roCker
asked on
some software had got hold of my harddisk volume number..
hi everybody.
i want that nobody e.g a software vendor could be able to trace my system . i found out a file tdd.EXE-04A112Ed.pf in the directory c:\windows\prefetch .. i opened it up to find out some strange kinda language followed by something as refering to hard disk volume number. i am pasting a few lines of that file to give u some idea . …@ ‡ 0 …@ ˆ @ …@ ÿÿÿÿ P …@ \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ N T D L L . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ K E R N E L 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ U N I C O D E . N L S \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ L O C A L E . N L S \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ S O R T T B L S . N L S \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ U S E R 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ G D I 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ A D V A P I 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ R P C R T 4 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ O L E A U T 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ M S V C R T . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ O L E 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ C O M C T L 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ I M M 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ W I N S P O O L . D R V \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ S H E L L 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ S H L W A P I . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ C O M D L G 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ W S O C K 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ W S 2 _ 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ W S 2 H E L P . D L L \ D E V....
i wonder what does that mean..
is somebody able to keep track of me through hard disk serial number?? is there anyway or software to change the volume or serial number of hard disk?? i would be grateful for any practical solution . this is a bit urgent so i hope honourable experts would look into my question. thank you.
roCker
i want that nobody e.g a software vendor could be able to trace my system . i found out a file tdd.EXE-04A112Ed.pf in the directory c:\windows\prefetch .. i opened it up to find out some strange kinda language followed by something as refering to hard disk volume number. i am pasting a few lines of that file to give u some idea . …@ ‡ 0 …@ ˆ @ …@ ÿÿÿÿ P …@ \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ N T D L L . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ K E R N E L 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ U N I C O D E . N L S \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ L O C A L E . N L S \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ S O R T T B L S . N L S \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ U S E R 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ G D I 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ A D V A P I 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ R P C R T 4 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ O L E A U T 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ M S V C R T . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ O L E 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ C O M C T L 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ I M M 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ W I N S P O O L . D R V \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ S H E L L 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ S H L W A P I . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ C O M D L G 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ W S O C K 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ W S 2 _ 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ W S 2 H E L P . D L L \ D E V....
i wonder what does that mean..
is somebody able to keep track of me through hard disk serial number?? is there anyway or software to change the volume or serial number of hard disk?? i would be grateful for any practical solution . this is a bit urgent so i hope honourable experts would look into my question. thank you.
roCker
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Most say it aint possible, but I found this one
"It is possible to change the REAL serial number of a Hard Disk, not matter what who is its manufactor.
The serial number is recorded in a part of the Hard disk named System Area, you can access this area using an especific ATA command, each manufator has its own ATA command for each Hard Disk model and size. Your can learn more about ATA commands in www.t13.org "
I dont know why you would want to, just delete the folder contents and run the spyware program, make sure you have a good firewall, then there should be no problem.
"It is possible to change the REAL serial number of a Hard Disk, not matter what who is its manufactor.
The serial number is recorded in a part of the Hard disk named System Area, you can access this area using an especific ATA command, each manufator has its own ATA command for each Hard Disk model and size. Your can learn more about ATA commands in www.t13.org "
I dont know why you would want to, just delete the folder contents and run the spyware program, make sure you have a good firewall, then there should be no problem.
If you want to change the VOLUME ID, you can use volumeid.exe from www.sysinternals.com
Windows XP's prefetch feature
http://www.microsoft.com/whdc/hwdev/platform/performance/fastboot/BootVis.mspx
as for how to change the volumen number, if you want the solution for fat, i can give you a way to manually change it in a few steps. for ntfs, i think the principle is same, but i did not try before.
http://www.microsoft.com/whdc/hwdev/platform/performance/fastboot/BootVis.mspx
as for how to change the volumen number, if you want the solution for fat, i can give you a way to manually change it in a few steps. for ntfs, i think the principle is same, but i did not try before.
skip the prefetch. it is more like a \backup directory that you do not have to manage
> is somebody able to keep track of me through hard disk serial number
yes, as well as through other info such as mobo & bios & NIC. DO, do remember that to get XP running in the first place, you must "agree" (OK, install) to let MS log ten HW numbers to identify the installation and get the activation code to operate it.
> is there anyway or software to change the volume or serial number of hard disk?
Maybe. Do not count upon it helping you out much here.
> i would be grateful for any practical solution
Step #1 is to install a firewall like ZoneAlarm that STOPS outgoing TCP packets in their tracks without your personal OK on each. THis means, that the spywares that install can usually be blocked until they meet your level of approval. Most firewalls only stop the inbound invaders, not the stoolies that snuck onto your machine one day when you were less alert.
> i found out a file tdd.EXE
Do, of course, check the rest of your disk for same filename, be especially watchful of task manager, and all the files that can show up there.
> is somebody able to keep track of me through hard disk serial number
yes, as well as through other info such as mobo & bios & NIC. DO, do remember that to get XP running in the first place, you must "agree" (OK, install) to let MS log ten HW numbers to identify the installation and get the activation code to operate it.
> is there anyway or software to change the volume or serial number of hard disk?
Maybe. Do not count upon it helping you out much here.
> i would be grateful for any practical solution
Step #1 is to install a firewall like ZoneAlarm that STOPS outgoing TCP packets in their tracks without your personal OK on each. THis means, that the spywares that install can usually be blocked until they meet your level of approval. Most firewalls only stop the inbound invaders, not the stoolies that snuck onto your machine one day when you were less alert.
> i found out a file tdd.EXE
Do, of course, check the rest of your disk for same filename, be especially watchful of task manager, and all the files that can show up there.
ASKER
thanks everybody for the pains. i am obliged.
SNilson ----i surfed t13.org but its a very huge and enormous site having no search option . i tried to search and grab ATA commands as u stated but after quite much of hard work i couldnt find a clue.
bbao -- i really would be interesting in some easy steps to chnage the serial number. i would be very grateful if u tell me .
chicagoan--- i went through ur mentioned site . downloaded volumeid.exe
and for a moment i thought i have got to the solution but it isnt doing what it says it does. i wonder y .i reallllllly wonder. so any more tips.?
and guys have u given a look at the code or material or watever i pasted at the top . i mean there was some mentioning of volume id like this. i mean this kinda script.. . . …@ ‡ 0 …@ ˆ @ …@ ÿÿÿÿ P …@ \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ N T D L L . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ K E R N E L 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ U N I C O D E . N L S \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ L O C A L E . N L S \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ S O R T T B L S . N L S \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \
any idea what it is???
ASKER
oo i skipped one thing.
this code that i have pasted above was found in the file tdd.exe in my c:\ windows\prefetch directory that made me suspicious
thanks once again
this code that i have pasted above was found in the file tdd.exe in my c:\ windows\prefetch directory that made me suspicious
thanks once again
i would suggest you use a professional disk binary editor to do it, or at least use debug.exe.
at here, for example, we access the drive C (FAT), with debug.exe
debug
l 1000 2 0 1 ; where 1000 is buffer, 2 is drive c, 0 is sector 0, 1 is numnber of sectors
d 1000 ; dump buffer at 1000h
e 1027 aa bb cc dd ; where aa,bb,cc,dd are new serial number, in reverse order
d 1000 ; confirm the changes, from 1027h - 102ah
w ; write back to the disk
NOTE: it is a process to physically change content of sector, you should hold the risk by yourself and please be CAREFUL for every step!!
hope it helps,
bbao
at here, for example, we access the drive C (FAT), with debug.exe
debug
l 1000 2 0 1 ; where 1000 is buffer, 2 is drive c, 0 is sector 0, 1 is numnber of sectors
d 1000 ; dump buffer at 1000h
e 1027 aa bb cc dd ; where aa,bb,cc,dd are new serial number, in reverse order
d 1000 ; confirm the changes, from 1027h - 102ah
w ; write back to the disk
NOTE: it is a process to physically change content of sector, you should hold the risk by yourself and please be CAREFUL for every step!!
hope it helps,
bbao
ASKER
hi bbao.
well i couldnt follow up your instructions . do u mean that i start debug.exe in dos prompt . and then type all tht u have written above ?? am i right ?
and wht is a professional disk binary editor?
and what does that 'risk' mean . do u mean there wud go something wrong to my harddisk during the process ?
okies i tried the debug 1000 2 0 1 in debug.exe but it gives a message like this " ^Error " .
hope to hear from u soon
roCker
well i couldnt follow up your instructions . do u mean that i start debug.exe in dos prompt . and then type all tht u have written above ?? am i right ?
and wht is a professional disk binary editor?
and what does that 'risk' mean . do u mean there wud go something wrong to my harddisk during the process ?
okies i tried the debug 1000 2 0 1 in debug.exe but it gives a message like this " ^Error " .
hope to hear from u soon
roCker
debug <RETURN>
L 1000 2 0 1 <RETURN>
D 1000 <RETURN>
E 1027 aa bb cc dd <RETURN>
D 1000 <RETURN>
W <RETURN>
L 1000 2 0 1 <RETURN>
D 1000 <RETURN>
E 1027 aa bb cc dd <RETURN>
D 1000 <RETURN>
W <RETURN>
hi, i would suggest you use the following lines to see the help for your reference. again, to write disk sector directly should be a high risk operation.
DEBUG <RETURN>
? <RETURN>
Q <RETURN>
sorry for i lost Q command for QUIT in my last post.
DEBUG <RETURN>
? <RETURN>
Q <RETURN>
sorry for i lost Q command for QUIT in my last post.
as for the tools, i use a very old program NORTON DISKEDIT.EXE.
ASKER
thanks .
what exactly can be the risk in doing the steps.. would u plzz elaborate a little.
chicagoen...i installed volumeid.exe and it works. but in the end it says to add the new address in the format xxxx-xxxx in hexadecimal i do type a hexadecimal number like 9E014A2C but again it says that type in this way
xxxx-xxxx. can u please give some further suggestion over that??
what exactly can be the risk in doing the steps.. would u plzz elaborate a little.
chicagoen...i installed volumeid.exe and it works. but in the end it says to add the new address in the format xxxx-xxxx in hexadecimal i do type a hexadecimal number like 9E014A2C but again it says that type in this way
xxxx-xxxx. can u please give some further suggestion over that??
the risk are, if you type wrong number, your boot sector or even other sector (if the sector numner is wrong) may be damaged, wich may even cause your system crashed.
just noticed the volumeid.exe, that sounds good, it is a safe way for you. it looks you know a little about disk structure and debug.exe, so you should use similar tools instead of doing it manually with so primitive debug.exe, although my method is simple and effective.
just noticed the volumeid.exe, that sounds good, it is a safe way for you. it looks you know a little about disk structure and debug.exe, so you should use similar tools instead of doing it manually with so primitive debug.exe, although my method is simple and effective.
btw, your input should be 9E01-4A2C, there is a "-" at the center.
roCker, how is your case? do you need further help? :)
a lot of comments contributed by the experts, so i would like to suggest splitting the points.
bbao,
I admit I've thought about a split of points :)
The original question was little more than "I wonder what this all means?" which was mostly answered by SNilsson at http:#9796221
The second question was: "how to change the HDD serial number?", the most obvious responce would be: "Don't do it, if you're doing it for just finding a file at your system that states it, you're being paranoid." There is absolutely no need for changing the HDD serial number, period.
If I have to change my recommendation, I propose an award to SNilsson for his first comment.
Thanks,
LucF
I admit I've thought about a split of points :)
The original question was little more than "I wonder what this all means?" which was mostly answered by SNilsson at http:#9796221
The second question was: "how to change the HDD serial number?", the most obvious responce would be: "Don't do it, if you're doing it for just finding a file at your system that states it, you're being paranoid." There is absolutely no need for changing the HDD serial number, period.
If I have to change my recommendation, I propose an award to SNilsson for his first comment.
Thanks,
LucF
ASKER
thanks a lot for ur advice . i did search for any more tdd.exe files but there werebt any more files with that name
i would appreciate if u tell me as how to change the serial number or volume number of my hard disk.