Originally posted by SilentRage:
Since windows is in control, and it has a certain way of doing things, it won't let files be deleted unless the program is first terminated. So 1: you can't delete a running program - 2: if you did delete a program - then it's not running in memory. If you try to delete the program by executing low-level instructions meant straight for the harddrive - then you run the risk of crashing windows - or at least that program.
Not true. I just tested it myself to make sure I was right. I copied a program, ran it, then while it was running, deleted the program from the location I ran it in. No problems.
I have discussed this topic with a very knowledgeable person and he told me it has been done. He said the BackOrifice 2000 code does this. This code is freely available on the internet. I have a copy if you can't find it.
You have the source code? I'd be interested in looking at that. I could get the program and dissasemble it, but the assembly version wouldn't help me.
Let's say you made a utility who's purpose is to erase a picture of an egg that some virus loves to draw to screen. Even though this virus can never be removed from the computer - unless you reformat - you can still lose no data if you run your utility that makes sure the egg is never drawn to screen. You make this utility very very smart, in how it analyzes the screen picture and filters for all egg pictures - AND hooks into various graphics API to look for telltale signs of a egg about to be drawn - and block it. Pretty powerful program no? Well, guess what. Nobody wants it. It has no purpose. There is no such thing as a program which draws eggs to the screen and cannot be removed except by reformatting. Good job son, here's a cookie.
*Sigh* You don't seem to understand. I just gave you a reason why this program could be useful. Your analogy doesn't apply. I NEVER said there was a program that runs and deletes itself. I said "what if you ran a program and deleted it yourself and wanted it back". Now you were saying it couldn't be done, but it can. I just did it a couple of minutes ago when I started this post.
...you cannot possibly predict all the methods a program may save itself into memory - all the techniques and formats this data may be represented in memory. Only AFTER it has been done may you make a utility which handles whatever technique they employed. THEN it will be useful - so THAT is why I don't want to know if you even can. The argument has no purpose and gains nothing.
...When a program runs it gets loaded into a certain part of memory, just like every other program. The program can't alter this because it has to be loaded before it can even execute any commands to change that! Since it's done the same way for each program (except maybe the difference between DOS and Win32 apps. but it's just loaded to a different part of memory which can also be checked) the program should be able to detect each program that's been loaded and follow each instruction it executes and dissasemble it and compile the assembly language into a program and save it. Before you start your counter argument please check out this website
. They made a very powerful program called digital cortex. Read what it can do.