Dr. Vesselin Bontchev wrote:
I haven't tried this, but what about nuking the entry point to the
app instead of deleting or renaming the database?
As I mentioned above, this is what Kaspersky Anti-Virus seems to
be doing - overwrite the malicious application with a do-nothing
application. I haven't tried it myself, though. Can you really
write to the application at this point (when you get the notification
that it is being launched, I mean)? I thought that it would be opened
and not writable, but maybe it isn't yet.
I wasn't aware it ever becomes not writable. Sure, resource records
are locked down to a particular location in memory so that the code
in them can be executed, but I don't see why that prevents you from
writing zeros into that memory with DmWrite() or DmSet(). Of course,
I could be wrong.
- Logan
--
For information on using the PalmSource Developer Forums, or to unsubscribe,
please see http://www.palmos.com/dev/support/forums/
