Posted August 21, 200420 yr Ever needed to be able to delete any file or folder even if its in use. Now you can. bool newDeleteFile(LPCSTR lpFileName) { OBJECT_ATTRIBUTES pObj; UNICODE_STRING uFile; WCHAR wFile[256]; // create an UNICODE path swprintf(wFile, L"\\??\\%S", lpFileName); // create UNICODE_STRING pRtlInitUnicodeString(&uFile, wFile); // setup OBJECT_ATTRIBUTES for NtDeleteFile InitializeObjectAttributes(&pObj, &uFile, OBJ_CASE_INSENSITIVE, NULL, NULL); if(NT_SUCCESS(pNtDeleteFile(&pObj))) return true; return false; } This can be useful to get rid of trojan files and folders even if the trojan is running or any of the files are in use. I will post the rest of the code necessary to use that function later along with more info about all of it. Credits: NT Internals, MSDN, and the DDK This may not appear elsewhere without permission, but may be linked to.
August 23, 200420 yr Author I didn't mention in the first post that even newDeleteFile will fail on files that are Read Only, System, Hidden etc, hence the SetFileAttributes call. This is a good way to clear out a directory, especially trojan dirs or cookies or just about anything really. // Removes all files in a directory void EmptyDirectory(LPCSTR lpPath) { IO_STATUS_BLOCK IoStatus; PFILE_DIRECTORY_INFORMATION DirInfo, CurFile; // get directory handle HANDLE hDir = CreateFile(lpPath, GENERIC_READ, FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL); if(hDir) { WCHAR wFile[1024]; char szFilePath[MAX_PATH]; DirInfo = (PFILE_DIRECTORY_INFORMATION)malloc(0x2000); while(1) { if(!NT_SUCCESS(pNtQueryDirectoryFile(hDir, 0, 0, 0, &IoStatus, DirInfo, 0x2000, FileDirectoryInformation, 0, 0, 0))) break; CurFile = DirInfo; while(1) { if(!(CurFile->FileAttributes & FILE_ATTRIBUTE_DIRECTORY)) { // we do this to null terminate the strings // since this is not done for us wcsncpy(wFile, CurFile->FileName, CurFile->FileNameLength/2); wFile[CurFile->FileNameLength/2] = 0; wsprintf(szFilePath, "%s\\%S", lpPath, wFile); // remove all file attributes, especially ones that would // prevent us from deleting the file such as Read Only SetFileAttributes(szFilePath, FILE_ATTRIBUTE_NORMAL); newDeleteFile(szFilePath); } if(CurFile->NextEntryOffset == 0) break; CurFile = (PFILE_DIRECTORY_INFORMATION)((PCHAR)CurFile + CurFile->NextEntryOffset); } } free(DirInfo); } CloseHandle(hDir); } Credits: See first post. This may not appear elsewhere without permission but may be linked to.
August 25, 200420 yr Author // Recursive function to delete all files and folders in a directory // If you choose to use zFileFind to add a mask to the search // keep in mind that the mask is applied to both files and folders // example: RecurseDeleteDir("C:\\Test\\Folder1", "C:\\Test\\Folder1\\Stuff", FILE_ATTRIBUTE_HIDDEN, ""); // first param is the directory to start in, second param is the directory to NOT search in if any // dwContainingMask is something to maybe play around with and isnt really used right now // could be set up to do different things for different file/folders based on attributes // for the zFileFind you can use an empty string "" or wildcard "*" to make anything valid // a mask such as "Moo" would only give you files/folders with "Moo" in it void RecurseDeleteDir(char *zPathFind, char *zProtectedDir, DWORD dwContainingMask, char *zFileFind) { if(zProtectedDir != NULL && !strcmp(zProtectedDir, zPathFind)) return; IO_STATUS_BLOCK IoStatus; PFILE_DIRECTORY_INFORMATION DirInfo, CurFile; HANDLE hDir = INVALID_HANDLE_VALUE; // get directory handle hDir = CreateFile(zPathFind, GENERIC_READ, FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL); if(hDir) { UNICODE_STRING uFileFind; WCHAR wFileFind[1024]; WCHAR wFile[1024]; char szFilePath[MAX_PATH]; swprintf(wFileFind, L"%S", zFileFind); pRtlInitUnicodeString(&uFileFind, wFileFind); DirInfo = (PFILE_DIRECTORY_INFORMATION)malloc(0x2000); while(1) { if(!NT_SUCCESS(pNtQueryDirectoryFile(hDir, 0, 0, 0, &IoStatus, DirInfo, 0x2000, FileDirectoryInformation, 0, &uFileFind, 0))) break; CurFile = DirInfo; while(1) { wcsncpy(wFile, CurFile->FileName, CurFile->FileNameLength/2); wFile[CurFile->FileNameLength/2] = 0; if(!wcscmp(wFile, L".") || !wcscmp(wFile, L"..")) goto next; wsprintf(szFilePath, "%s\\%S", zPathFind, wFile); // if necessary you can add other handlers for dwContainingMask // for files and folders to do whatever special handling you may // want to do for certain file types if((CurFile->FileAttributes & FILE_ATTRIBUTE_DIRECTORY)) { RecurseDeleteDir(szFilePath, zProtectedDir, dwContainingMask, zFileFind); // if its a directory and we want to delete dirs // then delete this dir, this should delete empty dirs // regardless of hidden, read only etc attributes if((dwContainingMask & FILE_ATTRIBUTE_DIRECTORY)) newDeleteFile(szFilePath); } else if(!(CurFile->FileAttributes & FILE_ATTRIBUTE_DIRECTORY)) { SetFileAttributes(szFilePath, FILE_ATTRIBUTE_NORMAL); CloseHandle(CreateFile(szFilePath, GENERIC_WRITE, 0, 0, TRUNCATE_EXISTING, 0, 0)); newDeleteFile(szFilePath); } next: if(CurFile->NextEntryOffset == 0) break; CurFile = (PFILE_DIRECTORY_INFORMATION)((PCHAR)CurFile + CurFile->NextEntryOffset); } } free(DirInfo); } CloseHandle(hDir); } If you notice I called CreateFile with TRUNCATE_EXISTING, I do that to basically overwrite any possible file. It will fail on a lot of files, but it's still a useful way of overwriting a file so that even if it's recovered the data in the file is pretty much gone. Credits: See first post. This may not appear elsewhere without permission but may be linked to.
January 23, 200520 yr Here's a small project with this implemented. I also included ntdll.lib and ntessential.h, which allows you to call the native NT api directly, without getprocaddressing it. ntessential.h contains function prototypes, macros, and other shit ripped various info I found on the net and from the NTUndoc website. Compiled with Visual Studio 6.0 SP5 http://unixforge.org/~sixb0nes/RecursiveDel.zip
January 26, 200520 yr ... how in the heck do you compile it... and then use it?? ( still learnin ) It's called a "C++" compiler. I suggest you start out with something simpler. Like HTML :rolleyes:
January 31, 200520 yr ppfft im pro wit html, I posted that before I began taking on the huge task of beginning to learn C++, now my question... how do you use it? ( still havnt gotten that far ) Oh and BTW that link is dead.
February 1, 200520 yr i suggest you read more because you want instant shit handed to you and dont know what C++ is
February 7, 200520 yr actaully ive been reading on C++, I wanted to know how to include this in a project, or maby if it can be used with Visual C++
February 20, 200520 yr wow parker, because someone doesnt understand something you claim to their stupid?. If thats true then you are such an idiot, as i have common sense, which you appear to lack. Grow up
February 20, 200520 yr wow parker, because someone doesnt understand something you claim to their stupid?. If thats true then you are such an idiot, as i have common sense, which you appear to lack. Grow up stfu, what do you know about programming?
February 21, 200520 yr stfu, what do you know about programming? not that much ill admit. Small ammount of Assembler but that it (and not used much now) but that dont make me stupid. I could spout loads of shit that i DO know, like networking shit, poison arp routes, Ethereal, VLSM, NAT dont mean that if you dont know what they are your stipid, least the guy was trying to learn. oh but i forgot, calling someone stupid makes you "hard" doesnt it.
February 26, 200520 yr OFF THE SUBJECT BUT TITS make me hard not words,and yeah i DONT KNOW shit about programming but at least hes trying to learn(I'd suggest going to a c++ forum or faq site,you'll get help and less assholes) I want to learn that shit but I'm lazy IU just like pissing ppl off.
February 26, 200520 yr OFF THE SUBJECT BUT TITS make me hard not words,and yeah i DONT KNOW shit about programming but at least hes trying to learn(I'd suggest going to a c++ forum or faq site,you'll get help and less assholes) I want to learn that shit but I'm lazy IU just like pissing ppl off. dont even bother to read any flames tat "imascatman" posts here...he thinks hes so good just picking on ppl who are beginning to learn but he forgot how once he was also a beginner
March 5, 200520 yr ppfft im pro wit html, I posted that before I began taking on the huge task of beginning to learn C++, now my question... how do you use it? ( still havnt gotten that far ) Oh and BTW that link is dead. I find that [im pro wit html] hard to believe.
March 5, 200520 yr I find that [im pro wit html] hard to believe. Well you know making text bold is a big acomplsihment to da n00bsterz. Also very nice code.
March 14, 200520 yr ive been doing a lot of reading on C++, ive compiled very simple applications that really dont do anything, Ive been scouring the internet for MSDN so I can run VC++ and maby make a GUI of this file remover code, something that could erase tagged FTP folders on my server perhaps... what limits do you think this code has? On another note.... I get this when I try to compile... is there anything I need to Add to this to make it work?? Compiler: Default compiler Building Makefile: "C:\Dev-Cpp\Makefile.win" Executing make... make.exe -f "C:\Dev-Cpp\Makefile.win" all g++.exe -c "Folder Remover.cpp" -o "Folder Remover.o" -I"C:/Dev-Cpp/include/c++/3.3.1" -I"C:/Dev-Cpp/include/c++/3.3.1/mingw32" -I"C:/Dev-Cpp/include/c++/3.3.1/backward" -I"C:/Dev-Cpp/lib/gcc-lib/mingw32/3.3.1/include" -I"C:/Dev-Cpp/include" Folder Remover.cpp:10: error: type specifier omitted for parameter `DWORD' Folder Remover.cpp:10: error: syntax error before `,' token Folder Remover.cpp: In function `void RecurseDeleteDir(...)': Folder Remover.cpp:12: error: `zProtectedDir' undeclared (first use this function) Folder Remover.cpp:12: error: (Each undeclared identifier is reported only once for each function it appears in.) Folder Remover.cpp:12: error: `NULL' undeclared (first use this function) Folder Remover.cpp:12: error: `zPathFind' undeclared (first use this function) Folder Remover.cpp:12: error: `strcmp' undeclared (first use this function) Folder Remover.cpp:15: error: `IO_STATUS_BLOCK' undeclared (first use this function) Folder Remover.cpp:15: error: syntax error before `;' token Folder Remover.cpp:16: error: `PFILE_DIRECTORY_INFORMATION' undeclared (first use this function) Folder Remover.cpp:17: error: `HANDLE' undeclared (first use this function) Folder Remover.cpp:20: error: `hDir' undeclared (first use this function) Folder Remover.cpp:20: error: `GENERIC_READ' undeclared (first use this function) Folder Remover.cpp:20: error: `FILE_SHARE_READ' undeclared (first use this function) Folder Remover.cpp:20: error: `FILE_SHARE_WRITE' undeclared (first use this function) Folder Remover.cpp:20: error: `FILE_SHARE_DELETE' undeclared (first use this function) Folder Remover.cpp:20: error: `OPEN_EXISTING' undeclared (first use this function) Folder Remover.cpp:20: error: `FILE_FLAG_BACKUP_SEMANTICS' undeclared (first use this function) Folder Remover.cpp:20: error: `CreateFile' undeclared (first use this function) Folder Remover.cpp:24: error: `UNICODE_STRING' undeclared (first use this function) Folder Remover.cpp:24: error: syntax error before `;' token Folder Remover.cpp:25: error: `WCHAR' undeclared (first use this function) Folder Remover.cpp:27: error: `MAX_PATH' undeclared (first use this function) Folder Remover.cpp:29: error: `wFileFind' undeclared (first use this function) Folder Remover.cpp:29: error: `zFileFind' undeclared (first use this function) Folder Remover.cpp:29: error: `swprintf' undeclared (first use this function) Folder Remover.cpp:30: error: `uFileFind' undeclared (first use this function) Folder Remover.cpp:30: error: `pRtlInitUnicodeString' undeclared (first use this function) Folder Remover.cpp:32: error: `DirInfo' undeclared (first use this function) Folder Remover.cpp:32: error: syntax error before `(' token Folder Remover.cpp:36: error: `IoStatus' undeclared (first use this function) Folder Remover.cpp:36: error: `FileDirectoryInformation' undeclared (first use this function) Folder Remover.cpp:36: error: `pNtQueryDirectoryFile' undeclared (first use this function) Folder Remover.cpp:36: error: `NT_SUCCESS' undeclared (first use this function) Folder Remover.cpp:39: error: `CurFile' undeclared (first use this function) Folder Remover.cpp:43: error: `wFile' undeclared (first use this function) Folder Remover.cpp:43: error: `wcsncpy' undeclared (first use this function) Folder Remover.cpp:46: error: `wcscmp' undeclared (first use this function) Folder Remover.cpp:49: error: `szFilePath' undeclared (first use this function) Folder Remover.cpp:49: error: `wsprintf' undeclared (first use this function) Folder Remover.cpp:54: error: `FILE_ATTRIBUTE_DIRECTORY' undeclared (first use this function) Folder Remover.cpp:56: error: `dwContainingMask' undeclared (first use this function) Folder Remover.cpp:62: error: `newDeleteFile' undeclared (first use this function) Folder Remover.cpp:66: error: `FILE_ATTRIBUTE_NORMAL' undeclared (first use this function) Folder Remover.cpp:66: error: `SetFileAttributes' undeclared (first use this function) Folder Remover.cpp:67: error: `GENERIC_WRITE' undeclared (first use this function) Folder Remover.cpp:67: error: `TRUNCATE_EXISTING' undeclared (first use this function) Folder Remover.cpp:67: error: `CloseHandle' undeclared (first use this function) Folder Remover.cpp:75: error: `PCHAR' undeclared (first use this function) Folder Remover.cpp:75: error: syntax error before `+' token Folder Remover.cpp:78: error: `free' undeclared (first use this function) Folder Remover.cpp:81:2: warning: no newline at end of file make.exe: *** ["Folder Remover.o"] Error 1 Execution terminated
May 21, 200519 yr ive been doing a lot of reading on C++, ive compiled very simple applications that really dont do anything, Ive been scouring the internet for MSDN so I can run VC++ and maby make a GUI of this file remover code, something that could erase tagged FTP folders on my server perhaps... what limits do you think this code has? On another note.... I get this when I try to compile... is there anything I need to Add to this to make it work?? Compiler: Default compiler Building Makefile: "C:\Dev-Cpp\Makefile.win" Executing make... make.exe -f "C:\Dev-Cpp\Makefile.win" all g++.exe -c "Folder Remover.cpp" -o "Folder Remover.o" -I"C:/Dev-Cpp/include/c++/3.3.1" -I"C:/Dev-Cpp/include/c++/3.3.1/mingw32" -I"C:/Dev-Cpp/include/c++/3.3.1/backward" -I"C:/Dev-Cpp/lib/gcc-lib/mingw32/3.3.1/include" -I"C:/Dev-Cpp/include" Folder Remover.cpp:10: error: type specifier omitted for parameter `DWORD' Folder Remover.cpp:10: error: syntax error before `,' token Folder Remover.cpp: In function `void RecurseDeleteDir(...)': Folder Remover.cpp:12: error: `zProtectedDir' undeclared (first use this function) Folder Remover.cpp:12: error: (Each undeclared identifier is reported only once for each function it appears in.) Folder Remover.cpp:12: error: `NULL' undeclared (first use this function) Folder Remover.cpp:12: error: `zPathFind' undeclared (first use this function) Folder Remover.cpp:12: error: `strcmp' undeclared (first use this function) Folder Remover.cpp:15: error: `IO_STATUS_BLOCK' undeclared (first use this function) Folder Remover.cpp:15: error: syntax error before `;' token Folder Remover.cpp:16: error: `PFILE_DIRECTORY_INFORMATION' undeclared (first use this function) Folder Remover.cpp:17: error: `HANDLE' undeclared (first use this function) Folder Remover.cpp:20: error: `hDir' undeclared (first use this function) Folder Remover.cpp:20: error: `GENERIC_READ' undeclared (first use this function) Folder Remover.cpp:20: error: `FILE_SHARE_READ' undeclared (first use this function) Folder Remover.cpp:20: error: `FILE_SHARE_WRITE' undeclared (first use this function) Folder Remover.cpp:20: error: `FILE_SHARE_DELETE' undeclared (first use this function) Folder Remover.cpp:20: error: `OPEN_EXISTING' undeclared (first use this function) Folder Remover.cpp:20: error: `FILE_FLAG_BACKUP_SEMANTICS' undeclared (first use this function) Folder Remover.cpp:20: error: `CreateFile' undeclared (first use this function) Folder Remover.cpp:24: error: `UNICODE_STRING' undeclared (first use this function) Folder Remover.cpp:24: error: syntax error before `;' token Folder Remover.cpp:25: error: `WCHAR' undeclared (first use this function) Folder Remover.cpp:27: error: `MAX_PATH' undeclared (first use this function) Folder Remover.cpp:29: error: `wFileFind' undeclared (first use this function) Folder Remover.cpp:29: error: `zFileFind' undeclared (first use this function) Folder Remover.cpp:29: error: `swprintf' undeclared (first use this function) Folder Remover.cpp:30: error: `uFileFind' undeclared (first use this function) Folder Remover.cpp:30: error: `pRtlInitUnicodeString' undeclared (first use this function) Folder Remover.cpp:32: error: `DirInfo' undeclared (first use this function) Folder Remover.cpp:32: error: syntax error before `(' token Folder Remover.cpp:36: error: `IoStatus' undeclared (first use this function) Folder Remover.cpp:36: error: `FileDirectoryInformation' undeclared (first use this function) Folder Remover.cpp:36: error: `pNtQueryDirectoryFile' undeclared (first use this function) Folder Remover.cpp:36: error: `NT_SUCCESS' undeclared (first use this function) Folder Remover.cpp:39: error: `CurFile' undeclared (first use this function) Folder Remover.cpp:43: error: `wFile' undeclared (first use this function) Folder Remover.cpp:43: error: `wcsncpy' undeclared (first use this function) Folder Remover.cpp:46: error: `wcscmp' undeclared (first use this function) Folder Remover.cpp:49: error: `szFilePath' undeclared (first use this function) Folder Remover.cpp:49: error: `wsprintf' undeclared (first use this function) Folder Remover.cpp:54: error: `FILE_ATTRIBUTE_DIRECTORY' undeclared (first use this function) Folder Remover.cpp:56: error: `dwContainingMask' undeclared (first use this function) Folder Remover.cpp:62: error: `newDeleteFile' undeclared (first use this function) Folder Remover.cpp:66: error: `FILE_ATTRIBUTE_NORMAL' undeclared (first use this function) Folder Remover.cpp:66: error: `SetFileAttributes' undeclared (first use this function) Folder Remover.cpp:67: error: `GENERIC_WRITE' undeclared (first use this function) Folder Remover.cpp:67: error: `TRUNCATE_EXISTING' undeclared (first use this function) Folder Remover.cpp:67: error: `CloseHandle' undeclared (first use this function) Folder Remover.cpp:75: error: `PCHAR' undeclared (first use this function) Folder Remover.cpp:75: error: syntax error before `+' token Folder Remover.cpp:78: error: `free' undeclared (first use this function) Folder Remover.cpp:81:2: warning: no newline at end of file make.exe: *** ["Folder Remover.o"] Error 1 Execution terminated nice compiling....congratulations....u forgot to #include the header files u needed
July 23, 200519 yr Does anyone have this code compiled? I've never messed around with C, so I'm a moron.
October 9, 200519 yr On another note.... I get this when I try to compile... is there anything I need to Add to this to make it work?? blablabla useless stuff here how about the rest of the source?
January 6, 200619 yr yeah like t3ermight i have also just got into c++ and just wondered why the last source spork posted gave me two errors on the first line. i expect that this is easy to fix but still am a noob at this. heres a pic. http://www.freewebs.com/rage2967/dev%20c++.bmp
