Píšeme kernel Driver - mažeme súbory.
Napíšeme si driver na vytváranie a zápis do súboru.
Celý postup je uverejnený na videu nižšie.
Pred tým, než začneme je nutné nainštalovať:
-> WDK (Windows Driver Kit)
a programy:
-> OSRLoader
-> Driver Signature Enforcement Overrider
Kód:
#include "Ntifs.h" DRIVER_INITIALIZE DriverEntry; NTSTATUS DriverEntry(PDRIVER_OBJECT PObject, PUNICODE_STRING PUcode) { NTSTATUS ntstatus; UNICODE_STRING dfileuniName; OBJECT_ATTRIBUTES dfileobjAtt; HANDLE handle; //Init data buffer of files to delete.// PCWSTR Buffer[] = { L"\\??\\c:\\test\\info.txt", L"\\??\\C:\\test\\ollydbg.exe", L"\\??\\C:\\test\\ollydbg.ini" }; //Get size of the buffer.// int buffersize = sizeof(Buffer) / sizeof(PCWSTR); //Iterating for all proccess in the buffer.// for (int i = 0; i < buffersize; i++) { //Init string name of files as unicode. Move values into "dfileuniName".// RtlInitUnicodeString(&dfileuniName, Buffer[i]); //Init objects for OBJ_CASE_INSENSITIVE / OBJ_KERNEL_HANDLE.// InitializeObjectAttributes(&dfileobjAtt, &dfileuniName, OBJ_CASE_INSENSITIVE |
OBJ_KERNEL_HANDLE, NULL, NULL); //Call ZwDeleteFile.// ntstatus = ZwDeleteFile(&dfileobjAtt); } return STATUS_SUCCESS; }
Video - delete files:
Video - delete files: