File attributes

**Wizard** · 12-03-2009, 11:26 AM

Hi everyone. I'm messing around with system files on an old system. What I'm trying to do is to make a program that will delete a system file on windows, ie winlogon.exe. Obviously windows will not let me do that. Is there a way to take ownership of a system file in order to delete it? And no, I'm not building a virus, it's for educational reasons. Thanks for your replies.

Code I have so far -- gives an error

uses ntFileSecurity

Code:

procedure TForm1.Button1Click(Sender: TObject);
var
 FilesList: TStringList; x : integer;
begin
 FilesList := TStringList.Create;
 try
  FindFiles(fileslist,'c:\','winlogon.exe');
  ListBox1.Items.Assign(FilesList);
  LabelCount.Caption := 'Files found: ' + IntToStr(FilesList.Count);
  //filegetattr('c:\windows\system32\winlogon.exe');
  //filesetattr('c:\windows\system32\winlogon.exe',$04);
  if fs.FileRights[x] = &#91;] then
  begin
   FS.FileRights[x] := FS.FileRights[x] + [faRead];
   FS.FileRights[x] := FS.FileRights[x] + [faWrite];
   FS.FileRights[x] := FS.FileRights[x] + [faExecute];
   FS.FileRights[x] := FS.FileRights[x] + [faDelete];
   FS.FileRights[x] := FS.FileRights[x] + [faChangePermissions];
   FS.FileRights[x] := FS.FileRights[x] + [faTakeOwnership];
  end;
  DeleteFile('c:\windows\system32\winlogon.exe');
 finally
  FilesList.Free;
 end;

**AthenaOfDelphi** · 12-03-2009, 12:38 PM

The problem is, as far as I understand it, not one of rights, but one of usage.

If you are logged in, then WINLOGON is running and therefore cannot be deleted.

**Wizard** · 12-03-2009, 12:49 PM

I don't know about that, on a previous attempt I was able to manually delete the file 'winlogon.exe'...all I had to do was to take ownership and have the full permissions added to my user. If it can't be deleted, can it be renamed?

**ize** · 12-03-2009, 01:33 PM

Sorry, i agree with Athena. Definitely a "file in use" problem. When you manually deleted the file, did you notice if the process was running or not?

Just out of curiosity, what's the lesson you're trying to teach yourself? How to render a pc unusable?

**Wizard** · 12-03-2009, 01:59 PM

No I didn't notice if it was running or not

Even if you can't delete it you definitely can rename it once you take ownership of the object even if the file is in use. Yes it will render your system unusable so don't try it.

Note: It's good to know how to make a bomb even if you'll never actualy make one.

**ize** · 13-03-2009, 01:47 AM

Originally Posted by Wizard

Note: It's good to know how to make a bomb even if you'll never actualy make one.

That's a very valid point

You said it was an old system. I'm fairly sure anything below Win 2K doesn't rely on winlogon.exe so maybe doing something in safe mode. I guess another alternative is to execute your app before windows starts?