Welcome back today we are going to talk about a hole left in yeasterdays protection of executables.  That hole lies in the fact that if you rename an executable then kill it, there is no way for a watcher processes to restart it.  So what we do to solve that problem is watch the executables to make sure their names dont change, and if they do, you just change them back.  Lets look at the code.

Dim WithEvents fsWatcher As System.IO.FileSystemWatcher
Private Sub fsWatcher_Renamed(ByVal sender As Object, ByVal e As System.IO.RenamedEventArgs) Handles fsWatcher.Renamed
  If (e.OldName = "MainProcess.exe" Or e.OldName = "WatcherProcess.exe") Then
  System.IO.File.Move(e.Name, e.OldName)
  logEvent(e.OldName, e.Name, "Rename")
  End If
End Sub

Private Sub frmMain_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
  fsWatcher = New System.IO.FileSystemWatcher("./", "*.exe")
  fsWatcher.EnableRaisingEvents = True
End Sub

This lovely creation System.IO.FileSystemWatcher will watch a directory, in this case the local directory ./ for any file actions. We are mostly concerned with rename file actions so we handle the event FileSystemWatcher.Renamed. Then we simply check if one of the files we are concerned about it being renamed, if it is we name it back to what it is supposed to be. The net effect is that when a person renames the file it just winds up not getting renamed. There we go another hole plugged.

Have a good afternoon. Tomorrow we will be going for something a little more basic again so for those of you not interested in writing your own programs, never fear we have more content coming for you.