Thread: [C++/NATIVE] inaccessible folder
View Single Post
  #1  
Old 10-01-2016, 05:37
Insid3Code's Avatar
Insid3Code Insid3Code is offline
Family
  
Join Date: May 2013
Location: Algeria
Posts: 84
Rept. Given: 47
Rept. Rcvd 60 Times in 30 Posts
Thanks Given: 24
Thanks Rcvd at 108 Times in 56 Posts
Insid3Code Reputation: 60
[C++/NATIVE] inaccessible folder
Inaccessible folder inspired from "WinMend Folder Hidden" work.

PHP Code:
#include <windows.h>
#include <ntdll.h>

#ifdef _WIN64
char *captionMsg "64-bit Application";
#else
char *captionMsg "32-bit Application";
#endif

char *statusMsg "FAILED!";

#define MAIN_FOLDER L"\\??\\C:\\Winmend~Folder~Hidden"

wchar_t *folders[] = {
    MAIN_FOLDER,
    MAIN_FOLDER L"\\..." ,
    MAIN_FOLDER L"\\...\\cn"
};

void Report(NTSTATUS NtStatuschar *msgwchar_t *path) {
    char buffer[256] = {0};

    if (NtStatus == 0)
        statusMsg "SUCCESS";

    sprintf(buffer,
            "Task:\t%s\nPath:\t%S\nStatus:\t0x%X (%s)",
            msg,
            path,
            NtStatus,
            statusMsg);

    if (NtStatus == 0)
        MessageBoxA(NULL,
                    buffer,
                    captionMsg,
                    MB_ICONINFORMATION);
    else
        MessageBoxA(NULL,
                    buffer,
                    captionMsg,
                    MB_ICONERROR);
}

int main() {

    NTSTATUS NtStatus;
    HANDLE hTarget;
    UNICODE_STRING ObjectName;
    OBJECT_ATTRIBUTES ObjectAttributes;
    IO_STATUS_BLOCK IoStatusBlock;

    for (int x 03x++) {
        RtlInitUnicodeString(&ObjectNamefolders[x]);
        InitializeObjectAttributes(&ObjectAttributes,
                                   &ObjectName,
                                   OBJ_CASE_INSENSITIVE,
                                   NULL,
                                   NULL);

        NtStatus NtCreateFile(&hTarget,
                                FILE_READ_DATA FILE_WRITE_DATA,
                                &ObjectAttributes,
                                &IoStatusBlock,
                                NULL,
                                FILE_ATTRIBUTE_HIDDEN,
                                FILE_SHARE_READ FILE_SHARE_WRITE,
                                FILE_CREATE,
                                FILE_DIRECTORY_FILE,
                                NULL,
                                0);

        Report(NtStatus"Creating folder..."folders[x]);
        NtClose(hTarget);
    }

    for (int x 2>= 0x--) {
        RtlInitUnicodeString(&ObjectNamefolders[x]);

        InitializeObjectAttributes(&ObjectAttributes,
                                   &ObjectName,
                                   OBJ_CASE_INSENSITIVE,
                                   NULL,
                                   NULL);

        NtStatus NtDeleteFile(&ObjectAttributes);
        Report(NtStatus"Deleting folder..."folders[x]);
    }

    return 0;

Binary and source attached.
Attached Files
File Type: rar inaccessible_folder.rar (2.8 KB, 26 views)
__________________
Computer Forensics
Reply With Quote
The Following User Gave Reputation+1 to Insid3Code For This Useful Post:
alephz (10-04-2016)