Scott Erickson wrote:
What im looking to do is prevent an appliction from launching after it has been launched. What I mean, is I am registering for the sysNotifyAppLaunchingEvent and if the launching app has a virus in it, i give the user the option to kill the appliction and delete it from the system. How can I stop the app from launching once the user tells me they want me to delete it. I am currently deleting the database, but it doesnt seem to work. Im guessing the database is already open, and I cant delete it at that point, any ideas?
I haven't tried this, but what about nuking the entry point to the app instead of deleting or renaming the database? Any damage the virus-infected app can cause will be preceded by running some code out of the 'code'/1 resource. So, pick another resource type at random and copy the contents of the 'code'/1 resource (and all other 'code' type resources) elsewhere. Then overwrite 'code'/1 with your own data that (a) includes embedded info about which resources were renamed to what in order to avoid executing anything, and (b) pops up a window that says "Such-and-such Virus Checker has disabled this app". By copying it and overwriting the original (as opposed to just unlinking it and linking it back as a different resource type/index), you ensure that if the OS locks the pointer and stashes the locked pointer somewhere prior to your attempt to disable the code (and then executes straight from that pointer later), you still will have disabled the code. Hmm, there would be a couple of hitches of trying to overwrite an already-locked resource, of course. One is that the new code you'd want to write might not fit into the 'code'/1 resource, depending on its size. You can probably get around that by writing a tiny stub to lock another resource and put your real replacement code in that other resource. Then put that tiny stub into 'code'/1 and fill the stuff following it with all zeros. (After making a copy of 'code'/1 first, of course.) - Logan -- For information on using the PalmSource Developer Forums, or to unsubscribe, please see http://www.palmos.com/dev/support/forums/
