted 21 January 2008 - 01:56 PM

To be honest, I have no idea what they are either. Something to do with really low-level IO. For über-security, I guess you could repeatedly call CancelIOEx with the file handle you get from the CreateFile function, which would cancel all IO operations on the drive. Going with the above example, just do:

//infinite loop
while(true)
    CancelIOEx(f,NULL);

And actually, the memory range is 0 to 0xFFFFFFFFFFFFFFFF (64 bits). The upper and lower ranges are each passed in as a set of two 32-bit arguments since the CPU registers can't hold 64 bits.

By the way--this is all fine and dandy if you want to turn your flash drive into Fort Knox, but what if you decide to edit a file yourself? Isn't that a bit of a problem?
  • 0

#9 mholt

mholt

    CC Regular

  • No Access
  • PipPipPip
  • 27 posts

Posted 21 January 2008 - 03:15 PM

To be honest, I have no idea what they are either. Something to do with really low-level IO. For über-security, I guess you could repeatedly call CancelIOEx with the file handle you get from the CreateFile function, which would cancel all IO operations on the drive. Going with the above example, just do:

//infinite loop
while(true)
    CancelIOEx(f,NULL);

And actually, the memory range is 0 to 0xFFFFFFFFFFFFFFFF (64 bits). The upper and lower ranges are each passed in as a set of two 32-bit arguments since the CPU registers can't hold 64 bits.

By the way--this is all fine and dandy if you want to turn your flash drive into Fort Knox, but what if you decide to edit a file yourself? Isn't that a bit of a problem?

Ha, actually, my flash drive is filled with a file that's about 3.8 GB. It's an encrypted TrueCrypt partition that, when mounted, holds 3.8 GB of secure data for work, etc.

I apologize for not being clearer. I'm obviously not very good at this :P

Here's ultimately what I want my program to accomplish when it is done (bolded parts I already have working):

- Open all files in current directory and all subdirectories under it so they cannot be deleted or moved in Windows.

- Lock all files from being read except for my TrueCrypt volume. (This i just specify manually in the source code. That's all good.)

- OR, prevent ANY file operations by any user other than the current user logged on to the computer. We can, I see, prevent all file operations... but for all users. I want to prevent all users except the current one - me.

- If an unlocker app "unlinks" a file and this program, then the program re-establishes a link or somehow recovers from this, by replicating itself, or copying the file, or doing *something* to prevent malicious damage to the file.

- Appears camouflaged in the system processes list so that system admins don't think the program is malicious. (Because it's not. However some, as I've experienced, unfortunately are obsessive.) (Basically, this means that if you did Ctrl+Alt+Delete, for example, you'd see the program name maybe as "svchost.exe" (so it looks like a Windows process), created by the user SYSTEM or LOCAL SERVICE.)


- To exit the program and unlock all the files, type a password so that not just anybody can do so.


- My last concern is that someone would just kill this program's process directly. I wonder if there's a way, in C++, to detect that the program has stopped running or to hide it from the system process list. I doubt it, but if there's some way it could copy itself before being forcefully shut down... that'd be cool.




I know this is a lot of questions and a lot of aspects to cover. I don't expect you to answer them all. You've helped me quite a lot already and I will try to take it from here.

Thanks for your assistance :)
  • 0

#10 dargueta

dargueta

    I chown trolls.

  • Moderator
  • 4854 posts
  • Programming Language:C, Java, C++, PHP, Python, JavaScript, Perl, Assembly, Bash, Others
  • Learning:Objective-C

Posted 21 January 2008 - 03:22 PM

Several ways to do this:
(1) Put a bootstrap program into your flash drive's boot sector that runs your locking program when the flash drive is inserted. Set your main() function to return an int whose value only you know. When your main function returns because it has been stopped, it returns this value. Otherwise, Windows will force it to return -1 (I think). So...if the bootstrap program checks the return value, and sees that it's anything but your special number, just have it call your locking program again. Since this runs underneath the operating system, you can do whatever you want. Just be careful.

HOWEVER:, this can be extremely dangerous. Modifying the boot sector is only a good idea if you know what you're doing. That's why I'm here. Make sure you test the bootstrap program thoroughly before you write it, because if you mess up...boom. There goes your flash drive. That's basically what boot sector viruses do.

(2) I forgot the rest. I'll get back to you on that.
  • 0

#11 mholt

mholt

    CC Regular

  • No Access
  • PipPipPip
  • 27 posts

Posted 21 January 2008 - 04:10 PM

Well, I'm game for complex and learning this stuff as long as it's easy to use in the end.

I really don't want you to feel as if you have to continue helping me with this, you've far exceeded what I expected as far as help goes. Take a break (unless you really want to, I mean, I won't stop ya) ;) I have another semester starting up tomorrow, but I'll still be working on it. Again, thanks for all your help!
  • 0

#12 dargueta

dargueta

    I chown trolls.

  • Moderator
  • 4854 posts
  • Programming Language:C, Java, C++, PHP, Python, JavaScript, Perl, Assembly, Bash, Others
  • Learning:Objective-C

Posted 21 January 2008 - 04:13 PM

You're welcome. Actually, I enjoy doing this--I'll take any chance to learn. Are you up for learning some Assembly language? We might have to do that for this.
  • 0





Also tagged with one or more of these keywords: loop

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download