We write kernel driver - we are deleting files.

We write a driver to create and write to a file.
The entire process is posted in the video below.

Before you begin, you need to install:
    -> WDK (Windows Driver Kit)

and programs:
    -> OSRLoader
    -> Driver Signature Enforcement Overrider

Code:

  


   #include "Ntifs.h"

   DRIVER_INITIALIZE DriverEntry;

   NTSTATUS DriverEntry(PDRIVER_OBJECT PObject, PUNICODE_STRING PUcode)
   {
       NTSTATUS ntstatus;
       UNICODE_STRING dfileuniName;
       OBJECT_ATTRIBUTES dfileobjAtt;
       HANDLE handle;

       //Init data buffer of files to delete.//
       PCWSTR Buffer[] = { L"\\??\\c:\\test\\info.txt", 
                   L"\\??\\C:\\test\\ollydbg.exe", 
                   L"\\??\\C:\\test\\ollydbg.ini" 
                 };

           //Get size of the buffer.//
       int buffersize = sizeof(Buffer) / sizeof(PCWSTR);

       //Iterating for all proccess in the buffer.//
       for (int i = 0; i < buffersize; i++)
       {
           //Init string name of files as unicode. Move values into "dfileuniName".//
           RtlInitUnicodeString(&dfileuniName, Buffer[i]);

           //Init objects for OBJ_CASE_INSENSITIVE / OBJ_KERNEL_HANDLE.//
           InitializeObjectAttributes(&dfileobjAtt, &dfileuniName,                                        OBJ_CASE_INSENSITIVE | 
                                      OBJ_KERNEL_HANDLE, NULL, NULL);

           //Call ZwDeleteFile.//
           ntstatus = ZwDeleteFile(&dfileobjAtt);
       }
       return STATUS_SUCCESS;
   }

Video - delete files:
                                                   

Video - delete files:
             

​