By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,132 Members | 1,417 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,132 IT Pros & Developers. It's quick & easy.

Find hard drive location that file is stored upon installation

P: n/a
Hi,

Is there a way for VB5 to determine exactly where on a hard drive a .exe
file is stored upon the .exe file's first copying to the hard drive? What I
need to know is the exact hard drive sector, cluster, partition, etc.
information so I can use it later on to determine if the file was ever
deleted and restored or moved elsewhere.

Thank you.

-----
Odie
Mar 28 '06 #1
Share this Question
Share on Google+
16 Replies


P: n/a
> Is there a way for VB5 to determine exactly where on a hard drive a .exe
file is stored upon the .exe file's first copying to the hard drive? What
I need to know is the exact hard drive sector, cluster, partition, etc.
information so I can use it later on to determine if the file was ever
deleted and restored or moved elsewhere.


Do you mean "moved" like in what happens when a person regularly defragments
his/her hard drive?

Rick
Mar 28 '06 #2

P: n/a
Yes - or deletes the file, then recreates it due to reinstallation. I want
to be able to see if a person has reinstalled a file by seeing if the .exe
has actually been put in a different place on the hard drive.
--
-----
Odie

"Rick Rothstein" <ri************@NOSPAMcomcast.net> wrote in message
news:89********************@comcast.com...
Is there a way for VB5 to determine exactly where on a hard drive a .exe
file is stored upon the .exe file's first copying to the hard drive? What
I need to know is the exact hard drive sector, cluster, partition, etc.
information so I can use it later on to determine if the file was ever
deleted and restored or moved elsewhere.


Do you mean "moved" like in what happens when a person regularly
defragments his/her hard drive?

Rick

Mar 28 '06 #3

P: n/a

"Otie" <ot*********@adelphia.net> wrote in message
news:XI******************************@adelphia.com ...
Yes - or deletes the file, then recreates it due to reinstallation. I want
to be able to see if a person has reinstalled a file by seeing if the .exe
has actually been put in a different place on the hard drive.


No.. that would be TWO ENTIRELY different events.

What Rick asked was data being moved due to defrag not delete or
reinstall. If you want to detect delete and reinstall wouldn't
checking the time and date be th easiest approach?

For the defrag, that gets tricky since you will need to get the file
alocation table info.
Mar 29 '06 #4

P: n/a
>> What Rick asked was data being moved due to defrag not delete or
reinstall.

No, not defrag.
If you want to detect delete and reinstall wouldn't checking the time and date be the easiest approach?

It is not secure. Anyone can change the date and time back to whatever
again.
For the defrag, that gets tricky since you will need to get the file
alocation table info.

I think that's what I want. How do I access the FAT info? The system has to
do it in order to find files in the first place. I just don't know if VB can
do it.

-----
Allen

Free astrology software at:
http://www.astrowin.org

"Raoul Watson" <Wa*****@IntelligenCIA.com> wrote in message
news:sklWf.1094$Lc1.386@trndny02...
"Otie" <ot*********@adelphia.net> wrote in message
news:XI******************************@adelphia.com ...
Yes - or deletes the file, then recreates it due to reinstallation. I
want
to be able to see if a person has reinstalled a file by seeing if the
.exe
has actually been put in a different place on the hard drive.


No.. that would be TWO ENTIRELY different events.

What Rick asked was data being moved due to defrag not delete or
reinstall. If you want to detect delete and reinstall wouldn't
checking the time and date be th easiest approach?

For the defrag, that gets tricky since you will need to get the file
alocation table info.

Mar 31 '06 #5

P: n/a

"Otie" <ot*********@adelphia.net> wrote in message
news:Sp******************************@adelphia.com ...
What Rick asked was data being moved due to defrag not delete or reinstall.

No, not defrag.
For the defrag, that gets tricky since you will need to get the file

alocation table info.

I think that's what I want. How do I access the FAT info? The system has to do
it in order to find files in the first place. I just don't know if VB can do
it.


The point about defrag is that users who run defrag on their disk will be moving
your file around on the disk, so you can't rely on it's physical location
staying constant.

VB can call any Windows API, so just about anything is possible in VB if you are
willing to chase it down.

But where are you planning to store the information about the file's original
physical location? In the registry? What if the registry entry gets deleted, say
by a good registry cleaner program after uninstalling the program? Or maybe in
another file that can also be deleted?

Are you prepared to deal with network drives, both mapped and shared; with
backup and restore programs; with anti-virus programs that may move a file in
the course of removing a virus; etc., etc. This approach to software security
has been tried before, and found to be lacking...

Mar 31 '06 #6

P: n/a
On Thu, 30 Mar 2006 21:11:30 -0800, "Otie" <ot*********@adelphia.net>
wrote:
What Rick asked was data being moved due to defrag not delete orreinstall.

No, not defrag.
If you want to detect delete and reinstall wouldn'tchecking the time and date be the easiest approach?

It is not secure. Anyone can change the date and time back to whatever
again.
For the defrag, that gets tricky since you will need to get the file
alocation table info.

I think that's what I want. How do I access the FAT info? The system has to
do it in order to find files in the first place. I just don't know if VB can
do it.


What about drives that do not have a FAT format ?
Mar 31 '06 #7

P: n/a

"Otie" <ot*********@adelphia.net> wrote in message
news:Sp******************************@adelphia.com ...
...
If you want to detect delete and reinstall wouldn't checking the time and date be the easiest approach?

It is not secure. Anyone can change the date and time back to whatever
again.

Not true..Depends on the approach..

OK, assume you have two registry keys, "installed" and "last used"
"last used" is always written when the file is accessed.
If it is accessed for the first time, "installed' is written as well.

All you have to do is compare "last used" to "installed."
If less, someone copied the file to another PC.
For the defrag, that gets tricky since you will need to get the file

alocation table info.

I think that's what I want. How do I access the FAT info? The system has

to do it in order to find files in the first place. I just don't know if VB can do it.


You don't want to do this. FAT is not the only system of data recording and
defrag moves your files around (and so does a legitimate backup system)
Apr 1 '06 #8

P: n/a
>> OK, assume you have two registry keys, "installed" and "last used"
"last used" is always written when the file is accessed.
If it is accessed for the first time, "installed' is written as well.
All you have to do is compare "last used" to "installed." If less, someone copied the file to another PC.
Can't someone just change the installed date using regedit?
What good is this approach if either date can be changed?

Otis

----------------

"Raoul Watson" <Wa*****@IntelligenCIA.com> wrote in message
news:DSlXf.821$lz3.109@trndny05...

"Otie" <ot*********@adelphia.net> wrote in message
news:Sp******************************@adelphia.com ...
.. >> If you want to detect delete and reinstall wouldn't

checking the time and date be the easiest approach?

It is not secure. Anyone can change the date and time back to whatever
again.


Not true..Depends on the approach..

OK, assume you have two registry keys, "installed" and "last used"
"last used" is always written when the file is accessed.
If it is accessed for the first time, "installed' is written as well.

All you have to do is compare "last used" to "installed."
If less, someone copied the file to another PC.
>> For the defrag, that gets tricky since you will need to get the file

alocation table info.

I think that's what I want. How do I access the FAT info? The system has

to
do it in order to find files in the first place. I just don't know if VB

can
do it.


You don't want to do this. FAT is not the only system of data recording
and
defrag moves your files around (and so does a legitimate backup system)

Apr 5 '06 #9

P: n/a

"Otie" <ot*********@adelphia.net> wrote in message
news:qY******************************@adelphia.com ...
OK, assume you have two registry keys, "installed" and "last used" "last used" is always written when the file is accessed.
If it is accessed for the first time, "installed' is written as well.
All you have to do is compare "last used" to "installed."

If less, someone copied the file to another PC.
Can't someone just change the installed date using regedit?
What good is this approach if either date can be changed?


What you're saying doesn't make sense because in order to do this,
one has to know *where* --or what key among the thousands..

It doesn't matter what technique you use, one can always disable
the code which does the checking. So using your attitude, one
can always say "what good is this method?" Just find the code
and replace it with NOP's
Apr 5 '06 #10

P: n/a
>> Can't someone just change the installed date using regedit?
What good is this approach if either date can be changed?


What you're saying doesn't make sense because in order to do this,
one has to know *where* --or what key among the thousands..


Registry monitor form Sysinternals is fairly efficient at telling you
which of the thousand keys it is.

--
Dean Earley (de*********@icode.co.uk)
i-Catcher Development Team

iCode Systems
Apr 5 '06 #11

P: n/a

"Dean Earley" <de*********@icode.co.uk> wrote in message
news:44**********************@news.zen.co.uk...
Can't someone just change the installed date using regedit?
What good is this approach if either date can be changed?


What you're saying doesn't make sense because in order to do this,
one has to know *where* --or what key among the thousands..


Registry monitor form Sysinternals is fairly efficient at telling you
which of the thousand keys it is.

--
Dean Earley (de*********@icode.co.uk)
i-Catcher Development Team

iCode Systems

Useless..

if you use "Now" then hash it (even a simple for - next XOR op with a value)
would cause a value that is meaningless to a viewer.

So you know the program writes to a certain registry key
but unless you know the algorithm or the meaning what good is it?

Apr 5 '06 #12

P: n/a

"Raoul Watson" <Wa*****@IntelligenCIA.com> wrote in message
news:qxXYf.1287$jf7.726@trndny08...


So you know the program writes to a certain registry key
but unless you know the algorithm or the meaning what good is it?


You just delete the key. Now its a first time install.
Apr 6 '06 #13

P: n/a

"Steve Gerrard" <my********@comcast.net> wrote in message
news:-d********************@comcast.com...

"Raoul Watson" <Wa*****@IntelligenCIA.com> wrote in message
news:qxXYf.1287$jf7.726@trndny08...


So you know the program writes to a certain registry key
but unless you know the algorithm or the meaning what good is it?


You just delete the key. Now its a first time install.


Point well taken Steve.. but we didn't get into other details
which usually accompanies such a method.

First time installs (unless registered and a key issued) may be set for
example
to just work for 10 days, 30 days, or something like that. Of course without
the other
components (like a generated key), it's useles as well.

Apr 6 '06 #14

P: n/a

"Raoul Watson" <Wa*****@IntelligenCIA.com> wrote in message
news:O20Zf.1634$4G4.328@trndny06...

"Steve Gerrard" <my********@comcast.net> wrote in message
news:-d********************@comcast.com...

"Raoul Watson" <Wa*****@IntelligenCIA.com> wrote in message
news:qxXYf.1287$jf7.726@trndny08...
>
>
> So you know the program writes to a certain registry key
> but unless you know the algorithm or the meaning what good is it?
>


You just delete the key. Now its a first time install.


Point well taken Steve.. but we didn't get into other details
which usually accompanies such a method.

First time installs (unless registered and a key issued) may be set for
example
to just work for 10 days, 30 days, or something like that. Of course without
the other
components (like a generated key), it's useles as well.


I agree, using a generated key to control the program makes sense. But then the
physical file location is irrelevant:

Valid generated key = user may use program, regardless of location, drive,
media, or number of copies.
No valid generated key = user may not use program.
Apr 7 '06 #15

P: n/a

"Steve Gerrard" <my********@comcast.net> wrote in message
news:Gq********************@comcast.com...

.. using a generated key to control the program makes sense. But then the
physical file location is irrelevant:

Exactly my point. The original poster wants to track if his file is
moved --I am guessing for legitimacy issue of having the file, so I
suggested the key method. So it doesn't matter where the file is located.
Apr 7 '06 #16

P: n/a
I use a registry key system with my applications that checks for roll backs
to stop hacking the demo time.

(you have to watch out for daylight savings there.)

XOR it with the disk serial number and you'll tie it to one machine for all
but the most determined user

But I did see something several years ago that got my interest in a big way,
btreive had this thing called a gold key disk.

it stuck a file on the hard disk that you could not open,edit, move or copy!
but you could see it. To transfer your key from one machine to another you
ran an application they gave you on a floppy it moved the key to the floppy
where it put it on an illegal track (a common thing back then to stop you
from copying floppy's) and then you could move it to another hard disk using
the same application.

I wonder how that worked?


"Raoul Watson" <Wa*****@IntelligenCIA.com> wrote in message
news:zxkZf.9890$lz3.6401@trndny05...

"Steve Gerrard" <my********@comcast.net> wrote in message
news:Gq********************@comcast.com...

.. using a generated key to control the program makes sense. But then the
physical file location is irrelevant:

Exactly my point. The original poster wants to track if his file is
moved --I am guessing for legitimacy issue of having the file, so I
suggested the key method. So it doesn't matter where the file is located.

Apr 8 '06 #17

This discussion thread is closed

Replies have been disabled for this discussion.