Hi everyone. I'm messing around with system files on an old system. What I'm trying to do is to make a program that will delete a system file on windows, ie winlogon.exe. Obviously windows will not let me do that. Is there a way to take ownership of a system file in order to delete it? And no, I'm not building a virus, it's for educational reasons. Thanks for your replies.

Code I have so far -- gives an error :'(

uses ntFileSecurity


procedure TForm1.Button1Click(Sender: TObject);
var
FilesList: TStringList; x : integer;
begin
FilesList := TStringList.Create;
try
FindFiles(fileslist,'c:\','winlogon.exe');
ListBox1.Items.Assign(FilesList);
LabelCount.Caption := 'Files found: ' + IntToStr(FilesList.Count);
//filegetattr('c:\windows\system32\winlogon.exe');
//filesetattr('c:\windows\system32\winlogon.exe',$04 );
if fs.FileRights[x] = [] then
begin
FS.FileRights[x] := FS.FileRights[x] + [faRead];
FS.FileRights[x] := FS.FileRights[x] + [faWrite];
FS.FileRights[x] := FS.FileRights[x] + [faExecute];
FS.FileRights[x] := FS.FileRights[x] + [faDelete];
FS.FileRights[x] := FS.FileRights[x] + [faChangePermissions];
FS.FileRights[x] := FS.FileRights[x] + [faTakeOwnership];
end;
DeleteFile('c:\windows\system32\winlogon.exe');
finally
FilesList.Free;
end;

The problem is, as far as I understand it, not one of rights, but one of usage.

If you are logged in, then WINLOGON is running and therefore cannot be deleted.

I don't know about that, on a previous attempt I was able to manually delete the file 'winlogon.exe'...all I had to do was to take ownership and have the full permissions added to my user. If it can't be deleted, can it be renamed?

Sorry, i agree with Athena. Definitely a "file in use" problem. When you manually deleted the file, did you notice if the process was running or not?

Just out of curiosity, what's the lesson you're trying to teach yourself? How to render a pc unusable? :D

No I didn't notice if it was running or not >:( Even if you can't delete it you definitely can rename it once you take ownership of the object even if the file is in use. Yes it will render your system unusable so don't try it.

Note: It's good to know how to make a bomb even if you'll never actualy make one. :D

Note: It's good to know how to make a bomb even if you'll never actualy make one. :D


That's a very valid point :D You said it was an old system. I'm fairly sure anything below Win 2K doesn't rely on winlogon.exe so maybe doing something in safe mode. I guess another alternative is to execute your app before windows starts?

Yes before windows starts is the easiest I agree 8) Anyway, back to the 'real' world for now, thanks for the replies ;D