Sign in to follow this  
Nice Coder

Changing folder icon using command line?

Recommended Posts

I've got a pretty convinvincing invisible folder act going on. I just need to change the folder's icon and it'll look basically legit. The problem is, how! I can do it on my comp because i have access to the change folder icon menu. I can't do this on the other comp, since i don't have access! Does anyone know how to do this via another way? From, Nice coder

Share this post


Link to post
Share on other sites
If you use desktop.ini, make sure you give "everyone" permission to read the 'Desktop.ini' file despite blocking their permission to everything else. Otherwise, the admin's machine might not be able to read it in order to apply the specified settings.

Another entry you might want to add under .ShellClassInfo would be "LocalizedResourceName" which forces the folder's name to appear to be something depending on the language of the windows version viewing it (so things are properly translated) despite what the actual folder's name is.
An example would be:

LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21788

which is the string "System Tools" in my US English version and would be a similar string in any other language. This can make manipulating the contents difficult if the admin tries to use the command line tool, because the folder will show it's real file name in the command line but it's "Localized Resource Name" in the GUI.

You could do a similar thing for all the files in the folder using an INI section called [LocalizedFileNames]
This way, you could make a folder full of zip files (for example) appear to be a copy of the 'Administrative Tools' folder from the control panel or the like, but double clicking files will still execute the normal action for that file type.

To find more about Desktop.ini, just search your computer - by default, a lot of system folders have such a file filled with interesting settings. Also, there is information in the latest platform SDK documentation. You can probably find this online by searching MSDN for 'desktop.ini'

As an interesting random comment, for a project at work I had a program that read from a 'long' ini file using the windows API (on Win2k), and the INI access (only reading each entry in the ini a single time) was taking around 75% of the program's runtime, and making a custom INI class (including support for TEA encryption/decryption and much nicer enumeration routines) took it down to around 0% (rounded appropriately) of the program's total runtime. What's left of the run time is i/o-bound file manipulations. I wonder if MS's poor INI model (ie no load,process, store, but rather all 3 steps for each INI operation) is part of the reason they started pushing the registry so hard way back when.


Edit: I was just messing around with it and found another interesting line:
CLSID={871C5380-42A0-1069-A2EA-08002B30309D}
(The value might be different on different computers, I found a list at HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\ in the registry)
This makes the icon of the folder change to the IE icon, and makes double clicking on it actually open IE! This would help discourage GUI manipulation of the file in the same way the the localization discourages CLI manipulation =-) It does this by adding an "Open Home Page" action as the default action for the folder. This action works even if permission to the folder is denied! There is also an 'Open' action, but it acts just like the "Open Home Page" action.
The only way to change this is to manually rename the desktop.ini file, which means you have to remove the SH attributes, rename desktop.ini via the command line, then refresh the parent folder so it gets the new info, then open the folder.

[Edited by - Extrarius on November 5, 2005 9:25:21 PM]

Share this post


Link to post
Share on other sites
Edit: Ok. *smacks head*

:-)
Ok. I have a batch file that'll rename the desktop.ini file.

The problem is that The folder icon is IE, yet the folder name is System tools... Maybe Internet Explorer Tools? How do you know what each number means?

Also, should by "secret structure" be
T:\Somefolders\Desktop.ini\Other
When i give everyone +R access to The folder Desktop.ini, as well as the file inside?

Then in Other i give only me full access? (remove all inherited permisions).

Would this be ok?

From,
Nice coder

[Edited by - Nice Coder on November 6, 2005 3:35:21 AM]

Share this post


Link to post
Share on other sites
To find numbers to use, you need to open up shell32.dll(or other system dlls) in a resource editor. If you have MSVS, you can go to:
File | Open | File | [Select File] | [Click triangle by 'Open' button] | Open With | Resource Editor
Then you can browse various parts for various kinds of resources. Since you want strings, go to 'String Table' then double click the resulting 'String Table' and you get a HUGE list of strings.
9222, 22034, 30294, 32086 = "Internet Explorer"
22037 = "Launch Internet Explorer Browser"

I'm guessing the string "Internet Explorer" occurs so many times because it is used in different contexts that might require it to be different each time in a different language. Since the string I found in a real desktop.ini was -21788, I'm guessing that the numbers must be negated for some reason when put in the ini file. Looking up string 21788 does indeed reveal "System Tools", so I'd bet that the proper number to use would be 22034 since it's closest and would probably translate best (though it probably doesn't really matter if your admin uses US English).

You could also use a different file instead of shell32.dll, for example
LocalizedResourceName=@%ProgramFiles%\Internet Explorer\iexplore.exe,-702
Which is "Internet Explorer" straight out of explorer itself (well, I didn't test it, but it should work)

Share this post


Link to post
Share on other sites
Ok. (Thanks for the Internet explorer thing. Now this is a very good name. Just a hidden IE icon. No reson to look at it, move along now.)

Two things.
One, i have a nice little hidden drive on one computer, which i'm accessing through net use. :-)

I'm also doing something similar on a network drive. The main purpose is that nobody is going to have a look at the comps drive, so its a bit more "Secret."

Also, if you rename it through the properties window, it renames the file, although it retains everything after the dot in the filename. You also can't see the changes in filename (which is pretty nice).

One problem tho: If you directly set a network drive into it, you arn't affected by Desktop.ini (this also makes it easier for me, as it means i just need to net use it, then delete it).

Current file for makedrive.bat (run via a shortcut, since we "Can't run batch files")


@Echo off
net use S: \\Comp\Desktop.ini\Sec
explorer S:
@Echo Done. Please hit enter once you are finished.
pause
net use s: /Delete
exit






Current file for Desktop.ini

[.ShellClassInfo]
Owner=Randomguy
IconFile=%SystemRoot%\system32\SHELL32.dll
IconIndex=69
NoSharing=0
ConfirmFileOp=1
Infotip=This is a secured spot. Are you sure you should be here?
LocalizedResourceName=@%ProgramFiles%\Internet Explorer\iexplore.exe,-702
CLSID={871C5380-42A0-1069-A2EA-08002B30309D}





The way to bypass it, is to rename it using the properties panel thing.
Then, after renaming, you know its filename, so you can go in via dos and remove it. (this can be counteracted by starting the filename for the folder with a . ie. .Desktop.ini)

Then you can counteract that counteractiion by using CD L* for some letters. This can be counteracted by Naming it like something that already exists. ie. Window.30039 Hitting Wind* would take you to C:\Windows, not C:\Window.30039 (the dot stops it from being Changed to something known, and since its longer, Windows is always used rather then it).

What i'm not sure about, is wether or not the permissions tab will let you use it. I know cacls requires the filename, but the new folder doesn't seem to have any of the normal tabs that it would have, so id say that it wouldn't have one. (i'll check it tomorrow tho).

What i'm also not sure about is whether the folders name is revealed by the drive mapping. (hopefully not). If it is, then i'll probably keep the secret folder between me and a few friends. If not, then i'll tell a few assosiates as well. (its just that i don't want an admin finding out... Better to give them no reson to look, then to make it completely invisible)

One question: Will a computer continue to share when logged off?

/me is looking at the string table. Very neat trick.
Also, have you looked at 22032 to 22047? Very nice little ones there :-)

Look at 28684 -> "You do not have sufficient rights to perform this operation"
:-)

me.respectfor(Extrarius)++;

One problem with this method tho: A dir /A H shows it. Which is a problem.... Assuming the admin knows how to use DIR properly. If only i knew how magic folders worked...

From,
Nice coder

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
Net view doesn't work.

I keep getting an access denied message.

The desktop.ini trick works tho.

Any way of getting net use \\Path\Otherpath, to change the caption of it?

Also, attrib +S +H +R doesn't show up on the comps at all. I'm not sure if thats a user setting or a windows-wide thing, but its nifty.

And is there a way to stop net use /delete from removing a network drive?

From,
Nice coder

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
Fascinating trick to use IE CLSID in desktop.ini. When I tried this and used Windows Explorer, it indicated that it was still a folder. Is there any way of fooling Windows Explorer to show the folder as something else, for instance a Shortcut, and change it's size to 1KB? That would make the trick much more convincing.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this