1

Sometimes it happens that access to some EXE file is blocked by Windows Defender or others antivirus programs. When you try to start it manually, an error appears as in the screenshot. If you run such files programmatically through the ShellExecute function, then error code 5 (Access denied) is returned.

The question is, is it possible to determine by some function whether it is possible to launch a certain EXE without launching it?

enter image description here

Remy Lebeau
  • 555,201
  • 31
  • 458
  • 770
Tigero
  • 21
  • 2
  • For reference ShellExecute should not be called ever. ShellExecuteEx is always preferred for reasons that are docw. Also, to create a new process using an exe file, call CreateProcess. – David Heffernan Nov 06 '22 at 08:12
  • @David Heffernan yes, but i just want to check EXE without launching it. ShellExecute, ShellExecuteEx and CreateProcess can only be used to launch EXE. – Tigero Nov 06 '22 at 08:18
  • 1
    "*is it possible to .. without launching it?*" - the short answer is, no. – Remy Lebeau Nov 06 '22 at 08:19
  • Windows Defender has an API that you could call from Delphi. Have a look at [Microsoft documentation](https://learn.microsoft.com/en-us/windows/win32/lwef/windows-defender-functions). – fpiette Nov 06 '22 at 08:24
  • 2
    That is by far not the only reason why you can't execute a binary (`ERROR_ACCESS_DENIED` may also result from missing permissions, which must be checked in a different way). Most prominent reason would be `ERROR_FILE_NOT_FOUND`. Another could be `ERROR_BAD_FORMAT` for an unsupported platform/format. There's no universal way to know that beforehand - it's like asking "_will my program ever crash?_" – AmigoJack Nov 06 '22 at 10:35
  • There is also [Antimalware Scan Interface (AMSI)](https://learn.microsoft.com/en-us/windows/win32/amsi/antimalware-scan-interface-portal) on Windows. – Brian Nov 06 '22 at 13:25
  • Also, when you download a file, you may need to right-click on it, choose Properties, and Unblock the file before you can execute it. Windows does not like unsigned applications that you get from elsewhere. – Ron Maupin Nov 06 '22 at 14:57
  • determinate what ? maximum - possible determinate that exe is correct and can run . but already question of dependecies or another conditions due which "normal" execution can fail. determine that program can be blocked by some external agent - impossible. – RbMm Nov 06 '22 at 16:37
  • If you aren't going to launch it, why do you want to know whether or not it can be launched? – David Heffernan Nov 06 '22 at 19:58
  • 1
    The question makes an (implicit) assumption that doesn't hold in practice, namely, that the environment were static. If you were able to implement that check, the result it returns is only valid for as long as the system doesn't change (e.g. by updating the antimalware's signature database). When it comes to actually launching the application you're going to have to be prepared for failure, regardless of whether you checked before. The easiest way forward is to just scrap this idea altogether. – IInspectable Nov 07 '22 at 09:54

0 Answers0