LockFile() will only lock a file for the duration of the locking proccess, is there a way I can lock a file for good? (With out encrypting it.)
Printable View
LockFile() will only lock a file for the duration of the locking proccess, is there a way I can lock a file for good? (With out encrypting it.)
Why do you need to lock a file "for good"? Also, read locks, write locks or both? And do you want it to stay locked across reboots?
I wanna block all access to the file, and keep it that way across reboots.
Wouldn't deleting the file have the same effect?
Well, not all access, just reading and writing. And I want to be abe to unlock it later. So it's still far from deleting it.
look at the example project called 'TAKEOWN', its from VC++ 4.0 so its an older example, btu it details how to change a files security settings. I actually had to use it to force a file unlocked. seems Asheron's Call 2 beta crashed during install and left the file permanently locked even to an admin account. So yes, its possible somehow to do it, although im not entirely sure of the exact method. Im sure since takeown unlocked it, it should let you relock it using appropriate modifications to the function calls.
I can't find a download (did find a help page on it though), know where I can download it? (and it's source?)
This is for educational purposes only, please do not copy and paste the code.
Code:
/******************************************************************************\
* This is a part of the Microsoft Source Code Samples.
* Copyright (C) 1993-1997 Microsoft Corporation.
* All rights reserved.
* This source code is only intended as a supplement to
* Microsoft Development Tools and/or WinHelp documentation.
* See these sources for detailed information regarding the
* Microsoft samples programs.
\******************************************************************************/
/*++
Module Name:
Takeown.c
Abstract:
Implements a recovery scheme to give an Administrator access to a
file that has been denied to all.
Environment:
Must be run from an Administrator account in order to perform
reliably.
--*/
#include <windows.h>
#include <stdio.h>
#include <malloc.h>
BOOL
AssertTakeOwnership(
HANDLE TokenHandle
);
BOOL
GetTokenHandle(
PHANDLE TokenHandle
);
BOOL
VariableInitialization();
PSID AliasAdminsSid = NULL;
PSID SeWorldSid;
static SID_IDENTIFIER_AUTHORITY SepNtAuthority = SECURITY_NT_AUTHORITY;
static SID_IDENTIFIER_AUTHORITY SepWorldSidAuthority = SECURITY_WORLD_SID_AUTHORITY;
void main (int argc, char *argv[])
{
BOOL Result;
LPSTR lpFileName;
SECURITY_DESCRIPTOR SecurityDescriptor;
HANDLE TokenHandle;
//
// We expect a file...
//
if (argc <= 1) {
printf("Must specify a file name");
return;
}
lpFileName = argv[1];
Result = VariableInitialization();
if ( !Result ) {
printf("Out of memory\n");
return;
}
Result = GetTokenHandle( &TokenHandle );
if ( !Result ) {
//
// This should not happen
//
printf("Unable to obtain the handle to our token, exiting\n");
return;
}
//
// Attempt to put a NULL Dacl on the object
//
InitializeSecurityDescriptor( &SecurityDescriptor, SECURITY_DESCRIPTOR_REVISION );
Result = SetSecurityDescriptorDacl (
&SecurityDescriptor,
TRUE,
NULL,
FALSE
);
if ( !Result ) {
printf("SetSecurityDescriptorDacl failed, error code = %d\n", GetLastError());
printf("Exiting\n");
return;
}
Result = SetFileSecurity(
lpFileName,
DACL_SECURITY_INFORMATION,
&SecurityDescriptor
);
if ( Result ) {
printf("Successful, protection removed\n");
return;
}
//
// That didn't work.
//
//
// Attempt to make Administrator the owner of the file.
//
Result = SetSecurityDescriptorOwner (
&SecurityDescriptor,
AliasAdminsSid,
FALSE
);
if ( !Result ) {
printf("SetSecurityDescriptorOwner failed, lasterror = %d\n", GetLastError());
return;
}
Result = SetFileSecurity(
lpFileName,
OWNER_SECURITY_INFORMATION,
&SecurityDescriptor
);
if ( !Result ) {
//
// That didn't work either.
//
//
// Assert TakeOwnership privilege, then try again. Note that
// since the privilege is only enabled for the duration of
// this process, we don't have to worry about turning it off
// again.
//
Result = AssertTakeOwnership( TokenHandle );
if ( !Result ) {
printf("Could not enable SeTakeOwnership privilege\n");
printf("Log on as Administrator and try again\n");
return;
}
Result = SetFileSecurity(
lpFileName,
OWNER_SECURITY_INFORMATION,
&SecurityDescriptor
);
if ( !Result ) {
printf("Unable to assign Administrator as owner\n");
printf("Log on as Administrator and try again\n");
return;
}
}
//
// Try to put a benign DACL onto the file again
//
Result = SetFileSecurity(
lpFileName,
DACL_SECURITY_INFORMATION,
&SecurityDescriptor
);
if ( !Result ) {
//
// This should not happen.
//
printf("SetFileSecurity unexpectedly failed, error code = %d\n", GetLastError());
} else {
printf("Successful, protection removed\n");
return;
}
}
BOOL
GetTokenHandle(
PHANDLE TokenHandle
)
//
// This routine will open the current process and return
// a handle to its token.
//
// These handles will be closed for us when the process
// exits.
//
{
HANDLE ProcessHandle;
BOOL Result;
ProcessHandle = OpenProcess(
PROCESS_QUERY_INFORMATION,
FALSE,
GetCurrentProcessId()
);
if ( ProcessHandle == NULL ) {
//
// This should not happen
//
return( FALSE );
}
Result = OpenProcessToken (
ProcessHandle,
TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
TokenHandle
);
if ( !Result ) {
//
// This should not happen
//
return( FALSE );
}
return( TRUE );
}
BOOL
AssertTakeOwnership(
HANDLE TokenHandle
)
//
// This routine turns on SeTakeOwnershipPrivilege in the current
// token. Once that has been accomplished, we can open the file
// for WRITE_OWNER even if we are denied that access by the ACL
// on the file.
{
LUID TakeOwnershipValue;
BOOL Result;
TOKEN_PRIVILEGES TokenPrivileges;
//
// First, find out the value of TakeOwnershipPrivilege
//
Result = LookupPrivilegeValue(
NULL,
"SeTakeOwnershipPrivilege",
&TakeOwnershipValue
);
if ( !Result ) {
//
// This should not happen
//
printf("Unable to obtain value of TakeOwnership privilege\n");
printf("Error = %d\n",GetLastError());
printf("Exiting\n");
return FALSE;
}
//
// Set up the privilege set we will need
//
TokenPrivileges.PrivilegeCount = 1;
TokenPrivileges.Privileges[0].Luid = TakeOwnershipValue;
TokenPrivileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
(VOID) AdjustTokenPrivileges (
TokenHandle,
FALSE,
&TokenPrivileges,
sizeof( TOKEN_PRIVILEGES ),
NULL,
NULL
);
if ( GetLastError() != NO_ERROR ) {
return( FALSE );
} else {
return( TRUE );
}
}
BOOL
VariableInitialization()
//
// Create some useful SIDs.
//
{
BOOL Result;
Result = AllocateAndInitializeSid(
&SepNtAuthority,
2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS,
0,
0,
0,
0,
0,
0,
&AliasAdminsSid
);
if ( !Result ) {
return( FALSE );
}
Result = AllocateAndInitializeSid(
&SepWorldSidAuthority,
1,
SECURITY_WORLD_RID,
0,
0,
0,
0,
0,
0,
0,
&SeWorldSid
);
if ( !Result ) {
return( FALSE );
}
return( TRUE );
}
Thanks, do you have a link to the page you got this from?
>> This is for educational purposes only, please do not copy and paste the code.
Hmm, what good is it then? If your worried I'm going to pirate it, I'm not. if I need somthing it does I'll just duplicate the method (use of functions ect.), thats all, it'd totally be my own code.
Personally I couldnt care less if you copy it or not, I just dont want anyone (MS) getting upset that I posted code from their examples without 'permission'.