GetModuleFileName. Pass NULL in the first parameter.

http://msdn.microsoft.com/en-us/library/ms683197(VS.85).aspx

Perfectly understandable Tzuk. Although, Sandboxie does a fine job of assisting in malware research. You've really got one fantastic little program.

I will be purchasing a license for it very soon. Your a professional author and have gone out of your way as far as I'm concerned to answer my question.

Thanks again!

Little it may be, but as we say round here, it's not the amount of code in the fight that counts, but the amount of fight in the code!

Just passing, don't mind me

Cheers, all.
Dynarx

Would be anyone able to code the same stuff tzuk did but in Delphi?

I'm a home and hobby Delphi coder but always have problems to read this C/C++ stuff.

I´m in the same situation.

After some tries, I'm not able to convert this code to Delphi.

http://www.megaupload.com/?d=EDI97UO3

There you can get a working DLL to avoid file deletion with source code included in Delphi.

I was unable to convert tzuk´s code so I used a hooking unit from other person.

tzuk: a question...

I tried to hook NtSetInformationFile from ntdll.dll but Sandboxie rejects to inject the DLL and aborts opening a sandbox.

Why does it happen?

up!

I don't know why it happens.

Fixed, thanks!

What about NtSetInformationFile from ntdll.dll? Do you know why it happens?

I don't know why it happens.

Sorry, I thought you were meaning other thing.

If I send you the DLL could you check what´s going wrong?

No, Buster, I am sorry but I don't think that's a good idea for me to debug your DLL.