Solved

Delete on reboot

Posted on 2004-10-03
13
349 Views
Last Modified: 2012-05-05
Can anyone explain how to delete a file on reboot/restart

I have a listbox (lstfiles) and i search for files by there extenstions (.txt) returns all text files on the disk and loads them into my listbox. I doubleclick on one and it opens i added a command button (cmd3) to delete a file I set the file attributes to
disable readonly and hidden then try to run the kill function if the file will not delete i want to remove it on next startup. Thats the part im at now. I have read about movefileex but i dont seem to be able to get it working.

Any help?
0
Comment
Question by:BI5HOP
  • 5
  • 5
  • 3
13 Comments
 
LVL 55

Expert Comment

by:Jaime Olivares
Comment Utility
you can create an entry in Registry in RunOnce key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce

The command you insert in the registry will be executed next time, could be a simple command prompt order.
0
 

Author Comment

by:BI5HOP
Comment Utility
yea but if the file loads first it wont remove it :( some programs (spyware) start from other places
0
 
LVL 55

Expert Comment

by:Jaime Olivares
Comment Utility
0
 

Author Comment

by:BI5HOP
Comment Utility
This one could do it the only problem is how to knw what process your terminating

Private Sub Command1_Click()
    For Each Process In GetObject("winmgmts:").ExecQuery("select * from Win32_Process where Name='app.exe'") ' app.exe is the processname ( Usually the exe name )
        Process.Terminate
    Next
    Doevents
    Kill "c:\app.exe" ' Full path must be specified here
End Sub


since a file i am deleting could be .dll .exe .txt .anything
dll files that need deleting dont run under any specific name thats why i thought deleting on reboot is best.
0
 
LVL 22

Expert Comment

by:cookre
Comment Utility
HKLM:
\SYSTEM\CurrentControlSet\Control\Session Manager
Value:  PendingFileRenameOperations
0
 
LVL 22

Accepted Solution

by:
cookre earned 60 total points
Comment Utility
That value contains an arbitrary number of string pairs.  
If both strings in a pair are valued, it's a move.
If the second of the pair is null, it's a delete.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 

Author Comment

by:BI5HOP
Comment Utility
Yea thats the key i have been reading about for movefileex but i dont seem to be doing it write is there an example of how it works? I looked at my key and it is empty so i can get an example for there.
0
 

Author Comment

by:BI5HOP
Comment Utility
Ok i got most of it but i need to know how i can make the below write as MULTISZ instead of REGSZ

Public Function RegWrite(Key1, svalue As String)
Dim WSHShell As Variant
Set WSHShell = CreateObject("WScript.Shell")
WSHShell.RegWrite Key1, svalue

End Function
Private Sub Command2_Click()
Dim svalue As String
svalue = dfile.Text
RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations", "\??\" + svalue
End Sub
0
 
LVL 22

Expert Comment

by:cookre
Comment Utility
Well, that's the trick.
Alas, I'm not enough of a VBer to know without fiddling around a bit how to get the nulls embedded at the right spots.  

Although WSHShell.RegWrite has an optional 3rd parm that let's you specify data type, REG_MULTI_SZ is not among the supported types.  Now, the .NET value set method will look at the data and try to figure out its type, but you still have to get those nulls in there.

Also, you should check to see if the value already exists so you can add your text at the end of what's there already.

0
 
LVL 55

Assisted Solution

by:Jaime Olivares
Jaime Olivares earned 65 total points
Comment Utility
0
 

Author Comment

by:BI5HOP
Comment Utility
Ok this is alot better "almost there" (that first link wont work for MULTISZ its the same as above that i was using)


The second link will work i think but im not sure what is wrong with it i have not see some of it before these are new two me i have made it right to the proper key but it is still as regsz i think it because i dont know what to put in the parts i marked.


Dim aStrings() As String
Dim lngRet As Long, lngIndex As Long

  Redim aStrings(0 to 2)

  aStrings(0) = "String1" <<-== what goes here
  aStrings(1) = "String2" <<-== what goes here
  aStrings(2) = "String3" <<-== what goes here
 
  '---> Write the Multi String Value
  lngRet = SetValue(HKEY_LOCAL_MACHINE, "Software\MyApp", "MultiStringValue", aStrings)

  '---> Read the Multi String Value
  aStrings = GetValue(HKEY_LOCAL_MACHINE, "Software\MyApp", "MultiStringValue", Split(""))

   For lngIndex = 0 To UBound(aStrings)
   
      Debug.Print aStrings(lngIndex)
   
   Next
0
 
LVL 22

Expert Comment

by:cookre
Comment Utility
I'll dust off my VB6 and fiddle with it later today - but don't let that stop anyone else...
0
 
LVL 22

Expert Comment

by:cookre
Comment Utility
This worked:

Option Explicit
Option Base 0

Private Declare Function RegOpenKeyEx Lib "advapi32.dll" _
                                      Alias "RegOpenKeyExA" _
                                     (ByVal hKey As Long _
                                     , ByVal lpSubKey As String _
                                     , ByVal ulOptions As Long _
                                     , ByVal samDesired As Long _
                                     , phkResult As Long) _
                                     As Long
                                   
Private Declare Function RegQueryValueEx Lib "advapi32.dll" _
                                         Alias "RegQueryValueExA" _
                                         (ByVal hKey As Long _
                                         , ByVal lpValueName As String _
                                         , ByVal lpReserved As Long _
                                         , lpType As Long, ByVal lpData As String _
                                         , lpcbData As Long) _
                                         As Long

Private Declare Function RegSetValueEx Lib "advapi32.dll" _
                                       Alias "RegSetValueExA" _
                                       (ByVal hKey As Long _
                                       , ByVal lpValueName As String _
                                       , ByVal Reserved As Long _
                                       , ByVal dwType As Long _
                                       , ByVal lpValue As String _
                                       , ByVal cbData As Long) _
                                       As Long
                                     
Private Declare Function RegCloseKey Lib "advapi32.dll" _
                                    (ByVal hKey As Long) _
                                    As Long
                                         


Const ERROR_SUCCESS = 0
Const ERROR_MORE_DATA = 234
Const HKEY_LOCAL_MACHINE = &H80000002
Const REG_MULTI_SZ = 7

Const STANDARD_RIGHTS_ALL = &H1F0000
Const KEY_QUERY_VALUE = &H1
Const KEY_SET_VALUE = &H2
Const KEY_CREATE_SUB_KEY = &H4
Const KEY_ENUMERATE_SUB_KEYS = &H8
Const KEY_NOTIFY = &H10
Const KEY_CREATE_LINK = &H20
Const SYNCHRONIZE = &H100000
Const KEY_ALL_ACCESS = ((STANDARD_RIGHTS_ALL _
                         Or KEY_QUERY_VALUE _
                         Or KEY_SET_VALUE _
                         Or KEY_CREATE_SUB_KEY _
                         Or KEY_ENUMERATE_SUB_KEYS _
                         Or KEY_NOTIFY _
                         Or KEY_CREATE_LINK) _
                    And (Not SYNCHRONIZE))

Dim RC As Long
Dim SessionKey As Long
Dim ValType As Long
Dim ValLen As Long
Dim ValDAta(2) As String
Dim strMULTISZ As String
Dim arrStrings() As String
Dim i As Integer


Private Sub Form_Load()
Dim DeleteLine As String

DeleteLine = "\??\c:\dummy.dat"

' Get the Session Manager key
RC = RegOpenKeyEx(HKEY_LOCAL_MACHINE _
               , "System\CurrentControlSet\Control\Session Manager" _
               , 0 _
               , KEY_ALL_ACCESS _
               , SessionKey)
If RC <> ERROR_SUCCESS Then
   MsgBox ("Unable to open Session Manager key")
   End
   End If
   
' See if any operations are pending
RC = RegQueryValueEx(SessionKey _
                   , "PendingFileRenameOperations" _
                   , 0 _
                   , ValType _
                   , ByVal 0 _
                   , ValLen)
If RC = ERROR_MORE_DATA Then
   ' Value is already there - get it and merge in ours
   strMULTISZ = Space(ValLen + 1)
   RC = RegQueryValueEx(SessionKey _
                      , "PendingFileRenameOperations" _
                      , 0 _
                      , ValType _
                      , ByVal strMULTISZ _
                      , ValLen)
   ' Split out the individual strings into a string array
   strMULTISZ = Left(strMULTISZ, InStr(1, strMULTISZ, Chr(0) & Chr(0)) - 1)
   arrStrings = Split(strMULTISZ, Chr(0))
     
   ' Make room for our new pair
   ReDim Preserve arrStrings(UBound(arrStrings) + 2)
   arrStrings(UBound(arrStrings) - 1) = DeleteLine
   arrStrings(UBound(arrStrings)) = ""
     
   ' Turn it back into a REG_MULTI_SZ
   strMULTISZ = Join(arrStrings, Chr(0)) & Chr(0)
     
   ' And update it
   RC = RegSetValueEx(SessionKey _
                     , "PendingFileRenameOperations" _
                     , 0 _
                     , REG_MULTI_SZ _
                     , strMULTISZ _
                     , Len(strMULTISZ) + 1)

Else
   ' Its either there, so just add our new pair
   ReDim arrStrings(1)
   arrStrings(0) = DeleteLine
   arrStrings(1) = ""
     
   ' Turn it back into a REG_MULTI_SZ
   strMULTISZ = Join(arrStrings, Chr(0)) & Chr(0)
     
   ' And update it
   RC = RegSetValueEx(SessionKey _
                     , "PendingFileRenameOperations" _
                     , 0 _
                     , REG_MULTI_SZ _
                     , strMULTISZ _
                     , Len(strMULTISZ) + 1)
   End If

RegCloseKey (SessionKey)
End
End Sub

0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Go is an acronym of golang, is a programming language developed Google in 2007. Go is a new language that is mostly in the C family, with significant input from Pascal/Modula/Oberon family. Hence Go arisen as low-level language with fast compilation…
Although it can be difficult to imagine, someday your child will have a career of his or her own. He or she will likely start a family, buy a home and start having their own children. So, while being a kid is still extremely important, it’s also …
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now