属性删除
**0环代码**
#define CTL_SETARRDELETE_PATH IRP_IOCTRL_CODE(4)
...
...
NTSTATUS SetArrDeleteIoCall(char* szFilePath) {
NTSTATUS ntSTATUS = STATUS_SUCCESS;
//文件句柄
HANDLE hFile = NULL;
//文件属性结构体
FILE_STANDARD_INFORMATION fsi = { 0 };
FILE_POSITION_INFORMATION fpi = { 0 };
FILE_DISPOSITION_INFORMATION fdi = { 0 };//这个结构体中有DeleteFile成员
//完成状态
IO_STATUS_BLOCK Iostatus = { 0 };
//对象属性
OBJECT_ATTRIBUTES ObjectAtt = { 0 };
ANSI_STRING asFilePath = { 0 };
UNICODE_STRING usFilePath = { 0 };
UNICODE_STRING usDriverFilePath = { 0 };
UNICODE_STRING usDrvPath = { 0 };
WCHAR wcBuffer[256];
ULONG wcbufferLen = 256 * sizeof(WCHAR);
RtlInitEmptyUnicodeString(&usDrvPath, &wcBuffer, wcbufferLen);
RtlInitUnicodeString(&usDriverFilePath, L"\\??\\");
RtlInitAnsiString(&asFilePath, szFilePath);
RtlAnsiStringToUnicodeString(&usFilePath, &asFilePath, TRUE);
RtlAppendUnicodeStringToString(&usDrvPath, &usDriverFilePath);
RtlAppendUnicodeStringToString(&usDrvPath, &usFilePath);
RtlFreeUnicodeString(&usFilePath);
InitializeObjectAttributes(&ObjectAtt, &usDrvPath, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL);
ntSTATUS = ZwCreateFile(&hFile, GENERIC_ALL, &ObjectAtt, &Iostatus, NULL, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_WRITE, FILE_OPEN, FILE_SYNCHRONOUS_IO_NONALERT|FILE_DELETE_ON_CLOSE, NULL, 0);
if (!NT_SUCCESS(ntSTATUS))
{
return ntSTATUS;
}
fdi.DeleteFile = TRUE;
ntSTATUS = ZwSetInformationFile(hFile, &Iostatus, &fdi, sizeof(FILE_DISPOSITION_INFORMATION), FileDispositionInformation);//设置文件属性
ZwClose(hFile);
return ntSTATUS;
}
...
...
case CTL_SETARRDELETE_PATH: {
ntStatus = SetArrDeleteIoCall(pInputBuffer);
if (NT_SUCCESS(ntStatus))
{
RtlZeroMemory(pOutputBuffer, 1024);
ULONG uRetlength = strlen("Delete Success!");
RtlCopyMemory(pOutputBuffer, "Delete Success!", uRetlength);
pIrp->IoStatus.Status = STATUS_SUCCESS;
pIrp->IoStatus.Information = uRetlength;
IoCompleteRequest(pIrp, IO_NO_INCREMENT);
}
else {
RtlZeroMemory(pOutputBuffer, 1024);
ULONG uRetlength = strlen("Delete Failed!");
RtlCopyMemory(pOutputBuffer, "Delete Failed!", uRetlength);
pIrp->IoStatus.Status = STATUS_SUCCESS;
pIrp->IoStatus.Information = uRetlength;
IoCompleteRequest(pIrp, IO_NO_INCREMENT);
}
return STATUS_SUCCESS;
}
3环代码
case'6': {
RetNumber = 0;
memset(InputBuffer, 0, sizeof(InputBuffer));
memset(OutputBuffer, 0, sizeof(OutputBuffer));
printf("请输入需要删除的文件路径:\n");
scanf("%s", InputBuffer);
DeviceIoControl(hDriver, CTL_SETARRDELETE_PATH, InputBuffer, sizeof(InputBuffer), OutputBuffer, sizeof(OutputBuffer), &RetNumber, NULL);
printf("返回数据: % s\n", OutputBuffer);
system("pause");
break;
}
重命名
#define CTL_RENAME_SPATH IRP_IOCTRL_CODE(12)
#define CTL_RENAME_DPATH IRP_IOCTRL_CODE(13)
...
...
NTSTATUS ReNameFileIoCall(char* szFileName) {
NTSTATUS ntSTATUS = STATUS_SUCCESS;
//文件句柄
HANDLE hFile = NULL;
//文件属性结构体
FILE_STANDARD_INFORMATION fsi = { 0 };
FILE_POSITION_INFORMATION fpi = { 0 };
FILE_DISPOSITION_INFORMATION fdi = { 0 };
PFILE_RENAME_INFORMATION pFri = NULL;
//计算结构体长度
ULONG uFriLength = sizeof(PFILE_RENAME_INFORMATION) * 1024;
//申请内存
pFri = (PFILE_RENAME_INFORMATION)ExAllocatePool(NonPagedPool, uFriLength);
//判断申请内存是否成功
if (pFri==NULL)
{
ntSTATUS = 1;
return ntSTATUS;
}
//完成状态
IO_STATUS_BLOCK Iostatus = { 0 };
//对象属性
OBJECT_ATTRIBUTES ObjectAtt = { 0 };
ANSI_STRING asFilePath = { 0 };
UNICODE_STRING usFilePath = { 0 };
UNICODE_STRING usDriverFilePath = { 0 };
UNICODE_STRING usDrvPath = { 0 };
WCHAR wcBuffer[256];
ULONG wcbufferLen = 256 * sizeof(WCHAR);
RtlInitEmptyUnicodeString(&usDrvPath, &wcBuffer, wcbufferLen);
RtlInitUnicodeString(&usDriverFilePath, L"\\??\\");
RtlInitAnsiString(&asFilePath, g_FilePath);
RtlAnsiStringToUnicodeString(&usFilePath, &asFilePath, TRUE);
RtlAppendUnicodeStringToString(&usDrvPath, &usDriverFilePath);
RtlAppendUnicodeStringToString(&usDrvPath, &usFilePath);
//把文件名转换成UNICODE_STRING
ANSI_STRING asFileName = { 0 };
UNICODE_STRING usDrvFileName = { 0 };
//把重命名的字符串转换成UNICODE_STRING
RtlInitAnsiString(&asFileName, szFileName);
RtlAnsiStringToUnicodeString(&usDrvFileName, &asFileName, TRUE);
RtlZeroMemory(pFri, uFriLength);
//对pFri结构体进行赋值
pFri->FileNameLength = usDrvFileName.Length;
wcscpy(pFri->FileName, usDrvFileName.Buffer);
pFri->ReplaceIfExists = 0;
pFri->RootDirectory = NULL;
//初始化对象
InitializeObjectAttributes(&ObjectAtt, &usDrvPath, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL);
ntSTATUS = ZwCreateFile(&hFile, GENERIC_ALL, &ObjectAtt, &Iostatus, NULL, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_WRITE, FILE_OPEN, FILE_SYNCHRONOUS_IO_NONALERT |FILE_NO_INTERMEDIATE_BUFFERING, NULL, 0);
if (!NT_SUCCESS(ntSTATUS))
{
ExFreePool(pFri);
return ntSTATUS;
}
//设置文件属性
ntSTATUS = ZwSetInformationFile(hFile,&Iostatus,pFri,uFriLength,FileRenameInformation);
RtlFreeUnicodeString(&usDrvFileName);
ExFreePool(pFri);
ZwClose(hFile);
return ntSTATUS;
}
...
...
case CTL_RENAME_SPATH: {
RtlZeroMemory(g_FilePath, 0x256);
RtlCopyMemory(g_FilePath, pInputBuffer, uInputLength);
RtlZeroMemory(pOutputBuffer, 1024);
ULONG uRetlength = strlen("Success!");
RtlCopyMemory(pOutputBuffer, "Success!", uRetlength);
pIrp->IoStatus.Status = STATUS_SUCCESS;
pIrp->IoStatus.Information = uRetlength;
IoCompleteRequest(pIrp, IO_NO_INCREMENT);
return STATUS_SUCCESS;
}
case CTL_RENAME_DPATH: {
ntStatus = ReNameFileIoCall(pInputBuffer);
if (NT_SUCCESS(ntStatus))
{
RtlZeroMemory(pOutputBuffer, 1024);
ULONG uRetlength = strlen("Rename Success");
RtlCopyMemory(pOutputBuffer, "Rename Success", uRetlength);
pIrp->IoStatus.Status = STATUS_SUCCESS;
pIrp->IoStatus.Information = uRetlength;
IoCompleteRequest(pIrp, IO_NO_INCREMENT);
}
else {
RtlZeroMemory(pOutputBuffer, 1024);
ULONG uRetlength = strlen("Rename Failed!");
RtlCopyMemory(pOutputBuffer, "Rename Failed!", uRetlength);
pIrp->IoStatus.Status = STATUS_SUCCESS;
pIrp->IoStatus.Information = uRetlength;
IoCompleteRequest(pIrp, IO_NO_INCREMENT);
}
return STATUS_SUCCESS;
}
3环代码
case'A': {
memset(Sfilepath, 0, sizeof(InputBuffer));
memset(Dfilepath, 0, sizeof(OutputBuffer));
memset(OutputBuffer, 0, sizeof(OutputBuffer));
printf("请输入需要重命名的文件路径:\n");
scanf("%s", Sfilepath);
printf("\n请输入目的文件新的名称 :\n");
scanf("%s", Dfilepath);
DeviceIoControl(hDriver, CTL_RENAME_SPATH, Sfilepath, sizeof(Sfilepath), OutputBuffer, sizeof(OutputBuffer), &RetNumber, NULL);
if (!strcmp(OutputBuffer, "Success!"))
{
memset(OutputBuffer, 0, sizeof(OutputBuffer));
DeviceIoControl(hDriver, CTL_RENAME_DPATH, Dfilepath, sizeof(Dfilepath), OutputBuffer, sizeof(OutputBuffer), &RetNumber, NULL);
printf("%s\n", OutputBuffer);
system("pause");
}
break;
}
这种删除只是和3环的删除一样,如果有些文件有保护就删不了,并不是360、火绒那种强删
雷达卡
发表于 2025-3-9 17:53:29
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶