News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

SfcIsFileProtected

Started by ragdog, August 14, 2010, 10:51:40 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

ragdog

August 14, 2010, 10:51:40 PM
Hi

I have install windows 7 and start my old tool this check a systemfile if protected or not
with SfcIsFileProtected.

work this not on win7?

best greets,

Twister

#1
August 15, 2010, 01:01:13 AM
Windows 7 supports the function SfcIsFileProtected.

ragdog

#2
August 15, 2010, 01:09:47 AM
Thanks

Why works this not?
Code Select

.data
szSlui db "C:\Windows\System32\calc.exe",0
.data?
hSfc dd ?
.code

start:

invoke GetModuleHandle,NULL
mov hInstance,eax

invoke LoadLibrary,CTEXT ("sfc.dll")
.if (eax)
    mov hSfc,eax
invoke MessageBox,NULL,CTEXT ("Dll loaded"),NULL,MB_OK
invoke GetProcAddress,hSfc,CTEXT ("SfcIsFileProtected")
.if (eax)

    push offset szCalc
            push NULL
            call eax
            .if (eax!=0)
            invoke MessageBox,NULL,CTEXT ("File is  protected"),0,MB_OK
            .else
            invoke MessageBox,NULL,CTEXT ("File is not protected"),0,MB_OK
            .endif
        .endif
invoke FreeLibrary,hSfc
.endif
invoke ExitProcess,0


Twister

#3
August 15, 2010, 01:47:51 AM
I could not compile your program, so I created it myself.

Code Select
include \masm32\include\masm32rt.inc

include \masm32\include\sfc.inc
includelib \masm32\lib\sfc.lib


.code

start:
    fn SfcIsFileProtected, 0, "kernel32.dll"
   
    .if eax != 0
        fn MessageBox, 0, "This file is protected", "SFC", MB_OK
    .else
        fn MessageBox, 0, "This file is not protected", "SFC", MB_OK
    .endif

    invoke ExitProcess, 0
end start

sinsi

#4
August 15, 2010, 01:56:53 AM
The filename string needs to be unicode. Changing it gives "file is protected" messagebox.
Light travels faster than sound, that's why some people seem bright until you hear them.

Twister

#5
August 15, 2010, 02:05:58 AM
Well, I can't seem to get it to work for myself.

EDIT: Got it to work now. Thanks sinsi for catching my slip. :wink

Code Select
include \masm32\include\masm32rt.inc
include \masm32\macros\ucmacros.asm

uselib sfc


.data

    WSTR fileName, "C:\Windows\System32\ntdll.dll"

.code

start:
   
    .if FUNC(SfcIsFileProtected, 0, offset fileName) != 0
        fn MessageBox, 0, "This file is protected", "SFC", MB_OK
    .else
        fn MessageBox, 0, "This file is not protected", "SFC", MB_OK
    .endif

    invoke ExitProcess, 0
   
end start

ragdog

#6
August 15, 2010, 09:07:22 AM
Thanks :U
Print
Go Up Pages1
User actions