MattHiggs Posted October 31, 2016 Posted October 31, 2016 (edited) hello autoit scripters. I am currently working on a repair script which needs to be able to delete a directory which is pretty constantly used in order to replace its contents. I was thinking about using "delete during next reboot" in order to accomplish this, and to this point, the only way I can see this being done is by modifying the registry (create PendingFileRenameOperations registry key in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager). Is there another way that this can be done. Which way would be more effective? What type of registry key would be used? Can anyone provide an example? Thanks. Edited November 11, 2016 by MattHiggs
orbs Posted October 31, 2016 Posted October 31, 2016 (edited) @MattHiggs, using the said registry key can be tricky. you have to maintain trailing @LF and empty string for target path (if you wish to delete rather than move/rename). _WinAPI_MoveFileEx() can handle that for you - read the help file carefully. occasionally i encountered issues with that, especially files located in the system32 folder. if reliability is a must, i'd suggest using a scheduled task to run at startup, as the local SYSTEM account, executing a simple batch file to: 1) delete the said folders 2) delete the task 3) delete the batch file itself in this order! Edited October 31, 2016 by orbs MattHiggs 1 Signature - my forum contributions: Reveal hidden contents UDF: LFN - support for long file names (over 260 characters) InputImpose - impose valid characters in an input control TimeConvert - convert UTC to/from local time and/or reformat the string representation AMF - accept multiple files from Windows Explorer context menu DateDuration - literal description of the difference between given dates Apps: Touch - set the "modified" timestamp of a file to current time Show For Files - tray menu to show/hide files extensions, hidden & system files, and selection checkboxes SPDiff - Single-Pane Text Diff
MattHiggs Posted October 31, 2016 Author Posted October 31, 2016 On 10/31/2016 at 6:51 AM, orbs said: @MattHiggs, using the said registry key can be tricky. you have to maintain trailing @LF and empty string for target path (if you wish to delete rather than move/rename). _WinAPI_MoveFileEx() can handle that for you - read the help file carefully. occasionally i encountered issues with that, especially files located in the system32 folder. if reliability is a must, i'd suggest using a scheduled task to run at startup, as the local SYSTEM account, executing a simple batch file to: 1) delete the said folders 2) delete the task 3) delete the batch file itself in this order! Expand Yeah that was the concern. Preferably, I would rather just avoid editing the registry all together: too many things can go wrong and the registry is just one of those things that I am not as knowledgeable on. As for the scheduled task, I had considered it. I always figured that "at startup" meant after the system had booted and was at logon screen, but if you have been able to use this method to delete files located in the system32 folder (which is exactly what I am trying to do), then it sounds like that is perfect. Thanks you sir.
MilesAhead Posted October 31, 2016 Posted October 31, 2016 (edited) I have found an easy way to do things like run a program that deletes every index.dat file on the Windows system partition, using the RunOnce registry key. I wrote a small freeware to set it conveniently called RunItOnce. The program it runs will run before login. So it should not be interactive at all. You may download RunItOnce from my page It just so happens the utility is written in AutoIt3. Edit: The beauty of using the RunOnce key in the Registry is the system gets the info, then removes it from the Registry for you. You don't have to worry about cleaning up after yourself. RunItOnce will set the RunOnce key of the user whose account is active when RunItOnce is run. IOW, it uses the Users RunOnce Registry key, not Administrator. But it should work fine for deleting system files since they are not considered to be "in use by the system" prior to login. At least it had no problem running a program that deleted every index.dat file on C: for me. Try it and see. But I would definitely make an image backup first!! Edited October 31, 2016 by MilesAhead MattHiggs 1 My Freeware Page
MattHiggs Posted November 4, 2016 Author Posted November 4, 2016 On 10/31/2016 at 11:44 PM, MilesAhead said: I have found an easy way to do things like run a program that deletes every index.dat file on the Windows system partition, using the RunOnce registry key. I wrote a small freeware to set it conveniently called RunItOnce. The program it runs will run before login. So it should not be interactive at all. You may download RunItOnce from my page It just so happens the utility is written in AutoIt3. Edit: The beauty of using the RunOnce key in the Registry is the system gets the info, then removes it from the Registry for you. You don't have to worry about cleaning up after yourself. RunItOnce will set the RunOnce key of the user whose account is active when RunItOnce is run. IOW, it uses the Users RunOnce Registry key, not Administrator. But it should work fine for deleting system files since they are not considered to be "in use by the system" prior to login. At least it had no problem running a program that deleted every index.dat file on C: for me. Try it and see. But I would definitely make an image backup first!! Expand Thank you sir, for both the info and the URL to your site with many, many useful utilities. Have you considered putting the URL in your signature? That way other members of the autoit community can see, access, and download the utilities from it without you having to repeatedly post it. There are probably a lot of scripters out there that would find them useful.
MilesAhead Posted November 5, 2016 Posted November 5, 2016 On 11/4/2016 at 10:27 AM, MattHiggs said: Thank you sir, for both the info and the URL to your site with many, many useful utilities. Have you considered putting the URL in your signature? That way other members of the autoit community can see, access, and download the utilities from it without you having to repeatedly post it. There are probably a lot of scripters out there that would find them useful. Expand Good idea. Awhile back I lost a domain I had for several years. I guess putting the new one in my sig slipped my mind. My Freeware Page
MattHiggs Posted November 11, 2016 Author Posted November 11, 2016 Hey all. I found another, easier way of performing these types of operations. It is a "sysinternals" tool: MoveFile Description is as follows: Schedule file rename and delete commands for the next reboot. This can be useful for cleaning stubborn or in-use malware files
Moderators JLogan3o13 Posted November 11, 2016 Moderators Posted November 11, 2016 You seem to be averse to using Task Scheduler or editing the registry. Just curious, how do you believe MoveFile is working its magic? Use the tool and then look under that PendingFileRenameOperations Value "Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball How to get your question answered on this forum!
j0kky Posted November 11, 2016 Posted November 11, 2016 Back in the days I worked with virus-removal tools, there was an optimal solution called The Avenger which was able to delete rootkits too on reboot. But I don't know how it works because it is not an open source. Reveal hidden contents Some UDFs I created: Winsock UDF STUN UDF WinApi_GetAdaptersAddresses _WinApi_GetLogicalProcessorInformation Bitwise with 64 bit integers An useful collection of zipping file UDFs
.thumb.gif.f0fcf5626c0e51d894959a28cd718fe7.gif)
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now