made console application example

master v1
_xeroxz 4 years ago
parent 3ed3a30c71
commit e0b6e3b2af

@ -1,5 +1,6 @@
#include <ntifs.h>
// https://github.com/DragonQuestHero/Kernel-Force-Delete
using ObReferenceObjectByHandleType = decltype(&ObReferenceObjectByHandle);
using ObfDereferenceObjectType = decltype(&ObfDereferenceObject);
using ZwCloseType = decltype(&ZwClose);

@ -1,38 +1,10 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|ARM">
<Configuration>Debug</Configuration>
<Platform>ARM</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|ARM">
<Configuration>Release</Configuration>
<Platform>ARM</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|ARM64">
<Configuration>Debug</Configuration>
<Platform>ARM64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|ARM64">
<Configuration>Release</Configuration>
<Platform>ARM64</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup Label="Globals">
<ProjectGuid>{9DB808DB-1CDD-4787-94DF-52D12E781348}</ProjectGuid>
@ -42,33 +14,9 @@
<Configuration>Debug</Configuration>
<Platform Condition="'$(Platform)' == ''">Win32</Platform>
<RootNamespace>fdelete_km</RootNamespace>
<WindowsTargetPlatformVersion>$(LatestTargetPlatformVersion)</WindowsTargetPlatformVersion>
<WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<TargetVersion>Windows10</TargetVersion>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
<ConfigurationType>Driver</ConfigurationType>
<DriverType>KMDF</DriverType>
<DriverTargetPlatform>Universal</DriverTargetPlatform>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<TargetVersion>Windows10</TargetVersion>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
<ConfigurationType>Driver</ConfigurationType>
<DriverType>KMDF</DriverType>
<DriverTargetPlatform>Universal</DriverTargetPlatform>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<TargetVersion>Windows10</TargetVersion>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
<ConfigurationType>Driver</ConfigurationType>
<DriverType>KMDF</DriverType>
<DriverTargetPlatform>Universal</DriverTargetPlatform>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<TargetVersion>Windows10</TargetVersion>
<UseDebugLibraries>false</UseDebugLibraries>
@ -78,38 +26,6 @@
<DriverTargetPlatform>Universal</DriverTargetPlatform>
<Driver_SpectreMitigation>false</Driver_SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="Configuration">
<TargetVersion>Windows10</TargetVersion>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
<ConfigurationType>Driver</ConfigurationType>
<DriverType>KMDF</DriverType>
<DriverTargetPlatform>Universal</DriverTargetPlatform>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="Configuration">
<TargetVersion>Windows10</TargetVersion>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
<ConfigurationType>Driver</ConfigurationType>
<DriverType>KMDF</DriverType>
<DriverTargetPlatform>Universal</DriverTargetPlatform>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
<TargetVersion>Windows10</TargetVersion>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
<ConfigurationType>Driver</ConfigurationType>
<DriverType>KMDF</DriverType>
<DriverTargetPlatform>Universal</DriverTargetPlatform>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
<TargetVersion>Windows10</TargetVersion>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
<ConfigurationType>Driver</ConfigurationType>
<DriverType>KMDF</DriverType>
<DriverTargetPlatform>Universal</DriverTargetPlatform>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
</ImportGroup>
@ -118,31 +34,10 @@
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<PropertyGroup />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
<EnableInf2cat>false</EnableInf2cat>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">
<DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
<DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
<DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
<DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
<LanguageStandard>stdcpp17</LanguageStandard>

@ -9,53 +9,14 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "fdelete-km", "fdelete-km\fd
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|ARM = Debug|ARM
Debug|ARM64 = Debug|ARM64
Debug|x64 = Debug|x64
Debug|x86 = Debug|x86
Release|ARM = Release|ARM
Release|ARM64 = Release|ARM64
Release|x64 = Release|x64
Release|x86 = Release|x86
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{6310781F-8D12-437E-A9D5-93380DE21111}.Debug|ARM.ActiveCfg = Release|x64
{6310781F-8D12-437E-A9D5-93380DE21111}.Debug|ARM.Build.0 = Release|x64
{6310781F-8D12-437E-A9D5-93380DE21111}.Debug|ARM64.ActiveCfg = Release|x64
{6310781F-8D12-437E-A9D5-93380DE21111}.Debug|ARM64.Build.0 = Release|x64
{6310781F-8D12-437E-A9D5-93380DE21111}.Debug|x64.ActiveCfg = Release|x64
{6310781F-8D12-437E-A9D5-93380DE21111}.Debug|x64.Build.0 = Release|x64
{6310781F-8D12-437E-A9D5-93380DE21111}.Debug|x86.ActiveCfg = Release|x64
{6310781F-8D12-437E-A9D5-93380DE21111}.Debug|x86.Build.0 = Release|x64
{6310781F-8D12-437E-A9D5-93380DE21111}.Release|ARM.ActiveCfg = Release|x64
{6310781F-8D12-437E-A9D5-93380DE21111}.Release|ARM64.ActiveCfg = Release|x64
{6310781F-8D12-437E-A9D5-93380DE21111}.Release|x64.ActiveCfg = Release|x64
{6310781F-8D12-437E-A9D5-93380DE21111}.Release|x64.Build.0 = Release|x64
{6310781F-8D12-437E-A9D5-93380DE21111}.Release|x86.ActiveCfg = Release|x64
{9DB808DB-1CDD-4787-94DF-52D12E781348}.Debug|ARM.ActiveCfg = Debug|ARM
{9DB808DB-1CDD-4787-94DF-52D12E781348}.Debug|ARM.Build.0 = Debug|ARM
{9DB808DB-1CDD-4787-94DF-52D12E781348}.Debug|ARM.Deploy.0 = Debug|ARM
{9DB808DB-1CDD-4787-94DF-52D12E781348}.Debug|ARM64.ActiveCfg = Debug|ARM64
{9DB808DB-1CDD-4787-94DF-52D12E781348}.Debug|ARM64.Build.0 = Debug|ARM64
{9DB808DB-1CDD-4787-94DF-52D12E781348}.Debug|ARM64.Deploy.0 = Debug|ARM64
{9DB808DB-1CDD-4787-94DF-52D12E781348}.Debug|x64.ActiveCfg = Debug|x64
{9DB808DB-1CDD-4787-94DF-52D12E781348}.Debug|x64.Build.0 = Debug|x64
{9DB808DB-1CDD-4787-94DF-52D12E781348}.Debug|x64.Deploy.0 = Debug|x64
{9DB808DB-1CDD-4787-94DF-52D12E781348}.Debug|x86.ActiveCfg = Debug|Win32
{9DB808DB-1CDD-4787-94DF-52D12E781348}.Debug|x86.Build.0 = Debug|Win32
{9DB808DB-1CDD-4787-94DF-52D12E781348}.Debug|x86.Deploy.0 = Debug|Win32
{9DB808DB-1CDD-4787-94DF-52D12E781348}.Release|ARM.ActiveCfg = Release|ARM
{9DB808DB-1CDD-4787-94DF-52D12E781348}.Release|ARM.Build.0 = Release|ARM
{9DB808DB-1CDD-4787-94DF-52D12E781348}.Release|ARM.Deploy.0 = Release|ARM
{9DB808DB-1CDD-4787-94DF-52D12E781348}.Release|ARM64.ActiveCfg = Release|ARM64
{9DB808DB-1CDD-4787-94DF-52D12E781348}.Release|ARM64.Build.0 = Release|ARM64
{9DB808DB-1CDD-4787-94DF-52D12E781348}.Release|ARM64.Deploy.0 = Release|ARM64
{9DB808DB-1CDD-4787-94DF-52D12E781348}.Release|x64.ActiveCfg = Release|x64
{9DB808DB-1CDD-4787-94DF-52D12E781348}.Release|x64.Build.0 = Release|x64
{9DB808DB-1CDD-4787-94DF-52D12E781348}.Release|x64.Deploy.0 = Release|x64
{9DB808DB-1CDD-4787-94DF-52D12E781348}.Release|x86.ActiveCfg = Release|Win32
{9DB808DB-1CDD-4787-94DF-52D12E781348}.Release|x86.Build.0 = Release|Win32
{9DB808DB-1CDD-4787-94DF-52D12E781348}.Release|x86.Deploy.0 = Release|Win32
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE

@ -41,7 +41,7 @@
<SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>NDEBUG;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<LanguageStandard>stdcpp17</LanguageStandard>
<LanguageStandard>stdcpplatest</LanguageStandard>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>

@ -1,9 +1,55 @@
#include <Windows.h>
#include <psapi.h>
#include <locale>
#include <codecvt>
#include <string>
#include "fdelete.hpp"
namespace fs = std::filesystem;
auto delete_dir(vdm::vdm_ctx* vdm, const wchar_t* dir_path) -> bool
{
for (auto& file : fs::directory_iterator(dir_path))
{
std::wstring string_path = file.path().wstring();
if (file.is_directory())
{
if (!delete_dir(vdm, string_path.data()))
return false;
}
else
{
if (!fdelete::remove(vdm, string_path.data()))
return false;
else
std::printf("deleted %ws\n", string_path.data());
}
}
try
{
fs::remove(fs::path(dir_path));
}
catch (fs::filesystem_error& fs_error)
{
std::printf("failed to delete directory... reason: %s\n",
fs_error.code().message().c_str());
}
int main()
return true;
}
auto main(int argc, char** argv) -> int
{
if (argc < 2 || (strcmp(argv[1], "--file") && strcmp(argv[1], "--dir")))
{
std::printf("usage: [OPTION] [File Path/Directory Path]\n");
std::printf(" --file, delete a specific file...\n");
std::printf(" --dir, delete an entire directory...\n");
return -1;
}
auto [drv_handle, drv_key, drv_status] = vdm::load_drv();
if (drv_status != STATUS_SUCCESS or drv_handle == INVALID_HANDLE_VALUE)
{
@ -11,6 +57,10 @@ int main()
return -1;
}
std::string file_path(argv[2]);
if (file_path.substr(0, 4).compare("\\??\\") != 0)
file_path = "\\??\\" + file_path;
vdm::read_phys_t _read_phys =
[&](void* addr, void* buffer, std::size_t size) -> bool
{
@ -23,15 +73,16 @@ int main()
return vdm::write_phys(addr, buffer, size);
};
wchar_t process_name[MAX_PATH];
memset(process_name, NULL, MAX_PATH);
vdm::vdm_ctx vdm(_read_phys, _write_phys);
std::wstring wfile_path(file_path.begin(), file_path.end());
GetProcessImageFileNameW(GetCurrentProcess(), process_name, MAX_PATH);
std::printf("file path: %ws\n", process_name);
if (strcmp(argv[1], "--file") == 0)
std::printf("delete %ws result: %d\n",
wfile_path.data(), fdelete::remove(&vdm, wfile_path.data()));
vdm::vdm_ctx vdm(_read_phys, _write_phys);
std::printf("delete file result: %d\n", fdelete::remove(&vdm, process_name));
std::getchar();
if (strcmp(argv[1], "--dir") == 0)
std::printf("deleted %ws result: %d\n",
wfile_path.data(), delete_dir(&vdm, wfile_path.data()));
if ((drv_status = vdm::unload_drv(drv_handle, drv_key)) != STATUS_SUCCESS)
{

Loading…
Cancel
Save