Exetools

Exetools (https://forum.exetools.com/index.php)
-   Source Code (https://forum.exetools.com/forumdisplay.php?f=46)
-   -   [C++/NATIVE] inaccessible folder (https://forum.exetools.com/showthread.php?t=17952)

Insid3Code 10-01-2016 05:37
[C++/NATIVE] inaccessible folder
 
1 Attachment(s)
Inaccessible folder inspired from "WinMend Folder Hidden" work.

PHP Code:
#include <windows.h>
#include <ntdll.h>

#ifdef _WIN64
char *captionMsg "64-bit Application";
#else
char *captionMsg "32-bit Application";
#endif

char *statusMsg "FAILED!";

#define MAIN_FOLDER L"\\??\\C:\\Winmend~Folder~Hidden"

wchar_t *folders[] = {
    MAIN_FOLDER,
    MAIN_FOLDER L"\\..." ,
    MAIN_FOLDER L"\\...\\cn"
};

void Report(NTSTATUS NtStatuschar *msgwchar_t *path) {
    char buffer[256] = {0};

    if (NtStatus == 0)
        statusMsg "SUCCESS";

    sprintf(buffer,
            "Task:\t%s\nPath:\t%S\nStatus:\t0x%X (%s)",
            msg,
            path,
            NtStatus,
            statusMsg);

    if (NtStatus == 0)
        MessageBoxA(NULL,
                    buffer,
                    captionMsg,
                    MB_ICONINFORMATION);
    else
        MessageBoxA(NULL,
                    buffer,
                    captionMsg,
                    MB_ICONERROR);
}

int main() {

    NTSTATUS NtStatus;
    HANDLE hTarget;
    UNICODE_STRING ObjectName;
    OBJECT_ATTRIBUTES ObjectAttributes;
    IO_STATUS_BLOCK IoStatusBlock;

    for (int x 03x++) {
        RtlInitUnicodeString(&ObjectNamefolders[x]);
        InitializeObjectAttributes(&ObjectAttributes,
                                   &ObjectName,
                                   OBJ_CASE_INSENSITIVE,
                                   NULL,
                                   NULL);

        NtStatus NtCreateFile(&hTarget,
                                FILE_READ_DATA FILE_WRITE_DATA,
                                &ObjectAttributes,
                                &IoStatusBlock,
                                NULL,
                                FILE_ATTRIBUTE_HIDDEN,
                                FILE_SHARE_READ FILE_SHARE_WRITE,
                                FILE_CREATE,
                                FILE_DIRECTORY_FILE,
                                NULL,
                                0);

        Report(NtStatus"Creating folder..."folders[x]);
        NtClose(hTarget);
    }

    for (int x 2>= 0x--) {
        RtlInitUnicodeString(&ObjectNamefolders[x]);

        InitializeObjectAttributes(&ObjectAttributes,
                                   &ObjectName,
                                   OBJ_CASE_INSENSITIVE,
                                   NULL,
                                   NULL);

        NtStatus NtDeleteFile(&ObjectAttributes);
        Report(NtStatus"Deleting folder..."folders[x]);
    }

    return 0;

Binary and source attached.

chants 10-02-2016 05:31
What if one recreates the first two folders, wouldn't the folder be accessible again?

What is the simplest and fastest and most practical (even using ACL and command line tools) to delete or bring about access to it again?

gigaman 10-02-2016 22:53
The access is "prevented" just by the weird name (...) which many tools don't support. You don't have to use Native API - you can use the ordinary Win32 API, but you need to use the \\?\ prefix with the path.
You can even use the usual command line tools, e.g.
Code:
mkdir \\?\C:\\Winmend~Folder~Hidden\...\cn
or
Code:
rmdir \\?\C:\\Winmend~Folder~Hidden\...\cn
Code:
rmdir \\?\C:\\Winmend~Folder~Hidden\...

Insid3Code 10-03-2016 03:00
Thanks guys!

Yes, this protection used by WinMend Folder Hidden tool can be bypassed by using WinRAR and other tools to explore the inaccessible folder (already known ways) and get the password stored as plaintext also extract hidden files.

Coding this example (C++/Native) is a personel choice as I already tested another ways to access or remove created folders.

ontryit 10-03-2016 13:27
Quote:
Originally Posted by Insid3Code (Post 107303)
Inaccessible folder inspired from "WinMend Folder Hidden" work.

PHP Code:
#include <windows.h>
#include <ntdll.h>

#ifdef _WIN64
char *captionMsg "64-bit Application";
#else
char *captionMsg "32-bit Application";
#endif

char *statusMsg "FAILED!";

#define MAIN_FOLDER L"\\??\\C:\\Winmend~Folder~Hidden"

wchar_t *folders[] = {
    MAIN_FOLDER,
    MAIN_FOLDER L"\\..." ,
    MAIN_FOLDER L"\\...\\cn"
};

void Report(NTSTATUS NtStatuschar *msgwchar_t *path) {
    char buffer[256] = {0};

    if (NtStatus == 0)
        statusMsg "SUCCESS";

    sprintf(buffer,
            "Task:\t%s\nPath:\t%S\nStatus:\t0x%X (%s)",
            msg,
            path,
            NtStatus,
            statusMsg);

    if (NtStatus == 0)
        MessageBoxA(NULL,
                    buffer,
                    captionMsg,
                    MB_ICONINFORMATION);
    else
        MessageBoxA(NULL,
                    buffer,
                    captionMsg,
                    MB_ICONERROR);
}

int main() {

    NTSTATUS NtStatus;
    HANDLE hTarget;
    UNICODE_STRING ObjectName;
    OBJECT_ATTRIBUTES ObjectAttributes;
    IO_STATUS_BLOCK IoStatusBlock;

    for (int x 03x++) {
        RtlInitUnicodeString(&ObjectNamefolders[x]);
        InitializeObjectAttributes(&ObjectAttributes,
                                   &ObjectName,
                                   OBJ_CASE_INSENSITIVE,
                                   NULL,
                                   NULL);

        NtStatus NtCreateFile(&hTarget,
                                FILE_READ_DATA FILE_WRITE_DATA,
                                &ObjectAttributes,
                                &IoStatusBlock,
                                NULL,
                                FILE_ATTRIBUTE_HIDDEN,
                                FILE_SHARE_READ FILE_SHARE_WRITE,
                                FILE_CREATE,
                                FILE_DIRECTORY_FILE,
                                NULL,
                                0);

        Report(NtStatus"Creating folder..."folders[x]);
        NtClose(hTarget);
    }

    for (int x 2>= 0x--) {
        RtlInitUnicodeString(&ObjectNamefolders[x]);

        InitializeObjectAttributes(&ObjectAttributes,
                                   &ObjectName,
                                   OBJ_CASE_INSENSITIVE,
                                   NULL,
                                   NULL);

        NtStatus NtDeleteFile(&ObjectAttributes);
        Report(NtStatus"Deleting folder..."folders[x]);
    }

    return 0;

Binary and source attached.
Bro, can you translate the code in Delphi language?
Also create mirror outside, i can't download from the attachment.
THx

//ontryit

Insid3Code 10-04-2016 04:59
1 Attachment(s)
@ontryit

Attached "main32.dpr" (NATIVE :) ) you can build it with Delphi7 or modern Delphi...

Alternative link (Delphi snippet):
PHP Code:
http://www.mediafire.com/file/c87ck5a8htrbc87/inaccessible_folder_delphi.rar 
Alternative link (C++ snippet and binary):
PHP Code:
http://www.mediafire.com/file/9wwiembfz3vbacn/inaccessible_folder.rar 


All times are GMT +8. The time now is 13:33.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX