I want to delete an executable file while it is executing itself on Windows. I don't think that'll do any harm on the process as the same can be done by executing '.exe' from USB and then removing it - which doesn't affect the process in anyway.
I tried the most simple way without a luck:
extern wchar_t *pExePath;
DeleteFileW(pExePath);
Then I tried using native API:
UNICODE_STRING name;
static wchar_t strdrvPrefis [] {L"\\??\\"};
static wchar_t strObjectName[MAX_PATH];
name.Length = (name.MaximumLength = wcslen(pExePath) * sizeof(wchar_t) + (sizeof(strdrvPrefis) - sizeof(wchar_t)));
name.Buffer = strObjectName;
OBJECT_ATTRIBUTES objFile{};
objFile.Length = sizeof(OBJECT_ATTRIBUTES);
objFile.ObjectName = &name;
wcscat(strObjectName, strdrvPrefis);
wcscat(strObjectName, pExePath);
NtDeleteFile(&objFile);
Which fails with ACCES_DENIED if I rember corectly.
Then I tried 'NtFsControlFile' but without success too:
HANDLE hFile;
IO_STATUS_BLOCK info;
NTSTATUS RetNt = NtOpenFile(&hFile, FILE_READ_DATA | FILE_WRITE_DATA, &objFile, &info, 0, FILE_NON_DIRECTORY_FILE | FILE_RANDOM_ACCESS | FILE_OPEN_REPARSE_POINT | FILE_NO_INTERMEDIATE_BUFFERING);
RetNt = NtFsControlFile(hFile, nullptr, nullptr, nullptr, &info, 0x000900A0 /*FSCTL_DELETE_OBJECT_ID*/, nullptr, 0, nullptr, 0);
NtClose(hFile);
Right now the above snippet will fail at 'NtOpenFile'. If I remove 'FILE_WRITE_DATA' from it's second argument then 'NtFsControlFile' will fail with 'STATUS_ACCESS_DENIED'.
Any ideas how to achieve this?
I'm using VC++ 2013.
Aucun commentaire:
Enregistrer un commentaire