Hello everybody!

I am interested in how do you manage the restrictions that Vista "offers". I mean, I had to store some data in System32 and my application was developed on Visual Studio 2008, but on XP. Recently, I moved to Vista and tested the software about its compatibility and it crashed because of "Access Denied to C:\Windows\System32".

What workarounds do you use, or you just say to customers that they should do this and this?

Firstly, unless you're writing system information, your program should stay out of all of the system directories.

The easiest solution, allow your program to write in it's own directory.

There really isn't too much of a difference between moving a program from XP to VISTA. You just have to know how the operating system is going to react if you do certain things with it.

Especially places where the User Access Control will pop up if it is still activated.

I completely agree with DeCompile, there is no reason your application should be messing around with the System32 folder. The main difference from XP to Vista is depending on what your application does it may need to operate at an elevated level, which really isn't a good idea to begin with. I've yet to have a single problem with my applications running on Vista (*knock on wood*), then again I don't do anything in the System32 folder either.

Thank you guys! Let's say I want to hide a file containing information about the license. Shouldn't it be hidden? Btw, there are some programs that store information on a hidden place and even after format it recognizes that the trial has expired. How is this possible? Where can they store information that is not touched during format?

You can do that in the registry with an encryption and the only way to know that the license is expired after a format is not storing info locally but on an online database

btw are you Bulgarian and if yes where do you live?

This post has been edited by Korupt: 31 Aug, 2008 - 12:23 PM

Information is usually stored in the registry. Often, for whatever reason, it's hidden in the registry. Some of that crap never goes away.

Trial expiration awareness post format? Simple. Mothership.

Most modern software reports all kinds of information across the internet. To the point that some software won't even work unless it can phone home. It's not a great trick to send a unique ID to a server that logs it with a time stamp. There are a number of possible numbers to snag. Easiest, and most straight forward, would be the MAC address.

I run a local firewall on all my Windows machines. If you don't, you should. You'd be amazed at the software that wants to talk to the internet.

I see guys, maybe it is more clever to store the data in the registry, however thus isn't it more visible to the user. I mean, it is encrypted, but he knows where to search. And if he is not a programmer like us, but a regular user, he could not think of the location in C:\....

This about the unique key that exists after format and that is transfered over the internet is not valid unless one company uses the software in an office, where an internet connection is enabled.

And after all, to build such a unique id, I have to check a lot of facts and it is not that cool . I think local defense suits my application perfectly. However, there is a problem. The user can reinstall the software and we assume that he has deleted the registry. Then what? I guess he has trial period again .


There is another chance(if I use files) to make this file hidden and to make the application protect it(access denied), but again if we have a professional on board, he would use Safe Mode.

Another facts I did not think of?


Btw, @baavgai MAC address does not seem to me a good way as we all know how easy is to have it changed.

This post has been edited by pe_mitev: 31 Aug, 2008 - 03:08 PM

Not quite. A MAC address is easy to spoof, because TCP/IP is dumb and trusting. However, the MAC address is a number on the physical NIC. The number does not change, it's part of the hardware itself. It's easy to change, put a new network card in the box.

Windows itself uses the ID on the motherboard. You can use WMI to extract it.

For your file based storage, you still haven't made a case as to why storing them in a system area is more secure than in a local file that your program has legitimate rights to.

In any case, it sounds like your intent is questionable. If you really want to know how to hind information in a system, google rootkit. That sound you hear is your soul escaping through your nose.

Heh, Vista. I got fed up with the restrictions in Windows 95.