473,320 Members | 1,976 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Find hard drive location that file is stored upon installation

Hi,

Is there a way for VB5 to determine exactly where on a hard drive a .exe
file is stored upon the .exe file's first copying to the hard drive? What I
need to know is the exact hard drive sector, cluster, partition, etc.
information so I can use it later on to determine if the file was ever
deleted and restored or moved elsewhere.

Thank you.

-----
Odie
Mar 28 '06 #1
16 9492
> Is there a way for VB5 to determine exactly where on a hard drive a .exe
file is stored upon the .exe file's first copying to the hard drive? What
I need to know is the exact hard drive sector, cluster, partition, etc.
information so I can use it later on to determine if the file was ever
deleted and restored or moved elsewhere.


Do you mean "moved" like in what happens when a person regularly defragments
his/her hard drive?

Rick
Mar 28 '06 #2
Yes - or deletes the file, then recreates it due to reinstallation. I want
to be able to see if a person has reinstalled a file by seeing if the .exe
has actually been put in a different place on the hard drive.
--
-----
Odie

"Rick Rothstein" <ri************@NOSPAMcomcast.net> wrote in message
news:89********************@comcast.com...
Is there a way for VB5 to determine exactly where on a hard drive a .exe
file is stored upon the .exe file's first copying to the hard drive? What
I need to know is the exact hard drive sector, cluster, partition, etc.
information so I can use it later on to determine if the file was ever
deleted and restored or moved elsewhere.


Do you mean "moved" like in what happens when a person regularly
defragments his/her hard drive?

Rick

Mar 28 '06 #3

"Otie" <ot*********@adelphia.net> wrote in message
news:XI******************************@adelphia.com ...
Yes - or deletes the file, then recreates it due to reinstallation. I want
to be able to see if a person has reinstalled a file by seeing if the .exe
has actually been put in a different place on the hard drive.


No.. that would be TWO ENTIRELY different events.

What Rick asked was data being moved due to defrag not delete or
reinstall. If you want to detect delete and reinstall wouldn't
checking the time and date be th easiest approach?

For the defrag, that gets tricky since you will need to get the file
alocation table info.
Mar 29 '06 #4
>> What Rick asked was data being moved due to defrag not delete or
reinstall.

No, not defrag.
If you want to detect delete and reinstall wouldn't checking the time and date be the easiest approach?

It is not secure. Anyone can change the date and time back to whatever
again.
For the defrag, that gets tricky since you will need to get the file
alocation table info.

I think that's what I want. How do I access the FAT info? The system has to
do it in order to find files in the first place. I just don't know if VB can
do it.

-----
Allen

Free astrology software at:
http://www.astrowin.org

"Raoul Watson" <Wa*****@IntelligenCIA.com> wrote in message
news:sklWf.1094$Lc1.386@trndny02...
"Otie" <ot*********@adelphia.net> wrote in message
news:XI******************************@adelphia.com ...
Yes - or deletes the file, then recreates it due to reinstallation. I
want
to be able to see if a person has reinstalled a file by seeing if the
.exe
has actually been put in a different place on the hard drive.


No.. that would be TWO ENTIRELY different events.

What Rick asked was data being moved due to defrag not delete or
reinstall. If you want to detect delete and reinstall wouldn't
checking the time and date be th easiest approach?

For the defrag, that gets tricky since you will need to get the file
alocation table info.

Mar 31 '06 #5

"Otie" <ot*********@adelphia.net> wrote in message
news:Sp******************************@adelphia.com ...
What Rick asked was data being moved due to defrag not delete or reinstall.

No, not defrag.
For the defrag, that gets tricky since you will need to get the file

alocation table info.

I think that's what I want. How do I access the FAT info? The system has to do
it in order to find files in the first place. I just don't know if VB can do
it.


The point about defrag is that users who run defrag on their disk will be moving
your file around on the disk, so you can't rely on it's physical location
staying constant.

VB can call any Windows API, so just about anything is possible in VB if you are
willing to chase it down.

But where are you planning to store the information about the file's original
physical location? In the registry? What if the registry entry gets deleted, say
by a good registry cleaner program after uninstalling the program? Or maybe in
another file that can also be deleted?

Are you prepared to deal with network drives, both mapped and shared; with
backup and restore programs; with anti-virus programs that may move a file in
the course of removing a virus; etc., etc. This approach to software security
has been tried before, and found to be lacking...

Mar 31 '06 #6
On Thu, 30 Mar 2006 21:11:30 -0800, "Otie" <ot*********@adelphia.net>
wrote:
What Rick asked was data being moved due to defrag not delete orreinstall.

No, not defrag.
If you want to detect delete and reinstall wouldn'tchecking the time and date be the easiest approach?

It is not secure. Anyone can change the date and time back to whatever
again.
For the defrag, that gets tricky since you will need to get the file
alocation table info.

I think that's what I want. How do I access the FAT info? The system has to
do it in order to find files in the first place. I just don't know if VB can
do it.


What about drives that do not have a FAT format ?
Mar 31 '06 #7

"Otie" <ot*********@adelphia.net> wrote in message
news:Sp******************************@adelphia.com ...
...
If you want to detect delete and reinstall wouldn't checking the time and date be the easiest approach?

It is not secure. Anyone can change the date and time back to whatever
again.

Not true..Depends on the approach..

OK, assume you have two registry keys, "installed" and "last used"
"last used" is always written when the file is accessed.
If it is accessed for the first time, "installed' is written as well.

All you have to do is compare "last used" to "installed."
If less, someone copied the file to another PC.
For the defrag, that gets tricky since you will need to get the file

alocation table info.

I think that's what I want. How do I access the FAT info? The system has

to do it in order to find files in the first place. I just don't know if VB can do it.


You don't want to do this. FAT is not the only system of data recording and
defrag moves your files around (and so does a legitimate backup system)
Apr 1 '06 #8
>> OK, assume you have two registry keys, "installed" and "last used"
"last used" is always written when the file is accessed.
If it is accessed for the first time, "installed' is written as well.
All you have to do is compare "last used" to "installed." If less, someone copied the file to another PC.
Can't someone just change the installed date using regedit?
What good is this approach if either date can be changed?

Otis

----------------

"Raoul Watson" <Wa*****@IntelligenCIA.com> wrote in message
news:DSlXf.821$lz3.109@trndny05...

"Otie" <ot*********@adelphia.net> wrote in message
news:Sp******************************@adelphia.com ...
.. >> If you want to detect delete and reinstall wouldn't

checking the time and date be the easiest approach?

It is not secure. Anyone can change the date and time back to whatever
again.


Not true..Depends on the approach..

OK, assume you have two registry keys, "installed" and "last used"
"last used" is always written when the file is accessed.
If it is accessed for the first time, "installed' is written as well.

All you have to do is compare "last used" to "installed."
If less, someone copied the file to another PC.
>> For the defrag, that gets tricky since you will need to get the file

alocation table info.

I think that's what I want. How do I access the FAT info? The system has

to
do it in order to find files in the first place. I just don't know if VB

can
do it.


You don't want to do this. FAT is not the only system of data recording
and
defrag moves your files around (and so does a legitimate backup system)

Apr 5 '06 #9

"Otie" <ot*********@adelphia.net> wrote in message
news:qY******************************@adelphia.com ...
OK, assume you have two registry keys, "installed" and "last used" "last used" is always written when the file is accessed.
If it is accessed for the first time, "installed' is written as well.
All you have to do is compare "last used" to "installed."

If less, someone copied the file to another PC.
Can't someone just change the installed date using regedit?
What good is this approach if either date can be changed?


What you're saying doesn't make sense because in order to do this,
one has to know *where* --or what key among the thousands..

It doesn't matter what technique you use, one can always disable
the code which does the checking. So using your attitude, one
can always say "what good is this method?" Just find the code
and replace it with NOP's
Apr 5 '06 #10
>> Can't someone just change the installed date using regedit?
What good is this approach if either date can be changed?


What you're saying doesn't make sense because in order to do this,
one has to know *where* --or what key among the thousands..


Registry monitor form Sysinternals is fairly efficient at telling you
which of the thousand keys it is.

--
Dean Earley (de*********@icode.co.uk)
i-Catcher Development Team

iCode Systems
Apr 5 '06 #11

"Dean Earley" <de*********@icode.co.uk> wrote in message
news:44**********************@news.zen.co.uk...
Can't someone just change the installed date using regedit?
What good is this approach if either date can be changed?


What you're saying doesn't make sense because in order to do this,
one has to know *where* --or what key among the thousands..


Registry monitor form Sysinternals is fairly efficient at telling you
which of the thousand keys it is.

--
Dean Earley (de*********@icode.co.uk)
i-Catcher Development Team

iCode Systems

Useless..

if you use "Now" then hash it (even a simple for - next XOR op with a value)
would cause a value that is meaningless to a viewer.

So you know the program writes to a certain registry key
but unless you know the algorithm or the meaning what good is it?

Apr 5 '06 #12

"Raoul Watson" <Wa*****@IntelligenCIA.com> wrote in message
news:qxXYf.1287$jf7.726@trndny08...


So you know the program writes to a certain registry key
but unless you know the algorithm or the meaning what good is it?


You just delete the key. Now its a first time install.
Apr 6 '06 #13

"Steve Gerrard" <my********@comcast.net> wrote in message
news:-d********************@comcast.com...

"Raoul Watson" <Wa*****@IntelligenCIA.com> wrote in message
news:qxXYf.1287$jf7.726@trndny08...


So you know the program writes to a certain registry key
but unless you know the algorithm or the meaning what good is it?


You just delete the key. Now its a first time install.


Point well taken Steve.. but we didn't get into other details
which usually accompanies such a method.

First time installs (unless registered and a key issued) may be set for
example
to just work for 10 days, 30 days, or something like that. Of course without
the other
components (like a generated key), it's useles as well.

Apr 6 '06 #14

"Raoul Watson" <Wa*****@IntelligenCIA.com> wrote in message
news:O20Zf.1634$4G4.328@trndny06...

"Steve Gerrard" <my********@comcast.net> wrote in message
news:-d********************@comcast.com...

"Raoul Watson" <Wa*****@IntelligenCIA.com> wrote in message
news:qxXYf.1287$jf7.726@trndny08...
>
>
> So you know the program writes to a certain registry key
> but unless you know the algorithm or the meaning what good is it?
>


You just delete the key. Now its a first time install.


Point well taken Steve.. but we didn't get into other details
which usually accompanies such a method.

First time installs (unless registered and a key issued) may be set for
example
to just work for 10 days, 30 days, or something like that. Of course without
the other
components (like a generated key), it's useles as well.


I agree, using a generated key to control the program makes sense. But then the
physical file location is irrelevant:

Valid generated key = user may use program, regardless of location, drive,
media, or number of copies.
No valid generated key = user may not use program.
Apr 7 '06 #15

"Steve Gerrard" <my********@comcast.net> wrote in message
news:Gq********************@comcast.com...

.. using a generated key to control the program makes sense. But then the
physical file location is irrelevant:

Exactly my point. The original poster wants to track if his file is
moved --I am guessing for legitimacy issue of having the file, so I
suggested the key method. So it doesn't matter where the file is located.
Apr 7 '06 #16
I use a registry key system with my applications that checks for roll backs
to stop hacking the demo time.

(you have to watch out for daylight savings there.)

XOR it with the disk serial number and you'll tie it to one machine for all
but the most determined user

But I did see something several years ago that got my interest in a big way,
btreive had this thing called a gold key disk.

it stuck a file on the hard disk that you could not open,edit, move or copy!
but you could see it. To transfer your key from one machine to another you
ran an application they gave you on a floppy it moved the key to the floppy
where it put it on an illegal track (a common thing back then to stop you
from copying floppy's) and then you could move it to another hard disk using
the same application.

I wonder how that worked?


"Raoul Watson" <Wa*****@IntelligenCIA.com> wrote in message
news:zxkZf.9890$lz3.6401@trndny05...

"Steve Gerrard" <my********@comcast.net> wrote in message
news:Gq********************@comcast.com...

.. using a generated key to control the program makes sense. But then the
physical file location is irrelevant:

Exactly my point. The original poster wants to track if his file is
moved --I am guessing for legitimacy issue of having the file, so I
suggested the key method. So it doesn't matter where the file is located.

Apr 8 '06 #17

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
by: Jonathan | last post by:
I am creating a CD-ROM based website template. Things work fine under Windows but when I try to run the site under Linux the path is messed up. Therefore my JavaScript functions misinterpret the...
2
by: Nate | last post by:
Hello, I am trying to recover a SQL Server 7 database from another hard disk drive that has a corrupted Windows 2000 Advanced Server installation. I am not able to repair the corrupted Windows...
2
by: Massimiliano Campagnoli | last post by:
Good morning, Database PRODUCTION was created on a system mamanged tablespace on drive c:\ Now drive c:\ is running out of space and I need to move PRODUCTION to the larger drive d:\ on the...
3
by: DD | last post by:
Hi I have a split database, that is packaged and used in a runtime enviroment. I want to make it easier for the user, a button on the frontend "Export Backend" They can click on the button...
4
by: Victor | last post by:
Please, could anybody kindly point me to a possibility to find out the location of a file contained in a VC++ 2005 solution? What I mean is really the location in the file system on the hard...
0
by: Nenad Dobrilovic | last post by:
Hi all, I have a really strange situation, but I believe that there is someone else who has already experinced the same, and is willing to help me! I made an application using VS 2005 in C#,...
7
by: =?Utf-8?B?UGV0ZXI=?= | last post by:
Dear, I do have an ASP page with vbscript code entirely executed on the IIS server. The page contains a lot of data coming from the SQL Server. I want to populate one of the <selectboxes on that...
8
by: inFocus | last post by:
Hello, I am new to python and wanted to write something for myself where after inputing two words it would search entire drive and when finding both names in files name would either copy or move...
0
by: zaza24 | last post by:
Hello there I am loosing my time since a few days trying to install a CRM (ACT! 2008 version 10) software on a brand new HP notebook with Vista prof OS. Ths installation do not show any...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.