Olaf Doschke
Programmer
Putting together
All you need to deblock a file downloaded from the internet (eg an update of your own exe) is:
This does the same, as clicking the [Unblock] button in the General tab of a File Properties dialog. This enables you to download an update, unblock, unzip and apply it. Files unzipped from a blocked file inherit the blocked status otherwise.
Why this is not a security hack:
The main ingredient simply is to delete the alternate data stream, simply the DeleteFile() is enough alone. If you have sufficient rights to delete a file (or a stream) you can do any harm that unblocked exe can do already on your own, as that can only be done by an exe with trusted status or no Zone.Identifier anyway. And also you as a person/user of the system are trusted, so this is no hack.
A good usage of this is - as I said - to download an update of your own application and apply it, without blocking a CHM from being viewable or an EXE from execution.
This can even be shortened to the DeleteFile() declaration and usage, but I thought I keep a bit of the code needed to open an NTFS stream. NTFS Streams can also be used to store additional info about a file, without embedding it into the file, see Calvin Hsia's article, how to write and read with further API functions. Streams just will be striped off, once you copy to a FAT partition (eg an older USB drive formatted that way). Unless you don't do so you can eg store tags about media files, mp3s, videos etc.
Bye, Olaf.
All you need to deblock a file downloaded from the internet (eg an update of your own exe) is:
Code:
#Define OPEN_EXISTING 3
#Define FILE_ATTRIBUTE_NORMAL 128
#Define GENERIC_READ 2147483648 && 0x80000000
#Define GENERIC_WRITE 1073741824 && 0x40000000
#Define FILE_SHARE_READ 1
#Define FILE_SHARE_WRITE 2
apidecl()
* should return 0 for success
? UnblockFile("your file name here")
Function UnblockFile(cFilename As String) As Integer
Local lnFH
* Check, whether there is a Zone.Identifier alternate data stream.
lnFH = CreateNewFileHandle(cFilename, ":Zone.Identifier", OPEN_EXISTING)
If lnFH>0
CloseHandle(lnFH)
* Yes, then delete it
If DeleteFile(cFilename+":Zone.Identifier")>0
Return 0
Endif
Endif
* Return any error, also an error due to file not found or anything else
Return GetLastError()
Endfunc
Function CreateNewFileHandle(cFilename As String, cStreamName As String, nOpenMode As Integer) As Integer
Local lnFH
lnFH = CreateFile(cFilename+cStreamName ;
, GENERIC_WRITE + GENERIC_READ ;
, FILE_SHARE_WRITE + FILE_SHARE_READ ;
, 0 ;
, nOpenMode ;
, FILE_ATTRIBUTE_NORMAL ;
, 0)
Return lnFH
Endfunc
Procedure apidecl()
Declare Integer CreateFile In kernel32 ;
String lpFileName , Integer dwDesiredAccess, ;
Integer dwShareMode , Integer lpSecurityAttr , ;
Integer dwCreationDisp , Integer dwFlagsAndAttrs, ;
Integer hTemplateFile
Declare Integer CloseHandle In kernel32 Integer hObject
Declare Integer DeleteFile In kernel32 String lpFileName
Declare Integer GetLastError In win32api
EndprocThis does the same, as clicking the [Unblock] button in the General tab of a File Properties dialog. This enables you to download an update, unblock, unzip and apply it. Files unzipped from a blocked file inherit the blocked status otherwise.
Why this is not a security hack:
The main ingredient simply is to delete the alternate data stream, simply the DeleteFile() is enough alone. If you have sufficient rights to delete a file (or a stream) you can do any harm that unblocked exe can do already on your own, as that can only be done by an exe with trusted status or no Zone.Identifier anyway. And also you as a person/user of the system are trusted, so this is no hack.
A good usage of this is - as I said - to download an update of your own application and apply it, without blocking a CHM from being viewable or an EXE from execution.
This can even be shortened to the DeleteFile() declaration and usage, but I thought I keep a bit of the code needed to open an NTFS stream. NTFS Streams can also be used to store additional info about a file, without embedding it into the file, see Calvin Hsia's article, how to write and read with further API functions. Streams just will be striped off, once you copy to a FAT partition (eg an older USB drive formatted that way). Unless you don't do so you can eg store tags about media files, mp3s, videos etc.
Bye, Olaf.
