Link to home
Start Free TrialLog in
Avatar of roCker
roCker

asked on

some software had got hold of my harddisk volume number..

hi everybody.
       
         i want that nobody e.g a software vendor could be able to trace my system . i found out a file  tdd.EXE-04A112Ed.pf  in the directory c:\windows\prefetch .. i opened it up to find out some strange kinda language followed by  something as refering to hard disk volume number.  i am pasting  a  few lines  of that file to give u some idea .      …@  ‡   0  …@  ˆ   @  …@  ÿÿÿÿ P  …@  \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ N T D L L . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ K E R N E L 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ U N I C O D E . N L S   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ L O C A L E . N L S   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ S O R T T B L S . N L S   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ U S E R 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ G D I 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ A D V A P I 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ R P C R T 4 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ O L E A U T 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ M S V C R T . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ O L E 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ C O M C T L 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ I M M 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ W I N S P O O L . D R V   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ S H E L L 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ S H L W A P I . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ C O M D L G 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ W S O C K 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ W S 2 _ 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ W S 2 H E L P . D L L   \ D E V....  
  i wonder what does that mean..
         is somebody able to keep track of me through hard disk serial number?? is there anyway or software  to change the volume or serial number of hard disk??  i would be grateful for any practical solution . this is a bit urgent so i hope honourable experts would look into my question. thank you.
                                                       roCker
ASKER CERTIFIED SOLUTION
Avatar of SNilsson
SNilsson
Flag of Sweden image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of roCker
roCker

ASKER

hi Snilson.
       thanks a lot for ur advice . i did search for any more tdd.exe files but there  werebt any more files with    that name
 
       i would appreciate if u tell me as how to change the serial number or volume number of my hard disk.
                                                     
Avatar of SNilsson
SNilsson
Flag of Sweden image
Most say it aint possible, but I found this one

"It is possible to change the REAL serial number of a Hard Disk, not matter what who is its manufactor.
The serial number is recorded in a part of the Hard disk named System Area, you can access this area using an especific ATA command, each manufator has its own ATA command for each Hard Disk model and size. Your can learn more about ATA commands in www.t13.org "

I dont know why you would want to, just delete the folder contents and run the spyware program, make sure you have a good firewall, then there should be no problem.
Avatar of chicagoan
chicagoan
Flag of United States of America image
If you want to change the VOLUME ID, you can use volumeid.exe from www.sysinternals.com
Avatar of bbao
bbao
Flag of Australia image
Windows XP's prefetch feature
http://www.microsoft.com/whdc/hwdev/platform/performance/fastboot/BootVis.mspx

as for how to change the volumen number, if you want the solution for fat, i can give you a way to manually change it in a few steps. for ntfs, i think the principle is same, but i did not try before.
Avatar of SunBow
SunBow
Flag of United States of America image
skip the prefetch. it is more like a \backup directory that you do not have to manage

> is somebody able to keep track of me through hard disk serial number

yes, as well as through other info such as mobo & bios & NIC. DO, do remember that to get XP running in the first place, you must "agree" (OK, install) to let MS log ten HW numbers to identify the installation and get the activation code to operate it.

> is there anyway or software  to change the volume or serial number of hard disk?

Maybe. Do not count upon it helping you out much here.

>  i would be grateful for any practical solution

Step #1 is to install a firewall like ZoneAlarm that STOPS outgoing TCP packets in their tracks without your personal OK on each.  THis means, that the spywares that install can usually be blocked until they meet your level of approval. Most firewalls only stop the inbound invaders, not the stoolies that snuck onto your machine one day when you were less alert.

>  i found out a file  tdd.EXE

Do, of course, check the rest of your disk for same filename, be especially watchful of task manager, and all the files that can show up there.
Avatar of roCker
roCker

ASKER


  thanks everybody for the pains. i am obliged.

  SNilson ----i surfed t13.org but its a very huge and enormous site having no search option . i tried to search and grab ATA commands as u stated but after quite much of hard work i couldnt find a clue.


bbao --  i really would be interesting in some easy steps to chnage the serial number. i would be very grateful if u tell me  .

chicagoan--- i went through ur mentioned site . downloaded volumeid.exe
 and for a moment i thought i have got to the solution but it isnt doing what it says it does. i wonder y .i reallllllly wonder. so any more tips.?


 and guys have u given a look at the code or material or watever i pasted at the top . i mean there was some mentioning of volume id like  this. i mean this kinda script.. . .      …@  ‡   0  …@  ˆ   @  …@  ÿÿÿÿ P  …@  \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ N T D L L . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ K E R N E L 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ U N I C O D E . N L S   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ L O C A L E . N L S   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ S O R T T B L S . N L S   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \
             any idea what it is???
Avatar of roCker
roCker

ASKER

oo i skipped one thing.
           this  code that i have pasted  above was found in the file tdd.exe in my c:\ windows\prefetch directory that made me suspicious
                                thanks once again
Avatar of bbao
bbao
Flag of Australia image
i would suggest you use a professional disk binary editor to do it, or at least use debug.exe.
at here, for example, we access the drive C (FAT), with debug.exe

debug
l 1000 2 0 1      ; where 1000 is buffer, 2 is drive c, 0 is sector 0, 1 is numnber of sectors
d 1000             ; dump buffer at 1000h
e 1027 aa bb cc dd     ; where aa,bb,cc,dd are new serial number, in reverse order
d 1000             ; confirm the changes, from 1027h - 102ah
w                    ; write back to the disk

NOTE: it is a process to physically change content of sector, you should hold the risk by yourself and please be CAREFUL for every step!!

hope it helps,
bbao
Avatar of roCker
roCker

ASKER

hi bbao.
         
      well i couldnt follow up your instructions . do u mean that i start  debug.exe in dos prompt . and then type all tht u  have written above ?? am i right ?
       and wht  is a professional disk binary editor?
     and what does that 'risk' mean . do u mean there wud go something wrong to my harddisk during the process ?

       okies i tried the debug 1000 2 0 1 in debug.exe but it gives a message like this   " ^Error " .
 
                                                                      hope to hear from u soon
                                                                             roCker
Avatar of bbao
bbao
Flag of Australia image
debug <RETURN>
L 1000 2 0 1 <RETURN>
D 1000 <RETURN>
E 1027 aa bb cc dd <RETURN>
D 1000 <RETURN>
W <RETURN>

 
Avatar of bbao
bbao
Flag of Australia image
hi, i would suggest you use the following lines to see the help for your reference. again, to write disk sector directly should be a high risk operation.

DEBUG <RETURN>
? <RETURN>
Q <RETURN>

sorry for i lost Q command for QUIT in my last post.
Avatar of bbao
bbao
Flag of Australia image
as for the tools, i use a very old program NORTON DISKEDIT.EXE.
Avatar of roCker
roCker

ASKER

thanks .
       what exactly can be the risk in doing the steps.. would u plzz elaborate  a little.


  chicagoen...i installed volumeid.exe and it works. but in the end it says to add the  new address in the format xxxx-xxxx in hexadecimal  i do type a hexadecimal number like 9E014A2C but again it says that type in this way
xxxx-xxxx. can u please give some further suggestion over that??

                                                     
Avatar of bbao
bbao
Flag of Australia image
the risk are, if you type wrong number, your boot sector or even other sector (if the sector numner is wrong) may be damaged, wich may even cause your system crashed.

just noticed the volumeid.exe, that sounds good, it is a safe way for you. it looks you know a little about disk structure and debug.exe, so you should use similar tools instead of doing it manually with so primitive debug.exe, although my method is simple and effective.
Avatar of bbao
bbao
Flag of Australia image
btw, your input should be 9E01-4A2C, there is a "-" at the center.
Avatar of bbao
bbao
Flag of Australia image
roCker, how is your case? do you need further help? :)
Avatar of bbao
bbao
Flag of Australia image
a lot of comments contributed by the experts, so i would like to suggest splitting the points.
Avatar of Luc Franken
Luc Franken
Flag of Netherlands image
bbao,

I admit I've thought about a split of points :)
The original question was little more than "I wonder what this all means?" which was mostly answered by SNilsson at http:#9796221
The second question was: "how to change the HDD serial number?", the most obvious responce would be: "Don't do it, if you're doing it for just finding a file at your system that states it, you're being paranoid." There is absolutely no need for changing the HDD serial number, period.

If I have to change my recommendation, I propose an award to SNilsson for his first comment.

Thanks,

LucF