tags:

views:

315

answers:

3
+1  Q: 

How to prevent a file being copied or cut in windows file system?

I want that an exe file can't be copied or cut from the Windows file system to paste somewhere.

The exe is made in C#. which must have to be in only one PC.

I have worked with FileSystemWatcher, NSIS, Clipboard. but for all I need to detect whether that file is being copied.

I also have seen 'Prevent'(http www free-download-blog.com disable-cut-paste-copy-delete-rename-functions-using-prevent ), but I need to prevent only that particular exe from being copied or cut.

Any pointer or idea will help.

+1  A: 

Well, this is a hard problem. Even if you get explorer.exe to disable cut&paste, what prevents a user from using the command window? Or writing their own exe to do it? Booting up in linux and reading it?

Still, you have a few options (there will be more, most likely) which you could try:

  • Use the right permissions: Set the permissions such that the users who you don't want to cut&paste cannot read the file.

  • Write a device driver which can hook onto the filesystem calls and do that for you.

  • Encrypt the file.

And some hacky options like:

  • Use the APPINIT_DLLS regkey to put your own dll to be loaded into each process ( I am not sure if this will work with console process though). Then on your dll load, do IAT hooking to replace the kernel32.dll file calls.

  • Replace kernel32.dll with your own version. Might have to do some messing around with the PE format etc.

There are no guarantees though. If for instance, you expect them to be able to execute it, but not copy it, you are probably stuck.

 2010-02-18 07:53:44
Execution should be allowed .. and not the copy/cut.Booting up in linux and reading it is also a problem.I am really stuck, But I still think there has to be a way.For the time being I think I've to think for some other altenative than copy prevention stuff.Thank for the quick reply. I'll be working on both the ways.
 2010-02-18 08:58:28
IMO the only suggestion you mentioned that has any remote feasibility is "Write a ... driver ...". See also: http://msdn.microsoft.com/en-us/library/ms793580.aspx -- of course, the ability to do something along these lines doesn't make it a good idea.
 2010-02-18 10:07:01
If you can execute it, you can copy it, as others have mentioned. When you execute it it's already copied in memory. You'd have to be the OS to monitor the memory that safely and even then I could always run the whole thing on a virtual machine... you can't achieve copy prevention that way. James has a wise quote from Schneier.
 2010-02-18 11:29:15
Yes it looks so. Thanks. I was trying to prevent the applicatin from piracy, the other way.I am to stop working further on it.
 2010-02-18 11:53:33
@Pessimist: Yes, I mentioned that if execution is required, they are stuck. @asveikau: You really cannot make a judgement call on this unless you have the questioner's context.
 2010-02-18 15:38:10
Also, can some please say why they gave this a -1? I can edit it to make it better.
 2010-02-18 15:38:34
A: 

Any local admin will be able to undo anything you do to prevent copying. I can pretty much guarantee the program on that page you mention relies on a service or background process to prevent copy-and-paste, and therefore is easily circumventable. If your users are in a closed environment where none of them are admins and they have very limited rights to their PCs, then you have a chance.

CodeByMoonlight  2010-02-18 08:02:59
"Digital files cannot be made uncopyable, any more than water can be made not wet." --Bruce Schneier
James  2010-02-18 08:06:50
+2  A: 

If you need the exe to be executable, you need to permit loading it into memory. As soon as you do, anyone can read it to memory using ReadFile and then write to an arbitrary location using WriteFile. No shell-detectable copying involved.

A good reading: Raymond's post and its comments on preventing copying.

GSerg  2010-02-18 08:51:41
Exactly, if a user can read a file he can also copy it, period.And even if he don't have privileges to read it, any sufficiently determined attacker will be able to circumvent any protection if he has local access or administrator rights.
Matteo Italia  2010-02-18 08:56:05
Another way: One can also execute the program inside a debugger, and dump its process memory back to a file.
grawity  2010-02-18 19:29:09

related questions

Verifying files for testing
How do you create your own moniker (URL Protocol) on Windows systems?
Windows Equivalent of 'nice'
Is this a good way to determine OS Architecture?
Dual vs. Quadcore on a Webserver
Is there a WMI Redistributable Package?
PHP Error - Uploading a file
Ruby On Rails with Windows Vista - Best Setup?
OpenVPN Config file to prevent timeout
How can I create Debian install packages in Windows for a Visual Studio project?
How do I configure and communicate with a serial port?
What's the best setup for Mono development on Windows?
Appropriate pagefile size for SQL Server
XML Editing/Viewing Software
Linux shell equivalent on IIS
What is a better file copy alternative than the Windows default?
Windows Help files - what are the options?
Heap corruption under Win32; how to locate?
Best way to access Exchange using PHP?
Get a preview jpeg of a pdf on windows?
WinForms ComboBox data binding gotcha
How do you schedule tasks in Windows?
Register Windows program with the mailto protocol programmatically
Embedding Windows Media Player for all Browsers
Best Subversion clients for Windows Vista (64bit)