First off, here are the constraints:
Must run on XP
Must notify of both drive letter assignments and mounting a volume to a folder
Must not 'wake' a drive if it is sleeping.
I'd really rather not polling the drive.
What I've tried:
Google
I've looked at WMI and the Win32_LogicalDisk class. I can determine which drives are mounted to a drive letter, but not those mounted to a folder. The Win32_Volume* and Win32_MountPoint classes would be perfect, but are not available on XP.
I've tried polling the drives using FindFirstVolume & GetVolumePathNamesForVolumeName (even though I'd rather not do that), but it appears that the drives must be spun up before it can give me the information. And again, ew, polling.
I was considering the possibility of using API hooking to hook calls to SetVolumeMountPoint and DeleteVolumeMountPoint but I don't think that would catch everything and it seems like that might be an ugly hack anyway.
So, yea, I'm looking for suggestions :)
API hooking on SetVolumeMountPoint should let you intercept volume mounts. I'm not sure about network shares though.
But it wouldn't be an 'ugly hack'. What you're trying to do is what hooking was built into Windows for. Codeproject.com has great tutorials on API hooking: http://www.codeproject.com/KB/system/hooksys.aspx
So you actually stated your own best solution. Remember, there's also a separate API for drive letters: http://nukz.net/reference/fileio/hh/winbase/fsys_6j8z.htm
Your project sounds interesting. Usually, trojans and anti-virus try to do this (and they also catch network shares.) I'm only casually familiar with the topic, so I hope this helps.
Related
I am lucky and thankful to be home for the holidays, and I wish everyone who reads this the best! I have an annual habit of doing windows clean installs on many of my family members' pcs along with my own.
I use dism in cmd/PowerShell on windows to create custom images for certain pcs, like adding drivers, removing preinstalled windows apps, updating preinstalled programs, etc. I made a small little PowerShell script that helps in the process as it is very tedious. (I normally do this while watching TV or something else.)
That got me thinking. Google created Android Flash Tool that sends commands to android devices directly from a website. It even can download new android images/builds and flash them to the device. I also stumbled upon Simon Chan's WebADB.
Those two examples are pretty cool; massive kudos to the developers of both. I was just hoping for some rough ideas. Is running say dism.exe possible on the web? Like taking a cloud file (like Google's android images) and running dism to make some user-selected customizations?
This process would entail being like a web-based Rufus by formatting and putting files on a user-selected USB Stick. (This should be possible?) However, the next step would require "talking to windows" and accessing dism.exe directly on the local windows machine. Then mounting an ESD/wim file that was just put on the USB stick, then making changes to it using dism, and then unmounting and committing changes to the stick. Would this be possible?
This is just a very early stage idea and would honestly probably be more hassle than it is worth. But I could totally work on it during my spare time just to learn. Frankly, before I should have asked the above questions, I should have asked:
Can a website talk directly to "windows."
Can a website say tell windows to unzip a file locally or zip a bunch of files?
Create folders or simple tasks such as writing files directly to a directory (without chrome/file explorer holding its hand)?
I have built websites before, I have used npm/node, angular, and familiar with Google Firebase/GCP. However, this seems more complicated and out of my knowledge base. Hilariously, I am a computing security/networking engineer, and I can't even begin to fathom the sheer amount of security issues that would be possible with something like this. The site basically needs access to run cmd/terminals on the client machine. The thought of that gives me nightmares.
As computing and, namely, the web continues to evolve with the advent of new APIs, PWAs, etc., it is interesting what one can do with a "simple" website. If what I am describing is not possible now, I hope that someday it can be—in a fully secure way.
Thank you to whoever reads this and responds! I am looking for a "yes/no, your crazy" and hopefully a rough description of how/what. However, I am open to anything! Thank you again.
I have been searching everywhere for all the combinations of things that I want to accomplish hoping something would pop but I can't find anything. Additionally, I am not sure if I am "crafting" my query properly enough so I am hoping I can get some assistance on that here.
What I would like to accomplish is this (pseudo logic)
Create a single container file, for example: vdata.x which will contain everything in it as a single data file
Mount this file as an actual drive/folder in Windows so that you can write to, read from, delete/modify the content as if you were using Windows Explorer. Visible to FS, applications, system/commandline like any other "real" folder on the machine.
Prefer the ability to have this file reside on a thumbdrive and have it mounted either automatically or manually after plugged in and have it show up not as the thumbdrive but as the file inside it, or mount both doesn't matter.
Additionally the ability for that file to be locked, encrypted and accessible (despite auto mounting, if that's the case) after it have been authenticated with a password, random token or whatnot.
Finally a housekeeping element, such as being aware of its available "host" space (aka the thumbdrive) so that as it reaches a certain threshold of expansion, it says, hey move me to a larger device, make room or stop adding more, something akin to, running out of space warning.
I thought about putting this in software recommendation SE but that is not fully up and running yet (at last check) and plus the range of who access that sub-se might very limited, so I am asking here to get feedback and discussion to see if we can answer it better here or it needs to move to there.
Thank you in advance and hope to get some brilliant minds out there to help me accomplish this.
PS. I am not averse to building something like this myself but I am limited in time and health and plus if its already done, why reinvent the wheel right? But if anything could help launch the development of such a tool, I would take that input as well, thank you.
I need to read and write some files on a HFS+ (Mac) partitioned drive and wondering is there any APIs for that already made, googleing didn't come up with anything. If not, how does one approach this problem from scratch.
There is no API, just drivers. I would recommend you to learn how to use google. ;) It's the very first hit.
Try Macdrive
or paragon sw
I'm developing a commercial project on an ARM based embedded board with a custom Linux kernel on it, using Ruby. Target workspace of the project and the device is a closed-environment, no ethernet, inernet, I/O devices etc... I want to protect my code/program so that; it'll only work on the specific machines I let (so; people cant just copy and paste my code/program on to their embedded boards and run it w/o permission). This can probably done with the machine's MAC address tho; I don't have any experience on the subject. I guess, just a simple if(device.MACAddr == "XX:XX....XX") wouldn't be depandable (not to mention people can just easily delete the check from my code). I can't use some ruby obfuscators, which I found thru google, beacuse; the device doesnt run ruby-external-C-libraries or such stuff, only pure ruby code.
So; what are your suggestions, what type of approach should I take?
you can't really protect it, its hard enough protecting native code! and even then that basically fails if someone really wants to copy the software.
basically do very little if anything to secure it, its mostly wasted time and effort
This is isomorphic to the problem of DRM. You're giving a person both a lock and the key to that lock, and trying to stop that person from using the key in a way you don't like.
Therefore, I suggest using the same methods that other DRM users do: put your terms in the license, and sue them if they violate it. You need to use the law to enforce the other terms of the license, anyway.
I couldn't find a suitable title for this. I'm going to express my query with examples.
Consider following softwares:
Process explorer from sysinternals (an advanced task manager)
Resource Manager : resmon.exe (lists each and every fine detail about resource usage about each process).
For me these softwares seems like miracles. I wonder how these are even made. C'mon how a user process can know such fine details about other processes? Who tells this software, what processes are running and what all resources are utilized? Which dlls are used? etc..
Does windows operating system give these software that information? I mean though (obviously the most lower level api) WIN32API. Are there some functions,which on calling return these values
abstractly say:
GetAllRunningProcesses()
GetMemoryUsedByProcess(Process* proc)
etc..
Other similar applications are
network Packet Capture software. How does it get information about all those packets? It clearly sits just infront of the NIC card. How is it possible?
Anti-virus: It scans memory for viruses. Intercepts other processes. Acts like a sandbox for the user application space. How? How??
If its WIN32API. I swear, I'm going to master it.
I don't want to create a multi-threaded application. I want to get information about other multithreaded applications.
I don't want to create a program which communicates using sockets. I want to learn how to learn how to capture all communication packets.
I actually want to work at the lower level. But I don't know, what should I learn. Please guide me in proper direction.
This is really a pretty open-ended question. For things like a list of running processes, look up "PSAPI" or "Toolhelp32". For memory information about a particular process, you can use VirtualQuery.
Capturing network packets is normally done by installing a device driver. If you look, you should be able to find a fair amount about how to write device drivers, though don't expect to create wonders overnight, and do expect to crash your machine a few times in the process (device drivers run in kernel mode, so it's easy for a mistake to crash the machine hard).
I can't say as much with any certainty about anti-virus, because I've never tried to write one. My immediate guess would be that their primary technique is API hooking. There's probably more to it than that, but offhand I've never spent enough time looking at them to know what.
Mark Russinovich's classic, Windows Internals, is the go-to book if you want to get deep in this kind of stuff. I notice that the just-released 5th edition includes Vista. Here's a sample chapter to peek at.
If you like Process Explorer, this is the guy who wrote that, and there are lots of examples using it in the book.
Plus, at 1232 hardcover pages, you can use it to press your clothes.