alright. my main reason for this is that im getting this danged worm in my email every week. my virus scanner catches it every time. i have 3running btw. ive read up on this worm and if it ever makes it on my system, with the my program it wont be able to write any files. now, what i want to do is pretty simple, i want to make my program open a handle to sevral file names the virus copys itself as, so it cant read and write. but also what I want to do is catch when windows tries to access that file to see if it can be read/writen and display on my program that an attempt was made. This has many applications other then this, but is it possible to catch windows trying to access the file? now i dont know how to make it unreadable but i think i cant make it lock write access, refresher would be nice.
Posted on 2003-05-08 15:44:21 by Qages
Yes, you could just create an empty file with the right name, and open an exclusive handle to it CreateFile. If you just want to monitor it, there are a couple of API functions to do this, can't rememebr what they are of the top of my head, something to do with Change Notification, it has been mentioned several times previously in the Main forum.
Posted on 2003-05-08 19:18:29 by sluggy
You could flag it for change notification, the folder it's in anyway and ask to be informed when there is a change in a file then check to see if it's the one your looking for. You could open the file as you said with out allowing access to other processes, or just set the readonly attribute.
Posted on 2003-05-08 19:19:57 by donkey
Wow, sluggy and I came up with a reply at the same time but he's a faster typer :)
Posted on 2003-05-08 19:20:37 by donkey
Wow, sluggy and I came up with a reply at the same time but he's a faster typer
Heh, i was at work when i typed that :) I even did a couple of searches on MSDN (like yourself), but couldn't remember the API function, otherwise our answers would have been even more similar :)
Posted on 2003-05-09 06:15:40 by sluggy